Privacy Policy

DAPSYPAY PRIVACY POLICY

Effective Date: June 20th, 2026

Ajodex Financial Corp. (doing business as "DapsyPay", "we", "our", or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy ("Policy") explains how we collect, use, disclose, store, and protect your information when you access or use the DapsyPay website, calculator, dashboard, mobile application, and related cross-border payment services (the "Services").

This Policy is intended to support compliance with applicable Canadian privacy requirements, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and related principles.

By using DapsyPay, you acknowledge that you have read and understood this Privacy Policy.

1. Company Information

DapsyPay is operated by:

• Legal name: Ajodex Financial Corp. (DBA DapsyPay)
• Address: 400 - 1940 Eglinton Ave E, Scarborough, ON M1L 4R1, Canada
• Website: https://dapsypay.com
• Support Email: support@dapsypay.com
• WhatsApp: +1 (647) 692-0900
• Privacy Contact: support@dapsypay.com
• Country of Incorporation: Canada
• Data Protection Officer / Privacy Lead: No Data Protection Officer has been designated. Privacy-related inquiries may be directed to support@dapsypay.com
• EU Representative (required under GDPR Article 27 if DapsyPay has no establishment in the EU): Not applicable. DapsyPay does not currently maintain an establishment in the European Union and does not appoint an EU Representative under Article 27 of the GDPR.

2. Scope of This Policy

This Privacy Policy applies to:

• The DapsyPay website (including the calculator and dashboard)
• The DapsyPay mobile applications
• Account creation, Orders, and cross-border payment services
• Customer support interactions (including email, support, and WhatsApp)
• Transfer and payment processing services
• Identity verification and compliance checks
• Marketing and communications

"Personal information" means information about an identifiable individual (for example, name, date of birth, contact information, or government-issued identification details).

3. Services We Provide

DapsyPay provides international money transfer and related financial services.

Users may send and receive funds between supported jurisdictions including:

• United States
• Mexico
• Brazil
• United Kingdom
• Eurozone countries
• Canada
• Nigeria

Services may be provided directly by DapsyPay and/or through regulated banking, payment, compliance, identity verification, and financial service partners. See Section 4 for our regulatory status in each jurisdiction.

4. Regulatory Status and Licensing

DapsyPay is a financial technology platform operated by Ajodex Financial Corp., a Canadian financial technology company.

Ajodex Financial Corp. provides software, payment orchestration technology, account management tools, transaction monitoring, and customer support services. Ajodex Financial Corp. is not a bank and does not directly provide regulated money transmission services.

Certain payment, settlement, wallet, foreign exchange, and money movement services available through the DapsyPay platform are facilitated through regulated financial institution and payment infrastructure partners.

DapsyPay utilizes Bridge as its primary payment and financial infrastructure provider.

• For users outside the European Economic Area (EEA), applicable payment and financial services are supported through Bridge's regulated entities and infrastructure partners.
• For services involving residents of the United States, regulated money transmission services are provided by Bridge Building Inc. (NMLS #2450917) and other licensed financial institution partners where applicable.
• For residents of the European Economic Area (EEA), applicable services are provided through Bridge Building Sp. z o.o. and its authorized financial services infrastructure.
• Where services are made available to users in the United Kingdom, payment and financial services are facilitated through regulated banking, payment institution, and financial services partners. DapsyPay operates as a technology platform and facilitates access to payment services through regulated financial institution and infrastructure partners.
• Nigerian Naira collection, payout, and related financial services are facilitated through licensed banking, financial institution partners, and other regulated providers where applicable.

Services may not be available in all jurisdictions. Availability depends on regulatory requirements, partner coverage, sanctions restrictions, compliance obligations, and local laws.

DapsyPay reserves the right to restrict, suspend, or discontinue services in any jurisdiction where such services are prohibited or where regulatory requirements cannot be satisfied.

This information is provided for transparency and regulatory compliance purposes and is in addition to, not a substitute for, the licensing disclosures in our Terms of Service.

5. Information We Collect

We may collect:

• Full name
• Date of birth
• Nationality
• Residential address
• Email address
• Telephone number
• Government-issued identification details
• Account information, including login details (stored securely) and settings or preferences

To comply with legal and regulatory obligations, we may collect:

• Passport
• National ID card
• Driver's license
• Selfie or liveness verification
• Proof of address
• Tax-related information where required
• Other information required for compliance reviews

Selfie and liveness verification data may constitute biometric data, which is treated as a special category of personal data under certain laws (including GDPR). Where required by applicable law, we obtain your explicit consent before collecting or processing this data, and you may be offered an alternative verification method where one is legally required to be available.

