Privacy Rules

1.1. These Privacy Rules (hereinafter referred to as the “Rules”) determine the procedure implemented by the Company for the acquisition, accumulation, storage, processing, use, and disclosure of personal information of individuals (hereinafter referred to as “Clients”) by REMITTIX GLOBAL CORPORATION.

1.2. REMITTIX GLOBAL CORPORATION is a corporation duly incorporated under the laws of the Province of British Columbia, Canada, Registration Number BC1545532, with a registered office at 422 RICHARDS STREET, VANCOUVER BC V6B 2Z4, CANADA, holding Money Services Business (MSB) License No. C10001725 (hereinafter referred to as the “Company”, “We”, “Us” or “Service”).

1.3. These Rules apply to the Service's Website, which is accessible at https://aexchanger.com (hereinafter referred to as the “Service Website”, “Website” or “Platform”).

1.4. By using the Service Website or the Service, you confirm that you have reached the legal age of majority in the province or territory in which you reside (being 19 years of age in British Columbia, Nova Scotia, New Brunswick, Newfoundland and Labrador, the Northwest Territories, Nunavut, and the Yukon; and 18 years of age in Alberta, Saskatchewan, Manitoba, Ontario, Quebec, and Prince Edward Island, and the age of majority as otherwise defined under the laws applicable to you).

1.5. By registering on the Service Website or using the Service, the Client confirms their unconditional acceptance of these Rules and agrees to the collection, use, and disclosure of their personal information in accordance with the terms described herein, including:

• The Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada);
• The Personal Information Protection Act (PIPA) (British Columbia);
• The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations;
• FINTRAC guidelines and directives applicable to Money Services Businesses;
• Any other applicable Canadian federal and provincial privacy and data protection laws.

1.6. If the Client does not agree with these Rules, in whole or in part, the Client is obliged to immediately stop using the Service and the Service Website.

1.7. The Company has the right to unilaterally amend these Rules. In case of material changes, the Client will be notified via email or through a notice on the Service Website no less than fourteen (14) calendar days before the changes take effect. Continued use of the Service after the changes take effect constitutes acceptance of the amended Rules.

1.8. The Service processes personal information in accordance with the principles of fairness, necessity, and proportionality, as required by PIPEDA and BC PIPA. The Company collects only the personal information that is necessary for the purposes specified in these Rules.

1.9. The rights and obligations of the Service in relation to the Client's personal information are governed exclusively by the laws of Canada and the Province of British Columbia.

2.1. The following terms are used in these Rules:

2.1.1. Client (or “You”): any individual or legal entity (corporate Client) that has accepted the terms of these Rules and uses or has used the Service.

2.1.2. Personal Information: any information about an identifiable individual, as defined under PIPEDA and BC PIPA, including but not limited to name, address, contact details, financial information, identification documents, and any other information that can be used to identify a person.

2.1.3. Processing: any operation or set of operations performed on personal information, including collection, use, storage, disclosure, organization, alteration, retrieval, and deletion.

2.1.4. Service / Website: the online platform AEXchanger, owned and operated by the Company, providing Virtual Currency exchange and transfer services.

2.1.5. Cookies: small text files stored on the Client's device by the Website to enhance functionality and collect usage analytics.

2.1.6. KYC (Know Your Client): the identity verification process required under the PCMLTFA and FINTRAC guidelines.

2.1.7. FINTRAC: the Financial Transactions and Reports Analysis Centre of Canada, Canada's financial intelligence unit.

2.1.8. PIPEDA: the Personal Information Protection and Electronic Documents Act (Canada).

2.1.9. PIPA BC: the Personal Information Protection Act (British Columbia).

2.1.10. PCMLTFA: the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada).

2.1.11. OPC: the Office of the Privacy Commissioner of Canada.

2.1.12. OIPC BC: the Office of the Information and Privacy Commissioner for British Columbia.

2.1.13. Allpass.ai: a third-party identity verification service provider used by the Company for KYC and AML compliance purposes.

2.1.14. Guardarian: a payment processing solution operated by GRNTech Solution Inc. (Ontario, Canada, FINTRAC MSB #C10001703) and FinSeven CZ s.r.o. (Czech Republic), used by the Service to facilitate fiat currency transactions.

2.1.15. Google Analytics: a web analytics service provided by Google LLC that tracks and reports Website traffic and usage patterns.

2.1.16. Biometric Information: unique physical characteristics, including facial recognition data (liveness selfie), used for identity verification purposes.

2.1.17. Source of Funds (SoF): documentation or information demonstrating the origin of funds used in transactions.

2.1.18. Source of Wealth (SoW): documentation or information describing the economic activities through which a Client has accumulated their total net worth.

3.1. The types of Personal Information we collect, use, and/or disclose will depend on your interactions with us and the products and services involved. Over the course of your interactions with us and on an ongoing basis, as needed, the types of information we may collect include:

3.1.1. Identifiers

• Full name;
• Date of birth and gender;
• Place of birth;
• Citizenship;
• Residence address (country, city, street, house number, zip code);
• Nationality;
• Number and type of government-issued identification document (passport, driver's licence, ID card, etc.), the issuing state or authority, and the period of validity;
• Phone number;
• Email address;

3.1.2. Technical Device, Account, and Authentication Information

• IP address;
• Browser type and version;
• Operating system;
• Device identifiers;
• Account username and password (hashed);
• Authentication logs and security credentials;
• Session duration and activity timestamps.

