Privacy.

Effective Date: April 20, 2026

1. Overview

Go Remit Pay LTD ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you use the Go Remit Pay mobile application on iOS or Android, our website, and any related money transfer services (together, the "Service").

Go Remit Pay LTD is registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as a Money Services Business under registration number N300000106. Because we are an MSB, our handling of your personal information is governed by both Canadian privacy law and Canadian anti money laundering law. In some cases these laws require us to collect and keep information even when you would prefer that we did not. This policy is written in plain English so that you can understand what that means in practice.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Who This Policy Applies To

This policy applies to every person who downloads, registers for, or uses the Service, including senders and, where applicable, recipients whose information is provided to us for the purpose of completing a transfer. It also applies to visitors to our website and to anyone who contacts our support or compliance teams.

The Service is only available to residents of Canadian provinces and territories where we are authorized to operate. Residents of Quebec are not currently eligible for the Service, and this Privacy Policy does not describe obligations under An Act respecting the protection of personal information in the private sector (Quebec Law 25). If your residency changes, you must update your profile and we will re-assess your eligibility.

3. Information We Collect

To provide financial services and comply with FINTRAC regulations, we collect the following categories of personal information. We only collect what we need for the purposes described in Section 4.

  • Identity Data: your full legal name, date of birth, residential address, nationality, and occupation or source of income.
  • Government Documents: images or scans of your passport, driver's licence, provincial photo identification, or other government issued identification used for Know Your Customer (KYC) verification. Where required, we may also collect a selfie or short video for liveness checks.
  • Financial Data: your bank account details, credit or debit card information, stored payment tokens, and declared source of funds and source of wealth.
  • Transaction Data: recipient name and account details, destination country, amount sent and received, currency, exchange rate applied, fees, purpose of the transfer, and a full history of your transfers.
  • Communication Data: records of your messages to our support and compliance teams, including email, in-app chat, and phone call notes.
  • Technical Data: your device type, operating system and version, app version, IP address, mobile network information, unique device identifiers, and crash and performance logs.
  • Location Data: approximate location based on IP address, and more precise device location where you have granted that permission, used to confirm you are in a supported province and to help spot unusual activity.
  • Third Party Information: information about recipients, beneficiaries, or any third party you identify in a transaction. You are responsible for having the right to share that person's information with us.

4. How We Use Your Information

We use your personal information for the following purposes:

  • Providing the Service: opening and maintaining your account, processing your transfers, confirming delivery, issuing receipts, and providing customer support.
  • Regulatory Compliance: verifying your identity, screening against sanctions and watchlists, filing mandatory reports with FINTRAC, and otherwise meeting our obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its regulations.
  • Security and Fraud Prevention: detecting, investigating, and preventing unauthorized access, account takeover, money laundering, terrorist financing, sanctions evasion, and fraudulent transactions.
  • Risk Management: assessing your customer risk rating, applying enhanced due diligence where needed, and deciding whether to approve, hold, or decline a transaction.
  • Service Improvement: analyzing usage trends, testing new features, and fixing bugs.
  • Communications: sending transaction receipts, security alerts, service messages, and, with your consent, promotional messages. You can opt out of promotional messages at any time.
  • Legal and Enforcement: responding to lawful requests from regulators, law enforcement, courts, or other government authorities, and enforcing our Terms and Conditions.

5. Legal Basis and Consent (PIPEDA)

The Personal Information Protection and Electronic Documents Act (PIPEDA) requires us to have a valid basis for handling your personal information. When you register for the Service and accept this Privacy Policy you give us your express consent to collect, use, and share your personal information for the purposes set out in Section 4.

Some uses of your information are required by law, not by your consent. For example, we must verify your identity, keep certain records for five years, and report large or suspicious transactions to FINTRAC. Where the law requires us to act, we will do so even if you ask us to stop, for as long as your account is active and for the retention period that follows.

For marketing communications and optional features such as contact syncing, we rely on your express opt in consent and you can withdraw that consent at any time through the app settings or by contacting our Privacy Officer.

