Sepay
EN / FR

Privacy Policy

Effective Date: 02.06.2026

Last Updated: 02.06.2026

1. Introduction

Sepay Inc. (“Sepay”, “we”, “us”, or “our”) is committed to protecting personal information and handling it in a transparent, secure, and lawful manner.

This Privacy Policy explains how Sepay collects, uses, discloses, stores, protects, and otherwise processes personal information in connection with its website, platform, onboarding process, payment and transaction facilitation services, virtual currency-related services, payout services, API services, customer support, compliance processes, and related services.

This Privacy Policy applies to personal information relating to individual clients, representatives of business clients, merchants, beneficial owners, controlling persons, directors, officers, authorized users, customers, payers, beneficiaries, website visitors, and other individuals whose personal information is processed in connection with Sepay’s services.

This Privacy Policy should be read together with Sepay’s Terms and Conditions, any applicable agreement, onboarding form, risk disclosure, cookie notice, and other policies or notices made available by Sepay from time to time.

2. Who We Are

Sepay Inc. is a Canadian corporation incorporated at the federal level and registered in the Province of Quebec.

Sepay provides payment, transaction facilitation, conversion, payout, and related technology services. Sepay is planning to operate as a money services business (MSBs) and payment service provider, upon successful FINTRAC, Bank of Canada registration/Revenu Quebec license, depending on the nature of the service provided and the applicable regulatory framework.

Sepay is not a bank and does not provide deposit-taking, lending, investment, or custody services. Sepay’s standard operating model is non-custodial and execution-only. Sepay does not hold client private keys, seed phrases, wallet credentials, or unilateral transaction-signing authority.

3. Scope

This Privacy Policy applies to personal information relating to:

3.1. individual clients using Sepay’s services;
3.2. business clients and merchants using Sepay’s services;
3.3. directors, officers, beneficial owners, controlling persons, and authorized representatives of business clients;
3.4. customers, payers, beneficiaries, or counterparties involved in transactions processed or reviewed by Sepay;
3.5. visitors to Sepay’s website or platform.

4. Personal Information We Collect

We may collect personal information required for onboarding, compliance, risk management, security, and service delivery, including:

4.1. Identification Data: name, date of birth, nationality, residential address, government-issued identification documents, photographs, selfies, liveness checks, and proof of address.

4.2. Corporate and Role Data: company registration documents, ownership information, director and officer information, beneficial ownership information, controlling person information, job title, and authority to act on behalf of a business client.

4.3. Financial and Transaction Data: bank account details, payment account details, wallet addresses, transaction references, payment instructions, beneficiary information, conversion instructions, source of funds, source of wealth, and transaction history.

4.4. Compliance Data: sanctions screening results, PEP/HIO screening results, adverse media results, blockchain analytics, risk ratings, transaction monitoring alerts, supporting documents, and additional information requested for compliance or risk review.

4.5. Technical Data: IP address, login records, device information, browser information, API activity, cookies, security logs, and platform usage data.

4.6. Communications: onboarding forms, declarations, support emails, contracts, complaints, and other communications with Sepay.

5. Purpose of Processing

We collect and use personal information for the following purposes:

5.1. Regulatory Compliance

a. client identification and verification;

b. KYC/KYB and beneficial ownership checks;

c. sanctions, PEP/HIO, and adverse media screening;

d. transaction monitoring, including blockchain analytics where applicable;

e. suspicious activity review and regulatory reporting where required;

f. recordkeeping under applicable AML/ATF, sanctions, money services business, and payment services requirements.

5.2. Service Delivery

a. creating and maintaining client accounts and business profiles;

b. processing, facilitating, converting, paying out, settling, or reviewing transactions;

c. communicating with clients, merchants, beneficiaries, counterparties, service providers, and partners in relation to Sepay’s services;

d. providing onboarding, operational, technical, and customer support;

e. managing service-related records, instructions, confirmations, notices, and service communications.

5.3. Risk Management and Security

a. preventing fraud, unauthorized access, and misuse of services;

b. enforcing prohibited country, prohibited sector, and sanctions restrictions;

c. detecting unusual or suspicious activity;

d. protecting Sepay’s systems, clients, and third-party partners.

