AptPay Inc. logo – leading provider of secure payment solutions for businesses and Gaming.
Contact Us

Privacy Policy

This Privacy Policy applies to Apt Pay Inc., AptPay US Inc. and its affiliated companies (“AptPay”). Details on AptPay are available at: www.aptpay.com. 

AptPay is committed to the privacy and security of your personal data. This Privacy Policy explains how we process your Personal Data when you engage with our services, whether by browsing our website, completing transactions, or interacting with us in any other way. It also details how we may share your Personal Data with third parties and the safeguards we have implemented to protect your information. 

AptPay, Inc. at 1 King Street West, Suite 4903, Toronto, Ontario, M5H 1A1, Canada will be the data controller in relation to any personal data provided to AptPay directly via email, phone, direct mail or via aptpay.com (“website”). This means that AptPay is responsible for deciding how your data will be held and how your personal data about you will be used. 

The AptPay Data Protection Officer can be contacted: 

  1. By email at: [email protected].
  2. Bymailto: AptPay Data Protection Officer, 1 King Street West, Suite 4903, Toronto, Ontario, M5H 1A1, Canada. 

By using or navigating AptPay’s website, or any product or service offered by AptPay through the website, you acknowledge that you have read, understand, and agree to be bound by this Privacy Policy. You should not provide AptPay with any of your information if you do not agree with the terms of this Privacy Policy. 

You are encouraged to review and check our website for any updates to this Privacy Policy. We will publish the updated version on this website and by continuing to deal with us, you accept this Privacy Policy as it applies from time to time. 

 

Frequently Asked Questions (FAQs) 

What Personal Data do we collect? 

We only collect the Personal Data necessary to provide our services and comply with legal obligations. The specific categories of Personal Data collected may vary depending on the service or interaction. 

 

From where do we obtain your data? 

We collect Personal Data mainly from you, when you interact with our company and services. However, we may collect additional data to fulfil our obligations from other sources. 

 

Why do we collect Personal Data? 

We collect Personal Data to comply with our obligations with you and to comply with our legal obligations. We process your Personal Data to ensure the delivery and security of our services and/or improve our operations. Whenever we process your Personal Data for additional purposes, we will make sure to inform you and, when necessary, gather your consent. 

 

For how long do we retain Personal Data? 

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including the provision of services, compliance with legal obligations, or the exercise or defense of legal claims. Once Personal Data is no longer required, we securely delete or anonymize it in accordance with applicable laws. 

 

With whom do we share Personal Data? 

We may share Personal Data with legal authorities and selected third parties/partners when required to meet regulatory standards or fulfill contractual commitments. 

 

Where is Personal Data stored? 

We store Personal Data in secure facilities with stringent security controls. Any international transfer of Personal Data complies with all legal obligations and maintains the highest security standards. 

 

What are your rights regarding Personal Data? 

Depending on your location, you may have specific rights concerning your Personal Data under applicable laws. Common rights are described under the section “Your Rights”. 

 

What Type of Personal Data Do We Collect? 

The categories, purposes, and legal bases for collecting and processing your Personal Data when you visit and/or use our Website are listed below. Where the collection and processing of Personal Data is based on your consent, you may withdraw your consent at any time.  

 

Identification and contact data 

This may include name, email, phone number, address, title, and other contact details. It may also include data you voluntarily provide during chats, calls, or written correspondence. 

 

Purposes and Legal Basis for Processing 

  • Service Provision: To manage your online inquiry via the Website form (i.e. registering your inquiry, contacting you, processing and responding to your inquiry). This processing is carried out based on our pre-contractual and/or contractual obligations. 
  • Legal Claims and Archiving: To pursue any legal claims, as well as for archival purposes related to this purpose, including securing information in the event of the need to prove facts, when necessary to protect our legitimate interests. 
  • Marketing: To provide advertising and marketing. 
  • Regulatory Compliance: To comply with applicable laws, regulatory obligations, and decisions by competent authorities. This processing is required to meet our legal obligations. 

