Legal

Policy Privacy

How CoreSettle collects, uses, and protects your personal information when you use our payment processing services.

Last updated: January 15, 2026

Introduction

CoreSettle ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our payment processing services, or interact with us in any way.

This policy applies to all users of our services, including merchants, their customers, and visitors to our website. By using our services, you consent to the data practices described in this policy.

Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.

Information you provide directly includes:

  • Account registration details such as your name, email address, phone number, and business information
  • Identity verification documents including government-issued identification and proof of address
  • Financial information such as bank account details and transaction history
  • Communications you send to us, including support requests and feedback
  • Information provided during the merchant onboarding process, including business registration documents and beneficial ownership details

Information collected automatically includes:

  • Device and browser information, including IP address, browser type, and operating system
  • Usage data such as pages visited, time spent on pages, and navigation patterns
  • Transaction data processed through our payment infrastructure
  • Log data including access times, error logs, and referring URLs

How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our payment processing services
  • To process transactions and send related information including confirmations and invoices
  • To verify your identity and comply with Know Your Customer (KYC) requirements
  • To detect, prevent, and address fraud, unauthorized transactions, and other illegal activities
  • To comply with applicable legal and regulatory obligations, including anti-money laundering (AML) requirements
  • To communicate with you about your account, services, and updates to our policies
  • To provide customer support and respond to your inquiries
  • To analyze usage patterns and improve the performance and security of our platform

Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information in the following circumstances:

  • With acquiring banks and payment networks (Visa, Mastercard) as necessary to process transactions
  • With identity verification and fraud prevention service providers
  • With regulatory authorities and law enforcement agencies when required by law or to comply with legal processes
  • With professional advisors including auditors, lawyers, and accountants as necessary for business operations
  • In connection with a merger, acquisition, or sale of assets, where your information may be transferred to the successor entity

All third-party service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

Data Security

We implement industry-standard security measures to protect your personal information. Our infrastructure is PCI DSS Level 1 certified, the highest level of certification available in the payment card industry.

Security measures include:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of sensitive data at rest using AES-256 encryption
  • Regular security assessments and penetration testing
  • Access controls and multi-factor authentication for system access
  • Continuous monitoring and logging of system activity
  • Incident response procedures and breach notification protocols

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • The right to access the personal information we hold about you
  • The right to request correction of inaccurate or incomplete information
  • The right to request deletion of your personal information, subject to legal retention requirements
  • The right to restrict or object to certain processing of your information
  • The right to data portability, receiving your data in a structured, machine-readable format
  • The right to withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at privacy@coresettle.com. We will respond to your request within 30 days. Note that certain rights may be limited where we have a legitimate business need or legal obligation to retain data.

Cookies and Tracking

We use cookies and similar tracking technologies to collect information about your browsing activity on our website. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

We also use analytics services such as Google Analytics to understand how visitors interact with our website. These services may collect information about your use of our website and report trends without identifying individual visitors.

International Data Transfers

CoreSettle operates globally and may transfer your personal information to countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place in compliance with applicable data protection laws.

For transfers from the European Economic Area (EEA), we rely on Standard Contractual Clauses approved by the European Commission. For transfers from Canada, we comply with the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA).

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date.

We encourage you to review this policy periodically. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

CoreSettle 181 Bay Street, Bay Wellington Tower, Suite 292 Toronto, Ontario M5J 2T3 Email: privacy@coresettle.com