Privacy Policy

At Wealthsimple, we are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how Beacon Financial Planning Inc. ("Wealthsimple," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our cryptocurrency trading services and investment platform.

By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

We collect various types of information to provide and improve our cryptocurrency trading services, comply with legal obligations, and enhance your user experience.

1.1 Personal Identification Information

When you create an account or use our services, we collect personal information that may include:

• Identity Information: Full legal name, date of birth, government-issued identification numbers (such as Social Insurance Number, driver's license number, or passport number), photographs or copies of identification documents
• Contact Information: Email address, phone number, residential address, mailing address
• Financial Information: Bank account details, credit/debit card information, transaction history, investment portfolio details, cryptocurrency wallet addresses, trading patterns and preferences
• Employment Information: Occupation, employer name, annual income, net worth, source of funds
• Tax Information: Tax identification numbers, tax residency status, withholding information

1.2 Technical and Usage Information

We automatically collect certain information when you access our platform:

• Device Information: IP address, device type, operating system, browser type and version, unique device identifiers
• Usage Data: Pages visited, features used, time spent on platform, click patterns, search queries, transaction timestamps
• Location Data: Geographic location based on IP address or device settings
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Identity verification services and credit bureaus for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance
• Financial institutions for account verification and funding purposes
• Blockchain networks and cryptocurrency exchanges for transaction verification
• Marketing partners and analytics providers
• Public databases and government registries

2. How We Use Your Information

We use the collected information for various legitimate business purposes related to our cryptocurrency trading services:

2.1 Service Provision and Account Management

• Creating and maintaining your account
• Processing cryptocurrency transactions, trades, and transfers
• Facilitating deposits and withdrawals
• Providing customer support and responding to inquiries
• Sending service-related notifications and updates
• Managing your investment portfolio and preferences

2.2 Compliance and Security

• Verifying your identity and conducting KYC/AML checks
• Complying with legal and regulatory requirements, including financial services regulations
• Detecting, preventing, and investigating fraud, money laundering, and other illegal activities
• Monitoring transactions for suspicious activity
• Enforcing our Terms of Service and other policies
• Responding to legal requests and court orders

2.3 Platform Improvement and Analytics

• Analyzing usage patterns to improve our services
• Developing new features and products
• Conducting research and data analysis
• Testing and troubleshooting technical issues
• Optimizing user experience and platform performance

2.4 Marketing and Communications

• Sending promotional materials about our services (with your consent)
• Providing personalized investment recommendations
• Conducting surveys and gathering feedback
• Informing you about market trends and cryptocurrency news

3. Information Sharing and Disclosure

We understand the sensitivity of your financial information and limit disclosure to specific circumstances:

3.1 Service Providers and Business Partners

We may share your information with trusted third-party service providers who assist us in operating our platform, including:

• Payment Processors: To facilitate deposits, withdrawals, and payment transactions
• Identity Verification Services: To conduct KYC/AML checks and verify your identity
• Cloud Storage Providers: To securely store your data
• Analytics Providers: To analyze platform usage and improve services
• Customer Support Tools: To provide efficient customer service
• Marketing Platforms: To deliver communications (with your consent)

All service providers are contractually obligated to maintain the confidentiality and security of your information and may only use it for the specific purposes we authorize.

3.2 Legal and Regulatory Authorities

We may disclose your information to government authorities, regulators, and law enforcement when:

• Required by law, regulation, legal process, or governmental request
• Necessary to comply with financial services regulations and reporting obligations
• Responding to subpoenas, court orders, or legal proceedings
• Investigating or preventing fraud, security threats, or illegal activities
• Protecting the rights, property, or safety of Wealthsimple, our users, or the public

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change and provide options regarding your information.

3.4 With Your Consent

We may share your information with third parties when you explicitly consent to such disclosure, such as when connecting third-party applications or services to your account.

4. Data Security Measures

We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

4.1 Technical Security

• Encryption: All data transmitted between your device and our servers is encrypted using industry-standard SSL/TLS protocols. Sensitive data at rest is encrypted using AES-256 encryption
• Secure Infrastructure: Our systems are hosted on secure, SOC 2 compliant cloud infrastructure with regular security audits
• Multi-Factor Authentication: We require multi-factor authentication for account access and sensitive transactions
• Cold Storage: The majority of cryptocurrency assets are stored in offline cold wallets, isolated from internet connectivity
• Network Security: Firewalls, intrusion detection systems, and regular vulnerability assessments protect our network

4.2 Operational Security

• Access Controls: Strict access controls limit employee access to personal information on a need-to-know basis
• Employee Training: Regular security awareness training for all employees handling customer data
• Background Checks: Comprehensive background checks for employees with access to sensitive information
• Incident Response: Established procedures for detecting, responding to, and recovering from security incidents
• Regular Audits: Periodic internal and external security audits and penetration testing

4.3 Account Security Best Practices

While we implement robust security measures, you also play a crucial role in protecting your account:

• Use strong, unique passwords and change them regularly
• Enable multi-factor authentication on your account
• Never share your login credentials with anyone
• Be cautious of phishing attempts and verify communications from Wealthsimple
• Keep your contact information up to date
• Log out of your account when using shared devices
• Monitor your account regularly for unauthorized activity

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

5.1 Retention Periods

• Active Accounts: Information is retained for the duration of your active account relationship with us
• Closed Accounts: After account closure, we retain certain information for up to seven years to comply with legal, regulatory, and tax obligations
• Transaction Records: Financial transaction records are retained for at least seven years as required by financial regulations
• KYC/AML Documentation: Identity verification documents are retained for at least five years after the business relationship ends
• Marketing Communications: Contact information for marketing purposes is retained until you opt out or request deletion

5.2 Deletion and Anonymization

When information is no longer needed, we securely delete or anonymize it. However, some information may be retained in backup systems for a limited period or as required by law.