We may collect:

• Bank account information
• Virtual account information
• Transfer funding information
• Recipient payment details
• Transaction references

To process transfers, we may collect:

• Recipient name
• Bank account details
• Bank name
• Routing information
• Country information
• Mobile wallet information where applicable

Recipient information is provided to us by the sender. We use it solely to complete the requested transfer and to meet our compliance obligations, and it is subject to the same protections described in this Policy.

We may collect:

• Transfer amount
• Funding amount
• Sending currency
• Receiving currency
• Exchange rate
• Fees
• Transaction history
• Payment status
• Transfer status

We may automatically collect:

• IP address
• Device identifiers
• Device type
• Operating system
• Browser information
• Mobile application version
• Log information
• Diagnostic information
• Approximate location (derived from IP address)
• Usage data, including pages visited, time spent, clicks, errors, and performance data

We may collect information contained in:

• Support requests
• Contact forms
• Complaints
• Feedback submissions
• Email communications

For business customers, we may collect:

• Business registration information
• Directors and beneficial owners
• Signing authorities
• Supporting documents (for example, incorporation documents)

We may receive information from:

• Identity verification providers, database checks, sanctions and PEP screening tools, and fraud prevention vendors
• Banks, payment partners, and service providers used to complete transfers
• Lawful sources where permitted or required (for example, compliance-related information)

6. How We Use Information

We use personal information to:

• Create and manage accounts
• Generate quotes and show calculator estimates
• Process Orders, payments, and delivery to recipients
• Verify user identities
• Conduct Know Your Customer (KYC) and Know Your Business (KYB) reviews
• Comply with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) requirements
• Process money transfers
• Facilitate currency exchange transactions
• Prevent fraud and financial crime
• Monitor security risks
• Provide customer support
• Send service notifications
• Improve platform functionality and user experience
• Meet legal and regulatory obligations
• Resolve disputes and complaints
• Send promotions or product updates where permitted by law and subject to your preferences or unsubscribe options

The legal bases on which we rely for these uses are described in Section 18 for users in the European Economic Area and United Kingdom.

We generally collect, use, and disclose personal information with your consent, except where the law permits or requires otherwise (for example, certain fraud prevention and legal compliance situations). You may withdraw consent in some cases; however, withdrawal may limit or prevent us from providing Services, especially where information is required for compliance or transaction processing.

7. Identity Verification and Compliance

DapsyPay is required to verify customer identities and monitor transactions to comply with applicable laws and regulations.

Identity verification may include:

• Document verification
• Selfie verification
• Liveness checks
• Sanctions screening
• Politically Exposed Person (PEP) screening
• Fraud prevention screening

To perform these activities, we may share information with identity verification and compliance partners including:

• Sumsub
• Dojah
• Bridge

These providers process information on our behalf and in accordance with applicable privacy and security requirements.

Some of this screening may be performed using automated systems. Where a fully automated decision produces a legal or similarly significant effect on you (for example, a transaction block or account restriction), you may request human review of that decision by contacting us using the details in Section 25.

8. Transfer Processing and Payment Partners

To provide money transfer services, we may share information with payment, banking, foreign exchange, settlement, and transfer partners.

Our current partners may include:

• Bridge
• Apaylo
• SafeHaven

Information shared may include:

• Sender information
• Recipient information
• Transfer details
• Compliance information
• Transaction references

Such sharing is necessary to facilitate transfers and satisfy legal and regulatory obligations.

9. Virtual Accounts and Funding Process

DapsyPay may provide users with virtual account details issued through regulated financial partners.

Users may fund transfers by depositing funds into assigned virtual accounts.

DapsyPay does not directly collect card payments through the application. Funding confirmations may be received through secure banking integrations, payment notifications, and webhook-based communication from financial partners.

Information associated with virtual account activity may be processed to:

• Confirm payments
• Reconcile transactions
• Detect fraud
• Maintain transaction records

10. Firebase Analytics

DapsyPay uses Firebase Analytics to help understand application performance, improve functionality, and enhance user experience.

Firebase Analytics may collect information such as:

• Device information
• Application usage information
• Crash and diagnostic information
• Performance metrics

Users can review Google's privacy practices at https://policies.google.com/privacy.

11. Cookies and Similar Tracking Technologies

Our website may use cookies and similar tracking technologies to support core functionality, remember preferences, measure site performance, and help prevent fraud.