 

Behavioral and Technical Information 

AptPay does not collect information through cookies or other tracking technologies through its website. 

 

Notice to Money Transfer users 

What Type of Personal Data Do We Collect? 

Identification Data 

We collect identification data, such as your name, email, phone number, address, date of birth, gender, images, videos, and signature. We also process sociodemographic data such as age, residences and occupation. 

 

Purposes and Legal Basis for Processing: 

  • Service Provision: To deliver our services, based on our contractual obligations. 
  • Customer Service: To provide customer service, based on our contractual obligations. 
  • Record of Conversations: We will monitor and record (via automated means or transcripts) our telephone calls, emails, and chat conversations with you, on any platform, to confirm the instructions provided to us. This is based on our legitimate interest. 
  • Account Management: To manage your account(s) (i.e.: registration, administration, maintenance and servicing accounts).  This processing is necessary for the performance of a contract. 
  • Marketing: To provide advertising and marketing. This processing is based on your consent. 
  • Regulatory Compliance: To fulfill legal obligations, including retention requirements. 
  • Identity Verification: In very limited circumstances, to perform a credit check for identity verification. This processing is necessary to comply with legal obligations. 

 

Financial Information 

To provide our services, we collect financial information such as bank details and transaction purposes. 

 

Purposes and Legal Basis for Processing: 

  • Service Provision: For transaction processing. This processing is necessary for the performance of a contract. 
  • Regulatory Compliance: For anti-money laundering and anti-terrorist financing. This processing is necessary to comply with legal obligations. 
  • Account Management: To manage your account. This processing is necessary for the performance of a contract. 
  • Credit Checks: In very limited circumstances, to perform a credit check in order to provide the Services. This processing is necessary to comply with legal obligations. 
  • Identity Verification: To verify the customer’s identity (i.e., KYC: for additional information click here). This processing is necessary to comply with legal obligations. 

We will never ask you to provide your payment information (i.e., credit/debit card details). None of our employees or agents will ever ask for your payment information. Where payment information is required, we will ask you to enter the information directly into secure payment processing systems managed by authorized third-party payment processors. These processors handle the data in compliance with the Payment Card Industry Data Security Standard (PCI DSS). 

 

Transactional Data 

We collect personal data like the beneficiary details, debit card data, bank account information, contact information, the destination where you are sending money and bank preferences. We also collect payor details, bank account information and contact information where funds are being pulled or debited from. 

 

Purposes and Legal Basis for Processing: 

  • Service Provision: To provide the Services, including completing a transaction.  This processing is necessary for the performance of a contract. 
  • Regulatory Compliance: For compliance purposes related to a transaction. This processing is necessary to comply with legal obligations. 

 

Location Information or Geolocation Data 

We may collect information about your location when you use our Services.   

 

Purposes and Legal Basis for Processing: 

  • Service Provision: We need to know the country you are based in order to provide you with our services. This processing is necessary to comply with legal obligations. Note that we will never have your exact location, only the country of origin. 

 

Audio and Video Surveillance 

We may utilize CCTV footage (image, video, and audio/voice recording) to ensure safety in our offices in compliance with local regulations. The retention period of the recordings shall not exceed the duration mandated by our legal obligations. 

 

Purpose and Legal Basis for Processing: 

  • Security: To maintain safety in our offices. This processing activity is based on our legitimate interest, or where required by local regulations, to comply with legal obligations. 
  • Fraud Prevention: Where permitted by local regulation, we may access CCTV content to prevent fraudulent activities, and protect our assets. This processing is necessary to comply with legal obligations. 

 

Sensitive Personal Data 

When strictly necessary, we may collect sensitive data, such as biometric data (e.g., face scans), and government ID numbers, in compliance with local laws. Where required by applicable law, we will obtain your consent or present you with an opportunity to opt out before processing your Sensitive Personal Data. 

 

Purposes and Legal Basis for Processing: 

  • Legal Compliance: For KYC and fraud prevention. This processing is carried out to comply with legal obligations. 
  • Security and Verification: To verify identity during service use. This processing activity is carried out to comply with our legal obligation. When required, we will ask for your consent. 

