Last updated May 2025

Privacy Policy

At RemitBee, we are committed to protecting your personal information and your right to privacy and we take it very seriously.

1.0 Introduction

Your privacy is important to us. This privacy policy explains the personal data Remitbee Incorporatedorporated processes, how Remitbee processes it, and for what purposes. It is in line with U.S, E.U, and Canadian privacy laws such as General Data Protection Regulation, Californian Consumer Privacy Act, the Privacy Act, and the Personal Information Protection and Electronic Documents Act (PIPEDA).This policy should be read together with the Terms of Service for Remitbee products and services. Where there is a conflict, this policy will prevail. This policy applies to all customers and visitors of www.remitbee.com.

1.1 Introduction & Scope

At Remitbee Incorporated. (“Remitbee”, “we”, “us”, or “our”), your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services, visit our website (www.Remitbee.com), or interact with us through mobile applications, APIs, or customer service channels.

This policy applies to all users of Remitbee’s services, including individuals using our platform to send or receive money, pay international bills, purchase gift cards or mobile top-ups, or access our currency exchange tools.

We are committed to protecting your personal data in accordance with applicable privacy laws, including:

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
Quebec’s Act respecting the protection of personal information in the private sector (Law 25)
The California Consumer Privacy Act (CCPA), where applicable

Remitbee does not currently meet the business thresholds for mandatory compliance with the CCPA. However, we do not sell personal data or use it for cross-context behavioral advertising, and we aim to uphold strong privacy protections for all users, including U.S. residents. If this status changes due to U.S. market expansion or future legislation, we will revise this Privacy Policy accordingly.

This Privacy Policy also outlines your rights and choices regarding your personal information, and how you can contact us to exercise these rights.

By accessing or using any part of Remitbee’s services, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with the terms outlined here, you should not use our services.

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal obligations, or for other operational reasons. When we make material changes, we will notify you through our website, app notifications, or by email, as required by law. We encourage you to review this policy regularly to stay informed about how we are protecting your information.

1.2 Privacy Officer Designation

In accordance with Quebec’s Law 25, Remitbee Incorporated. has designated a Privacy Officer responsible for overseeing compliance with privacy obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (Law 25), and other applicable data protection laws.

Our designated Privacy Officer is:

Manos Yoganthan
Chief Operating Officer (COO) & Compliance Officer
[email protected]
Remitbee Incorporated., 2 Robert Speck Pkwy, Suite 620, Mississauga, ON L4Z 1H8
+1 647-689-2323

You may contact Mr. Yoganthan with any questions, complaints, or requests to exercise your privacy rights. All inquiries will be addressed in accordance with applicable legislation and internal privacy protocols.

2.0 What Personal Data We Collect

2.1 Directly from You

You may provide personal data when you:

Register for a Remitbee account: including your name, email address, mobile number, and password.
Verify your identity: including government-issued ID, real-time selfie or biometric image, and address documentation. This is necessary to comply with anti-money laundering (AML) and know-your-customer (KYC) obligations under FINTRAC.
Initiate or receive a transaction: including recipient information, payment method details (e.g., linked bank accounts, debit cards), and remittance instructions.
Contact our support team: via live chat, phone, or email. This may include recordings or transcripts, depending on the method of communication.
Participate in promotions: such as contests, sweepstakes, referral programs, or bonus campaigns. We may collect relevant entries, social media handles, or promotional codes.
Submit feedback or reviews: through the app, website, or third-party platforms.
Sign up for communications: including newsletters, product updates, marketing campaigns, and satisfaction surveys.

This information is collected with your knowledge and consent, as required by PIPEDA and Law 25. Certain fields may be mandatory for account activation or regulatory compliance.

2.2 Information Collected Automatically

When you access or interact with our services via web or mobile, we automatically collect device and usage data to maintain platform security, optimize performance, and enhance your user experience. This includes:

Technical information: IP address, browser type, operating system, time zone settings, mobile device ID, and network information.
Usage data: log-in timestamps, pages visited, app navigation patterns, clicks, errors, and transaction attempts.
Geolocation data: precise or approximate location, where permitted by your device or app settings.
Interaction data: whether you opened or clicked on a marketing email, banner ad, or push notification.

