Operated by Protect Safety Solutions Ltd. operating as SomPay


1. Introduction

Protect Safety Solutions Ltd. operating as SomPay ("SomPay", "Company", "we", "us", or "our") respects your privacy and is committed to protecting your personal information.

This Privacy Policy explains how we collect, use, disclose, store, process, retain, and protect information obtained through the SPUSD ecosystem, including the SPUSD Wallet, SPUSD Send, SPUSD Swap, redemption services, websites, applications, customer support channels, merchant services, and related products.

The purpose of this Privacy Policy is to help users understand:

  • What information we collect
  • Why we collect information
  • How information is used
  • How information is protected
  • When information may be disclosed
  • Your rights regarding your personal information

By creating an account, accessing our platform, opening a wallet, completing identity verification, initiating transactions, or otherwise using SPUSD services, you consent to the practices described in this Privacy Policy.

2. About SPUSD

SPUSD is a digital dollar stablecoin ecosystem owned, operated, administered, and maintained by Protect Safety Solutions Ltd. operating as SomPay.

SPUSD is intended to maintain a value equivalent to USD Coin (USDC) and provides users with access to digital wallet services, transfers, redemption services, digital asset conversion services, merchant payment solutions, and related financial technology services.

Because SPUSD operates within a regulated financial environment, certain information must be collected to comply with Canadian legal, regulatory, compliance, fraud prevention, and security requirements.

3. Our Privacy Commitment

SomPay is committed to handling personal information responsibly and in accordance with applicable privacy legislation.

We strive to ensure that personal information is:

  • Collected fairly and lawfully
  • Used only for legitimate business purposes
  • Protected through appropriate safeguards
  • Retained only as long as necessary
  • Accessible to users where required by law
  • Managed transparently

Privacy protection is incorporated into our operational procedures, compliance framework, technology systems, and security controls.

4. Information We Collect

Depending on the services you use, we may collect several categories of information.

The information collected may be provided directly by you, generated through your use of our services, received from third parties, or collected automatically through our systems.

5. Personal Identification Information

To establish and maintain your account, we may collect:

  • Full legal name
  • Date of birth
  • Residential address
  • Mailing address
  • Email address
  • Telephone number
  • Citizenship information
  • Residency information
  • Occupation
  • Employment information
  • Identification numbers where permitted by law
  • Tax-related information where required

We may also collect historical information necessary to verify identity and comply with legal obligations.

Failure to provide required information may prevent us from providing services.

6. Identity Verification Information

To comply with Canadian regulatory requirements, we may collect information used to verify your identity.

This may include:

  • Passport information
  • Driver's licence information
  • Provincial identification card information
  • Government-issued photo identification
  • Selfie photographs
  • Biometric verification results
  • Liveness detection results
  • Verification reports
  • Authentication records
  • Identity verification scores

Identity verification information may be collected directly by SomPay or through approved third-party verification providers.

Verification requirements may change over time based on regulatory requirements, risk assessments, or operational needs.

7. Financial Information

We may collect information relating to financial transactions and payment activity.

This may include:

  • Bank account information
  • Funding source information
  • Account balances
  • Deposit information
  • Withdrawal information
  • Redemption information
  • Transaction records
  • Payment records
  • Settlement information
  • Merchant payment information
  • Transfer information
  • Financial institution information

We collect this information to facilitate services, comply with legal obligations, and protect against fraud.

8. Wallet Information

SPUSD services involve digital wallet functionality.

We may collect and maintain records relating to:

  • Wallet addresses
  • Wallet identifiers
  • Wallet transaction history
  • Wallet balances
  • Beneficiary information
  • Authorized wallet activity
  • Associated blockchain records

Blockchain transactions may be publicly visible on distributed ledger networks.

While blockchain data may be publicly accessible, SomPay treats information linking blockchain activity to individual users as confidential and subject to this Privacy Policy.

9. Business Account Information

Where a user operates a business account, we may collect additional information including:

  • Business registration documents
  • Articles of incorporation
  • Partnership agreements
  • Corporate records
  • Beneficial ownership information
  • Director information
  • Shareholder information
  • Business licences
  • Tax registration information
  • Business banking information
  • Financial statements
  • Compliance documentation

Business users may be required to provide updated information periodically.