 

Non-Identifiable Data 

When possible, we use non-identifiable data to enhance services, such as anonymous demographics or aggregated usage data. 

 

Personal Data of a Beneficiary or Payor 

For money transfer services, Personal Data of payors or beneficiaries is collected from customers, as it is essential to fulfill the contractual agreement between us and our customer. As the beneficiary, you are the recipient of the payment transaction initiated by our customer. As the payor, it is your bank account that will be debited for the payment transaction initiated by our customer. 

 

The types of Personal Data we may collect about you include: 

  • Identification Data: Name, surname and government ID. 
  • Financial Data: Bank information or payout or debit information like email address, card or mobile number. 

We process the Personal Data of a beneficiary or payor exclusively to meet our contractual and regulatory obligations. 

In some cases, we may contact you, the beneficiary or payor, to inform you of a transaction in progress that requires your attention and action. We will never contact you to promote our services but only to comply with our contractual or legal obligations. 

Your data, as a beneficiary or payor, will not be used for other purposes. 

If you have questions about how we process your Personal Data as a beneficiary or payor, please contact us at [email protected]. 

 

Know Your Customer (e-KYC) process 

For our digital services, and where legally permitted and required, we may verify your identity using an electronic Know Your Customer (e-KYC) process. This may involve submitting a valid photo ID, video or selfie through our secure service provider’s platform. This process enhances fraud detection and ensures compliance with anti-money laundering regulations. 

When biometric data, such as face scans, is collected, we will request your consent if required by local law. If you prefer not to provide biometric data, please contact our customer care team for assistance. 

During the verification process, a video, including audio, may be recorded to ensure the integrity of the procedure. All biometric data shared with our service providers is carefully controlled and used strictly for identity verification purposes. Neither we nor our service providers will sell, lease, or trade your biometric information, and robust security standards are maintained to prevent unauthorized access. 

In line with applicable privacy laws, you may have rights regarding your biometric data, such as access rights. For more information, refer to the “Your Rights” section. For questions about the e-KYC process, contact us at [email protected]. 

 

Where do we obtain your Personal Data? 

We collect Personal Data mainly from you when you interact with our company and services. However, we may collect additional data from the following sources: 

  • Advertising networks and social media platforms. 
  • Service providers, including but not limited to internet service providers, operating systems and platforms, and other third parties that support the delivery, operation, security or analysis of our services. 
  • Other Parties such as government databases, business partners and third-party sources 

 

Personal Data Collected from Other Parties 

We may collect your Personal Data from other sources, depending on the service and local legal requirements. These third-party sources include: 

 

Authorities and Public Records 

We may obtain Personal Data from public record sources (such as federal, state, or local government organizations) in order to comply with legal obligations and ensure the accuracy of the information we hold. 

 

Purposes for Processing: 

  • Identification purposes: We may check the Personal Data you have provided us with our third parties to make sure your identity matches the information you have provided us. The legal basis for this processing is our legal obligation. 
  • Fraud prevention: We may compare data collected from you with data provided by third parties for fraud prevention, including impersonation, misuse of services, or other suspicious activity. 

 

Business Partners and Other Third Parties 

We may also obtain your Personal Data (such as name, email, phone number, employer) from our business partners and other third parties. Any Personal Data obtained from these sources is processed only for specific legitimate purposes and in accordance with applicable data protection laws. These parties are responsible for collecting your consent when sharing your Personal Data with us, if applicable. However, if you believe we should not have your Personal Data, you can request your deletion at [email protected] 

 

Purposes for Processing: 

  • Service delivery and support: We may process your data to ensure we can provide you with seamless experience, especially when our services are offered through our business partners and clients as part of integrated or partner-branded solutions. 
  • Promotion of our services: To provide you with information about our products or services, where permitted by law and based on your consent, if required. 
  • Business Development: To maintain and develop business relationships and ensuring relevant and accurate communication with potential and existing business partners. This processing is based on consent. 

