At Invincible Pay, we recognize that trust is fundamental to our relationship with our customers. This policy explains how we collect, use, and protect your personal information.
This Privacy Policy applies to all personal information collected by Invincible Pay through our e-wallet platform, website, mobile applications, and related services. It covers information collected from customers who use our services to send and receive funds, manage their digital wallets, and conduct electronic payment transactions.
Invincible Pay is committed to compliance with all applicable privacy laws and regulations, including:
As a registered Money Services Business with FINTRAC and a Payment Service Provider registered with the Bank of Canada, we also comply with anti-money laundering and counter-terrorist financing regulations that govern the collection and retention of certain personal information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you by email, through our platform, or by posting a prominent notice on our website. Your continued use of our services after such notice constitutes acceptance of the updated policy.
At Invincible Pay, we recognize that trust is fundamental to our relationship with our customers. We are committed to being transparent about our data practices and ensuring that your personal information is collected, used, and protected responsibly. This policy is designed to help you understand:
We process personal information only when we have a lawful basis to do so. Depending on the circumstances and applicable law, our processing may be based on:
Personal Information means any information about an identifiable individual. This includes information that can be used on its own or in combination with other information to identify, contact, or locate a specific person. Examples include names, email addresses, phone numbers, financial account information, government-issued identification numbers, IP addresses, and transaction records.
Processing refers to any operation or set of operations performed on personal information, whether by automated means or not. This includes collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, transmission, alignment, combination, restriction, erasure, or destruction of personal information.
A Data Subject is an identifiable individual to whom personal information relates.
A Data Controller determines the purposes and means of processing personal information. A Data Processor processes personal information on behalf of the controller. Invincible Pay acts as a data controller with respect to customer information we collect and process to provide our services.
Consent means a freely given, specific, informed, and unambiguous indication of your wishes by which you agree to the processing of your personal information.
We collect information that you provide when you register for an account, use our services, or communicate with us:
When you use our services, we automatically collect certain technical and usage information:
We may receive information about you from third-party sources, including:
We collect certain types of sensitive information only when necessary and with appropriate safeguards:
With your consent where required, we may use your information for:
You can opt out of marketing communications at any time using the unsubscribe link in our emails or by updating your account preferences.
We rely on your consent when we collect and process personal information for purposes such as: marketing communications, optional features like biometric authentication, sharing information with third parties for their own purposes, and non-essential cookies and analytics. You may withdraw consent at any time.
We process personal information when necessary to fulfill our contract with you, including: creating and maintaining your e-wallet account, processing payment transactions and fund transfers, providing customer support, and managing your account balance and transaction history.
We must process certain personal information to comply with legal and regulatory requirements: customer identification and verification (KYC/AML regulations), transaction monitoring and suspicious activity reporting, record retention requirements under PCMLTFA, tax reporting obligations, responding to lawful requests from authorities, and sanctions screening and compliance.
We process personal information when necessary for our legitimate business interests: fraud detection and prevention, network and information security, internal research and product development, business analytics and operational improvements, protecting our legal rights, and preventing misuse of our services.
We share personal information with trusted third-party service providers who assist us in operating our platform and providing services: payment processors, identity verification services, cloud service providers, fraud prevention services, customer support tools, and analytics providers. All service providers are contractually obligated to protect your information.
We disclose personal information to regulatory bodies and law enforcement when required by law, including: FINTRAC, Bank of Canada, Canada Revenue Agency, law enforcement agencies, and other applicable regulators.
We share necessary information with banks and financial institutions to verify and link external bank accounts, process electronic fund transfers, and reconcile transactions and resolve disputes.
Some of our service providers may be located outside of Canada. When we transfer personal information internationally, we ensure appropriate safeguards are in place.
If Invincible Pay is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, personal information may be transferred as part of that transaction.
We may share your personal information with other third parties when you explicitly consent to such sharing.
Important: We never sell your personal information to third parties for their marketing purposes.
While Invincible Pay is a Canadian company and our primary operations are in Canada, some of our service providers may store or process personal information in other countries, including the United States.
We implement appropriate safeguards for international data transfers, including: standard contractual clauses, data processing agreements, adequacy decisions, encryption, and access controls.
For residents of the European Union or European Economic Area, we comply with GDPR requirements for international transfers.
You have the right to access, correct, and obtain information about how your data has been used and shared.
