Privacy Policy

RYPLEX SOLUTIONS LTD.

Privacy and Personal Information Protection Policy

How Ryplex Solutions Ltd. collects, uses, stores, discloses, protects, and otherwise processes personal information in connection with our services.

1. General Statement

Ryplex Solutions Ltd. (“Ryplex”, “Company”, “we”, “our”, or “us”) respects the confidentiality, privacy, and security of personal information provided by customers, website visitors, business partners, and other individuals who interact with our services.

This Policy explains how we collect, use, store, disclose, protect, and otherwise process personal information in connection with our website, platform, onboarding process, customer accounts, transactions, support communications, and compliance procedures.

By accessing our website, creating an account, submitting documents, or using any Company service, you acknowledge that your personal information may be processed in accordance with this Policy and applicable law.

2. Application of this Policy

This Policy should be read together with any customer terms, cookie notices, consent forms, or service- specific disclosures made available by the Company.

visitors browsing our website;
customers registering for or using our services;
individuals communicating with our support or compliance teams;
persons involved in transactions, verification checks, complaints, investigations, or regulatory reviews;
representatives, directors, beneficial owners, or authorised persons of corporate customers, where applicable.

This Policy should be read together with any customer terms, cookie notices, consent forms, or service- specific disclosures made available by the Company.

3. Legal and Regulatory Context

Ryplex Solutions Ltd. processes personal information in accordance with applicable privacy, financial crime prevention, and regulatory obligations, including where relevant:

Canadian privacy requirements, including PIPEDA;
anti-money laundering and counter-terrorist financing obligations;
sanctions screening and fraud prevention requirements;
recordkeeping duties imposed by law or regulators;
contractual obligations with customers and service providers;
international privacy standards where they apply to specific individuals or transactions.

Where different legal requirements apply, the Company may process and retain information as necessary to comply with the stricter or more specific obligation.

4. Types of Information We May Collect

Depending on the nature of the relationship and services used, Ryplex may collect and process the following categories of information:

Identification Information. Full name, date of birth, nationality, citizenship, identification document details, photographs, signatures, and identity verification results.

Contact Information. Email address, telephone number, and communication preferences.

Financial and Transaction Information. Bank account details, payment card information where applicable, source of funds, source of wealth, transaction history, wallet addresses, exchange records, payment references.

Compliance and Risk Information. Sanctions screening results, politically exposed person checks, adverse media findings, fraud indicators, risk ratings, tax residency details, enhanced due diligence documents, and internal compliance notes.

Technical and Device Information. IP address, device identifiers, browser type, operating system, access logs, geolocation data, cookies, session data, and security metadata.

Support and Communication Records. Emails, chat messages, complaints, call notes, submitted explanations, uploaded documents, and correspondence with the Company.

Biometric or Authentication Data. Where required for identity verification or security purposes, this may include facial images, liveness checks, selfie verification, or similar authentication data.

5. How Information Is Collected

Ryplex may obtain personal information from several sources.

WInformation Provided Directly. This includes details submitted during registration, account updates, transaction requests, compliance reviews, support interactions, or complaint handling.

Information Generated Through Use of Services. This includes transaction records, platform activity, login history, device data, and security logs created when services are accessed.

Information Received from Third Parties. This may include data from identity verification providers, payment processors, financial institutions, blockchain analytics providers, fraud prevention tools, credit or screening databases, public registries, and competent authorities.

Publicly Available Sources. Where legally permitted, the Company may review public corporate registers, sanctions lists, court records, media publications, professional profiles, or other publicly accessible sources for compliance and verification purposes.

6. Purposes for Processing Personal Information

Ryplex processes personal information for lawful, necessary, and proportionate purposes, including:

creating and maintaining customer accounts;
verifying identity and eligibility;
conducting KYC, AML, CTF, sanctions, fraud, and risk checks;
processing transfers, exchanges, payments;
monitoring transactions and detecting suspicious or unusual activity;
protecting the Platform against misuse, cyber threats, and unauthorised access;
providing customer support and resolving complaints;
complying with legal, tax, regulatory, reporting, and recordkeeping obligations;
improving service functionality, website performance, and operational efficiency;
enforcing agreements, policies, and legal rights;
sending service-related communications.

7. Legal Grounds for Processing

Depending on the circumstances, the Company may rely on one or more legal grounds to process personal information, including:

performance of a contract with the customer;
compliance with legal or regulatory obligations;
legitimate business interests, including fraud prevention, platform security, risk management, and service improvement;
consent, particularly for optional marketing or certain cookies where required;
establishment, exercise, or defence of legal claims;
protection of vital interests or prevention of serious harm where applicable.

