At ALL IN ONE FINANCE INC. (“AIO”, “we”, “us”, “our”), we take your privacy seriously. We understand that when you use our services, you are placing trust in us—not only with your financial transactions, but also with your personal information. Protecting that information and being transparent about how we handle it is a core part of how we operate.
This Privacy Policy explains, in clear and practical terms, how we collect, use, disclose, and safeguard your information when you interact with our website (aio-finance.com), our platform, or any of the services we provide. Whether you are simply browsing our website or actively using our payment and foreign exchange services, this policy applies to you.
It’s important to understand that this Privacy Policy is not a standalone document. It forms part of your overall relationship with AIO and should be read together with our General Business Terms (GBT) available on our website, as well as any agreements or documents you accept when becoming our client. Together, these documents define how we provide our services and how your data is handled in that process.
For transparency, AIO operates as:
• A company registered in Ontario, Canada
• A registered Money Services Business (MSB) with FINTRAC
• A payment service provider under the Retail Payment Activities Act
These registrations mean we are subject to strict legal and regulatory obligations, particularly around identity verification, anti-money laundering (AML), and financial transparency. As a result, some of the information we collect is not optional but required by law.
AIO is not a bank and does not accept deposits. It provides payment services and foreign exchange transactions only.
In the event of any inconsistency between this Privacy Policy and the General Business Terms, the General Business Terms shall prevail.
2. Scope of This Policy
This Privacy Policy applies to all interactions you have with AIO, including:
• Your use of our website (aio-finance.com)
• Any communication with us via email or other electronic channels
• All services provided under a Framework Contract or any related agreement
In practice, this means that whether you are opening an account, completing a transaction, contacting support, or simply browsing our platform, this policy governs how your information is handled.
By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy and that you agree to it. You also confirm that you have reviewed and accepted:
• This Privacy Policy
• General Business Terms (GBT) available on our website
• Any additional contractual or regulatory documents we provide (“Important Information”)
If you do not agree with any part of these documents, you should not use our services.
3. Information We Collect
To provide our services effectively—and to meet our legal obligations—we need to collect certain types of information about you. We aim to collect only what is necessary, relevant, and proportionate.
3.1 Personal Information
When you register with us or use our services, we may collect personal information such as:
• Your full name
• Date of birth
• Residential or business address
• Contact details (including your email address and phone number)
• Email address (which serves as our primary communication channel with you)
• Identification documents (such as passports or government-issued IDs)
• Bank account details and payment-related information
• IP address and device-related identifiers
We collect this information for clear and specific purposes, including:
• Establishing and maintaining your account
• Entering into and performing the Framework Contract with you
• Processing and settling payment and foreign exchange transactions
• Communicating with you about your account, transactions, or service updates
Without this information, we may not be able to provide our services to you.
3.2 Regulatory Information (AML/KYC Requirements)
As a regulated financial services provider, AIO is required by Canadian law to carry out identity verification and compliance checks. This is often referred to as “Know Your Customer” (KYC) and Anti-Money Laundering (AML) compliance.
To meet these obligations, we may collect and verify:
• Government-issued identification documents
• Information about beneficial owners (for corporate clients)
• Information about the source of funds or wealth (where required)
• Information to determine whether you are a politically exposed person (PEP)
These checks are essential to prevent fraud, money laundering, terrorist financing, and other illegal activities.
If you choose not to provide the required information—or if the information provided is incomplete or cannot be verified—we may be unable to onboard you as a client or may need to:
• Refuse to provide services
• Suspend or restrict your account
• Terminate the business relationship
3.3 Technical and Usage Data
In addition to the information you provide directly, we also collect certain technical data automatically when you use our website or platform. This may include:
• Device type, operating system, and browser type
• IP address
• Pages visited and actions taken on the website
• Login times and activity history
• General usage patterns and preferences
This information helps us:
• Keep our platform secure
• Detect suspicious or unauthorized activity
• Improve performance and usability
• Understand how users interact with our services
In most cases, this data is used in an aggregated or analytical way, but it may still be linked to you where necessary for security or compliance purposes.