10. Compliance Information

To meet regulatory obligations, SomPay may collect information relating to compliance reviews and risk assessments.

This may include:

  • Source of funds documentation
  • Source of wealth documentation
  • Politically Exposed Person screening results
  • Sanctions screening results
  • Adverse media findings
  • Risk assessment reports
  • Enhanced due diligence records
  • Compliance review notes
  • Regulatory reporting information
  • Investigation records

This information assists us in preventing fraud, money laundering, terrorist financing, sanctions violations, and other unlawful activities.

11. Technical Information

When you use SPUSD services, our systems may automatically collect technical information.

This may include:

  • IP addresses
  • Device identifiers
  • Browser information
  • Operating system information
  • Application version information
  • Device type
  • Login history
  • Session information
  • Platform usage information
  • Error logs
  • Security event records

Technical information helps us maintain platform security, detect fraud, improve performance, and diagnose technical issues.

12. Communication Information

We may collect information relating to communications between users and SomPay.

This may include:

  • Customer support requests
  • Email communications
  • Live chat communications
  • Complaint records
  • Feedback submissions
  • Survey responses
  • Telephone call records where permitted by law
  • Compliance correspondence

These records may be retained to improve services, investigate disputes, respond to inquiries, and satisfy legal obligations.

13. Information Collected Automatically

Certain information may be collected automatically when users interact with our websites, applications, and services.

This may include:

  • Website activity
  • Application activity
  • Navigation patterns
  • Session duration
  • Device information
  • Security information
  • Authentication activity
  • Usage statistics

Automatic collection technologies help us improve functionality, security, performance, and user experience.

14. Information Received from Third Parties

We may receive information from third parties including:

  • Identity verification providers
  • Financial institutions
  • Banking partners
  • Compliance service providers
  • Fraud prevention providers
  • Payment processors
  • Regulatory authorities
  • Law enforcement agencies
  • Publicly available databases
  • Sanctions screening databases

Information received from third parties may be combined with information already maintained by SomPay.

15. Why We Collect Information

We collect information for legitimate business purposes including:

  • Creating and managing accounts
  • Providing SPUSD services
  • Processing transactions
  • Verifying identity
  • Detecting fraud
  • Conducting compliance reviews
  • Preventing financial crime
  • Maintaining platform security
  • Improving services
  • Responding to customer inquiries
  • Complying with legal obligations
  • Protecting users and the SPUSD ecosystem

We only collect information that we reasonably believe is necessary for these purposes.


SPUSD PRIVACY POLICY — PART 2


16. How We Use Your Information

SomPay uses personal information only for legitimate business, operational, compliance, security, and legal purposes.

Information collected through SPUSD services may be used to:

  • Verify identity
  • Create and maintain user accounts
  • Process transactions
  • Facilitate SPUSD transfers
  • Process SPUSD Swap transactions
  • Process redemption requests
  • Conduct compliance reviews
  • Prevent fraud
  • Detect suspicious activity
  • Monitor transaction activity
  • Respond to customer inquiries
  • Improve platform functionality
  • Enhance security controls
  • Conduct risk assessments
  • Satisfy legal obligations
  • Meet regulatory requirements
  • Protect users and the SPUSD ecosystem
  • Resolve disputes
  • Conduct audits
  • Investigate potential violations of our Terms of Use

SomPay does not sell personal information to third parties.

17. Legal Basis for Collection and Processing

Where required by applicable law, SomPay collects and processes personal information on one or more of the following legal bases:

  • User consent
  • Contractual necessity
  • Legal obligations
  • Regulatory compliance requirements
  • Legitimate business interests
  • Fraud prevention purposes
  • Security purposes
  • Protection of users and the public

Users acknowledge that certain information must be collected and processed in order for SomPay to provide regulated financial services.

Failure to provide required information may limit or prevent access to SPUSD services.

18. FINTRAC Reporting Obligations

As part of its compliance program, SomPay may collect, review, maintain, and disclose information required under applicable Canadian anti-money laundering and anti-terrorist financing laws.

