Privacy Policy

ZENTHARIOS INC. ("Zentharios", "we", "us", or "our") operates the website located at https://zenthario.com (the "Website") and provides money services as a money services business ("MSB") registered with the Financial Transactions and Reports Analysis Centre of Canada ("FINTRAC") under registration number C10001736 (the "Services").

We are committed to protecting the privacy and security of the personal information of the individuals we deal with. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information, and the choices and rights you have in relation to that information.

This Privacy Policy is designed to comply with the Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA") and applicable substantially similar provincial privacy legislation (including, where applicable, Quebec's Act respecting the protection of personal information in the private sector, as amended by Law 25). Because we are a regulated MSB, this Policy also reflects obligations imposed on us under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) ("PCMLTFA") and its regulations.

By accessing or using the Website or the Services, you acknowledge that you have read and understood this Privacy Policy.

"Personal information" means information about an identifiable individual. It does not include the name, title, business address, or business telephone number of an employee of an organization in their business capacity, or information that has been anonymized so that it can no longer be associated with an identifiable individual.

The types of personal information we collect depend on how you interact with us and which Services you use.

3.1 Information you provide to us

• Account and contact information: full legal name, email address, telephone number, residential and/or mailing address, username, and password.
• Identity verification ("Know Your Client") information: date of birth, nationality, government-issued identification (such as passport, driver's licence, or other ID document, including document numbers and images), photographs or selfies for identity matching, occupation or nature of principal business, and, where required and permitted by law, your Social Insurance Number or other tax identifiers.
• Financial and transactional information: bank account or payment account details, wallet addresses or virtual currency information (where applicable), transaction amounts, dates, currencies, counterparties, source of funds and source of wealth information, and instructions you give us.
• Compliance information: information obtained to meet our anti-money laundering and anti-terrorist financing ("AML/ATF"), sanctions, and beneficial ownership obligations, including third-party and beneficial owner details where you transact on behalf of another person or entity.
• Correspondence and support information: records of your communications with us, including support requests, complaints, and feedback.

3.2 Information we collect automatically

When you use the Website, we (and our service providers) may automatically collect:

• Device and technical information: IP address, device identifiers, browser type and version, operating system, language settings, and time zone.
• Usage information: pages viewed, links clicked, referring/exit pages, dates and times of access, and other interactions with the Website.
• Cookies and similar technologies: see Section 7 (Cookies and similar technologies).

3.3 Information we collect from third parties

To provide the Services and meet our legal obligations, we may collect personal information about you from:

• identity verification and fraud-prevention service providers;
• credit bureaus and reference agencies (where applicable);
• sanctions, watchlist, and politically exposed person ("PEP") screening providers;
• payment processors, financial institutions, and banking partners;
• publicly available sources and government registries; and
• other parties to a transaction in which you are involved.

We collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances, including to:

1. Provide the Services — establish and administer your account, process and settle transactions, and respond to your instructions.
2. Verify your identity — confirm who you are and authenticate access to your account.
3. Comply with legal and regulatory obligations — meet our obligations under the PCMLTFA and FINTRAC requirements, including client identification, record keeping, ongoing monitoring, beneficial ownership determination, sanctions screening, and reporting of suspicious transactions, large cash transactions, large virtual currency transactions, and electronic funds transfers, as applicable.
4. Prevent and detect fraud, financial crime, and security incidents — protect you, us, and third parties from fraud, money laundering, terrorist financing, and unauthorized or unlawful activity.
5. Communicate with you — send service, transactional, security, and administrative messages, and respond to your enquiries.
6. Operate, maintain, and improve the Website and Services — including analytics, troubleshooting, and product development.
7. Marketing (with your consent where required) — tell you about products, services, offers, and updates that may interest you. You may withdraw your consent to marketing at any time (see Section 9).
8. Enforce our terms and protect our legal rights — including establishing, exercising, or defending legal claims.

Legally required processing. Certain collection, use, disclosure, and retention of personal information is mandated by the PCMLTFA and other laws and is a condition of providing the Services. Where information is required to meet these legal obligations, we cannot provide the Services to you if you do not provide it, and you cannot opt out of that processing while continuing to use the Services.

In most cases, we collect, use, and disclose your personal information with your knowledge and consent. By providing us with your personal information and using the Services, you consent to the collection, use, and disclosure of that information as described in this Privacy Policy.

Depending on the sensitivity of the information and the circumstances, your consent may be express (given explicitly, orally, in writing, or electronically) or implied (inferred from your action or inaction). We generally seek express consent for sensitive personal information.

We may collect, use, or disclose personal information without consent where permitted or required by law — for example, to comply with the PCMLTFA, a subpoena, warrant, court order, or other lawful requirement; to detect or prevent fraud; to investigate a breach of an agreement or a contravention of law; or in other circumstances authorized under PIPEDA and applicable provincial law.