How We Collect Information
We collect information about you in several ways, depending on how you interact with AIO and the services you use. Our goal is to collect only what is necessary, while ensuring we can operate securely, efficiently, and in full compliance with legal requirements.
a) Direct interactions
Much of the information we collect comes directly from you. This happens when you actively engage with us, for example:
• When you register for an account or submit onboarding information
• When you enter into a Framework Contract or any related agreement
• When you communicate with us via email or other channels
• When you initiate or complete a transaction on our platform
In these situations, you are providing us with the information required to identify you, communicate with you, and carry out the services you have requested.
b) Legal and contractual processes
As a financial services provider, we are required to collect and verify certain information as part of our regulatory obligations. This includes:
• Identity verification (KYC – Know Your Customer)
• Anti-money laundering (AML) and compliance checks
• Ongoing monitoring of client activity where required by law
These processes may involve reviewing documents, cross-checking information with trusted sources, and periodically updating your data. This is a necessary part of operating within Canadian financial regulations and helps ensure the safety and integrity of our services.
c) Automated technologies
We also collect certain information automatically when you use our website or platform. This is done through cookies and similar tracking technologies.
These tools allow us to:
• Understand how users interact with our website
• Improve functionality and performance
• Enhance security and detect unusual activity
• Remember preferences and streamline your experience
You can control or disable cookies through your browser settings, although doing so may affect how some parts of the site function.
5. How We Use Your Information
We use your information for practical, necessary, and lawful purposes related to providing our services and running our business.
At the core, your information enables us to deliver payment services and foreign exchange transactions. This includes processing, executing, and settling transactions within the applicable timelines (such as D+1 or D+3 settlement periods), as well as maintaining accurate records of your activity.
Your data is also essential for fulfilling our contractual obligations. This means managing your account, providing customer support, and ensuring that all services are delivered in line with the agreements you have entered into with us.
Communication is another key use of your information. We rely primarily on email to keep you informed about your account, transactions, updates to our services, and any important notices.
Because we operate in a regulated financial environment, we must also use your information to meet legal and compliance requirements. This includes obligations related to anti-money laundering laws, FINTRAC regulations, fraud prevention, and risk management. Monitoring transactions and identifying suspicious or unauthorized activity are critical parts of this process.
In addition, we use certain data to improve our services. By analyzing how our platform is used, we can enhance performance, fix issues, and create a more efficient and user-friendly experience.
We want to be clear and transparent: we do not sell your personal data to third parties.
We process personal data based on one or more of the following legal grounds: performance of a contract, compliance with legal obligations, legitimate interests, and where applicable, your consent.
6. Communication
Clear and reliable communication is an essential part of our relationship with you. For this reason, email is our primary method of communication.
By using our services, you agree that we may communicate with you electronically. This includes sending:
• Account-related notifications
• Transaction confirmations and updates
• Security alerts or warnings
• Changes to our services, policies, or agreements
• Regulatory or legal notices
These communications are an important part of how we deliver our services and ensure compliance with applicable laws.
It is your responsibility to ensure that the email address you provide to us is accurate, current, and accessible. You should also regularly check your inbox (and spam/junk folders) for messages from us.
We are not responsible for any issues arising from outdated or incorrect contact information, or from your failure to review important communications sent to you.
7. Disclosure of Information
We understand that your personal information is sensitive, especially in the context of financial services. For that reason, we do not share your information casually or for unrelated purposes. However, in order to operate our services effectively and comply with legal requirements, there are situations where we need to disclose your information to trusted third parties.
We may share your personal information with carefully selected service providers who support our operations. This includes, for example, IT infrastructure providers, payment processors, compliance and identity verification partners, and other technical or operational vendors. These providers only receive the information necessary to perform their specific functions and are not permitted to use it for their own purposes.
Your information may also be shared with financial institutions and banking partners involved in processing your transactions. This is a fundamental part of delivering payment and foreign exchange services, as funds must move through regulated financial systems.