We and our partners use technologies such as:

Cookies (persistent and session-based)

2.3 Information Received from Third Parties

We may receive additional personal data about you from external sources, in compliance with applicable laws. These sources include:

Identity verification providers: to confirm the authenticity of your documents, match biometric images, or assess fraud risk.
Banking institutions and payment processors: for funding confirmation, risk scoring, chargeback prevention, and payout status.
Credit bureaus or fraud monitoring services: for transaction legitimacy, risk profiling, and compliance with sanctions screening.
Advertising and marketing networks: for campaign targeting, measurement, and opt-in tracking, where applicable.
Analytics and UX platforms: to gather aggregated user behavior data for platform improvement.
Social media platforms: if you engage with our content or register via third-party login.
Public databases and regulatory bodies: including government-issued watchlists, politically exposed person (PEP) lists, or open records relevant to AML compliance.

Where required, we ensure these third parties are contractually obligated to protect your personal data and process it only in accordance with our instructions and applicable privacy laws.

2.4 Sensitive Information & Explicit Consent

As part of our services and regulatory compliance obligations, Remitbee collects and processes personal information only with your explicit, informed, and specific consent for each purpose, as required by Quebec’s Law 25 and other privacy legislation.. This includes biometric data, geolocation data, and government-issued identifiers. These categories of data are treated with heightened security and require your explicit consent prior to collection or use.

2.4.1 Biometric Data

To comply with anti-money laundering (AML) and Know Your Customer (KYC) regulations, we may require identity verification through the submission of identification documents and a real-time photo. This image may be analyzed using facial recognition and liveness detection technologies to confirm that the document matches your identity and to protect against fraud or impersonation.

Remitbee uses trusted third-party service providers, such as Persona, to perform these verifications on our behalf. These providers may extract and process biometric information, such as facial geometry, solely for the purpose of identity verification and fraud prevention.

Biometric data is considered sensitive personal information and is:

Collected and processed only with your informed and explicit consent.
Handled using strong encryption, secure storage protocols, and strict access controls.
Retained only for the duration necessary to complete the verification, unless legal or regulatory obligations require a longer retention period.
Permanently deleted or securely de-identified once it is no longer required.

You have the right to withdraw your consent for biometric data processing at any time by contacting us at [email protected]. Please note that withdrawing consent may limit your ability to access certain features or complete identity verification.

2.4.2 Jurisdictional Compliance

Remitbee adheres to all relevant privacy laws governing the use of biometric data, including:

The Personal Information Protection and Electronic Documents Act (PIPEDA)
Alberta’s Personal Information Protection Act (PIPA)
British Columbia’s PIPA

2.4.3 Transparency of Third Parties

Biometric verification is carried out by specialized vendors who are contractually bound to limit the use of your data to verification purposes and to comply with applicable data protection standards. For more information about how these partners manage biometric data, you may refer to:

Persona Privacy Policy for Identity Verification
Persona Standard Privacy Policy
Consumer Health Data Privacy Policy

By using Remitbee’s services and consenting to verification procedures, you agree to the collection and processing of biometric data as outlined in this policy.

2.5 Other Uses for Your Personal Information

Remitbee will notify a user if their personal information is used for other purposes. We use your PII in the following ways:

To provide you with requested services;
To manage your account with Remitbee;
To respond to questions, comments or concerns regarding Remitbee;
To allow for more meaningful and useful marketing initiatives;
To investigate legal claims;
To administer any Remitbee software applications;
Such purposes for which Remitbee may obtain consent from time to time;
Such other uses may be permitted or required by applicable law.

3.0 How & Why We Use Your Data

We use your personal information to open, verify, and maintain your Remitbee account. This includes allowing you to send money, exchange currency, pay international bills, or top up mobile phones. We use your information to process your transactions securely, show your activity history, and let you manage your saved recipients and payment methods. These activities are necessary to deliver the services you request.

