Privacy Policy
MyAreaa Inc. — Privacy Policy
Effective Date: April 1, 2026 | Version 2.0
Your privacy matters to us. This Privacy Policy explains what personal information MyAreaa Inc. (“MyAreaa,” “we,” “us,” or “our”) collects, why we collect it, how we use and protect it, and what rights you have over it.
This policy applies to all users of the MyAreaa platform, including the mobile application and any associated websites. If you use our financial services, additional obligations apply under our Terms of Service.
1. Applicable Privacy Laws
We comply with the following privacy laws, depending on where you are located:
- Canada — all provinces: Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
- Quebec residents: Act Respecting the Protection of Personal Information in the Private Sector (Law 25), which includes additional consent, transparency, and data minimization requirements that took effect in 2023.
- Nigerian users: Nigerian Data Protection Act (NDPA) 2023.
- California residents: We are aware of the California Consumer Privacy Act (CCPA) and will meet applicable obligations as our US user base grows.
Financial services are currently available to Canadian users only. The obligations described in our FINTRAC and RPAA registrations also govern how we handle financial data.
2. Information We Collect
2.1 Information You Give Us
- Account information: your name, email address, phone number, and date of birth.
- Identity verification documents: government-issued ID and other documents required for KYC under FINTRAC obligations.
- Financial information: bank account details, payment method information, and transaction history. This is processed through AptPay Inc., our payment rail partner, who holds this data under their own security standards.
- Community content: posts, messages, profile information, and any other content you share on the platform.
2.2 Information We Collect Automatically
- Device information: device type, operating system, unique device identifiers, and IP address.
- Usage information: how you navigate the platform, features you use, and time spent on different sections.
- Transaction logs: records of every transaction you initiate or receive, which we are required to maintain under FINTRAC and RPAA regulations.
2.3 Information from Third Parties
- Identity verification results from our KYC provider.
- Payment status and transaction confirmation from AptPay Inc.
3. How We Use Your Information
We use your personal information for the following purposes:
- Providing the platform: creating and managing your account, processing transactions, and enabling community features.
- Regulatory compliance: meeting our obligations under PCMLTFA (FINTRAC), RPAA (Bank of Canada), and applicable anti-money laundering and counter-terrorism financing laws.
- Security: detecting, preventing, and investigating fraud, unauthorized access, and other harmful activities.
- Platform improvement: analyzing usage patterns to fix issues and improve user experience. We use aggregated and anonymized data where possible for this purpose.
- Communications: sending you account-related notifications and, if you have consented separately, marketing messages about new features and promotions.
- Legal purposes: responding to lawful requests from courts, regulators, or law enforcement.
4. How We Share Your Information
We do not sell your personal information to anyone. We share it only in the following circumstances:
4.1 Service Providers
We share information with trusted third-party providers who help us operate the platform. These include:
- AptPay Inc.: our payment rail partner, which processes EFT and Interac transactions and holds user funds in a custodial account structure.
- KYC and identity verification providers.
- Cloud infrastructure and data hosting providers.
- Two-factor authentication providers.
- Credit monitoring partner: a third-party provider that supplies the free credit file monitoring service, allowing you to view your own credit score and report.
Each provider is bound by a data processing agreement that limits their use of your information to what is necessary for the service they provide.
4.2 Regulatory Reporting
As an MSB registered with FINTRAC, we are legally required to report certain transactions to FINTRAC. This includes large cash transactions above prescribed thresholds, suspicious transactions, and transactions involving sanctions-listed parties. We cannot waive or override these reporting obligations.
4.3 Legal Requirements
We may disclose your information in response to a valid court order, subpoena, government request, or other lawful legal process. Where we are permitted to notify you of such a request, we will.
4.4 Business Transfers
If MyAreaa is acquired, merged, or sold, your personal information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
5. Data Retention
We keep your personal information for as long as your account is active or as long as we need it to provide our services. When you close your account, we will delete or anonymize your personal information subject to the following exceptions:
- Transaction records: FINTRAC regulations require us to retain transaction records for a minimum of five years from the date of the transaction.
- Identity verification records: retained for at least five years after the end of our business relationship with you, as required by PCMLTFA.
- Legal holds: if your information is subject to a legal hold or regulatory investigation, we will retain it until the matter is resolved.
6. Data Security
We take the security of your information seriously. Our security practices are aligned with the Microsoft Cloud Security Benchmark (MCSB) and include encryption in transit and at rest, access controls, activity logging, and regular security reviews.
No method of transmission over the internet is completely secure. While we work hard to protect your information, we cannot guarantee absolute security. If we become aware of a security breach that affects your personal information, we will notify you and the applicable regulator as required by law.
7. Your Privacy Rights
Depending on where you are located, you may have the following rights over your personal information:
| Right | What It Means | Applies To |
|---|---|---|
| Access | You can request a copy of the personal information we hold about you. | All users |
| Correction | You can ask us to correct inaccurate or incomplete information. | All users |
| Deletion | You can ask us to delete your information, subject to our legal retention obligations. | All users |
| Data portability | You can request your information in a structured, machine-readable format. | Quebec, Nigerian, California users |
| Withdraw consent | You can withdraw consent for marketing communications at any time. | All users |
| Object to processing | You can object to us using your information for certain purposes. | Quebec, Nigerian users |
| Privacy impact assessment | You have the right to know if a decision made about you was made solely by automated means. | Quebec users (Law 25) |
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. In some cases, we may need to verify your identity before acting on your request. We will never deny a right simply because exercising it is inconvenient for us.
8. Cookies and Device Permissions
The MyAreaa app requests access to certain device features to function properly. These include push notification permissions (to send you transaction alerts and community notifications) and, where required for two-factor authentication, access to your authenticator app or device biometrics. We do not access your camera, microphone, contacts, or location without a clear, specific reason and your explicit permission.
If you are using MyAreaa through a web browser, we use essential cookies to keep you logged in and to maintain platform security. We do not use tracking cookies for advertising purposes.
9. Children's Privacy
MyAreaa is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If we discover that we have collected information from a user under 18 without verifiable parental consent, we will delete that information promptly.
10. Cross-Border Data Transfers
MyAreaa operates primarily in Canada, and your data is stored on servers located in Canada. Some of our service providers, including cloud and authentication providers, may process data in other countries. When your data is transferred outside Canada, we ensure that appropriate safeguards are in place, including contractual protections that meet the standards required by PIPEDA and applicable provincial law.
11. Changes to This Privacy Policy
We may update this policy from time to time. If we make material changes — meaning changes that significantly affect your rights or how we use your information — we will notify you at least 30 days before the changes take effect, by email or in-app notice. Continuing to use MyAreaa after the effective date means you accept the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding your privacy, please contact us at:
MyAreaa Inc. — Privacy Team
Email: [email protected]
General Support: [email protected]
Website: www.myareaa.com
Mailing Address: c/o JL13 Concepts Inc., Suite #303 – 11420 27 Street SE, Calgary, Alberta, Canada, T2Z 3R6
If you are not satisfied with our response to a privacy concern, you have the right to contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca, or your applicable provincial privacy authority.