Privacy Policy

NovaCore (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, store, disclose, and protect your personal information when you use our website, services, and platform (the “Services”). By accessing or using the Services, you consent to the practices described in this Privacy Policy.

• 1. Definitions

  • 1. “Personal Information” means any information that can identify an individual either alone or in combination with other data — for example: name, email address, phone number, date of birth, ID numbers, address, bank or payment account information, transaction history, IP address, device identifiers, etc.
  • 2. “You / Your / User / Client” refers to any individual or entity using the Services.
  • 3. “Processing / Process” means any operation performed on personal information — including collection, storage, transfer, deletion, analysis, conversion, or disclosure.
  • 4. “Third-Party Service Providers” are external service providers, partners, or vendors that assist us in providing the Services (e.g., banks, custodians, payment networks, compliance providers, hosting services, analytics providers, etc.).
  • 5. “Cookies / Tracking Technologies” include cookies, web beacons, pixels, and similar technologies used to collect information about your use of our website and services.

• 2. Collection of Personal Information

  We collect Personal Information from you in a variety of ways depending on the nature of the Service or interaction. This may include:

  • 1. Account onboarding and verification: when you sign up or apply to use our Services — name, date of birth, address, government-issued ID, corporate documentation (if you are a business), proof of address, beneficial ownership info, contact details, etc.
  • 2. Payment and transaction data: banking or payment account numbers, transaction amounts, currencies, beneficiary information, source of funds, purpose of transaction, crypto wallet addresses (where relevant), and related metadata.
  • 3. Communication data: email address, phone number, mailing address (if provided), correspondence history, support requests, feedback, consent records.
  • 4. Device & usage data: IP address, device type, browser type, operating system, cookies and tracking data, usage logs, transaction logs, timestamps, account activity details.
  • 5. Compliance and risk-management data: KYC / AML screening results, sanctions screening, risk profile, identity verification results, internal risk assessments, suspicious activity reports (where required).
  • 6. Optional data: any further information you voluntarily provide — for example, when contacting support, filling in forms, or requesting additional services.

  We collect this information: (a) directly from you when you provide it; (b) from Third-Party Service Providers; and (c) through automated means (e.g., cookies, logs).

• 3. Use of Personal Information

  We use your Personal Information for the following purposes (depending on the services you use):

  • 1. To verify your identity and onboard you as a client in compliance with legal and regulatory obligations (KYC, AML, sanctions screening).
  • 2. To perform and manage payments, currency conversions, transfers, crypto off-ramp, and other financial operations you request.
  • 3. To maintain, manage, and administer your account, balances, and transaction history.
  • 4. To conduct risk management, fraud prevention, compliance monitoring, anti-money-laundering screening, and security checks.
  • 5. To provide customer support, respond to your inquiries, and communicate with you regarding your account or the Services.
  • 6. To send you important notices, updates, or policy changes.
  • 7. To comply with legal, regulatory, or audit requirements (such as reporting obligations).
  • 8. To improve and develop our Services — including analytics, performance monitoring, diagnostics, and product development.
  • 9. To enforce our Terms of Service and any other agreements with you, including fraud prevention or investigations.

  We process your information only as needed to provide Services, comply with regulatory obligations, or with your consent.

• 4. Disclosure of Personal Information

  We may disclose your Personal Information to the following categories of recipients, as necessary:

  • 1. Third-Party Service Providers, including banks, payment networks, custodians, liquidity providers, card processors, blockchain partners, hosting and infrastructure providers, identity verification services, compliance vendors, and analytics or logging providers.
  • 2. Regulatory, supervisory, or law-enforcement authorities, when required by applicable law, regulation, court order, subpoena, or governmental request (e.g., anti-money-laundering compliance, audits, tax reporting).
  • 3. Our affiliates and subsidiaries, if any, for group-wide compliance, operations, or internal administration.
  • 4. Professional advisors and auditors, for audit, legal, or advisory services.
  • 5. Your consent-based disclosures, where you have explicitly consented to share your information (for example, when you connect an external service, wallet, or bank account).
  • 6. Business transfers, if NovaCore is acquired, merged, reorganized, or transfers assets, your Personal Information may be disclosed to or acquired by the successor entity (subject to applicable law and notice to you).

  We require all recipients to treat your data confidentially and to use or disclose it only for the purposes for which it was provided, consistent with our instructions and this Policy.