3.1 To Provide & Manage Your Account

3.2 To Verify Your Identity & Prevent Fraud

Before you can use many of our services, we need to verify your identity. We collect and use your government-issued ID, live photo, and in some cases. We use this information to confirm who you are, detect duplicate or suspicious accounts, and help protect against fraud, identity theft, or money laundering. This is required by Canadian law and our obligations as a registered financial service provider under FINTRAC.

For all verifications, we use facial recognition or biometric analysis provided by trusted third-party identity verification partners. This only happens with your clear consent, in line with Quebec’s Law 25 and other privacy regulations.

3.3 To Meet Our Legal & Regulatory Obligations

We are legally required to collect, store, and sometimes report certain information about you and your activity. This includes verifying your identity, monitoring transactions for suspicious activity, and retaining records of your financial interactions for audit or inspection purposes. We may also check your information against government watchlists or sanctions lists as part of our regulatory duties. These obligations come from agencies such as FINTRAC and CRA.

3.4 To Communicate with You

We use your contact details to send you important information about your account or transactions. This includes verification codes, payment confirmations, security alerts, changes to your account, and updates to our policies or services. These communications are necessary to deliver our services and keep you informed.

You may also choose to receive optional messages such as promotional offers, referral rewards, or currency exchange rate alerts. We will only send these marketing messages with your explicit consent, and you can opt out at any time.

3.5 To Improve & Secure Our Platform

We analyze how users interact with our website and mobile app so we can improve features, optimize performance, and fix technical issues. This includes collecting device data, usage logs, and interaction patterns to help us understand how people use Remitbee. We may also use this information to protect our systems from abuse, hacking attempts, or other threats.

We process this information based on our legitimate interest in maintaining a secure and user-friendly platform, and in some cases, with your consent when technologies like cookies or location tracking are involved.

3.6 To Resolve Issues & Enforce Our Terms

If something goes wrong—such as a failed transaction, a payment dispute, or a reported violation of our terms—we may use your information to investigate the issue, communicate with affected parties, and resolve the matter. We may also use your data to enforce our rights, recover funds, or protect other users from harm. These actions are based on legal obligations or our legitimate interest in protecting our platform and users.

3.7 With Your Consent

In some cases, we may ask for your explicit consent to use your personal information for a specific purpose not described above—for example, to publish a customer testimonial or to use biometric data beyond identity verification. When we ask for consent, you will always have the choice to accept or decline, and you may withdraw your consent at any time by contacting us.

3.8 Storage and Infrastructure

Remitbee stores your personal data securely using Microsoft Azure, which operates a globally distributed network of data centers with strict security, compliance, and data residency protocols. Azure is certified under major standards including ISO/IEC 27001 and supports data localization for Canadian clients.

Data may be stored or processed outside your province or country. We take all reasonable steps to ensure that transfers are protected in accordance with PIPEDA and other applicable data protection laws.

3.9 Security of Your Information

We implement strong administrative, technical, and physical safeguards to protect your information, including:

SSL encryption
Firewall protection
Access logging
Secure credential management

However, no method of transmission or storage is 100% secure. While we make every effort to protect your personal information, we cannot guarantee absolute security.

3.10 Do Not Track

Some browsers allow users to send 'Do Not Track' signals. Remitbee does not currently respond to these signals, as we aim to provide a consistent and personalized experience to all users.

3.11 Children’s Privacy

Remitbee services are not intended for children under the age of 13. We do not knowingly collect personal information from minors. If we become aware that a child under 13 has submitted personal data, we will delete it immediately.

4.0 How We Share Your Data

Remitbee does not sell your personal information. However, to provide our services, comply with legal requirements, and protect our platform, we may share your information with trusted third-party partners. We disclose only the data necessary for the partner to perform their function and require them to uphold strict confidentiality and data protection obligations.