Users acknowledge that SomPay may be required to:

  • Verify identity
  • Maintain transaction records
  • Monitor transaction activity
  • Review source of funds information
  • Review source of wealth information
  • Conduct sanctions screening
  • Conduct politically exposed person screening
  • File regulatory reports
  • Cooperate with regulatory authorities

SomPay may disclose information where required by applicable law without providing advance notice to affected users.

Nothing in this Privacy Policy limits SomPay's obligations under Canadian law.

19. Information Sharing

SomPay may share information with authorized third parties when necessary to provide services, satisfy legal obligations, maintain security, or prevent fraud.

Information may be shared only to the extent reasonably necessary for the purpose involved.

Recipients may include:

  • Banking partners
  • Payment processors
  • Identity verification providers
  • Compliance providers
  • Fraud prevention providers
  • Technology providers
  • Regulatory authorities
  • Law enforcement agencies
  • Professional advisors
  • Auditors
  • Government authorities

All third parties receiving information are expected to maintain appropriate confidentiality and security measures.

20. Banking Partners

SomPay may work with banks, financial institutions, payment processors, and settlement providers.

To facilitate services, SomPay may share information including:

  • User identification information
  • Transaction information
  • Account information
  • Funding information
  • Redemption information
  • Settlement information

Banking partners may also collect and process information independently in accordance with their own privacy policies.

SomPay is not responsible for privacy practices of independent financial institutions.

21. Identity Verification Providers

SomPay may use third-party identity verification providers to assist with KYC and compliance obligations.

Verification providers may receive:

  • Name
  • Address
  • Date of birth
  • Identification documents
  • Selfie images
  • Authentication information
  • Verification records

Verification providers may compare information against trusted databases and other sources to validate identity.

Verification providers are contractually required to protect personal information in accordance with applicable legal requirements.

22. Compliance Service Providers

SomPay may use specialized compliance providers to support:

  • AML screening
  • Sanctions screening
  • Politically exposed person screening
  • Adverse media screening
  • Risk assessments
  • Fraud monitoring
  • Transaction monitoring

These providers may process personal information necessary to perform their services.

Compliance reviews may occur before, during, or after transactions.

23. Fraud Prevention and Security Providers

SomPay may share information with security and fraud prevention providers to help protect users and the SPUSD ecosystem.

Information may be used to:

  • Detect unauthorized activity
  • Prevent account takeovers
  • Identify suspicious transactions
  • Investigate security incidents
  • Reduce fraud risks
  • Improve security controls

Users acknowledge that security reviews may occur without notice.

24. Law Enforcement Requests

SomPay may disclose information to law enforcement agencies, courts, regulators, government authorities, and other authorized parties where:

  • Required by law
  • Required by court order
  • Required by subpoena
  • Required by warrant
  • Necessary to investigate unlawful activity
  • Necessary to protect users
  • Necessary to protect SomPay
  • Necessary to prevent fraud

SomPay reserves the right to cooperate with lawful investigations involving suspected criminal activity.

25. Regulatory Disclosures

SomPay may disclose information to regulatory authorities where required or permitted by law.

Regulatory disclosures may involve:

  • Transaction information
  • Account information
  • Verification records
  • Compliance information
  • Investigation records
  • Audit records

Users acknowledge that regulatory reporting obligations may require disclosures without user consent.

26. Business Transfers

If SomPay undergoes:

  • Reorganization
  • Corporate restructuring
  • Merger
  • Acquisition
  • Sale of assets
  • Investment transaction

personal information may be transferred as part of that transaction.

Any successor entity will remain subject to obligations relating to the protection of personal information.

27. Cross-Border Data Processing

Certain service providers used by SomPay may be located outside Canada.

As a result, information may be stored, processed, or accessed in jurisdictions outside Canada.

These jurisdictions may have privacy laws that differ from Canadian privacy laws.

Where information is transferred internationally, SomPay takes reasonable steps to ensure appropriate safeguards are implemented.

Users acknowledge that information may be subject to lawful access by foreign governments, courts, regulators, or law enforcement agencies.