• 5. Consent and Withdrawal of Consent

  • 1. By using NovaCore’s Services, you consent to the collection, use, processing, and disclosure of your Personal Information as described in this Policy.
  • 2. You may withdraw your consent at any time by contacting us at [email protected]. Withdrawing consent may mean you cannot continue using certain Services (for example, payment processing, FX, or crypto conversion), or your account may be restricted or closed if we are no longer able to comply with legal or regulatory obligations.
  • 3.Some information (such as identity verification, transaction history, compliance data) is mandatory under law and cannot be “opted out” — in such cases withdrawal of consent means withdrawal of the associated Services or termination of your account.

• 6. Retention and Destruction of Personal Information

  • 1. We retain your Personal Information for as long as needed to fulfill the purposes described in this Policy, including legal, regulatory, audit, or tax requirements.
  • 2. When information is no longer required (for example, after account closure and after any required retention period), we will securely delete or anonymise it.
  • 3. Records of transactions, compliance checks, audits, or other legally required data may be retained for a minimum period as mandated by law (e.g., 5-7 years or more, depending on jurisdiction).

• 7. Security of Personal Information

  • 1. We implement reasonable technical and organisational measures to protect your Personal Information from unauthorised access, use, disclosure, alteration, or destruction. These may include: data encryption in transit and at rest; secure storage; access controls; audit logging; regular security reviews; two-factor authentication for sensitive operations; and internal security policies.
  • 2. However, no security system is perfect or impenetrable. We cannot guarantee absolute security. You acknowledge that use of the Services involves residual risk, and you agree to help (for instance, by keeping your credentials secure and promptly notifying us of any suspected unauthorised access).

• 8. Access and Correction of Personal Information

  • 1. You may request access to the Personal Information we hold about you, and ask for correction, updating, or deletion (subject to applicable legal or regulatory constraints).
  • 2. Requests should be submitted to [email protected]. We may require verification of identity before fulfilling any request.
  • 3. If we refuse a request (e.g., because of ongoing compliance or legal obligations), we will provide a reason in writing, where permitted by law.

• 9. International Users

  • 1. NovaCore may operate globally and provide Services across multiple jurisdictions. If you are located outside Canada but use the Services, your Personal Information may be transferred to, stored in, or processed through servers or service providers in Canada or other countries.
  • 2. By using the Services, you acknowledge and consent to such transfers subject to this Policy.

• 10. Transfer of Personal Information

  • 1. We may transfer Personal Information between NovaCore and its third-party service providers, custodians, banks, payment networks, or partners, in accordance with this Policy.
  • 2. We will take reasonable steps to ensure that any such transfer is protected by contractual or other safeguards, such as data-processing agreements or confidentiality obligations.

• 11. Children’s Personal Information

  • 1. The Services are not intended for individuals under the age of majority in their jurisdiction. We do not knowingly collect or maintain Personal Information from minors (children).
  • 2. If we become aware that we have collected information from someone under the age of majority without lawful consent, we will delete such information as soon as reasonably practicable.

• 12. Updates to This Policy

  • 1. We may revise this Privacy Policy at any time. When we do, we will post the updated Policy on our website (www.novacoreca.com) and update the “Last Updated” date.
  • 2. For material changes (for instance, changes affecting your rights or how we use your data), we will provide notice via email or through the platform before the change takes effect.

• 13. Breach Notification

  • In the event of a data breach that could materially impact the confidentiality, integrity, or availability of your Personal Information, NovaCore will:
  • 1. Investigate and contain the breach as soon as reasonably possible;
  • 2. Notify you promptly if required by law or if there is a reasonable risk of harm to your rights;
  • 3. Provide a summary of the breach (where permitted) — including what data was affected, what we are doing, and what you can do to protect yourself;
  • 4. Cooperate with relevant authorities and take corrective measures to prevent recurrence.

• 14. Handling Privacy Complaints

  • If you have any questions, concerns, or complaints about how we handle your Personal Information, you may contact us at [email protected].
  • We will investigate and reply within a reasonable timeframe (typically within 30 days). Where required, we will take corrective action or escalate the complaint to relevant regulatory authorities.

• 15. Contact Us

  • If you have questions about this Privacy Policy or your rights, please contact us at:
  • NovaCore Tech Ltd.
  • Email: [email protected]
  • Website: www.novacoreca.com