We use cookies and similar technologies for:

• Essential site functionality and security (for example, authentication)
• Remembering preferences
• Analytics to improve the website and understand usage
• Fraud prevention and risk signals

Cookie preferences can be managed through your browser settings and, where applicable, through a cookie consent tool on our website. If you disable cookies, some features (such as login or dashboard functions) may not work properly.

A separate Cookie Policy with further detail is available at: https://dapsypay.com/cookie-policy

12. Notifications and Communications

We may send:

• Account notifications
• Security alerts
• Transfer updates
• Compliance notifications
• Customer service communications
• Push notifications
• Email communications

Users may manage certain communication preferences through their device settings or account settings.

13. How We Share Information

We may disclose personal information to:

• Identity verification providers
• Payment processors
• Banking partners
• Transfer partners
• IT and operations vendors (hosting, analytics, customer support tools)
• Professional advisors (legal, audit, accounting) where necessary
• Regulatory authorities
• Government agencies
• Law enforcement agencies
• Service providers assisting our operations

Business Transfers: If DapsyPay is involved in a merger, acquisition, restructuring, financing, or sale of all or part of its business or assets, personal information may be transferred to the successor or acquiring entity as part of that transaction, subject to protections consistent with this Policy.

We do not sell personal information to third parties.

We require service providers to use personal information only to perform services for us and to protect it with appropriate safeguards.

14. International Data Transfers

Because DapsyPay operates internationally, personal information may be transferred to, processed in, or stored in countries outside the user's country of residence, including countries that may not have data protection laws equivalent to those in your home country. Your information may be processed or stored in Canada and may also be processed by trusted third-party service providers in other jurisdictions (for example, where certain verification or infrastructure providers operate). When information is handled outside Canada, it may be subject to the laws of that jurisdiction.

Where such transfers occur, we implement appropriate safeguards designed to protect personal information, which may include:

• Standard Contractual Clauses approved by the European Commission or UK authorities
• Reliance on an applicable adequacy decision
• Other legally recognized transfer mechanisms

Where personal information originating from the European Economic Area (EEA) or the United Kingdom is transferred to a country that has not been determined to provide an adequate level of data protection, DapsyPay and its service providers will implement appropriate safeguards as required by applicable data protection laws.

These safeguards may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The UK International Data Transfer Addendum or other UK-approved transfer mechanisms
• Transfers to organizations located in jurisdictions recognized as providing an adequate level of data protection
• Contractual, technical, and organizational measures designed to protect personal information during processing and transfer

Individuals may contact us using the details provided in this Privacy Policy to request additional information regarding applicable international data transfer safeguards.

15. Data Retention

We retain personal information only for as long as necessary to:

• Provide services
• Meet contractual obligations
• Resolve disputes
• Enforce agreements
• Comply with applicable laws and regulations

Retention Period: Personal information, transaction records, identity verification information, compliance records, and related account data are generally retained for a minimum of five (5) years following account closure or the completion of the user's last transaction, or for such longer period as may be required by applicable law, regulatory requirements, court orders, audits, investigations, or legitimate business needs. For MSB-related records, retention periods can be at least 5 years for certain records and reports, consistent with FINTRAC recordkeeping guidance.

Where retention is no longer required, personal information will be securely deleted, anonymized, or otherwise disposed of in accordance with applicable laws and our data retention policies.

Certain financial, compliance, and transaction records may be retained for longer periods where required by applicable laws or regulatory requirements.

16. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information.

Security measures may include:

• Encryption in transit (for example, TLS/SSL)
• Access controls
• Authentication procedures
• Monitoring systems
• Secure infrastructure and storage practices
• Compliance controls
• Logging

No system can guarantee absolute security, and users acknowledge that information transmission over the internet carries inherent risks. No method of transmission or storage is 100% secure; however, we take reasonable steps to protect your data.

If there is a security incident involving personal information, we will assess the impact and take appropriate steps, which may include notifying affected individuals and/or relevant authorities where required.

17. Account Deletion and User Rights

Depending on applicable law, users may have rights to:

• Access personal information
• Correct inaccurate information
• Request deletion of information
• Object to certain processing activities
• Withdraw consent where applicable
• Receive a copy of personal information in a portable format (data portability)
• Lodge a complaint with a relevant supervisory authority (see Section 20)

Under PIPEDA and related principles, you may request access to your personal information and request corrections if it is inaccurate, subject to legal and security limitations.

Users may request deletion of their DapsyPay account at any time directly through the DapsyPay application or by contacting us at support@dapsypay.com.

To protect account security and prevent unauthorized requests, we may require identity verification before processing an account deletion request.