28. Data Retention

SomPay retains information only for as long as reasonably necessary to:

  • Provide services
  • Meet regulatory obligations
  • Maintain security
  • Resolve disputes
  • Enforce agreements
  • Prevent fraud
  • Comply with legal requirements

Retention periods may vary depending on the type of information involved.

Certain records may be retained following account closure where required by law or legitimate business needs.

29. Account Closure

Users may request closure of their accounts, subject to regulatory obligations and outstanding compliance requirements.

Account closure does not automatically result in deletion of all information.

SomPay may retain records following account closure where necessary to:

  • Comply with legal obligations
  • Complete investigations
  • Prevent fraud
  • Resolve disputes
  • Meet regulatory requirements
  • Enforce agreements

Certain records may remain archived after active account closure.

30. Security Safeguards

SomPay uses administrative, technical, physical, and organizational safeguards designed to protect personal information.

Safeguards may include:

  • Encryption
  • Access controls
  • Multi-factor authentication
  • Monitoring systems
  • Security audits
  • Risk assessments
  • Employee training
  • Incident response procedures
  • Vendor oversight

While SomPay takes reasonable steps to protect information, no system can guarantee absolute security.

Users are responsible for maintaining the security of their own devices, passwords, authentication methods, and account credentials.

31. User Responsibilities

Users play an important role in protecting their personal information and maintaining the security of the SPUSD ecosystem.

Users are responsible for:

  • Maintaining accurate account information
  • Protecting account credentials
  • Maintaining device security
  • Protecting authentication methods
  • Monitoring account activity
  • Reporting suspicious activity promptly
  • Updating personal information when changes occur
  • Following security recommendations provided by SomPay

Users should immediately notify SomPay if they suspect:

  • Unauthorized account access
  • Credential compromise
  • Identity theft
  • Fraudulent activity
  • Suspicious transactions
  • Device compromise

Failure to take reasonable security precautions may increase the risk of unauthorized access and financial loss.

32. User Access to Personal Information

Subject to applicable legal limitations, users may request access to personal information maintained by SomPay.

Requests may include:

  • Confirmation that information is maintained
  • Copies of personal information
  • Information regarding how personal information is used
  • Information regarding disclosures made by SomPay

Requests must be submitted through approved channels.

SomPay may verify identity before providing access to information.

Certain information may be withheld where permitted or required by law.

33. Correction of Personal Information

SomPay strives to maintain accurate records.

Users may request correction of inaccurate, incomplete, or outdated personal information.

Correction requests may require supporting documentation.

Where appropriate, SomPay will update information within a reasonable period of time.

Certain records may be maintained in their original form where required for legal, regulatory, compliance, audit, or evidentiary purposes.

34. Withdrawal of Consent

Where information processing is based upon consent, users may withdraw consent subject to legal, contractual, and regulatory limitations.

Withdrawal of consent may impact SomPay's ability to provide services.

Certain information may continue to be processed where:

  • Required by law
  • Required for compliance purposes
  • Required for fraud prevention
  • Required for dispute resolution
  • Required for security purposes

Users acknowledge that some regulatory obligations continue regardless of withdrawal of consent.

35. Cookies and Tracking Technologies

SomPay may use cookies, web beacons, analytics technologies, and similar tools to improve platform functionality and user experience.

These technologies may be used to:

  • Authenticate users
  • Maintain sessions
  • Improve performance
  • Analyze platform usage
  • Detect fraud
  • Monitor security
  • Improve services

Users may manage certain cookie settings through their browser settings.

Disabling cookies may affect platform functionality.

36. Analytics and Performance Monitoring

SomPay may collect information relating to platform performance and usage.

Analytics information may include:

  • Page visits
  • Session duration
  • Device information
  • Browser information
  • Geographic region
  • Platform activity
  • Error reports

Analytics information helps SomPay:

  • Improve services
  • Enhance security
  • Improve user experience
  • Identify technical issues
  • Improve operational efficiency

Analytics information is generally used in aggregate form whenever possible.

37. Marketing Communications

SomPay may occasionally send communications relating to:

  • Product updates
  • Service announcements
  • Security notifications
  • Policy updates
  • New features
  • Educational content

Users may opt out of certain promotional communications.

