Privacy Policy

Effective Date: March 23, 2026

1. Introduction

Quantifin Ltd, doing business as GLPay ("we," "us," "our," or "GLPay"), is a company incorporated in Ontario, Canada, registered as a Money Services Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). Our registered address is 130 Spadina Avenue, Unit 807, Toronto, Ontario M5V 2L4, Canada.

This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you use our website, platform, mobile application, and related services (collectively, the "Services"). By accessing or using GLPay, you acknowledge that you have read and understood this Privacy Policy.

GLPay is the proprietary trading name and trademark owned and controlled by Quantifin Ltd. All services offered under the GLPay brand are legally provided exclusively by Quantifin Ltd. There is no separate legal entity incorporated under the name "GLPay."

2. Information We Collect

We collect various types of information depending on the nature of your interaction with our Services and our legal and regulatory obligations.

2.1 Personal Information

When you register for an account, apply for our services, or interact with us, we may collect:

  • Full legal name, date of birth, nationality, and gender
  • Email address, telephone number, and mailing address
  • Government-issued identification documents (passport, driver's licence, national ID card)
  • Proof of address documents (utility bills, bank statements)
  • Photographs or selfies for identity verification purposes
  • Source of funds and source of wealth documentation
  • Employment or business information
  • Tax identification numbers and residency information

2.2 Business Information (KYB)

For business clients, we may additionally collect:

  • Company name, registration number, and jurisdiction of incorporation
  • Corporate structure and beneficial ownership information
  • Directors' and authorized representatives' identification details
  • Business licences and regulatory authorizations
  • Financial statements, contracts, and invoices
  • Nature of business activities and anticipated transaction volumes

2.3 Financial Data

In the course of providing our Services, we collect and process:

  • Bank account details and payment instrument information
  • Transaction history, including amounts, currencies, counterparties, and dates
  • Wallet balances and funding sources
  • Foreign exchange conversion records
  • Card transaction data (where applicable)

2.4 Technical Data

When you access our website or Services, we automatically collect:

  • IP address and geolocation data
  • Device type, operating system, and browser information
  • Unique device identifiers
  • Access times, pages viewed, and referral URLs
  • Cookies and similar tracking technologies (see Section 9)

2.5 KYC/KYB Verification Data

As a FINTRAC-registered MSB, we are required to perform Know Your Customer (KYC) and Know Your Business (KYB) due diligence. This may involve collecting information from third-party verification providers, including identity verification results, sanctions screening outcomes, politically exposed person (PEP) checks, and adverse media screening results.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • To open, maintain, and manage your GLPay account
  • To process payments, remittances, foreign exchange transactions, and card services
  • To execute wallet-to-wallet transfers and payouts
  • To facilitate fiat legs of crypto-related flows via licensed VASPs

3.2 KYC/AML Compliance

  • To verify your identity and conduct due diligence as required by law
  • To perform Enhanced Due Diligence (EDD) where required based on risk assessment
  • To screen against sanctions lists, PEP databases, and adverse media sources
  • To classify clients by risk level and apply appropriate monitoring

3.3 Transaction Processing and Monitoring

  • To record, process, and settle financial transactions
  • To perform daily reconciliation between internal ledgers and external bank balances
  • To maintain full transaction lifecycle traceability
  • To manage treasury operations, currency positions, and liquidity

3.4 Fraud Prevention and Security

  • To detect, investigate, and prevent fraud, money laundering, terrorist financing, and other illegal activities
  • To monitor account activity for unusual or suspicious behaviour
  • To apply velocity controls, transaction limits, and behavioural analysis
  • To protect the security and integrity of our platform and infrastructure

3.5 Customer Support

  • To respond to your inquiries, complaints, and support requests
  • To investigate and resolve disputes and errors
  • To communicate with you about your account and transactions

3.6 Product Improvement

  • To analyse usage patterns and improve our Services
  • To develop new products, features, and functionality
  • To conduct internal analytics and reporting

3.7 Legal Obligations

  • To comply with applicable laws, regulations, and regulatory guidance
  • To file mandatory reports with FINTRAC and other competent authorities
  • To respond to lawful requests from law enforcement, regulators, and courts
  • To enforce our Terms and Conditions and other agreements

4. Legal Basis for Processing

We process your personal information on the following legal bases:

4.1 Contractual Necessity

Processing is necessary for the performance of our contract with you — specifically, to provide GLPay wallet and payment services, process transactions, manage your account, and deliver the Services you have requested.

4.2 Legal Obligation

We are legally required to collect, process, and retain certain information under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated regulations, as well as other applicable Canadian and international laws. This includes KYC/KYB verification, transaction monitoring, sanctions screening, suspicious transaction reporting, large cash transaction reporting, electronic funds transfer reporting, and record keeping obligations mandated by FINTRAC.

4.3 Legitimate Interests

We may process your information where it is necessary for our legitimate interests, provided those interests are not overridden by your rights. This includes fraud prevention, security monitoring, platform improvement, internal analytics, and business operations.

4.4 Consent

In certain cases, we may rely on your consent to process personal information, such as for marketing communications or the use of non-essential cookies. Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. Information Sharing

We do not sell your personal information. We may share your information with the following categories of recipients, strictly on a need-to-know basis and in accordance with applicable law:

5.1 Regulated Financial Partners

We work with regulated banks, electronic money institutions (EMIs), payment service providers (PSPs), and licensed virtual asset service providers (VASPs) to deliver our Services. These partners receive the information necessary to process your transactions, issue cards, execute foreign exchange conversions, and facilitate fiat legs of crypto-related flows.