6. Data Sharing and Disclosure

We do not sell your personal information. We only share it with the following categories of recipients and only for the purposes described in this policy:

  • Banking and Payment Partners: Canadian and foreign banks, card networks, payment processors, and paying agents that help us move funds to your recipient.
  • Identity Verification Vendors: regulated providers that confirm the validity of your identification documents and perform electronic identity verification.
  • Fraud and Sanctions Screening Providers: vendors that help us screen transactions and users against global sanctions lists, politically exposed person databases, and fraud risk signals.
  • Cloud Hosting and IT Vendors: providers that host our systems, store records, send notifications, and help us operate the Service. These providers are bound by confidentiality and data protection obligations.
  • Professional Advisors: lawyers, auditors, accountants, and consultants under a duty of confidentiality.
  • Regulatory Authorities: FINTRAC, the Canada Revenue Agency, the Office of the Superintendent of Financial Institutions (OSFI), provincial regulators, and peer regulators in countries where we send funds, where disclosure is required by law.
  • Law Enforcement and Courts: where we receive a valid court order, production order, subpoena, or other binding legal demand.
  • Other Financial Entities: in line with information sharing permitted under Canadian anti money laundering law, we may share limited information with other regulated financial entities for the purpose of detecting and deterring money laundering, terrorist financing, and sanctions evasion.
  • Corporate Transactions: in the event of a sale, merger, financing, or reorganization, we may share information with advisors and prospective buyers under appropriate confidentiality obligations.

We never share your information with advertisers for the purpose of serving third party ads based on your financial activity.

7. Sanctions and Watchlist Screening

As a Canadian MSB, we are required to make sure that we do not provide services to, or move funds for, any person or organization listed under Canadian sanctions and anti terrorism laws. Before we open your account, before we release most transactions, and on an ongoing basis, we screen you, your recipients, and related parties against:

  • Sanctions lists maintained by the Office of the Superintendent of Financial Institutions (OSFI) and administered under the Special Economic Measures Act (SEMA), the United Nations Act, the Justice for Victims of Corrupt Foreign Officials Act, and related regulations.
  • Listings under the Criminal Code of Canada, including terrorist entity lists.
  • Lists maintained by the United Nations Security Council.
  • Other lists required by our banking partners or by the laws of countries where we send funds.

If a potential match is identified, we may pause or decline your transaction, request additional information, freeze the funds, and file a report with the appropriate authority. In some cases we are legally prohibited from telling you why a transaction was held or declined.

8. Cross Border Data Transfers

Go Remit Pay LTD is based in Alberta, Canada and our primary data is stored in Canada. However, some of our service providers process or store limited personal information outside of Canada, including in the United States and other countries. This can happen when we send a transfer abroad, when we use global fraud and identity vendors, or when we rely on cloud infrastructure.

When your personal information is transferred outside of Canada, it may be accessed by courts, law enforcement, and national security authorities in those countries under their local laws, which may offer different protections than Canadian law. We use contractual and technical safeguards to require comparable levels of protection from our vendors. If you would like a current list of the countries where your information may be processed, please contact our Privacy Officer.

9. Data Retention

Under the PCMLTFA and its regulations, we must keep the following records for at least five years:

  • Account opening and identity verification records, counted from the day your account is closed.
  • Records of each electronic funds transfer and each large or suspicious transaction, counted from the day the record was created.
  • Risk assessment, compliance training, and internal reporting records.

We may keep some records for longer where a longer period is required by another law, by a court order, or by an ongoing investigation or audit. When the retention period ends, we will securely destroy or de-identify the information. If you ask us to delete your information, we will delete what we are allowed to delete and keep what we are required to keep, and we will explain the difference if you ask.

10. Your Privacy Rights Under PIPEDA

Subject to the limits set by Canadian law, you have the following rights:

  • Access: you may request a copy of the personal information we hold about you and information about how we have used and shared it.
  • Correction: you may ask us to correct information that is inaccurate or incomplete.
  • Withdraw Consent: you may withdraw consent for uses that are based on consent, such as marketing. You cannot withdraw consent for uses that are required by law, such as KYC and AML monitoring, while your account is active.
  • Complaint: you may file a complaint with our Privacy Officer. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.

We will respond to most access and correction requests within 30 days, and we will tell you in writing if we need more time or need to redact information that we cannot legally share. We may need to verify your identity before we act on a request.

11. Mobile App Permissions

The Go Remit Pay app only requests the permissions it needs to work properly. You can change most permissions at any time in your device settings, but some features will not work without them.