However, users may continue receiving communications necessary to:

  • Maintain accounts
  • Provide services
  • Comply with legal obligations
  • Address security concerns
  • Process transactions

Service-related communications cannot always be disabled.

38. Children's Privacy

SPUSD services are intended exclusively for individuals who are at least 18 years of age.

SomPay does not knowingly collect personal information from minors.

If SomPay becomes aware that information relating to a minor has been collected in violation of this policy, reasonable steps may be taken to delete such information where appropriate.

Parents or guardians who believe information relating to a minor has been collected should contact SomPay immediately.

39. Third-Party Websites and Services

SPUSD services may contain links to third-party websites, applications, products, or services.

Third-party websites and services operate independently from SomPay.

SomPay does not control and is not responsible for:

  • Third-party privacy practices
  • Third-party security practices
  • Third-party content
  • Third-party data collection activities

Users should review the privacy policies of third-party providers before providing information.

Accessing third-party services is done at the user's own risk.

40. Incident Response and Data Breaches

SomPay maintains procedures designed to identify, investigate, manage, and respond to security incidents.

In the event of a suspected or confirmed privacy breach, SomPay may:

  • Investigate the incident
  • Contain the incident
  • Assess risks
  • Notify affected individuals where required
  • Notify regulators where required
  • Implement corrective measures

The timing and nature of notifications may depend on applicable legal requirements and the circumstances of the incident.

41. Security Testing and Monitoring

To maintain platform security, SomPay may conduct:

  • Security assessments
  • Vulnerability testing
  • Risk assessments
  • Compliance reviews
  • Monitoring activities
  • Fraud detection activities

Security monitoring may occur continuously and without advance notice.

Users acknowledge that security controls are necessary to protect the SPUSD ecosystem.

42. International Access

SPUSD services may be accessed from locations outside Canada.

Users accessing services from outside Canada do so voluntarily and are responsible for ensuring compliance with local laws.

Regardless of user location, information collected through SPUSD services may be processed in accordance with this Privacy Policy.

SomPay makes no representation regarding the legality of access from any particular jurisdiction.

43. Changes to This Privacy Policy

SomPay reserves the right to modify this Privacy Policy from time to time.

Changes may occur due to:

  • Legal requirements
  • Regulatory changes
  • New products
  • Security improvements
  • Operational changes
  • Business developments

Updated versions will be posted through appropriate channels.

Continued use of SPUSD services following publication of updates constitutes acceptance of the revised Privacy Policy.

44. Complaints and Privacy Concerns

Users who have questions, concerns, or complaints regarding privacy matters may contact SomPay.

SomPay will make reasonable efforts to investigate and respond to privacy-related concerns in a timely manner.

Users may also have the right to contact applicable privacy regulators where permitted by law.

45. Contact Information

Protect Safety Solutions Ltd. operating as SomPay
Fort McMurray, Alberta, Canada

Website: https://sompay.io
SPUSD Platform: https://spusd.sompay.io
Support: support@sompay.io


Appendix A — Information We May Collect

Examples of information collected may include:

  • Name
  • Address
  • Date of birth
  • Email address
  • Phone number
  • Government-issued identification
  • Selfie verification information
  • Wallet addresses
  • Transaction history
  • Device information
  • Banking information
  • Compliance documentation
  • Source of funds information
  • Source of wealth information
  • Communication records
  • Security records

Appendix B — How Information May Be Used

Examples of permitted uses include:

  • Identity verification
  • Account administration
  • Transaction processing
  • Compliance reviews
  • Fraud prevention
  • Security monitoring
  • Customer support
  • Service improvement
  • Regulatory reporting
  • Legal compliance
  • Risk management
  • Audit purposes
  • Dispute resolution
  • Enforcement of agreements

Appendix C — User Acknowledgement

By using SPUSD services, you acknowledge that:

  • You have read this Privacy Policy.
  • You understand this Privacy Policy.
  • You consent to the collection and use of information described herein.
  • You understand that certain information must be collected to provide regulated financial services.
  • You understand that SomPay may disclose information where required by law.
  • You agree to cooperate with privacy, security, and compliance procedures.

END OF SPUSD PRIVACY POLICY