In certain circumstances, we are legally required to disclose information to regulatory authorities. This includes organizations such as FINTRAC, as well as other governmental or supervisory bodies, particularly in connection with anti-money laundering obligations, fraud prevention, or financial reporting requirements.
We may also disclose your information where necessary to comply with legal obligations, enforce our contractual rights, or respond to lawful requests, such as court orders or investigations. This can include situations involving suspected fraud, unauthorized transactions, or other activities that may violate applicable laws or our agreements.
Finally, if AIO is involved in a business transaction—such as a merger, acquisition, restructuring, or sale of assets—your information may be transferred as part of that process. In such cases, we will ensure that appropriate safeguards are in place to protect your data.
In all cases, any third party that receives your information is required to handle it securely and in accordance with strict confidentiality and data protection obligations.
8. International Transfers
As part of providing our services, your personal information may be processed or stored in countries outside of your country of residence. This may include Canada as well as other jurisdictions where our service providers, partners, or infrastructure are located.
Different countries have different data protection laws, and in some cases, those laws may not offer the same level of protection as those in your home jurisdiction. Additionally, authorities in those countries—such as courts, law enforcement, or regulators—may have the legal right to access your data under their local laws.
We take steps to ensure that any international transfer of your information is handled responsibly and securely. This includes working only with reputable partners and requiring appropriate contractual safeguards.
By using our services, you acknowledge and consent to the transfer, storage, and processing of your information in these jurisdictions.
9. Data Security
Protecting your information is a priority for us, and we take reasonable and appropriate measures to safeguard it from unauthorized access, loss, misuse, or disclosure.
These measures include:
• Encryption technologies (such as SSL) to protect data during transmission
• Secure servers and infrastructure designed to prevent unauthorized access
• Internal access controls to ensure that only authorized personnel can access sensitive information
• Ongoing monitoring and security practices to detect and respond to potential threats
While we are committed to maintaining a high level of security, it is important to understand that no system—especially one operating over the internet—can be completely secure. There is always some level of inherent risk in transmitting information online.
You also play an important role in protecting your data. In particular, you are responsible for:
• Keeping your login credentials (such as passwords) confidential
• Not sharing your access details with others
• Notifying us immediately if you suspect any unauthorized access, suspicious activity, or misuse of your account
Prompt reporting allows us to take action quickly and helps minimize potential risks or losses.
10. Data Retention
We keep your personal information only for as long as necessary to fulfill the purposes for which it was collected, including retention periods required under Canadian AML laws (typically 5–7 years). This includes providing our services to you, maintaining our contractual relationship, and meeting our legal and regulatory obligations.
In general, your data is retained for the duration of your relationship with AIO. This means that while your account is active and you are using our services, we will continue to store and process your information as needed to operate your account, process transactions, and communicate with you.
However, even after your account is closed or your relationship with us ends, we may still be required to retain certain information. This is primarily due to obligations under anti-money laundering (AML) laws, FINTRAC requirements, and other financial regulations, which often require records to be kept for a defined period of time.
We may also retain data for legitimate business purposes, such as:
• Complying with legal, tax, and accounting requirements
• Responding to regulatory inquiries or audits
• Resolving disputes or enforcing our agreements
• Maintaining records for internal reporting and risk management
Where possible, and once retention is no longer necessary, we may delete, anonymize, or securely dispose of your personal information so that it can no longer be associated with you.
11. Your Rights
We believe you should have control over your personal information. Depending on applicable laws, you may have certain rights regarding how your data is handled.
These rights may vary depending on your jurisdiction and may include:
• Access – You can request information about the personal data we hold about you and how it is being used.
• Correction – If any of your information is inaccurate or outdated, you can ask us to correct it.
• Withdrawal of consent – In cases where processing is based on your consent, you may withdraw that consent at any time.
• Deletion – You may request that we delete your personal data, subject to certain legal or regulatory limitations.