Upon approval of a deletion request:

• Access to the user's account will be disabled or terminated
• Personal information that is no longer required will be deleted, anonymized, or securely disposed of
• Certain information may be retained where required to comply with legal, regulatory, anti-money laundering (AML), counter-terrorist financing (CTF), fraud prevention, accounting, tax, dispute resolution, security, and recordkeeping obligations

Most account deletion requests are processed within thirty (30) days of successful identity verification. In some cases, additional time may be required where permitted by applicable law.

Where information must be retained to satisfy legal or regulatory obligations, such information will be securely retained for the applicable retention period and deleted, anonymized, or securely disposed of when retention is no longer required.

The deletion of an account does not affect information that Ajodex Financial Corp. is legally required or permitted to retain under applicable laws, regulations, court orders, investigations, or compliance obligations.

Certain information may be retained after deletion requests where required for legal, regulatory, fraud prevention, compliance, tax, accounting, or security purposes.

18. Additional Information for Users in the EEA and United Kingdom (GDPR)

Where the General Data Protection Regulation (GDPR) or the UK GDPR applies to our processing of your personal information, the following additional information applies.

We rely on one or more of the following legal bases depending on the purpose of processing: performance of a contract with you (for example, executing a transfer); compliance with a legal obligation (for example, KYC/AML checks); your explicit consent (for example, biometric verification, certain marketing); and our legitimate interests (for example, fraud prevention), balanced against your rights and interests.

As noted in Section 7, certain compliance and fraud-screening decisions may be automated. Where such a decision has a legal or similarly significant effect on you, you have the right to request human review, to express your point of view, and to contest the decision.

You have the right to lodge a complaint with your local data protection supervisory authority, or with the supervisory authority listed in Section 20, without prejudice to any other administrative or judicial remedy.

19. Additional Information for California Residents (CCPA/CPRA)

If you are a California resident, applicable law may give you additional rights, including:

• The right to know what personal information we collect, use, disclose, and (if applicable) sell or share
• The right to delete personal information, subject to legal retention exceptions described in Section 15
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information
• The right to limit the use of sensitive personal information
• The right to non-discrimination for exercising any of these rights

We do not sell personal information for monetary consideration.

Confirmation of whether any disclosures to our verification or payment partners constitute a "share" under CPRA, and the related opt-out mechanism (if applicable): We may disclose personal information to service providers, payment processors, identity verification providers, banking partners, compliance providers, fraud prevention providers, cloud infrastructure providers, and other vendors that assist us in providing our services. These disclosures are made for business purposes, including payment processing, identity verification, anti-money laundering compliance, fraud prevention, security, customer support, and regulatory compliance.

Based on our current business practices, DapsyPay does not sell or share personal information for cross-context behavioral advertising purposes as those terms are defined under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

California residents may submit requests using the contact details in Section 25. We may need to verify your identity before completing a request, and you may designate an authorized agent to submit a request on your behalf.

20. Supervisory Authorities

Depending on where you live, you may be able to direct privacy questions or complaints to the following authorities, in addition to contacting us directly:

• Canada: Office of the Privacy Commissioner of Canada (OPC) — priv.gc.ca
• United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
• Nigeria: Nigeria Data Protection Commission (NDPC)
• United States: Federal Trade Commission (FTC), and the relevant state Attorney General's office

21. Children's Privacy

DapsyPay services are intended only for individuals who are at least 18 years of age.

We do not knowingly collect personal information from children under 18.

If we become aware that personal information from a child has been collected, we will take appropriate steps to remove such information.

22. Blog and Contact Forms

Our website may contain:

• Blog content
• Contact forms
• Customer support forms

Information submitted through these features may be used to respond to inquiries, provide support, and improve our services.

23. Regulatory Disclosures

DapsyPay may disclose information where required by:

• Anti-Money Laundering regulations
• Counter-Terrorist Financing regulations
• Financial crime investigations
• Court orders
• Legal proceedings
• Regulatory requests

We reserve the right to disclose information where required by applicable law.

24. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

When material changes are made, we may notify users through:

• Website notices
• Mobile application notices
• Email communications

The updated version will be posted on DapsyPay with a revised effective date. Continued use of DapsyPay after updates constitutes acceptance of the revised Privacy Policy.

25. Contact Us

For privacy questions, complaints, or requests, please contact:

• Legal name: Ajodex Financial Corp. (DBA DapsyPay)
• Address: 400 - 1940 Eglinton Ave E, Scarborough, ON M1L 4R1, Canada
• Email: support@dapsypay.com
• WhatsApp: +1 (647) 692-0900
• Website: https://dapsypay.com