4.1 With Financial Institutions & Payment Partners

We share certain data with banks, card networks, Interac, and other payment service providers in order to complete your transactions. This includes details like your name, payment instructions, and account information necessary to send or receive funds. These partners are subject to their own regulatory obligations and privacy frameworks.

4.2 With Identity Verification & Compliance Service Providers

To comply with Canadian anti-money laundering regulations (e.g., FINTRAC), we use trusted third-party tools to verify your identity and detect fraud. This includes:

eIDVerified by Equifax: This service performs a soft identity check that does not affect your credit score. It confirms your identity and verifies that the information you’ve provided is accurate. This is not a credit check. A soft identity check does not access your credit score, does not leave an inquiry on your credit report, and has no impact on your credit history. The check is used strictly to confirm that the personal information you provide matches public or credit file records — it is not used to evaluate your financial health or lending eligibility.
Flinks: We use Flinks to verify the existence of your linked bank account with a Canadian financial institution. This reduces the risk of non-sufficient funds (NSF) errors and helps detect and prevent fraud.
Persona: We use government-issued ID documents and facial images with your consent, particularly for biometric matching during onboarding

For your reference and clarity, by consenting to the biometric verification, you acknowledge that you have read, understood, and agreed to the following Terms of Service and Policies:

Persona Privacy Policy for Identity Verification
Persona Standard Privacy Policy
Consumer Health Data Privacy Policy

As such, we may share the following information with these partners:

Government-issued photo ID (e.g., driver's license or provincial ID)
A real-time facial image captured during onboarding
Your name, address, and date of birth
Bank account ownership verification
Device and geolocation information, as needed for risk assessment

These providers may analyze biometric features (such as facial geometry) only for identity verification. They are contractually bound to:

Use your information solely for the intended verification purpose
Apply strong encryption and access controls
Comply with Canadian privacy laws, including PIPEDA and Law 25

By using Remitbee’s services, you agree to the terms and conditions of these third-party providers. These tools are used strictly for regulatory compliance and fraud prevention purposes.

If you have concerns or questions about the soft check process, you may contact us at [email protected] or reach out to Equifax Canada, Flinks, or Persona for more information on their identity verification practices.

4.3 With Technology & Infrastructure Providers

We may share certain information with cloud hosting services, analytics providers, and security monitoring tools that help us deliver, maintain, and improve Remitbee’s platform. For example, we may share anonymized or aggregated usage data to detect bugs, analyze trends, or enhance user experience. These providers are contractually restricted from using your information for any purpose other than providing services to Remitbee.

4.4 With Legal and Regulatory Authorities

We may disclose your personal information to law enforcement, regulators, tax authorities (e.g., FINTRAC), or courts when required by law. This includes situations involving fraud investigations, sanctions compliance, or lawful subpoenas.

If any provision of this section is deemed unenforceable or invalid, the remaining provisions shall remain in full force and effect.

4.6 With Professional Advisors

We may disclose your personal information to law enforcement, regulators, tax authorities (e.g., FINTRAC or CRA), or courts when required by law. This includes situations involving fraud investigations, sanctions compliance, or lawful subpoenas.

If any provision of this section is deemed unenforceable or invalid, the remaining provisions shall remain in full force and effect.

In some cases, we may share information with legal advisors, auditors, insurers, or accountants when reasonably required for legal claims, dispute resolution, regulatory filings, or internal audits. These professionals are subject to confidentiality obligations and professional standards.

5.0 Your Privacy Rights

We believe you should have clear control over your personal information. Depending on where you live and how you use Remitbee, you may have certain legal rights regarding the personal information we collect and process.

We are committed to upholding these rights, and we’ve made tools available to help you manage your data. If you have questions or would like to exercise any of these rights, you can contact us at [email protected].

Our website and services are not directed to children under 13. We do not knowingly use cookies to collect personal data from minors. Where stricter consent rules apply for minors (e.g., parental consent requirements), we will follow the applicable laws before setting any non-essential cookies.

5.1 Access to Your Information

You have the right to request a copy of the personal information we hold about you. We will provide this in a structured, easy-to-read format unless legal restrictions apply.