It is important to note that some of these rights are not absolute. For example, we may not be able to delete certain information if we are required to retain it by law or for legitimate business purposes, such as compliance with financial regulations.
To exercise any of your rights, or if you have questions about your personal data, you can contact us at:
We may need to verify your identity before processing your request, in order to protect your information and ensure that it is not disclosed to unauthorized parties.
We are committed to responding to requests within a reasonable timeframe and in accordance with applicable laws.
12. Complaints
We take concerns about privacy seriously and are committed to handling your personal information in a fair, transparent, and lawful manner. If you believe that your data has been mishandled, misused, or processed in a way that does not align with this Privacy Policy or applicable laws, you have the right to raise a complaint.
To do so, you should submit your complaint to us in writing, providing as much detail as possible. This helps us understand the issue clearly and investigate it effectively. Relevant details may include your identification, a description of the concern, and any supporting information related to your claim.
Once we receive your complaint, it will be reviewed by the appropriate team within AIO. We will handle your complaint in accordance with our internal procedures and aim to resolve it within the timeframes established under our General Business Terms typically within 15 working days (or up to 35 days where applicable).
In some cases, we may need to contact you for additional information or clarification. We are committed to keeping you informed throughout the process and providing you with a clear response once the review is complete.
If you are not satisfied with how your complaint has been handled, you may have the right to escalate the matter through applicable legal or regulatory channels.
13. Cookies
Like most modern websites, we use cookies and similar technologies to improve how our website functions and to enhance your overall experience.
Cookies are small text files that are stored on your device when you visit our website. They help us recognize your browser, remember your preferences, and understand how users interact with our platform.
We use cookies for several purposes, including:
• Ensuring that the website functions properly and efficiently
• Analyzing usage patterns so we can improve performance and usability
• Enhancing security, including helping to detect suspicious or unusual activity
Some cookies are essential for the operation of the site, while others help us optimize and improve the user experience.
You have the option to control or disable cookies through your browser settings. However, please be aware that if you choose to block or disable certain cookies, some parts of the website may not function correctly or may become less accessible.
Where required by law, we will request your consent before placing non-essential cookies.
14. Children’s Privacy
Our services are designed for adults and are not intended for individuals under the age of 18.
We do not knowingly collect, use, or store personal information from minors. As part of our onboarding and compliance processes, we may take steps to verify age and identity to ensure that our services are only provided to eligible users.
If we become aware that personal information has been collected from an individual under the age of 18 without appropriate authorization, we will take prompt steps to delete that information and, where necessary, restrict or terminate the associated account.
If you believe that a minor may have provided personal information to us, please contact us so that we can investigate and take appropriate action.
15. Changes to This Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our services, legal obligations, regulatory requirements, or internal practices.
When we make updates, we will take reasonable steps to ensure that you are informed. This may include:
• Publishing the updated version of the Privacy Policy on our website
• Notifying you via email, particularly in cases where the changes are material or may affect your rights or how your data is handled
We encourage you to review this Privacy Policy periodically so that you remain informed about how we protect and use your information.
Your continued use of our services after any changes have been made and communicated will be considered as your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using our services and may contact us regarding the termination of your relationship with AIO.
16. Contact Information
If you have any questions, concerns, or requests related to this Privacy Policy or the way we handle your personal information, we encourage you to get in touch with us.
ALL IN ONE FINANCE INC.
150 King Street West, Suite 750
Toronto, Ontario, M5H 1J9
Canada
We aim to respond to all inquiries within a reasonable timeframe and to provide clear and helpful information regarding your request.
17. Legal Governing Law
This Privacy Policy, as well as any questions, disputes, or claims arising out of or in connection with it, shall be governed by and interpreted in accordance with the laws of Canada and the Province of Ontario.
By using our services, you agree that any disputes related to privacy or data protection will fall under the jurisdiction of the applicable Canadian courts, in line with our contractual framework.
This Privacy Policy reflects AIO’s contractual framework, regulatory obligations, and operational practices as defined in General Business Terms (GBT) available on our website .