PRIVACY POLICY
Alkepay Inc. ("Alkepay", "we", "us", or "our") is a company incorporated in Ontario, Canada (Ontario Business Registry No. 1001176840), with its registered office at 333 Bay Street, Suite 2400, Bay Adelaide Centre, Box 20, Toronto, Ontario M5H 2T6. Alkepay is registered with the Financial Transactions and Reports Analysis Centre of Canada ("FINTRAC") as a Money Services Business ("MSB") authorised for foreign exchange dealing and money transmission, and operates as a cross-border payments business serving clients across Canada and Africa.
This Privacy Policy ("Policy") explains how Alkepay collects, uses, discloses, retains, and protects personal information ("Personal Information") in connection with: (i) the provision of its business payment services, including fiat-to-fiat currency conversion and cross-border money transmission (the "Services"); and (ii) the operation of its website at https://alkepay.ca (the "Website").
This Policy applies to all individuals whose Personal Information Alkepay processes in connection with the Services or the Website. The categories of individuals to whom this Policy applies are set out in clause 2. This Policy does not govern the internal personal data of Alkepay employees, which is addressed by separate internal policies.
Alkepay is committed to complying with the Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA"), Canada's Anti-Spam Legislation ("CASL"), the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) ("PCMLTFA"), and all applicable regulations thereunder.
Alkepay provides Services exclusively to business clients ("Clients"). In doing so, Alkepay processes Personal Information relating to individuals acting on behalf of Clients, including authorised signatories, beneficial owners, and compliance contacts ("Client Representatives"). Alkepay does not offer the Services directly to individual consumers.
The Website is publicly accessible. Any individual who visits or browses the Website, whether or not they are an existing Client or Client Representative, is a visitor for the purposes of this Policy ("Visitor"). Alkepay collects limited Personal Information from Visitors, as described in clauses 3 and 4.
Alkepay processes the following categories of Personal Information depending on the nature of the relationship:
1) Identity and KYB data (Client Representatives): full legal names, job titles, government-issued identity documents, photographs where required, beneficial ownership declarations, and politically exposed person or sanctions screening results.
2) Contact and business information (Client Representatives): business email addresses, telephone numbers, and correspondence records.
3) Transaction data (Client Representatives): currency conversion and transmission instructions, including amounts, currency pairs, account references, timestamps, and transaction identifiers.
4) Compliance and regulatory data (Client Representatives): records required under the PCMLTFA and FINTRAC regulations, including suspicious transaction reports, large cash transaction records, and electronic funds transfer records.
5) Enquiry form data (Visitors): name, business email address, company name, telephone number, and the content of any enquiry submitted through the Website contact form, used solely to respond to the enquiry and, where consent is given, for follow-up communications.
6) Access and technical data (all users): IP addresses, browser type, device identifiers, login activity, and session logs, collected automatically whenever any person accesses the Website or Alkepay's platforms.
Alkepay collects Personal Information through the following means:
1) Directly from Client Representatives: during onboarding, account registration, identity verification, and in the ordinary course of the client relationship.
2) Directly from Visitors via the Website enquiry form: where a Visitor voluntarily submits their details through the contact form. Failure to provide sufficient information may mean Alkepay is unable to respond to the enquiry.
3) Automatically from all users: technical and access data is collected automatically via server logs and similar technologies whenever any person accesses the Website or Alkepay's platforms.
4) From third parties: including identity verification providers, sanctions screening databases, credit reference agencies, and public registers, for compliance and risk management purposes.
Alkepay processes Personal Information for the following purposes and on the following legal bases under PIPEDA:
To execute fiat-to-fiat currency conversions and money transmission instructions, manage client accounts, process transactions, issue transaction confirmations, and provide related client support. Processing for these purposes is necessary to perform the contract between Alkepay and its Clients.
To comply with obligations under the PCMLTFA and applicable FINTRAC regulations, including customer due diligence, beneficial ownership verification, record keeping, suspicious transaction reporting, and large transaction reporting. Processing for these purposes is required by law and cannot be waived by consent.