If we process any additional data obtained from a third party, we will inform you as soon as possible and obtain your consent where required by applicable law. 

 

How Long We Keep Personal Data 

We retain Personal Data only as long as necessary to provide requested services and to meet legal, accounting, and reporting obligations. The retention period is determined by specific requirements and may include: 

  • Customer Service and Contractual Relationship: We retain your Personal Data while you remain our customer. When our contractual relationship concludes, we restrict your data to ensure it is only accessible to comply with legal requirements. 
  • Marketing: We will process your Personal Data for marketing purposes unless you have opted out, as described in this Privacy Notice, or until we become aware that you are no longer interested, or that your data is no longer accurate. 
  • Legal and Regulatory Requirements: We keep your Personal Data as long as needed to comply with all applicable legal obligations, including commercial, tax, and anti-money laundering regulations. During this period, your Personal Data is restricted to prevent use for any other purpose and will be accessed only when necessary to fulfill these obligations. 

Please note that if you request data deletion we may still be required to retain some of it to comply with our legal obligations. The information retained will only be accessible by limited personnel to comply with any legal requirement and will be dully deleted after the obligation is due. 

 

Third-Party Service Providers 

We may share certain Personal Data with third-party service providers to support compliance verification, service delivery, and marketing efforts. 

Types of Personal Data: Identification and Biometric Data, Financial Details, Contact Details, Transactional, Behavioral, and Technical Data. 

 

Purpose 

  • Compliance and Fraud Prevention: Personal Data may be shared with verification and analytics providers to fulfill regulatory obligations and mitigate risk (e.g., to verify customer data or detect suspicious activity).  This processing is carried out to comply with our legal obligations or, where applicable, based on your consent. 
  • Service Delivery: Our Partners and third parties, such as agents and correspondents, may access Personal Data to assist in delivering services. This processing is based on our contractual obligation. 

Note: The definition and scope of “third-party service providers” may vary based on country regulations. 

 

Authorities 

We may be required to disclose your Personal Data, including Sensitive Personal Data, to legal or regulatory authorities for compliance, to enforce agreements, or to fulfill legal requests. 

Types of Personal Data: Identification Data, Video Surveillance, Transactional Data, Financial Details. 

Purpose: To comply with applicable laws, respond to binding requests from public authorities, support investigations, or fulfill obligations related to the processing of financial transactions. This processing is based on our legal obligations. 

 

Partners 

Personal Data may be shared with strategic partners when necessary to deliver our services or to ensure they comply with their legal obligations. 

Types of Personal Data: Identification Data, Transactional Data, Financial Details. 

 

Purpose and Legal Basis for Processing 

  • Purpose: Service provision in collaboration with strategic partners. This is carried out as part of our contractual obligations. 
  • Regulatory Compliance: To help our partners comply with legal or regulatory requirements applicable to them. This processing is based on legal obligations. 
  • Operational Efficiency and Risk Management: To support secure and seamless service delivery across different partners or service providers, or to prevent abuse or misuse of our services. This processing is based on our legitimate interests. 

 

Professional Partners 

We may disclose Personal Data to professional advisors, including lawyers, consultants, auditors, or accountants, to fulfill our legal and business obligations. 

Types of Personal Data, Identification Data, Video Surveillance, Transactional Data, Financial Details. (Legal obligation and Legitimate interest) 

 

Legitimate Interest 

When we use your Personal Data to pursue our legitimate interests, we will make every effort to match our interests with yours so that your Personal Data will only be used as permitted by relevant law, or when it will not adversely affect your rights. You may request information on any processing based on legitimate interest. 

 

International Transfers 

We are a multi-jurisdictional company with multi-jurisdictional operations, partners and suppliers. Where it is necessary for the efficient and effective performance of a business transaction or the fulfilment of one of the uses of Personal Data outlined above, we may need to transfer your Personal Data, from the country of collection to other countries, which may have data protection laws that are different from the laws where you live. When such transfer is required, we implement appropriate safeguards to ensure it receives the same level of protection and the transfer is done according to our legal obligations. 