  • Camera: used to scan your identification documents and to perform liveness checks during onboarding and for step up verification.
  • Photos: used only if you choose to upload an existing photo of your identification instead of taking one in the app.
  • Contacts: optional. Used only if you choose to sync contacts to find recipients. We only save a specific contact when you select it for a transfer.
  • Location: used to confirm you are in a supported province and to help detect unusual activity.
  • Notifications: used to send security alerts and transaction updates.
  • Biometrics: Face ID, Touch ID, or Android biometrics may be used to log you in or confirm a transaction. Biometric data never leaves your device and we never see it.

12. Third Party SDKs and App Store Platforms

We use a limited number of third party software development kits (SDKs) and platform services to deliver the Service. These include analytics and crash reporting tools, identity verification providers, push notification services, and customer support tools. Each provider is bound by a contract that restricts how they can use your information, and none of them are allowed to use your data for their own advertising.

When you download the app, your interaction with the Apple App Store or Google Play Store is governed by their own privacy practices. Those platforms may collect information about your device and your download. We do not control their practices and encourage you to review their privacy policies.

13. Children's Privacy

The Service is only available to people who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a minor, we will close the account and delete the information, subject to any retention obligations that apply.

14. Security Safeguards

We use a combination of physical, technical, and organizational safeguards to protect your personal information. These include AES 256 encryption of data at rest, TLS encryption of data in transit, role based access controls, multi factor authentication for staff, regular vulnerability scanning and penetration testing, secure software development practices, and PCI DSS aligned handling of card data.

No system is perfectly secure. You also play an important role by keeping your login credentials confidential, using a strong and unique password, enabling biometric or PIN protection on your device, and contacting us quickly if you suspect that your account has been compromised.

15. Breach Notification

Under PIPEDA, if we experience a breach of security safeguards that creates a real risk of significant harm to you, we are required to notify you and report the breach to the Office of the Privacy Commissioner of Canada. We will keep a record of all breaches, even those that do not meet that threshold, for at least 24 months.

If we need to notify you of a breach, we will do so as soon as reasonably possible and by a direct method such as email or in app notification. Our notice will describe what happened, what information was involved, what steps we are taking, and what you can do to protect yourself.

16. Electronic Communications and CASL

Canada's Anti Spam Legislation (CASL) governs commercial electronic messages. By creating an account, you provide express consent to receive service messages that we need to deliver the Service, such as transaction receipts, security alerts, and compliance notices. We cannot provide the Service without these messages.

Marketing messages, such as promotions, feature updates, or referral offers, are only sent with your express opt in consent. Every marketing email contains a one click unsubscribe link, and you can also manage your preferences in the app settings or by contacting our Privacy Officer. Unsubscribing from marketing does not remove you from service messages.

17. Cookies and Similar Technologies

Our website and app use cookies, local storage, and similar technologies to keep you logged in, remember your preferences, protect against fraud, and understand how our Service is used. Strictly necessary cookies cannot be turned off without breaking key features. Analytics cookies are only loaded when you consent through the cookie banner on our website. The app itself does not display third party advertising trackers.

18. Accessibility and Language Availability

We are committed to making the Service usable by as many people as possible. The app supports standard accessibility features on iOS and Android, including screen readers, dynamic text sizing, and high contrast mode. Our written materials are available in English. If you need help in another format, please contact our support team and we will do our best to accommodate your request.

19. Jurisdictional Note

The Service is intended only for residents of Canadian provinces and territories where we are authorized to operate. It is not directed at residents of Quebec, the European Union, the United Kingdom, the United States, or any other jurisdiction outside of Canada. If you access the Service from outside Canada, you do so on your own initiative and at your own risk, and you are responsible for complying with local laws.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will change the Effective Date at the top of the policy and post the updated version in the app and on our website. If the changes are significant, we will provide more prominent notice, such as an email or an in app message, before the changes take effect. Your continued use of the Service after the changes take effect means that you accept the updated Privacy Policy.

21. Contact Our Privacy Officer

If you have questions about this Privacy Policy, wish to exercise any of your rights, or would like to file a complaint, please contact our designated Privacy Officer:

  • Email: compliance@goremitpay.com
  • Mail: Privacy Officer, Go Remit Pay LTD, 2nd Floor, 243 - 4909 50 St, Red Deer, Alberta, Canada, T4N 1X8

If you are not satisfied with our response, you may also contact the Office of the Privacy Commissioner of Canada at 30 Victoria Street, Gatineau, Quebec, K1A 1H3, or by phone toll free at 1-800-282-1376.