Where processing is based on consent, consent may be withdrawn at any time, subject to legal or contractual limitations.

8. Security and Safeguards

Ryplex Solutions Ltd. applies technical, organisational, and administrative measures intended to protect personal information from unauthorised access, misuse, alteration, disclosure, loss, or destruction.

These safeguards may include:

encryption during transmission and storage;
firewalls and network monitoring;
multi-factor authentication;
access controls based on business necessity;
internal confidentiality obligations;
secure document storage;
activity logging and monitoring;
periodic security assessments;
vendor due diligence and contractual protections.

Although no digital system can be guaranteed as completely secure, the Company takes reasonable steps to reduce security risks and respond to incidents appropriately.

9. Sharing and Disclosure of Information

Personal information may be shared where necessary and lawful with:

payment processors, banks, and financial institutions;
KYC, KYB, AML, sanctions, fraud prevention, and blockchain analytics providers;
IT hosting, cloud, cybersecurity, and infrastructure providers;
legal, audit, tax, compliance, and professional advisers;
customer support and communication service providers;
regulators, FINTRAC where applicable, law enforcement, courts, tax authorities, or other competent bodies;
affiliates, contractors, or business partners involved in delivering the Services.

The Company does not sell personal information. Third parties receiving data are expected to process it only for authorised purposes and subject to appropriate confidentiality and security obligations.

10. International Data Transfers

Because certain technology, compliance, payment, or infrastructure providers may operate outside Canada, personal information may be transferred to, stored in, or accessed from other jurisdictions.

Where cross-border processing occurs, Ryplex will take reasonable steps to ensure that appropriate legal, contractual, and technical safeguards are applied, taking into account the nature of the information and applicable law.

Customers acknowledge that personal information processed in another jurisdiction may be subject to lawful access requests by authorities in that jurisdiction.

11. Retention of Personal Information

Ryplex retains personal information only for as long as necessary for the purposes for which it was collected, unless a longer period is required or permitted by law.

In particular:

customer identification, verification, and transaction records may be retained for at least five years after the end of the business relationship where required for AML/CTF compliance;
records connected to disputes, investigations, legal claims, or regulatory inquiries may be retained for a longer period;
technical logs may be retained for periods necessary for security, audit, and operational purposes;
information no longer required will be securely deleted, anonymised, or archived in accordance with internal procedures.

Investigations will be conducted objectively, proportionately, and with due regard to confidentiality and fairness.

12. Customer Rights

Subject to applicable law and regulatory limitations, individuals may have the right to:

request access to personal information held about them;
request correction of inaccurate or incomplete information;
request deletion where retention is no longer legally required;
restrict or object to certain processing activities;
withdraw consent where processing is based on consent;
request portability of certain information in a structured format;
object to direct marketing;
request human review where automated decisions produce significant effects.

Some rights may be limited where the Company must retain or process information for AML/CTF, sanctions, fraud prevention, legal claims, regulatory reporting, or security purposes.

13. Automated Screening and Risk Assessment

The Company may use automated tools to assist with identity verification, sanctions screening, transaction monitoring, fraud detection, geolocation checks, and customer risk scoring.

Automated tools may help identify unusual activity, high-risk behaviour, document inconsistencies, prohibited jurisdictions, or potential misuse of the Services.

Where required by law, customers may request additional information or human review of decisions that materially affect access to services.

14. Cookies and Website Tracking

The Company may use cookies, pixels, analytics scripts, log files, and similar technologies to operate the website, improve user experience, remember preferences, measure performance, and support security controls.

Some cookies are essential for website functionality, while others may be used only where permitted by law or based on consent.

Further details may be provided in the Company’s Cookie Notice, where applicable.

15. Accuracy of Information

Customers are responsible for ensuring that personal information provided to the Company remains accurate, complete, and up to date.

The Company may request updated information periodically or where inconsistencies are identified.

Failure to provide accurate information may result in delayed transactions, restricted services, account suspension, or closure.

16. Children and Minors

The Company’s services are not intended for minors or persons below the legal age required to enter binding financial or commercial arrangements.

Ryplex does not knowingly provide services to minors. If the Company becomes aware that information has been collected from a minor without lawful basis, appropriate steps will be taken to delete or restrict that information.

17. Policy Updates

This Policy may be amended from time to time to reflect legal, regulatory, technological, or operational changes.

The updated version will become effective once published or otherwise notified, unless a later effective date is stated.

Customers are encouraged to review this Policy periodically.

Other Policies