YOB Pay

Book A Call
Get Started
image (4)

Privacy Policy

Last Updated: 27/01/2026
Company: Nexa Payment Inc. operating YOB Pay / YOBPay.io
Registered Address: C6 – 80 Birmingham St, Etobicoke, Ontario, Canada, M8V 3W6

1. Introduction

This Privacy Policy explains how Nexa Payment Inc. (“we”, “us”, “our”) collects, uses, discloses, and protects your personal data when you access and use our digital platform for payment services and cryptocurrency transactions. We are committed to complying with the General Data Protection Regulation (GDPR), the UK GDPR, the Personal Information Protection and Electronic Documents Act (PIPEDA), the UAE Federal Decree-Law No. (45) of 2021 on the Protection of Personal Data (UAE PDPL), and the FINTRAC regulations governing Money Services Businesses (MSB) in Canada. This policy applies to all users, including clients, prospective clients, and website visitors.

By using our services, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual, including names, identification numbers, location data, online identifiers, and other factors specific to an individual’s identity.
  • Digital Asset: Any digital representation of value (such as cryptocurrencies and tokens) used in transactions on our platform. (Excludes non-fungible tokens (NFTs) unless specified.)
  • Data Controller: Nexa Payment Inc., which determines the purposes and means of processing your personal data.
  • Data Processor: Any third party that processes personal data on our behalf under our instructions.
  • DPO (Data Protection Officer): The designated individual responsible for overseeing our data protection strategy. Contact: aml@yobpay.io
  • KYC: Know Your Customer – verifying client identities.
  • AML: Anti-Money Laundering – measures to prevent, detect, and report suspicious financial activities.

3. Data Controller and Legal Basis for Processing

Nexa Payment Inc. is the Data Controller. We process personal data based on:

  • Contractual Necessity: To provide our services.
  • Legal Obligations: AML, KYC, FINTRAC, PIPEDA.
  • Legitimate Interests: Fraud prevention, security, and service improvement.
  • Consent: Marketing communications and promotional messaging where required.

UK customers may contact us for information regarding our UK GDPR compliance arrangements.

4. Personal Data Collected

We collect data through registration, service usage, support interactions, and platform activity:

  • Identity & Contact Data: Name, DOB, nationality, ID numbers, addresses, email, phone.
  • Verification Data: ID scans, photos, selfies, biometric data.
  • Financial & Transaction Data: Bank accounts, card info, digital wallet addresses, transaction history, source of funds.
  • Technical & Usage Data: IP, browser, OS, device IDs, login timestamps, cookies, tracking data.
  • Communications: Customer support interactions, feedback, surveys, marketing communications.

5. Purpose of Processing

  • Service provision (payments, crypto transactions)
  • Regulatory compliance (AML/KYC, FINTRAC, PIPEDA)
  • Security and fraud prevention
  • Customer support
  • Marketing (with consent)
  • Analytics and service improvement

6. Data Retention

  • Active Accounts: Personal data is retained for as long as the account remains active and necessary to provide our services.
  • Post-Closure: Upon account closure, personal data is retained for a minimum of five (5) years to comply with AML/KYC, FINTRAC, and other applicable regulatory requirements.
  • Extended Retention: Certain data may be retained for a longer period where required by applicable laws, regulatory obligations, audits, dispute resolution, or the establishment, exercise, or defence of legal claims. During such periods, data is securely stored and access is restricted.

7. Data Sharing and Cross-Border Transfers

  • Regulatory Authorities: FINTRAC, tax authorities.
  • Financial Institutions: Payment processing, identity verification.
  • Service Providers: Third-party vendors under strict Data Processing Agreements.
  • Affiliates: Integrated group services.
  • International Transfers:
  • Use of Standard Contractual Clauses (SCCs) or UK IDTA.
  • Transfers only to jurisdictions with adequate data protection or approved legal mechanisms.

8. Data Security

  • Encryption: In transit and at rest.
  • Access Controls: Role-based permissions and authentication.
  • Regular Audits: Security monitoring, vulnerability assessments.
  • Incident Response: Breach detection, investigation, and notification.
  • Privacy by Design: Systems designed with privacy as a core principle.

9. Users’ Rights (GDPR/PIPEDA/CCPA)

Subject to applicable laws and regulatory requirements, users may have the right to:

  • Access and correct their personal data
  • Request deletion of personal data, where legally permissible
  • Request restriction of processing
  • Receive their personal data in a structured, commonly used format, where applicable
  • Withdraw consent, where processing is based on consent
  • Object to certain processing activities, where provided by applicable law
  • Lodge a complaint with the relevant data protection authority.

 

Requests for deletion or erasure of personal data may be refused or limited where retention is required to comply with AML/KYC, FINTRAC, or other legal and regulatory obligations.

Supervisory Authorities:
Canada: Office of the Privacy Commissioner of Canada (OPC)
EU: Relevant EU Supervisory Authority
UK: Information Commissioner’s Office (ICO)
UAE: UAE Data Office

10. Privacy and Blockchain/Crypto Transactions

  • Public Ledger: Transactions may be recorded on public blockchains.
  • Risk Acknowledgment: Personal data on blockchain may be permanently visible.

11. Cookies and Tracking Technologies

  • Improve browsing experience, analytics, and (where applicable and with consent) personalized content and ads.
  • Manage via browser settings or our website’s Cookie Settings tool.

12. Changes to Privacy Policy

  • Updated periodically; latest version always on the website.
  • Significant changes communicated to users where required.

13. Contact Information

  • DPO: aml@yobpay.io
  • Privacy Inquiries: aml@yobpay.io
  • Support: support@yobpay.io
  • Registered Address: C6 – 80 Birmingham St, Etobicoke, Ontario, Canada, M8V 3W6