To detect, prevent, and investigate fraud, money laundering, financial crime, and other security incidents; to maintain the security and integrity of the Website and Alkepay's platforms; to manage operational and compliance risks; to respond to Visitor enquiries; and to improve the quality and reliability of the Services and the Website. Where Alkepay relies on legitimate interests, we have assessed that those interests do not override the privacy rights of the individuals concerned.
Where required by PIPEDA and not otherwise covered by the above bases, Alkepay will seek consent before processing Personal Information. Where a Visitor submits an enquiry and indicates a wish to receive further communications, that processing will be carried out on the basis of the Visitor's consent. Consent may be withdrawn at any time, subject to legal and contractual restrictions.
Certain Personal Information must be provided by Client Representatives as a legal and contractual requirement. Alkepay's obligations under the PCMLTFA and FINTRAC regulations, including customer due diligence and beneficial ownership verification, cannot be waived. Where a Client or Client Representative fails to provide required Personal Information, Alkepay may be unable to onboard the Client, continue the relationship, or execute a transaction, and accepts no liability for any resulting loss or delay.
For Visitors, submission of Personal Information through the Website enquiry form is entirely voluntary. Alkepay will only be unable to respond where insufficient information has been provided.
Client Representatives are responsible for ensuring that Personal Information provided to Alkepay is accurate, complete, and up to date, and must promptly notify Alkepay of any material changes. Alkepay takes reasonable steps to maintain the accuracy of Personal Information it holds and will correct inaccuracies as soon as practicable after becoming aware of them, notifying relevant third parties where required by applicable law.
Alkepay does not sell Personal Information. Alkepay may disclose Personal Information to the following categories of recipients:
1) Regulatory and law enforcement authorities: including FINTRAC and other financial intelligence units, courts, and agencies, where required or authorised by law.
2) Service providers and processors: including identity verification providers, payment infrastructure providers, IT and cloud service providers, cybersecurity vendors, and professional advisers, who process Personal Information strictly on Alkepay's instructions under appropriate contractual protections.
3) Counterparty institutions: correspondent banks, payment networks, and settlement counterparties, to the extent necessary to execute and settle a transaction.
4) Successors in interest: in connection with a merger, acquisition, restructuring, or sale of assets, where the recipient assumes equivalent data protection obligations.
Where Alkepay acts as a data processor on the documented instructions of a third-party controller, such as an institutional client, Alkepay will process Personal Information only for the specified purpose, implement appropriate protective measures, notify the controller promptly of any data breach, and delete or return Personal Information upon termination of the arrangement, subject to applicable retention requirements.
As a cross-border payments business, Alkepay transfers Personal Information to jurisdictions outside Canada in connection with the execution and settlement of transactions, including jurisdictions across Africa and other markets in which Alkepay operates. Not all such jurisdictions provide a level of privacy protection equivalent to Canadian law. Where transfers are made to such jurisdictions, Alkepay takes reasonable steps to ensure that recipients are subject to appropriate contractual or other protective measures consistent with PIPEDA's accountability principles. Personal Information transferred abroad may be subject to the laws of the destination jurisdiction, including disclosure to local governments or regulatory authorities. Enquiries about transfer destinations may be directed to the Privacy Officer using the contact details in clause 17.
Alkepay retains Personal Information, in both electronic and hardcopy formats, only for as long as necessary to fulfil the purposes for which it was collected. Transaction records, client identification records, beneficial ownership records, and related compliance documentation are retained for a minimum of five (5) years from the date of the transaction or end of the client relationship, whichever is later, in accordance with FINTRAC requirements under the PCMLTFA. Personal Information collected from Visitors through the enquiry form is retained only for as long as is necessary to respond to the enquiry and for any follow-up communications to which consent has been given. Retention may be extended where required by law, regulatory obligation, or contract. Personal Information that is no longer required will be securely destroyed, erased, or de-identified.
