Celestia Payments Inc. (formerly Cointerra Digital Solutions Inc.) (“Celestia”, “we”, “us”, “our”) respects your privacy and is committed to protecting personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act respecting the protection of personal information in the private sector (Law 25), and our obligations as a FINTRAC-registered Money Services Business under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). This Policy explains what personal information we collect, how we use, disclose, transfer, retain, and protect it, and your rights.
1. Who We Are & Accountability
Celestia Payments Inc. is a company incorporated in Ontario, Canada (Corporation No. 1001266599), registered as a Money Services Business with FINTRAC (Registration No. C100001085), with its registered office at 67 Yonge Street, Suite 701, Toronto, Ontario M5E 1J8, Canada. We are accountable for personal information under our control. Our Privacy Officer / Compliance Officer oversees compliance with this Policy and can be reached at compliance@celestiapayments.com.
2. Scope
This Policy applies to personal information we process about our business clients' representatives, beneficial owners, directors, authorised signatories, and, where applicable, the remitters and beneficiaries of payment transactions processed through our services.
3. Personal Information We Collect
| Category | Examples |
|---|---|
| Identity & KYB/KYC | Name, date of birth, nationality, government ID details, occupation, address; entity ownership, directors, and beneficial owners. |
| Transaction data | Remitter/beneficiary names and details, amounts, currencies, purpose of payment, account/wallet details. |
| Compliance & screening | Sanctions/PEP/adverse-media screening results, source-of-funds/wealth information, blockchain analytics results. |
| Technical | API usage, logs, device and IP information. |
4. Purposes & Legal Basis (Consent)
We collect, use, and disclose personal information to:
- provide and administer our services and process transactions;
- meet our legal and regulatory obligations, including AML/CTF identity verification, recordkeeping, sanctions screening, and reporting under the PCMLTFA and FINTRAC guidance;
- prevent, detect, and investigate fraud, money laundering, terrorist financing, and sanctions evasion;
- operate, secure, and improve our platform and APIs; and
- communicate with you.
We rely on consent and on the statutory exceptions to consent that permit (and, in the AML context, require) collection, use, and disclosure without consent — for example, to comply with legal obligations or to detect/prevent fraud. Where we rely on consent, you may withdraw it subject to legal and contractual restrictions; note that we are legally required to retain certain information regardless of withdrawal.
5. Disclosure of Personal Information
We may disclose personal information to: FINTRAC and other regulators, law enforcement, and authorities as required or permitted by law; our banking, payment, and correspondent partners; service providers and processors (e.g., identity verification, sanctions screening, and blockchain analytics providers such as Elliptic) acting on our behalf under contract; and professional advisers. We do not sell personal information.
6. Cross-Border Transfers
Because we facilitate international payments, personal information may be processed or stored outside the province of Quebec and outside Canada (including by service providers and correspondent/payment partners in other jurisdictions). When personal information is transferred to a service provider in another jurisdiction, it may be subject to the laws of that jurisdiction, including lawful access by courts, regulators, and authorities there. Before transferring personal information outside Quebec, we conduct a privacy impact assessment as required by Law 25 and put in place contractual and other safeguards designed to provide a comparable level of protection. For more information about our cross-border processing or to obtain details of safeguards, contact our Privacy Officer.
7. Retention
We retain personal information for as long as necessary to fulfil the purposes above and to meet our legal obligations. As an MSB, we are required to retain client identification, beneficial-ownership, and transaction records for at least five (5) years (or longer where required by law). When no longer required, information is securely destroyed, erased, or anonymized.
8. Safeguards & Security
We implement appropriate physical, organizational, and technological measures to protect personal information against loss, theft, and unauthorized access, disclosure, copying, use, or modification, proportionate to the sensitivity of the information.
9. Your Rights
Subject to applicable law, you have the right to:
- Access the personal information we hold about you and request a copy;
- Correction of inaccurate or incomplete information;
- Withdraw consent, subject to legal/contractual limits;
- Information & portability (Quebec Law 25): be informed of the use and disclosure of your information and, where applicable, request that computerized personal information be communicated to you or transferred; and
- be informed where an automated decision is made about you and to submit observations.
Certain information must be retained to meet our legal obligations and may be exempt from deletion or correction. To exercise any right, contact our Privacy Officer (Section 11).
10. Automated Processing
We use automated tools for compliance screening (sanctions, PEP, fraud, and blockchain analytics) and risk scoring. Where an automated decision produces a significant effect, you may request information about it and submit observations to a member of our team.
11. Privacy Officer & Complaints
Our Privacy Officer / Compliance Officer is responsible for our compliance with this Policy. To make a request or complaint, contact:
Privacy Officer, Celestia Payments Inc.
67 Yonge Street, Suite 701, Toronto, Ontario M5E 1J8, Canada
Email: compliance@celestiapayments.com
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or, for Quebec residents, the Commission d'accès à l'information du Québec.
12. Changes to This Policy
We may update this Policy from time to time. The “Last updated” date above reflects the latest revision; material changes will be communicated as appropriate.