5.2 Correction and Updates

If your personal details are incomplete, inaccurate, or out of date, you have the right to request that we correct or update them. In many cases, you can do this directly by logging into your Remitbee account.

5.3 Deletion of Personal Information

You can request that we delete your personal data. We will comply unless we’re required to retain it for legal, regulatory, or fraud prevention purposes — such as data retention obligations under FINTRAC or for resolving outstanding issues related to your account.

5.4 Withdraw Consent

You have the right to withdraw your consent at any time for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.

You may withdraw consent for specific purposes, including but not limited to:

Biometric data processing used for identity verification
Marketing and promotional communications
Use of cookies or tracking technologies (see Section 7.3)
Third-party data sharing (where applicable and not required for compliance)

5.4.1 How to Withdraw Consent:

To withdraw your consent, you may:

Update your settings within your Remitbee account dashboard (where available),
Use the unsubscribe links in marketing emails,
Adjust your browser or device settings for cookies and tracking,
Or contact us directly at [email protected] with your specific request.

We will confirm receipt of your request and process it within 30 days, unless a shorter timeframe is required by applicable law.

5.4.2 Impact of Withdrawal

Withdrawing consent may impact your access to certain features. For example:

Declining or withdrawing biometric consent may prevent us from verifying your identity, which is required to use financial services on our platform.
Withdrawing cookie consent may limit website functionality or personalization.
Opting out of marketing does not affect service-related or transactional communications.

We will never penalize you for withdrawing consent and will always provide alternatives where legally and technically feasible.

5.5 Object to Processing or Request a Restriction

In certain cases, you may object to how we use your information or ask us to limit its use — for example, if we’re processing your data based on our legitimate interest. We’ll consider your request and comply if there are no overriding legal or operational reasons to retain it.

5.6 Data Portability

Under Quebec’s Law 25, effective September 22, 2024, and other applicable privacy laws, you have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format. This allows you to:

Review the data we hold about you
Transfer it to another organization, where technically feasible

Remitbee will fulfill valid data portability requests within 30 days, unless a shorter timeframe is required by law.

To submit a data portability request, please contact our Privacy Officer at [email protected]. We may need to verify your identity before completing your request.

Note: This right applies to data you provided directly to us, including data collected with your consent or for contract execution.

5.7 Rights under Quebec’s Law 25

If you are a resident of Quebec, you are entitled to enhanced rights under Law 25 concerning your personal information. This includes:

5.7.1 Right to Be Informed of Automated Decision-Making

Remitbee may use automated decision-making systems in specific situations, such as:

Assessing whether your identity verification is successful based on submitted documents and facial image
Evaluating the risk level of a transaction (e.g., frequency, amount, location) to determine if it should be flagged for manual review
Detecting unusual account activity that may indicate fraud

These decisions are based on rule-based logic and fraud-prevention algorithms designed to protect your account and comply with regulatory obligations.

5.7.2 Your Rights Regarding Automated Decisions

If an automated decision:

Denies you access to a service (e.g., account creation or transaction processing), or
Has a significant impact on you legally or financially

Then, under Law 25, you have the right to:

Be informed that an automated system was used
Request a human review of the decision
Submit observations to explain or challenge the result

You may exercise this right by contacting us at [email protected]. We will review your case and respond with meaningful human involvement in accordance with Law 25.

5.8 Managing Communications and Preferences

You can manage your preferences for marketing emails and promotional offers by using the unsubscribe link in our emails or updating your notification settings in your Remitbee account. You’ll continue to receive essential communications related to your account, transactions, or legal updates.

5.9 How to Exercise Your Rights

You can contact us at [email protected] to make any of the above requests. We may need to verify your identity before fulfilling your request to protect your privacy. We aim to respond to all valid requests within 30 days, in line with Canadian privacy laws.

If you have concerns about how we handle your information, you may also have the right to file a complaint with the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’information du Québec, or your local data protection authority.

