En
Fr
Back

Privacy Policy

Effective date: 25 April 2024 | Last updated: March 2026

1. Who We Are

CAPITOLIO INC. (“Capitolio”, “we”, “us”, or “our”) is a corporation incorporated under the laws of Alberta, Canada (Corporate Access Number: 2025599024), registered as a Money Services Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), registration number M24928320.

Depending on the jurisdiction, processing of your personal data is regulated under the Personal Information Protection and Electronic Documents Act (PIPEDA), the General Data Protection Regulation (EU) 2016/679 (GDPR), and the e-Privacy Directive 2002/58/EC (collectively, “Data Protection Laws”). Capitolio acts as controller of your personal data for the purposes of those laws.

Registered address: 700-602 12 Ave SW, Calgary, Alberta, T2R 1J3, Canada

Contact: [email protected] | https://capitolio.io

2. Scope of This Policy

This Privacy Policy applies to:

  • personal data processed when you visit and use our website;
  • personal data processed in the course of providing our services (virtual currency exchange, virtual currency transfer, and money transfer services);
  • any natural person contacted through our direct marketing activities; and
  • personal data of business contacts and representatives of corporate clients.

3. Data Protection Principles

We comply with the following data protection principles:

  • Lawfulness, fairness, and transparency – we process data on a lawful basis and inform you clearly;
  • Purpose limitation – data is collected for specified, explicit, and legitimate purposes;
  • Data minimisation – we collect only what is necessary;
  • Accuracy – we take reasonable steps to keep data accurate and up to date;
  • Storage limitation – we retain data only as long as necessary or required by law;
  • Integrity and confidentiality – we protect data with appropriate technical and organisational measures; and
  • Accountability – we maintain records and policies to demonstrate compliance.

4. What Personal Data We Collect

4.1 Data Collected Directly From You

4.1.1 Website Visitors

When you visit our website we may collect:

  • device and browser information;
  • log data (IP address, pages visited, time spent, referring URLs, access timestamps);
  • interaction history with our webpages; and
  • data submitted through contact or enquiry forms.

4.1.2 Registered Users and Clients

During onboarding and throughout the business relationship we collect:

  • identity data: full name, date of birth, nationality, government-issued ID documents;
  • contact data: email address, telephone number, residential address;
  • financial data: bank account details, transaction history, source of funds/wealth documentation;
  • verification data: liveness check video, device fingerprint, biometric data processed by our KYC provider (SumSub);
  • account activity: payment instructions, transaction records, correspondence; and
  • PEP/sanctions screening results.

4.1.3 Marketing Contacts

If you respond to a marketing campaign we may collect name, email, telephone number, occupation, and company name.

4.2 Data from Third-Party Sources

We may receive data from:

  • KYC/identity verification providers (SumSub);
  • blockchain analytics providers (for transaction screening);
  • sanctions and PEP databases;
  • credit reference agencies (with your consent); and
  • publicly available sources (corporate registries, LinkedIn).

4.3 Cookies and Similar Technologies

Please refer to our Cookie Policy for details on how we use cookies and your choices.

5. Legal Bases for Processing

We process your personal data on the following legal bases:

  • Contract performance – to provide services you have requested;
  • Legal obligation – to comply with FINTRAC/PCMLTFA requirements, GDPR, PIPEDA, AML/CFT laws, and other applicable regulations;
  • Legitimate interests – to detect and prevent fraud, improve our services, and conduct direct marketing (subject to your right to object); and
  • Consent – where we ask for and receive your explicit consent, including for certain cookies and marketing communications.

6. How We Use Personal Data

We use your personal data to:

  • verify your identity and conduct KYC/AML checks;
  • provide, administer, and improve our services;
  • process transactions and maintain transaction records;
  • screen against sanctions lists and PEP databases;
  • comply with FINTRAC reporting obligations;
  • prevent, detect, and investigate fraud and financial crime;
  • communicate with you about your account and our services;
  • respond to enquiries and complaints;
  • conduct risk assessments;
  • send marketing communications (where you have consented or where we have a legitimate interest); and
  • comply with legal and regulatory requirements.

7. Sharing Your Personal Data

We may share your data with:

  • KYC and identity verification providers (SumSub);
  • blockchain analytics and transaction screening providers;
  • payment processing partners;
  • liquidity and exchange partners;
  • FINTRAC and other competent authorities as required by law;
  • law enforcement agencies, courts, or regulators when legally required;
  • legal and professional advisors; and
  • IT infrastructure and security providers.

We do not sell your personal data to third parties.

Where personal data is transferred outside Canada or the European Economic Area, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions).