 

Personal Data of Minors 

We do not provide services directly to minors, as defined by applicable local legislation, or proactively collect their personal information. If you are considered a minor under your local laws, ensure to have the necessary authorizations from your legal guardian to use the Sites or Offerings or share personal data with us. 

If you learn that a minor has unlawfully provided us personal data, please contact us at [email protected] 

 

Security 

We are dedicated to safeguarding your Personal Data and have implemented robust, commercially reasonable security measures to prevent its loss, misuse, or unauthorized alteration. We continuously work to protect your data in line with international best practices by applying rigorous physical, electronic, and managerial safeguards. 

To prevent unauthorized access, we employ advanced physical and organizational security measures that are regularly updated to ensure the highest level of protection while maintaining cost efficiency. All Personal Data is stored in secure locations, protected by firewalls and other sophisticated security systems with restricted administrative access. 

Our personnel, as well as all activities related to your Personal Data, are governed by strict confidentiality agreements that enforce compliance with our organization’s Privacy Policy. 

Our goal is to uphold the highest standards of data protection by industry-leading practices that safeguard your privacy. 

 

Accuracy of Personal Data  

We are committed to keeping your Personal Data accurate and up to date. We take reasonable steps to ensure the accuracy of your Personal Data by ensuring that the latest Personal Data we have received is accurately recorded and when considered necessary, we run periodic checks and request that you update your Personal Data. 

You may request a correction or update to your Personal Data if it is inaccurate, as outlined in the Your Rights section below. 

 

Your Rights 

To exercise any of your rights, please email us at [email protected]. To safeguard your privacy and maintain security, we may ask you to verify your identity and provide additional information. 

Depending on your location, your rights concerning Personal Data under applicable laws may include: 

  • Right to Know: You have the right to know what Personal Data is collected, sold, or shared, and with whom. 
  • Right to Access: You may request access to a copy of your Personal Data. 
  • Right to Correct: You can request corrections to inaccuracies in your Personal Data. 
  • Right to Delete: You may request deletion of your Personal Data under certain conditions. 

Opt-Out Rights: 

  • You may opt-out of the processing of Personal Data for targeted advertising. 
  • You may opt-out of the processing of Sensitive Personal Data. 
  • Right to Limit Use of Sensitive Data: You may request to limit the use and disclosure of Sensitive Personal Data to specific, permitted purposes. 
  • Right to Restrict Processing: You can request restrictions on data processing under certain conditions. 
  • Right to Object: You may object to the processing of your Personal Data, for example, for direct marketing purposes. 
  • Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal or similarly significant effects. 
  • Right of No Retaliation: You have the right not to face discrimination for exercising your Personal Data rights. 

We will respond to your requests promptly and within the timeframe required by law. For specific rights in your jurisdiction, refer to the Regional Privacy Notice section below. 

Please note that some rights may not be enforceable due to business or legal requirements necessary to provide our services, such as anti-money laundering, contractual, or compliance obligations. However, we will always respond to any rights requests as outlined above, and you may have additional rights based on your location. 

 

Privacy Complaints 

If you have a complaint about how we process your Personal Data, please contact us at [email protected] 

Under applicable privacy laws, you may also have the right to lodge a complaint with a Data Protection Authority or other regulatory body if you believe we have not fulfilled our obligations under this Privacy Notice or the relevant legal requirements. 

 

Marketing Communications Based on Soft Opt-In and Consent 

You may receive marketing communications from us through two different mechanisms: 

  1. Based on Your Consent (Regular Opt-In)

You will receive marketing messages if you have explicitly given us permission to use your Personal Data for that purpose. This occurs, for example, when: 

  • You opt in during registration; or 
  • You update your preferences in your profile settings. 

With your consent, we provide information about our products and services. You may withdraw your consent at any time. 

  1. Based on a Legitimate Interest (Soft Opt-In)

Where allowed by local law, you may also receive marketing communications if: 

  • You have a contractual relationship with us (e.g., you are actively using our Services); and 
  • You have not specifically opted out. 