Alkepay implements appropriate technical and organisational measures to protect Personal Information against unauthorised access, disclosure, alteration, loss, or destruction, whether held electronically or in hardcopy. These measures include encryption in transit and at rest, access controls and multi-factor authentication, regular security assessments and penetration testing, physical controls for hardcopy records, contractual security obligations on third-party service providers, and regular review of security measures in response to emerging risks. No transmission or storage method is entirely secure, and Alkepay cannot guarantee absolute security. Client Representatives must safeguard their access credentials and notify Alkepay immediately of any suspected unauthorised account access.
Alkepay will notify the Office of the Privacy Commissioner of Canada ("OPC") as soon as feasible where a data breach creates a real risk of significant harm to one or more individuals, and will notify affected individuals directly unless a government authority requires notification to be delayed. Alkepay maintains a record of all data breaches for a minimum of twenty-four (24) months from the date the breach is identified, available to the OPC upon request. Where Alkepay acts as a data processor, it will notify the relevant controller immediately upon becoming aware of a breach affecting Personal Information processed on that controller's behalf.
Alkepay may send commercial electronic messages to Client Representatives and, where express consent has been provided, to Visitors, in compliance with CASL. Any recipient may withdraw consent at any time using the unsubscribe mechanism in each message or by contacting the Privacy Officer at dataprotection@alkepay.ca. Withdrawal of consent does not affect Alkepay's ability to send transactional or operational communications required for the performance of the Services.
When any person accesses the Website or Alkepay's platforms, Alkepay automatically collects technical information including IP addresses, browser type, device identifiers, and session data for security, fraud prevention, and analytical purposes. Alkepay does not use cookies or tracking technologies for advertising or marketing profiling. Visitors may configure their browser to refuse or delete cookies, though this may affect Website functionality.
The Website may contain links to third-party websites. Alkepay does not operate or control those sites, accepts no responsibility for their privacy practices, and encourages users to review their privacy policies before submitting any Personal Information.
Both Client Representatives and Visitors whose Personal Information is processed by Alkepay may, subject to applicable legal limitations, exercise the following rights under PIPEDA:
You have the right to request access to the Personal Information Alkepay holds about you and to receive an explanation of how it is used and to whom it has been disclosed. Access will be provided free of charge unless the request is manifestly unfounded or excessive.
You have the right to request that inaccurate or incomplete Personal Information be corrected or updated. Where Alkepay does not make a requested correction, we will note your disagreement in the record.
Where Alkepay processes Personal Information on the basis of consent, you have the right to withdraw that consent at any time, subject to legal and contractual restrictions. Withdrawal of consent may affect Alkepay's ability to provide the Services or to continue follow-up communications initiated through the Website.
You have the right to lodge a complaint with the OPC if you believe that your Personal Information has been handled in a manner inconsistent with PIPEDA. The OPC can be contacted at www.priv.gc.ca.
To exercise any of the above rights, please contact the Privacy Officer using the details in clause 17. Alkepay will respond within thirty (30) days of receipt of the request. Where Alkepay requires additional time to respond, we may extend this period by a further thirty (30) days, in which case Alkepay will notify you of the extension and the reasons for it before the expiry of the initial period, as permitted by PIPEDA.
Alkepay may update this Policy from time to time to reflect changes in its practices, Services, or applicable law. Material changes will be communicated by publication on the Website at https://alkepay.ca or by direct written notice. The effective date at the top of this Policy will be updated accordingly. Continued use of the Services or the Website following notification of a material change constitutes acceptance of the revised Policy.
This Policy is governed by the laws of Canada, including PIPEDA and CASL, and the laws of the Province of Ontario. Disputes that cannot be resolved directly with Alkepay may be referred to the Office of the Privacy Commissioner of Canada.
Alkepay has designated a Privacy Officer responsible for overseeing compliance with this Policy and with PIPEDA. For any questions, concerns, or requests relating to this Policy or the handling of your Personal Information, please contact:
Alkepay Inc. Privacy Officer
333 Bay Street, Suite 2400, Bay Adelaide Centre, Box 20
Toronto, Ontario M5H 2T6, Canada
Email: info@alkepay.ca
Telephone: +1 (416) 366-8381
Website: https://alkepay.ca
This Privacy Policy was approved for publication on 1 April 2026 and is subject to annual review.
© 2026 Alkepay Inc. All rights reserved.