8. Retention

We retain personal data for as long as necessary for the purposes set out in this Policy, and in accordance with our legal obligations:

  • KYC/identity records: minimum 5 years after the end of the business relationship (PCMLTFA requirement);
  • Transaction records: minimum 5 years;
  • Correspondence and communications: minimum 5 years; and
  • Marketing data: until you unsubscribe or object.

Longer retention may apply where required by applicable law or regulatory guidance.

9. Security

We implement appropriate technical and organisational security measures including encryption at rest and in transit, access controls, and staff training. We maintain incident response procedures and will notify affected individuals and relevant authorities of any data breach where required by law.

10. Your Rights

Subject to applicable law, you may have the following rights:

  • Right of access – to obtain a copy of your personal data;
  • Right to rectification – to correct inaccurate data;
  • Right to erasure – to request deletion of your data (subject to our legal obligations);
  • Right to restriction – to limit how we process your data;
  • Right to object – to object to processing based on legitimate interests;
  • Right to data portability – to receive your data in a structured, machine-readable format; and
  • Right to withdraw consent – at any time, without affecting the lawfulness of prior processing.

Note: certain rights are limited where we are required to retain data by law (e.g., AML/FINTRAC obligations).

To exercise your rights, contact us at: [email protected]. We will respond within 30 days.

11. Complaints

If you have concerns about our data handling, please contact us first. If you are not satisfied, you may lodge a complaint with:

  • Office of the Privacy Commissioner of Canada (OPC): www.priv.gc.ca — for PIPEDA matters;
  • Your local EU/EEA data protection authority — for GDPR matters.

12. Changes to This Policy

This Policy was last updated in March 2026. We may update it from time to time. Material changes will be communicated by email or a notice on our website. Continued use of our services constitutes acceptance of the updated Policy.

13. Contact Us

Privacy Officer, CAPITOLIO INC.

Email: [email protected]

Address: 700-602 12 Ave SW, Calgary, Alberta, T2R 1J3, Canada

Company
Registered in Canada
CSSF registration number: B00000408
RCS number: B222310
Request Integration

Investing in cryptoassets involves significant risk. You should not invest more than you can afford to lose, and you should ensure that you fully understand the risks involved. We are not regulated by the Financial Conduct Authority and investments in cryptoassets are not covered by the Financial Ombudsman Service or subject to protection under the Financial Services Compensation Scheme.

Regulatory Status

Capitolio Inc. is incorporated in Alberta, Canada and operates as a registered Money Services Business (MSB) in accordance with Canadian federal law. FINTRAC registration number: M24928320. Registered address: 700-602 12 Ave SW, Calgary, Alberta, T2R 1J3, Canada.

AML/CFT Compliance

We operate under a comprehensive AML/CFT compliance programme, including: customer identification and verification (KYC) for all users; ongoing monitoring of transactions and business relationships; screening against sanctions lists and PEP databases; and suspicious activity reporting to FINTRAC as required by the PCMLTFA.

High-Risk Crypto Asset Warning

Transactions involving virtual currencies carry a high risk of financial loss, including the possible loss of the entire amount. The value of virtual currencies is highly volatile. Past performance is not indicative of future results. Before using our services, please read our Risk Disclosure Statement.

Supervision Disclaimer

Unless explicitly stated otherwise, Capitolio Inc. is not a bank, payment institution, or investment firm and does not provide investment services within the meaning of applicable Canadian financial regulations. Capitolio is not subject to prudential supervision in the same way as traditional financial institutions.
Risk Disclosure

© 2026 Capitolio. LTD. All rights reserved. Information on this website is of a general nature and does not constitute investment advice, legal advice, tax advice or an offer of financial instruments. Transactions in crypto-assets involve a high level of risk. Please read our Risk Disclosure and Terms & Conditions carefully before using our services.

Connect with our sales team

Capitolio was built over 10 years ago alongside the birth of the Fintech revolution.Our modern technology platform has supported digitalisation, scale ups and internationalisation.

 

We work with regulated financial institutions.

 

Complete the form for us to connect on:

  1. Accessing global (instant) payments and accounts.
  2. Eliminating costs and delays in account setups and payment processing.
  3. FX strategies that support more currencies, countries and growth.
  4. Technology innovations on tokenised deposits for global fund settlements on the blockchain.

 

* indicates required fields

    Our OTC desk enables discreet, high-liquidity trades with minimal market impact, personalized execution, and dedicated support throughout the transaction process.Our OTC desk enables discreet, high-liquidity trades with minimal market impact, personalized execution, and dedicated support throughout the transaction process.