5.10 Your Rights by Jurisdiction

We respect your rights under relevant privacy laws. Below is a summary of the rights available based on where you live:

If you reside in Canada (outside of Quebec):

Under PIPEDA, you have the right to:

Access the personal data we hold about you
Request correction or updates to inaccurate data
Withdraw consent (subject to legal exceptions)
Request deletion of personal information no longer needed
File a complaint with the Office of the Privacy Commissioner of Canada

If you reside in Quebec:

Under Law 25, you have the right to:

Be informed of any automated decision-making that affects you, and request a human review
Be notified if your data is stored outside Quebec
Request de-indexing, anonymization, or destruction of data once its use is complete
Receive clear notice of biometric processing and any cross-border transfers
File complaints with the Commission d’accès à l’information (CAI)

If you reside in Alberta:

Under Alberta’s Personal Information Protection Act (PIPA), you have the right to:

Access your personal information held by an organization
Request correction of any inaccuracies
Be informed about how your information is being used and disclosed
Submit complaints to the Office of the Information and Privacy Commissioner of Alberta (OIPC AB)

For more information, visit: www.oipc.ab.ca

If you reside in British Columbia:

Under British Columbia’s Personal Information Protection Act (PIPA), you have similar rights, including:

Access and correct your personal data
Withdraw consent for secondary uses
Be notified of the purposes of data collection
File complaints with the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC)

More information: www.oipc.ab.ca

If you reside in California:

Request a list of personal information collected, sold, or disclosed
Request deletion of your personal information (with some exceptions)
Opt out of the sale or sharing of personal data
Not be discriminated against for exercising your privacy rights
File complaints with the California Privacy Protection Agency (CPPA)

Please note: Remitbee does not sell personal data, as defined by the CCPA.

6.0 Data Security & Retention

We take the security of your personal information seriously. At Remitbee, we use a combination of technical, administrative, and physical safeguards to protect your data against unauthorized access, use, disclosure, or loss.

6.1 How We Keep Your Data Secure

We implement industry-standard security measures designed to keep your data safe, including:

Encryption: We encrypt sensitive personal data in transit and at rest using strong encryption protocols.
Access Controls: Only authorized Remitbee personnel can access your personal data. Access is granted based on strict business needs and is logged and monitored.
Secure Hosting: Our systems are hosted in secure data centers with multiple layers of protection and continuous monitoring.
Network Security: We use firewalls, intrusion detection systems, and regular vulnerability scans to protect our infrastructure.
Fraud and Abuse Detection: We monitor account activity and use automated systems to detect unusual behavior or signs of fraud.

We also require our third-party service providers (such as payment processors, identity verification vendors, and analytics platforms) to maintain strict security standards, and we assess them regularly to ensure they meet our expectations.

6.2 How Long We Keep Your Information

Remitbee retains personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. We maintain specific retention periods for various categories of data to ensure compliance, data minimization, and user privacy.

6.2.1 Retention Periods by Data Type

Category	Retention Period	Purpose
Identity verification documents	5 years from date of account opening or account closure	Required by FINTRAC for audit and anti-money laundering purposes
Biometric data (e.g., facial scans)	5 years from date of account opening or account closure	Used solely for identity confirmation and fraud prevention
Transaction and payment history	5 years from date of account opening or account closure	Regulatory compliance, accounting, and dispute resolution
Customer support communications	Until consent is withdrawn	Quality assurance, fraud prevention, and dispute handling
Marketing preferences and consent logs	Until consent is withdrawn	Consent tracking, compliance with CASL and CCPA
Website and app analytics data	Up to 3 years (anonymized or aggregated where possible)	Platform optimization, security monitoring, and usage analysis

6.2.2 Data Deletion and Anonymization

Once the retention period for a given category of data expires, we will:

Permanently delete the information from our systems,
Anonymize it so that it can no longer be associated with any identifiable individual, or
Retain it in a restricted archive if required for ongoing legal, compliance, or fraud prevention obligations.

Deletion is performed using secure, industry-standard processes to ensure your information cannot be reconstructed or accessed.

