Payin Payout Orchestrate
Crypto Exchanges Fintechs PSPs & MTOs Payroll & Marketplaces Remittance Banks
Currencies FX Rates
API Docs ↗ Get API Access
About Legal LinkedIn ↗
Get Started
Home/Legal/Nodu RoW Privacy Policy

Nodu RoW Privacy Policy

Nodu Canada, Inc.

Last updated: 17.06.2026 Region: Rest of World Legal entity: Nodu Canada, Inc.

Nodu (“we”, “us”, “our”) is committed to protecting your privacy and personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, provincial privacy laws, including Quebec’s Act respecting the protection of personal information in the private sector, as amended (Law 25), and the personal information protection legislation of Alberta and British Columbia. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use our services.

1. Who We Are

Nodu is a brand operated by Nodu Canada Inc., a corporation incorporated under the laws of the Province of Ontario, Canada (Ontario Business Registry ID 1001337843, Business Number 774641831), with its registered office in Toronto, Ontario. Nodu is registered with FINTRAC as a money services business (MSB), registration number C100001091.

For privacy-related inquiries and to exercise your rights, contact our Privacy Officer at canada@nodu.fi.

2. Personal Information We Collect

We collect personal information necessary for service delivery and regulatory compliance, including information about customers and, where relevant, their directors, beneficial owners, authorised representatives and transactional counterparties:

  • Identification data: first and last name, date of birth, nationality, and identification documents such as a passport or government-issued ID.
  • Contact data: email, phone number, address, and proof of residence.
  • Business and control data: corporate registration details, ownership and control structure, directors, beneficial owners, authorised users, purpose and nature of the relationship, expected activity and source of funds or source of wealth where required.
  • Payment, transaction and wallet data: bank account details, payment information, virtual currency wallet addresses, transaction details, counterparties, originator/beneficiary information and information required for payment, virtual currency transfer and Travel Rule compliance.
  • Biometric data used during electronic identity verification, where applicable and with your consent.
  • Technical data: IP address, cookie data, and device information.
  • Information obtained from third-party AML, sanctions, wallet-monitoring and identity-verification service providers.
  • Information received from other Nodu Group entities or previous Nodu service providers where you request, accept or are assessed for onboarding, service continuity, compliance review or support.

We collect, use and disclose personal information with your consent, which may be express or implied depending on the sensitivity of the information and the purpose, except where collection, use or disclosure without consent is permitted or required by law. We process your personal information for the following purposes:

  • To provide and administer our services and manage our contractual relationship with you.
  • To comply with the PCMLTFA and FINTRAC requirements, including customer identification and verification, KYB/KYC, sanctions and risk screening, ongoing monitoring, record-keeping, and reporting of suspicious and prescribed transactions.
  • To process payments and virtual currency transactions, including payment information, wallet information, originator/beneficiary information and Travel Rule or similar transfer information.
  • Where applicable, to meet our obligations as a payment service provider under the RPAA, including operational risk management, incident response, end-user fund safeguarding and regulatory reporting.
  • To protect our customers, services and systems, including fraud prevention, security, service improvement, support, issue investigation and operational risk management.
  • To assess onboarding, service continuity or compliance review where you request or accept a transition to Nodu Canada from another Nodu Group entity or previous service provider.
  • To report to regulatory and supervisory authorities, including FINTRAC and the Bank of Canada, where required.

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may prevent us from providing some or all of the services, and certain processing required by law, such as AML record-keeping, will continue.

4. Sharing and Transfers of Personal Information

  • We share your personal information with trusted service providers and other Nodu Group entities where necessary to provide services, support operations, comply with law and manage risk. This may include payment processors, banks or payment institutions, virtual currency and liquidity providers, identity-verification providers, AML/sanctions/wallet monitoring providers, cloud and IT providers, customer-support providers and professional advisers. We require service providers by contract to protect personal information and use it only for authorised purposes.
  • We may share information with financial institutions, virtual currency service providers or transaction counterparties where required to execute a transaction, complete payment or virtual currency transfer information, comply with Travel Rule or similar requirements, or investigate fraud, sanctions, AML/CTF or operational issues.
  • We may disclose personal information to Canadian regulatory and supervisory bodies, including FINTRAC and the Bank of Canada, and to law enforcement and the Canada Revenue Agency, where legally required or permitted.
  • Some of our service providers or group entities may store or process personal information outside your province or outside Canada. Where this occurs, the information may be subject to the laws of those jurisdictions, and we use contractual and organisational safeguards to protect it. For individuals in Quebec, we assess transfers outside Quebec as required by Law 25 before they take place.

5. Cookies and Tracking

We use cookies and similar technologies on our websites for essential functionality, analytics, and security. You can adjust your preferences as described in our Cookie Policy and through your browser settings. Where required by law, we obtain your consent before using non-essential cookies.

6. Data Retention

We retain your personal information only for as long as necessary to provide the services and comply with legal, regulatory, tax, accounting, dispute-resolution and audit requirements. Records required under the PCMLTFA are generally retained for at least five years from the applicable triggering date, depending on the record type. When information is no longer required, we securely destroy, erase or anonymise it.

7. Security Measures

Nodu maintains technical, organisational and contractual safeguards appropriate to the sensitivity of the information, including access controls, authentication, encryption or equivalent protection where appropriate, logging, vendor controls, staff confidentiality obligations, security monitoring and incident-response procedures.

8. Your Rights

Subject to applicable law, you have the following rights in respect of your personal information:

  • Access to the personal information we hold about you, and information about how it has been used and disclosed.
  • Correction of inaccurate or incomplete personal information.
  • Withdrawal of consent, subject to legal or contractual restrictions.
  • For individuals in Quebec, additional rights under Law 25, including data portability, the right to request that information be de-indexed in certain circumstances, and rights in respect of decisions based exclusively on automated processing.

To exercise any right, contact our Privacy Officer at canada@nodu.fi. We may need to verify your identity before responding and will respond within the time required by applicable law. If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner of Canada, to the Commission d’accès à l’information du Québec if you are in Quebec, or to the privacy regulator in your province.

9. Breach Notification

We maintain records of breaches of security safeguards involving personal information. Where a breach creates a real risk of significant harm to an individual, we will report it to the Office of the Privacy Commissioner of Canada and notify affected individuals as required by law. We will also notify other organisations or government institutions where required or where we believe notification may reduce or mitigate the risk of harm.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Updates will be published on our website with the revision date. Where required by law or where changes are material, we will provide additional notice or obtain consent before the changes take effect.

11. Contact Us

For privacy questions, requests or complaints, contact the Nodu Canada Privacy Officer by email at canada@nodu.fi or by mail at: Nodu Canada Inc., 1463 Davenport Rd, Toronto, Ontario, M6H 2H6, Canada. Please include enough information for us to identify you and respond to your request.