This applies only to products or services that are similar to those you have used before, and you will always be informed during registration and use of our Services that your Personal Data may be used for this purpose. 

 

How to Opt Out or Withdraw Consent 

You can stop receiving marketing communications at any time. If you do so, we will remove you from our marketing list and you will no longer receive promotional updates. You may also opt back in later if you wish. 

You can withdraw your consent or opt out using any of the following: 

  • By updating your preferences in your profile; 
  • By clicking the opt-out link included in our communications; 

If you have any additional questions or if you wish to start receiving marketing communications, please contact [email protected] 

Captcha and Bot Protection Tools 

To protect our website and forms from spam, abuse, and automated misuse, we use CAPTCHA technologies. These tools analyze user behavior to distinguish human users from bots. 

Where applicable, we may use non-intrusive CAPTCHA services to prevent fraud or abuse. These tools are designed to verify users without significantly affecting their experience. This processing is also based on our legitimate interest in securing our digital services. 

 

Regional Privacy Notices 

Notice to United States Residents for Financial Services 

Applicability of Gramm-Leach-Bliley Act (GLBA) 

This Notice informs U.S. consumers and customers (including former ones) about the federal Gramm-Leach-Bliley Act (“GLBA”) requirements. It concerns the collection, disclosure, and protection of “non-public personal information” (“NPI”). 

For this Notice, NPI is personally identifiable information collected as a financial institution under the GLBA that is not publicly available. NPI may include any: 

  • Information provided by an individual when obtaining a financial product or service. 
  • Information obtained about an individual from transactions involving financial products or services. 
  • Information acquired about an individual in connection with providing a financial product or service, such as information from a consumer report or court record. 
  • All disclosures of NPI are made as permitted by law. A “nonaffiliated third party” is any person except a financial institution’s affiliate or a person employed jointly by a financial institution and a company that is not the institution’s affiliate. 

The categories of information disclosed and to whom under joint marketing/service provider exception of the Privacy Rule are listed here. 

 

If NPI may be disclosed to non-affiliated third parties, and that disclosure does not fall within any of the exceptions of the Privacy Rule under the GLBA, consumers’ and customers’ have the right to opt out of these disclosures and an opt-out mechanism will be provided to the consumer or customer. 

We comply with the rules issued to implement Executive Order 14117, restricting the exchange of Sensitive Personal Data with the identified countries of concern as defined under the Final Rule. 

 

California Residents 

In accordance with the California Consumer Privacy Act, residents of California may exercise the following rights: 

  • Right to Know 
  • Right to Access 
  • Right to Correct Inaccuracies 
  • Right to Deletion 
  • Right to limit Sensitive Personal Data use and disclosures to specifically permitted purposes. 
  • Right of No Retaliation Following opt-out or Exercise of other Rights 

From the day we receive your request, we will respond to you within a maximum time of 45 days, unless an extension is requested. Internal Appeals Process If you receive notice from us that your Personal Data rights request has been refused, you may appeal the refusal within a reasonable period after receiving the notice by sending an email to [email protected]. 

 

Notice to Canadian Residents 

To all residents in Canada, the rights you may exercise regarding the processing of your Personal Data are the following: 

  • Right to Know 
  • Right to Access 
  • Right to Correct Inaccuracies 

From the day we receive your request, we will respond to you within a maximum of 30 days. 

To contact the local Data protection authority, go to: Office of the Privacy Commissioner of Canada  

 

 Our Companies 

The controller is Apt Pay Inc. represented by the companies below, depending on country and service:   

Country  Company to contact. (controller)  Contact details 
Canada  Apt Pay Inc.  1 King Street West, Suite 4903, Toronto, Ontario, M5H 1A1. 
United States  AptPay US Inc.   3411 Silverside Road, Tatnall Building, Ste 104, Wilmington, Delaware, 19810 

Email: [email protected] 

Mail to: AptPay Data Protection Officer, 1 King Street West, Suite 4903, Toronto, Ontario, M5H 1A1, Canada.