6.2.3 Your Rights and Deletion Requests

If you request deletion of your data or closure of your Remitbee account, we will:

Remove your data within 30 days, subject to any legal or compliance-based hold.
Retain only the minimum data necessary to fulfill ongoing obligations, such as transaction records mandated by FINTRAC.

To submit a data deletion request, contact us at [email protected]. Verification of identity will be required to process your request.

6.3 Cross-Border and Quebec-Specific Retention

Remitbee may store or process your personal information outside of your province or country of residence, including in the United States, the European Union, and other jurisdictions where our cloud infrastructure providers and identity verification partners operate.

These transfers are necessary to deliver our services, support platform functionality, and meet our regulatory obligations. However, we take strong measures to ensure your data is protected, regardless of where it is processed.

6.3.1 Safeguards for International Data Transfers

To ensure your personal data receives adequate protection, we implement the following safeguards:

Standard contractual clauses (SCCs) or equivalent data transfer agreements with all international vendors, as required by privacy regulations.
Vendor due diligence to confirm adherence to strong security and privacy standards.
Encryption and access controls for all cross-border data flows.
Role-based access restrictions to ensure only authorized personnel can access your information.
Privacy Impact Assessments (PIAs) are conducted for high-risk activities and cross-border projects.

6.3.2 Quebec Residents (Law 25 Compliance)

For users residing in Quebec, Remitbee complies with the cross-border transfer requirements of Law 25, which mandate that personal data may only be disclosed outside of Quebec where the jurisdiction offers an adequate level of protection.

Before transferring personal data outside Quebec, we assess:

The sensitivity of the information
The purpose of the transfer
The legal framework and safeguards in the destination jurisdiction

Personal information may be transferred to or processed by the following categories of service providers:

Cloud hosting (Microsoft Azure)
Identity verification (Persona, Equifax, Flinks)
Analytics, customer engagement, and fraud tools

All international vendors are contractually bound to implement appropriate safeguards, including:

Standard Contractual Clauses (SCCs)
Data encryption in transit and at rest
Role-based access control and vendor audits

If you would like more information about how your data is processed across borders or wish to access specific contractual safeguards, you may contact our Privacy Officer at [email protected].

6.4 Privacy Impact Assessments

Remitbee recognizes that certain data processing activities—such as biometric identity verification, automated decision-making, or the transfer of sensitive data outside of Canada—may present elevated privacy risks.

To address these risks, we conduct Privacy Impact Assessments (PIAs) or Data Protection Impact Assessments (DPIAs), depending on the applicable legal requirements. These assessments evaluate:

The sensitivity and volume of personal information involved
The intended purpose of the processing
Potential impacts on individuals’ rights and freedoms
The technical and organizational safeguards we implement to mitigate risks

Examples of activities that trigger a privacy assessment include:

Biometric data collection for identity verification
Automated decision-making systems that affect user eligibility or access
Cross-border transfers of personal data to cloud infrastructure or service providers

These assessments help ensure compliance with:

Law 25 (Quebec), which requires a formal privacy impact analysis for cross-border transfers and biometric processing
PIPEDA principles of accountability and proportionality
Industry best practices for risk-based privacy management

We update our PIAs and DPIAs when there are material changes to processing technologies, vendors, or legal obligations.

6.5 Data Breach Notification Procedures

Remitbee Incorporated. takes data security seriously. In the event of a data breach involving personal information, we follow the breach notification requirements outlined in Quebec’s Law 25 and the Personal Information Protection and Electronic Documents Act (PIPEDA).

We will assess every suspected or confirmed breach to determine whether it poses a risk of serious injury (Law 25) or a real risk of significant harm (PIPEDA) to individuals.