You may request deletion of your personal information, subject to legal retention requirements (e.g., 5-year retention under AML regulations).
Where we rely on your consent, you may withdraw it at any time.
In certain circumstances, you have the right to receive your personal information in a structured, commonly used, and machine-readable format.
You may object to processing based on legitimate interests or for direct marketing.
California residents have additional rights under the CCPA, including: Right to Know, Right to Delete, Right to Opt-Out, Non-Discrimination, and the right to use an Authorized Agent.
Email our Privacy Officer at info@invinciblepay.com or submit a request through your account settings. We will respond within 30-45 days.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, and to enforce our agreements.
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Customer identification documents | 5 years after account closure | PCMLTFA |
| Transaction records | 5 years from transaction date | PCMLTFA |
| Account records | 5 years after account closure | PCMLTFA, RPAA |
| Compliance and audit records | 7 years | General business practice |
| Tax-related documents | 7 years | Income Tax Act |
| Marketing communications data | Until consent withdrawn + 1 year | PIPEDA / CASL |
When retention is no longer necessary, personal information is securely deleted or destroyed. Information may be anonymized for statistical purposes.
Protecting your personal information is a top priority at Invincible Pay. We implement comprehensive technical, administrative, and physical safeguards to protect the confidentiality, integrity, and availability of your data.
In the event of a data breach that poses a real risk of significant harm, we will:
You play an important role in protecting your information. We recommend that you:
Cookies are small text files placed on your device when you visit our website or use our platform. They help us provide a better experience, maintain security, and understand how our services are used.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Platform functionality, security, authentication | Session or up to 1 year |
| Performance Cookies | Understand user interactions and improve services | Up to 2 years |
| Functional Cookies | Remember your preferences and settings | Up to 1 year |
| Security Cookies | Fraud detection and account protection | Session or up to 90 days |
You can manage your cookie preferences through your browser settings, your account preferences on our platform, or by using third-party opt-out tools. Note that disabling essential cookies may affect the functionality of our services.
In addition to cookies, we may use other tracking technologies including web beacons, local storage, device fingerprinting, and software development kits (SDKs) in our mobile applications.
Our systems do not currently respond to "Do Not Track" browser signals. We will update this policy if we adopt a Do Not Track standard in the future.
Our services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at info@invinciblepay.com.
Our website may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Invincible Payment Systems Limited (Invincible Pay)
Response Timeline: We will acknowledge your request within 30 days. Complex requests may require up to 60 days, in which case we will notify you of the extension.
If you are not satisfied with our response to a privacy concern, you may file a complaint with the appropriate regulatory authority:
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated through email notification, a prominent notice on our platform, and an updated effective date at the top of this policy.
| Term | Definition |
|---|---|
| AML | Anti-Money Laundering - laws and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income |
| Anonymization | The process of removing personally identifiable information so that the remaining data cannot be linked to a specific individual |
| CCPA | California Consumer Privacy Act - a state statute intended to enhance privacy rights and consumer protection for California residents |
| Data Controller | An entity that determines the purposes and means of processing personal data |
| Data Processor | An entity that processes personal data on behalf of a data controller |
| E-Wallet | A digital account that stores funds electronically and enables electronic transactions |
| Electronic Fund Transfer | The electronic transfer of money from one bank account to another |
| Encryption | The process of converting information into a code to prevent unauthorized access |
| FINTRAC | Financial Transactions and Reports Analysis Centre of Canada - Canada's financial intelligence unit |
| GDPR | General Data Protection Regulation - EU regulation on data protection and privacy |
| KYC | Know Your Customer - the process of verifying the identity of clients |
| PCMLTFA | Proceeds of Crime (Money Laundering) and Terrorist Financing Act - Canada's primary AML legislation |
| PEP | Politically Exposed Person - an individual who holds or has held a prominent public function |
| Personal Information | Any information about an identifiable individual |
| PIPEDA | Personal Information Protection and Electronic Documents Act - Canada's federal private-sector privacy law |
| Processing | Any operation performed on personal data, including collection, storage, use, and destruction |
| RPAA | Retail Payment Activities Act - Canadian legislation governing payment service providers |
| Tokenization | Replacing sensitive data with non-sensitive equivalents (tokens) that have no exploitable value |
Open your Invincible Wallet in minutes. Start sending payments that move at the speed of your business.
Get Started Today