5.2 Compliance Authorities

We may disclose information to FINTRAC, law enforcement agencies, regulators, courts, and other competent authorities as required or permitted by law. This includes filing suspicious transaction reports, large cash transaction reports, electronic funds transfer reports, large virtual currency transaction reports, listed person or entity property reports, and beneficial ownership reports. Certain reporting obligations must be fulfilled without your knowledge or consent, and we are legally prohibited from informing you in some cases.

5.3 Service Providers

We engage third-party service providers who assist us in operating our business, including:

  • KYC/KYB verification and identity verification providers
  • Sanctions, PEP, and adverse media screening providers
  • Cloud hosting and infrastructure providers
  • Customer support tools
  • Analytics and monitoring services

These providers are contractually bound to process your information only on our behalf and in accordance with our instructions and applicable data protection requirements.

5.4 Card Networks

Where you use GLPay-issued cards, transaction data may be shared with relevant card networks (such as Visa or Mastercard) and payment processors in accordance with applicable scheme rules and cardholder agreements.

6. International Data Transfers

Your personal information may be processed and stored in Canada and in other jurisdictions where our regulated financial partners, service providers, and infrastructure are located. When your information is transferred outside of Canada, we take appropriate measures to ensure it is protected in accordance with applicable data protection laws.

By using GLPay, you acknowledge that your information may be processed in Canada and other jurisdictions, and that foreign authorities may have lawful access to data processed in their jurisdiction in accordance with local laws.

7. Data Retention

We retain your personal information for as long as your GLPay account remains active and as required to fulfil the purposes described in this Privacy Policy. Following account closure, we will continue to retain your information for the periods required by applicable law.

Under the PCMLTFA and FINTRAC regulations, we are required to retain certain records for a minimum of five (5) years from the date the record was created or the date of the last business transaction, whichever is later. This includes, but is not limited to:

  • Client identification and KYC/KYB verification records
  • Transaction records (including large cash transactions, electronic funds transfers, and virtual currency transactions)
  • Suspicious transaction reports and related documentation
  • PEP, HIO, and beneficial ownership records
  • Sanctions screening results
  • Compliance program records, risk assessments, and training records

We may retain information for longer periods where required by other applicable laws, for the establishment, exercise, or defence of legal claims, or where necessary for our legitimate business interests.

8. Your Rights

Subject to applicable law, you may have the following rights regarding your personal information:

8.1 Access

You may request a copy of the personal information we hold about you.

8.2 Correction

You may request that we correct inaccurate or incomplete personal information. You are also required under our Terms to keep your information accurate and up to date.

8.3 Deletion

You may request the deletion of your personal information. Please note that this right is subject to our legal obligations — we cannot delete information that we are required to retain under the PCMLTFA or other applicable laws.

8.4 Data Portability

Where technically feasible and required by applicable law, you may request that we provide your personal information in a structured, commonly used, and machine-readable format.

8.5 Withdrawal of Consent

Where we rely on your consent for processing, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

8.6 Complaints

If you believe that your privacy rights have been violated, you may submit a complaint to us at support@glpay.at. You also have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada or another relevant supervisory authority.

To exercise any of these rights, please contact us using the details provided in Section 13 below. We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

9.1 Essential Cookies

We use essential cookies that are strictly necessary for the operation of our website and Services. These cookies enable core functionality such as security, authentication, session management, and load balancing. They cannot be disabled without affecting the functionality of the Services.

9.2 Analytics Cookies

We may use analytics cookies and similar technologies to understand how visitors interact with our website, measure traffic, and identify areas for improvement. These cookies collect aggregated and anonymized data.

9.3 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may impair the functionality of our Services. For information on how to manage cookies, refer to your browser's help documentation.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption of data in transit and at rest
  • Access controls based on the principle of least privilege
  • Multi-factor authentication for account access
  • Continuous monitoring and logging of system activity
  • Regular security assessments and vulnerability testing
  • Employee training on data protection and security practices
  • Double-entry ledger system ensuring full auditability and traceability of all transactions
  • Daily automated reconciliation between internal ledger and external bank balances

While we take reasonable measures to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

11. Children's Privacy

GLPay services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, you must not use our Services or provide any personal information to us. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. When we make material changes, we will notify you by posting the updated policy on our website with a revised effective date and, where appropriate, by providing additional notice (such as via email or in-app notification).

We encourage you to review this Privacy Policy periodically. Your continued use of GLPay after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Quantifin Ltd (DBA GLPay)

130 Spadina Avenue, Unit 807
Toronto, Ontario M5V 2L4
Canada

Email: support@glpay.at

Website: https://glpay.at

Compliance Officer: Denys Petrov (Director)

14. GLPay Web Portal and Mobile App

GLPay is developing a web portal for exchange and remittance services, as well as a mobile payment application (GLPay) for iOS and Android. When these services become available, they will be subject to this Privacy Policy. The same data collection, use, sharing, and protection practices described herein will apply to information collected through the web portal and mobile application.

Any additional data practices specific to these platforms (such as mobile device permissions, push notifications, or biometric authentication data) will be communicated to you at the time of launch or through updates to this Privacy Policy.