Get Started
image (4)

Privacy Policy

Last Updated: 20/11/2025
Company: Nexa Payment Inc. operating YOB Pay / YOBPay.io
Registered Address: C6 – 80 Birmingham St, Etobicoke, Ontario, Canada, M8V 3W6

1. Introduction

This Privacy Policy explains how Nexa Payment Inc. (“we”, “us”, “our”) collects, uses, discloses, and protects your personal data when you access and use our digital platform for payment services and cryptocurrency transactions. We are committed to complying with the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), and the FINTRAC regulations governing Money Services Businesses (MSB) in Canada. This policy applies to all users, including clients, prospective clients, and website visitors.

By using our services, you consent to the practices described in this Privacy Policy.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual, including names, identification numbers, location data, online identifiers, and other factors specific to an individual’s identity.
  • Digital Asset: Any digital representation of value (such as cryptocurrencies and tokens) used in transactions on our platform. (Excludes non-fungible tokens (NFTs) unless specified.)
  • Data Controller: Nexa Payment Inc., which determines the purposes and means of processing your personal data.
  • Data Processor: Any third party that processes personal data on our behalf under our instructions.
  • DPO (Data Protection Officer): The designated individual responsible for overseeing our data protection strategy. Contact: aml@yobpay.io
  • KYC: Know Your Customer – verifying client identities.
  • AML: Anti-Money Laundering – measures to prevent, detect, and report suspicious financial activities.

3. Data Controller and Legal Basis for Processing

Nexa Payment Inc. is the Data Controller. We process personal data based on:

  • Contractual Necessity: To provide our services.
  • Legal Obligations: AML, KYC, FINTRAC, PIPEDA.
  • Legitimate Interests: Fraud prevention, security, service improvement, and marketing with consent.
  • Consent: Explicit consent for communications where required.

 

UK customers may contact our UK representative for compliance with UK GDPR.

4. Personal Data Collected

We collect data through registration, service usage, support interactions, and platform activity:

  • Identity & Contact Data: Name, DOB, nationality, ID numbers, addresses, email, phone.
  • Verification Data: ID scans, photos, selfies, biometric data.
  • Financial & Transaction Data: Bank accounts, card info, digital wallet addresses, transaction history, source of funds.
  • Technical & Usage Data: IP, browser, OS, device IDs, login timestamps, cookies, tracking data.
  • Communications: Customer support interactions, feedback, surveys, marketing communications.

5. Purpose of Processing

  • Service provision (payments, crypto transactions)
  • Regulatory compliance (AML/KYC, FINTRAC, PIPEDA)
  • Security and fraud prevention
  • Customer support
  • Marketing (with consent)
  • Analytics and service improvement

6. Data Retention

  • Active Accounts: Data retained while the account is active.
  • Post-Closure: Minimum 5 years for AML/KYC compliance.
  • Legal Requirements: Longer retention if required by law or legitimate business interests.

7. Data Sharing and Cross-Border Transfers

  • Regulatory Authorities: FINTRAC, tax authorities.
  • Financial Institutions: Payment processing, identity verification.
  • Service Providers: Third-party vendors under strict Data Processing Agreements.
  • Affiliates: Integrated group services.
  • International Transfers:
  • Use of Standard Contractual Clauses (SCCs) or UK IDTA.
  • Transfers only to jurisdictions with adequate data protection or approved legal mechanisms.

8. Data Security

  • Encryption: In transit and at rest.
  • Access Controls: Role-based permissions and authentication.
  • Regular Audits: Security monitoring, vulnerability assessments.
  • Incident Response: Breach detection, investigation, and notification.
  • Privacy by Design: Systems designed with privacy as a core principle.

9. Users’ Rights (GDPR/PIPEDA/CCPA)

  • Access, Rectification, Erasure
  • Restriction of Processing
  • Data Portability
  • Object & Withdraw Consent


Lodge a Complaint with local data protection authorities (Canada: OPC, EU: EDPB, UK: ICO)
Contact: info@nexagroup.biz

10. Privacy and Blockchain/Crypto Transactions

  • Public Ledger: Transactions may be recorded on public blockchains.
  • Risk Acknowledgment: Personal data on blockchain may be permanently visible.

11. Cookies and Tracking Technologies

  • Improve browsing experience, analytics, personalized content and ads.
  • Manage via browser settings or our website’s Cookie Settings tool.

12. Changes to Privacy Policy

  • Updated periodically; latest version always on the website.
  • Significant changes communicated to users where required.

13. Contact Information

  • DPO: aml@yobpay.io
  • Privacy Inquiries: aml@yobpay.io
  • Support: support@yobpay.io
  • Registered Address: C6 – 80 Birmingham St, Etobicoke, Ontario, Canada, M8V 3W6

 

Local Data Protection Authorities:
Canada: Office of the Privacy Commissioner of Canada
EU: European Data Protection Board (EDPB) or local supervisory authority
UK: Information Commissioner’s Office (ICO)