6. Your Privacy Rights

You have certain rights regarding your personal information, subject to applicable laws and regulations:

6.1 Access and Portability

• Right to Access: You can request access to the personal information we hold about you
• Right to Data Portability: You can request a copy of your information in a structured, commonly used format

6.2 Correction and Updates

• Right to Correction: You can request correction of inaccurate or incomplete information
• Account Settings: You can update certain information directly through your account settings

6.3 Deletion and Restriction

• Right to Deletion: You can request deletion of your personal information, subject to legal retention requirements
• Right to Restriction: You can request that we limit the processing of your information in certain circumstances

6.4 Objection and Consent Withdrawal

• Right to Object: You can object to certain types of processing, including marketing communications
• Consent Withdrawal: Where processing is based on consent, you can withdraw consent at any time

6.5 Exercising Your Rights

To exercise any of these rights, please contact our Privacy Officer using the contact information provided below. We will respond to your request within 30 days. Please note that we may need to verify your identity before processing certain requests.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform:

7.1 Types of Cookies We Use

• Essential Cookies: Necessary for the platform to function properly, including authentication and security
• Performance Cookies: Help us understand how visitors interact with our platform by collecting anonymous usage data
• Functionality Cookies: Remember your preferences and settings to provide a personalized experience
• Marketing Cookies: Track your activity across websites to deliver relevant advertisements (with your consent)

7.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our platform. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block cookies from specific sites
• Block all cookies
• Delete all cookies when you close your browser

8. International Data Transfers

Wealthsimple operates primarily in Canada, but we may transfer your information to service providers located in other countries, including the United States. When we transfer information internationally:

• We ensure appropriate safeguards are in place to protect your information
• We comply with applicable data protection laws regarding international transfers
• We use standard contractual clauses or other approved transfer mechanisms
• We require third parties to provide adequate protection for your information

Please note that countries outside Canada may have different data protection laws. By using our services, you consent to the transfer of your information to these countries.

9. Children's Privacy

Our cryptocurrency trading services are not intended for individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child, please contact us immediately using the contact information below.

10. Third-Party Links and Services

Our platform may contain links to third-party websites, applications, or services that are not operated by Wealthsimple. This Privacy Policy does not apply to third-party sites or services. We are not responsible for the privacy practices of third parties.

We encourage you to review the privacy policies of any third-party sites or services before providing them with your personal information. When you connect third-party services to your Wealthsimple account, you should carefully review their terms and privacy policies.

11. Compliance with Financial Regulations

As a cryptocurrency trading platform and financial services provider, we are subject to various regulatory requirements:

11.1 Canadian Regulations

• FINTRAC Compliance: We comply with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and regulations administered by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)
• Securities Regulations: We adhere to provincial securities regulations and requirements of the Canadian Securities Administrators (CSA)
• Privacy Legislation: We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws

11.2 Regulatory Reporting

We may be required to report certain information to regulatory authorities, including:

• Suspicious transaction reports
• Large cash transaction reports
• Electronic funds transfer reports
• Terrorist property reports
• Tax reporting information

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a prominent notice on our platform
• Provide you with an opportunity to review the changes before they take effect
• Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Contact Information and Privacy Officer

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact our Privacy Officer:

13.1 Response Timeline

We are committed to addressing your privacy concerns promptly:

• We will acknowledge receipt of your inquiry within 5 business days
• We will provide a substantive response within 30 days
• If we need additional time, we will notify you and provide an estimated response date
• For urgent security concerns, please call us immediately at 416-969-3200

13.2 Filing a Complaint

If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with:

• Office of the Privacy Commissioner of Canada
  30 Victoria Street
  Gatineau, Quebec K1A 1H3
  Toll-free: 1-800-282-1376
  Website: www.priv.gc.ca

You may also have the right to file a complaint with your provincial privacy commissioner, depending on your location.

14. Additional Information

14.1 Automated Decision-Making

We may use automated systems and algorithms to:

• Assess your eligibility for certain services
• Detect fraudulent or suspicious activity
• Provide personalized investment recommendations
• Determine transaction limits and risk levels

You have the right to request human review of automated decisions that significantly affect you.

14.2 Marketing Communications

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in our emails
• Adjusting your communication preferences in your account settings
• Contacting our Privacy Officer

Please note that even if you opt out of marketing communications, we will still send you service-related notifications necessary for your account.

14.3 California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). Please contact us for information about exercising these rights.

This Privacy Policy is effective as of December 15, 2024, and applies to all users of Wealthsimple's cryptocurrency trading services and investment platform operated by Beacon Financial Planning Inc.