Where such risk exists, Remitbee will:

Notify the Commission d’accès à l’information (CAI) in Quebec and/or the Office of the Privacy Commissioner of Canada (OPC), as applicable, as soon as feasible
Inform affected individuals directly and promptly, including details about:
- The nature of the breach
- The type of personal information involved
- Measures taken to mitigate the breach
- Steps individuals can take to protect themselves
- Contact information for further questions
Maintain a log of all privacy breaches, whether reportable or not, in compliance with Law 25 and PIPEDA record-keeping obligations
File a breach report via the online portal provided by the OPC or CAI where required

Remitbee also regularly reviews its breach response procedures and trains internal staff to ensure timely and effective incident handling. Where a breach is reportable under PIPEDA, we use the official breach reporting form provided by the Office of the Privacy Commissioner of Canada (OPC), which was updated in May 2024. This form can be accessed via the OPC website.

7.0 Cookies & Tracking Technologies

Like most websites and mobile applications, Remitbee uses cookies and similar technologies to provide a better, faster, and safer experience — and to help us understand how people use our services. These tools also allow us to remember your preferences and tailor communications and offers that are relevant to you.

7.1 What Are Cookies?

Cookies are small text files stored on your browser or device when you visit a website. They help us recognize your browser, remember your settings, and improve your overall experience. Other technologies we use for similar purposes include:

Web beacons / pixels – tiny image files that track how users engage with content
Software development kits (SDKs) – for in-app tracking on mobile
Local storage / session storage – for temporary or persistent data storage in your browser

7.2 Types of Cookies We Use

We categorize the cookies we use as follows:

Strictly Necessary Cookies
These are essential to make our services work — for example, to log in to your account, authenticate transactions, or maintain security. They cannot be disabled.
Performance and Analytics Cookies
These help us understand how users interact with our website or app, which features are most popular, and where users may encounter problems.
Functional Cookies
These allow us to remember your preferences (like language, location, or saved recipients) and offer a more personalized experience.
Marketing and Advertising Cookies
These cookies help us deliver ads or promotions that are more relevant to your interests. They may also track the performance of our campaigns or limit how often you see the same message.

If you would like to manage your use of cookies then you can find out how to do so by visiting www.allaboutcookies.org.

7.3 Managing Your Cookie Preferences

We give users control over if cookies and similar tracking technologies are used when interacting with our website and mobile applications.

7.3.1 Cookie Settings Panel

You can manage your cookie preferences through our Cookie Settings tool:

As a banner when you first visit our website, and
Is always accessible via the footer link titled “Cookie Settings” at www.Remitbee.com (or within the app’s Settings menu, where applicable).

Through this panel, you can:

Enable or disable cookies (e.g., analytics, marketing),
Review details about specific cookies we use,

7.3.2 Retention of Cookies

Retention periods may vary depending on your device, browser, or cookie provider.

Third-Party Cookies

We may allow third-party service providers to set cookies on your device to:

Analyze website traffic
Deliver targeted advertisements
Improve app performance

These providers may collect information about your browsing behavior across different websites or apps. Their use of data is governed by their own privacy policies.

You can learn more about managing cookies in general by visiting www.allaboutcookies.org.

Cookie Type	Typical Retention Period
Session cookies	Deleted when the browser is closed
Analytics cookies	Retained up to 12–24 months
Functional cookies	Retained up to 12 months
Marketing/advertising cookies	Retained up to 13 months (subject to user consent)

Retention periods may vary depending on your device, browser, or cookie provider.

Third-Party Cookies

We may allow third-party service providers to set cookies on your device to:

Analyze website traffic
Deliver targeted advertisements
Improve app performance

8.0 Your Privacy Controls and Contact Information

8.1 Marketing Communications

You can opt out of promotional or marketing communications by clicking “unsubscribe” in our emails or by adjusting your preferences in your account. You will still receive service-related notifications such as payment confirmations and important policy updates.

8.2 Contact Information

If you have questions, concerns, or requests related to this Privacy Policy or your personal information, please contact our Privacy Officer: <br
Manos Yoganthan
Chief Operating Officer (COO) & Compliance Officer
[email protected]
Remitbee Incorporated.
2 Robert Speck Pkwy, Suite 620
Mississauga, Ontario, Canada L4Z 1H8
+1 647-689-2323

For general customer service inquiries unrelated to privacy or data protection, please contact: [email protected]