5.4. Legal and Administrative Purposes

a. responding to lawful requests from regulators, courts, law enforcement, auditors, and professional advisers;

b. enforcing Sepay’s Terms and Conditions and other agreements;

c. maintaining internal records, audit trails, and business records.

6. Legal Basis and Consent

We process personal information where necessary to provide our services, comply with legal and regulatory obligations, manage risk, prevent fraud, protect our systems, and operate our business.

Where consent is required by applicable law, we will request it. Consent may be provided electronically, in writing, through the onboarding process, or through use of Sepay’s services.

Some information is mandatory. If required information is not provided, Sepay may be unable to onboard a client, process a transaction, continue a business relationship, or provide services.

7. Data Sharing

Sepay may share personal information with:

7.1. banks, electronic money institutions, payment processors, card processors, liquidity providers, exchange providers, and settlement partners;
7.2. identity verification, KYC/KYB, sanctions screening, PEP screening, fraud prevention, and blockchain analytics providers;
7.3. cloud hosting, cybersecurity, IT, analytics, and operational service providers;
7.4. regulators and authorities, including FINTRAC, the Bank of Canada, Revenu Québec, law enforcement, courts, and other competent authorities where required or permitted by law;
7.5. auditors, legal advisers, compliance consultants, accountants, insurers, and other professional advisers;
7.6. affiliates, successors, investors, or purchasers in connection with a corporate transaction, subject to appropriate confidentiality safeguards.

Sepay does not rent or sell personal information to third parties.

8. Data Retention

Sepay retains personal information for as long as necessary for the purposes for which it was collected, including service delivery, compliance, risk management, audit, dispute resolution, and legal recordkeeping.

AML/ATF, transaction, identity verification, and compliance records may be retained for at least five years, or longer where required by applicable law, regulatory requirements, limitation periods, internal policies, or ongoing investigations.

When personal information is no longer required, Sepay will securely delete, destroy, anonymize, or archive it in accordance with applicable law and internal procedures.

9. International Transfers

Sepay and its service providers may process or store personal information in Canada or in other jurisdictions.

Where personal information is transferred outside Quebec or Canada, it may be subject to the laws of the receiving jurisdiction. Sepay applies contractual, technical, and organizational safeguards designed to protect personal information in accordance with applicable law.

10. Your Rights

Subject to applicable law and legal exceptions, individuals may have the right to:

10.1. access their personal information;
10.2. request correction of inaccurate or incomplete information;
10.3. withdraw consent where processing is based on consent;
10.4. request deletion of information, where permitted by law;
10.5. ask how their information has been used or disclosed;
10.6. make a privacy complaint.

Certain rights may be limited where Sepay is required to retain or process information for AML/ATF, sanctions, fraud prevention, regulatory, legal, or security reasons.

Requests may be sent to Sepay using the contact details below (section 15). Sepay may request identity verification before responding.

11. Security

Sepay uses reasonable physical, administrative, technical, and organizational safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, misuse, modification, or unlawful processing.

These safeguards may include encryption, secure cloud infrastructure, access controls, multi-factor authentication, logging, monitoring, staff confidentiality obligations, vendor due diligence, and incident response procedures.

No system is completely secure. Clients are responsible for protecting their own devices, passwords, authentication methods, API keys, private keys, seed phrases, and wallet credentials.

12. Privacy Incidents

If Sepay becomes aware of a confidentiality incident or security breach involving personal information, Sepay will assess, contain, investigate, and respond to the incident.

Where required by applicable law, Sepay will notify affected individuals, privacy regulators, or other competent authorities.

13. Cookies

Sepay’s website or platform may use cookies and similar technologies to operate the website, authenticate users, maintain sessions, improve services, analyze usage, and protect against fraud or security risks. This is further described in Sepay’s Cookie Policy.

Users may manage cookies through their browser settings. Some features may not work properly if cookies are disabled.

14. Updates

Sepay may update this Privacy Policy from time to time to reflect legal, regulatory, operational, or technical changes.

The latest version will be made available on Sepay’s website or platform. The updated version applies from the date stated in the policy or as otherwise permitted by applicable law.

15. Contact

For privacy-related requests, please contact:
Sepay Inc.
Email: corporate@sepay.com
Address: 4035 Rue Saint-Ambroise, unit 216, Montréal QC  H4C 2E1