We do not sell your personal information. We may disclose your personal information to the following categories of recipients, in each case only as necessary for the purposes described in this Policy:

• Service providers and partners that perform services on our behalf, such as identity verification, hosting, cloud storage, data analytics, fraud prevention, customer support, payment processing, and banking. These providers are authorized to use your personal information only as necessary to provide services to us and are bound by appropriate confidentiality and data-protection obligations.
• Government authorities and regulators, including FINTRAC, law enforcement, tax authorities, and other regulatory or governmental bodies, where required or permitted by law (for example, the filing of reports required under the PCMLTFA).
• Financial institutions and counterparties as necessary to process and complete your transactions, including under the "travel rule" applicable to certain electronic funds transfers and virtual currency transfers.
• Professional advisors, such as auditors, lawyers, and accountants, in connection with the operation of our business.
• Parties to a corporate transaction, such as a merger, acquisition, financing, reorganization, or sale of assets, in which personal information may be disclosed or transferred as a business asset, subject to appropriate safeguards.
• Any other party with your consent or as otherwise permitted or required by law.

We and our service providers use cookies, pixels, tags, local storage, and similar technologies to operate and secure the Website, remember your preferences, understand how the Website is used, and (where you consent) deliver and measure marketing.

• Strictly necessary cookies are required for the Website to function and for security; these cannot be switched off in our systems.
• Functional cookies remember your choices and preferences.
• Analytics and performance cookies help us understand how visitors use the Website.
• Advertising/marketing cookies are used, where applicable and with consent, to deliver relevant communications.

You can manage cookies through your browser settings and, where provided, through our cookie banner or preference centre. Disabling certain cookies may affect the functionality of the Website.

We are located in Canada. However, your personal information may be stored, accessed, or processed by us or our service providers in jurisdictions outside Canada, including [INSERT COUNTRIES, e.g., the United States and the European Union]. While personal information is in another jurisdiction, it may be subject to the laws of that jurisdiction, and courts, law enforcement, regulatory agencies, or national security authorities in that jurisdiction may be able to obtain access to it under the laws of that jurisdiction.

We remain accountable for personal information in our custody or control, including information transferred to a third party for processing, and we use contractual and other means to provide a comparable level of protection while the information is being processed by a service provider.

Subject to legal and contractual restrictions and reasonable notice, you have the following rights:

• Access: You may request access to the personal information we hold about you and information about how it has been used and to whom it has been disclosed.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Withdrawal of consent: You may withdraw your consent to certain uses and disclosures of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Please note: because we are legally required to collect and retain certain information under the PCMLTFA, withdrawing consent to that processing is not possible while you continue to use the Services, and may require us to close your account or suspend the Services.
• Withdrawal of marketing consent: You may opt out of marketing communications at any time by using the unsubscribe mechanism in our messages or by contacting us.

To exercise these rights, contact our Privacy Officer using the details in Section 13. We may need to verify your identity before responding. We will respond within the timeframes required by applicable law (generally within 30 days under PIPEDA). In limited circumstances, we may be unable to provide access to all of the personal information we hold (for example, where doing so would reveal personal information about another individual, where the information is subject to legal privilege, or where disclosure is prohibited by law, including where it would reveal a confidential suspicious-transaction report). If we deny your request, we will explain the reason, subject to legal limits.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to provide the Services, and to comply with our legal, regulatory, accounting, and reporting obligations.

As a FINTRAC-registered MSB, we are required by the PCMLTFA and its regulations to retain client identification records, transaction records, and certain reports and supporting records for a minimum of five (5) years, and in some cases longer. Some records may be retained for longer periods where required by law or where necessary to establish, exercise, or defend legal claims.

When personal information is no longer required and we are no longer legally obligated to retain it, we will securely destroy, erase, or anonymize it.

We maintain physical, organizational, and technological safeguards designed to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, appropriate to the sensitivity of the information. These measures may include encryption, access controls, authentication, secure data storage, network security, staff training, and confidentiality obligations.

No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for keeping your account credentials confidential.

If we become aware of a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will notify you and the appropriate authorities (including, where required, the Office of the Privacy Commissioner of Canada) as required by applicable law, and keep records of breaches as required.

If you are a resident of Quebec, additional rights and protections may apply to you under Quebec's Act respecting the protection of personal information in the private sector (as amended by Law 25), including the right to data portability (the right to receive the computerized personal information you provided to us in a structured, commonly used technological format), the right to request de-indexing in certain circumstances, and specific rules regarding consent for sensitive information and automated decision-making. Quebec residents may contact our Privacy Officer (Section 13) to exercise these rights or with any questions.

We have designated a Privacy Officer who is accountable for our compliance with this Privacy Policy and applicable privacy laws. To ask a question, make a request regarding your personal information, withdraw consent, or make a complaint, please contact:

We will acknowledge and investigate all complaints. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada:

Quebec residents may also contact the Commission d'accès à l'information du Québec (https://www.cai.gouv.qc.ca). Residents of British Columbia and Alberta may contact their respective provincial Information and Privacy Commissioners.

The Website may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites or services you visit.

The Services are not directed to, and are not intended for use by, individuals under the age of majority in their province or territory of residence. We do not knowingly collect personal information from minors. If you believe we have collected personal information from a minor, please contact our Privacy Officer so that we can take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date above and, where the changes are material, provide additional notice as appropriate. Your continued use of the Website or Services after the effective date of any updated Privacy Policy constitutes your acknowledgement of the changes, to the extent permitted by law.