3.1.3. Biometric Information

• Liveness selfie (facial recognition image) for identity verification;
• Photograph of the Client holding their identification document.

3.1.4. Transaction and Financial Information

• Source Currency and Resulting Currency details;
• Transaction amounts, dates, and counterparty information;
• Wallet addresses for Virtual Currency transactions;
• Bank account information and payment instructions;
• Source of Funds (SoF) documentation (e.g., bank statements, invoices, payment records);
• Source of Wealth (SoW) documentation;
• Payment history and transaction records.

3.1.5. Professional or Employment-Related Information

• Information about the purpose of the business relationship;
• Type of intended transaction;
• Occupation or industry (if required for enhanced due diligence);
• Confirmation of PEP (Politically Exposed Person) status, including family members and close associates of PEPs.

3.1.6. Internet and Other Similar Activity

• Pages visited on the Website;
• Clickstream data;
• Search queries made on the Website;
• Time spent on pages;
• Referring website URLs;
• Interactions with Website features and buttons.

3.1.7. Geolocation Data

• Approximate geographic location derived from IP address;
• Country-level location for compliance with restricted territories and sanctions screening.

3.1.8. Inferences Drawn from Personal Information

• Risk assessment profiles created for AML compliance purposes;
• Fraud detection scores and flags;
• Transaction pattern analysis results.

3.2. The Company may obtain Personal Data about the Client from third-party sources in order to fulfill legal and regulatory obligations, including:

• Sanctions and PEP screening databases: to screen Clients against global sanctions lists and Politically Exposed Persons registries;
• Public registries and government databases: to verify corporate registrations, director information, and beneficial ownership structures;
• Credit reference and fraud prevention agencies: for fraud risk assessment;
• Referral sources, where the Client was referred by a business partner or affiliate;
• Publicly available sources, including internet searches and media databases for enhanced due diligence (EDD) purposes.

3.3. The Company also collects automatically generated technical information when the Client visits the Service Website. This information is used to ensure the security and functionality of the Website and includes the data listed in Clause 3.1.2 above.

3.4. Cookies and Tracking Technologies

3.4.1. The Service uses cookies and similar tracking technologies to enhance user experience, analyze usage patterns, and ensure the security of the Website. Cookies used by the Service include:

• Essential cookies: required for the basic functionality of the Website (e.g., session management, security). These cannot be disabled.
• Analytics cookies: used to collect anonymized data about how Clients interact with the Website. The Service uses Google Analytics for this purpose. Google Analytics collects information such as pages visited, time spent on pages, and referring websites. You may opt out of Google Analytics by installing the browser add-on available at: https://tools.google.com/dlpage/gaoptout. For more information on how Google uses data, visit: https://policies.google.com/technologies/partner-sites.

3.4.2. Upon first visit to the Website, the Client will be presented with a cookie preference banner that allows the Client to choose which categories of cookies to accept (essential only, or essential + analytics). Clients may also control or disable cookies through their browser settings. Please note that disabling essential cookies may affect the functionality of the Service.

3.4.3. Detailed information on the use of cookies can be found in the Cookies Rules.

3.5. Information Collected by Third-Party Service Providers

3.5.1. KYC Verification: Allpass.ai. To comply with PCMLTFA requirements and FINTRAC guidelines, the Company uses Allpass.ai as a third-party identity verification service. Allpass.ai collects and processes the Client's identification documents, Biometric Information (liveness selfie), and proof of address for the purposes of identity verification and ongoing monitoring. Allpass.ai processes this information in accordance with its own privacy policy and applicable Canadian privacy laws.

3.5.2. Payment Processing: Guardarian. To facilitate transactions in fiat currency, the Service processes payments through Guardarian, which is operated by:

• GRNTech Solution Inc., a company incorporated under the laws of Ontario, Canada, with its address at 1270 Central Parkway West, Suite 102, Mississauga, Ontario, L5C 4P4, Canada, registered with FINTRAC as a Money Services Business (MSB) under registration number C10001703; and
• FinSeven CZ s.r.o., a company registered in the Czech Republic (registry code: 22304681), with its address at Na Čečeličce 425/4, Smíchov, 15000, Prague, Czech Republic.

Guardarian's privacy policy is available at: https://guardarian.com/privacy-policy

3.5.3. To identify and verify the information in Clause 3.1, the Company or its service providers may require:

• Phone number confirmation (via one-time passcode);
• Email address confirmation (via verification link or one-time passcode);
• Photo of a valid government-issued identification document (passport, driver's licence, ID card, etc.);
• Liveness selfie (facial image);
• Proof of address showing the Client's full name and residential address, dated within the last three months (e.g., utility bill, bank statement, tenancy agreement);
• Proof of Source of Wealth (SoW);
• Proof of Source of Funds (SoF).

4.1. The Company uses the collected information for the following purposes:

• Providing, maintaining, and improving the Service;
• Processing transactions and executing Client instructions;
• Verifying the Client's identity (KYC) in compliance with PCMLTFA and FINTRAC guidelines;
• Determine the Client’s or potential Client’s eligibility to use the Service;
• Evaluate and process the Client’s application, accounts, transactions and reports;
• Conducting ongoing AML/CFT monitoring, including transaction screening and sanctions list checks;
• Detecting and preventing fraud, unauthorized transactions, and other prohibited activities;
• Complying with legal and regulatory obligations, including reporting to FINTRAC where required;
• Communicating with the Client regarding their account, transactions, and changes to the Service;
• Record, track, analyze and respond to Client inquiries, support requests, feedback and complaints;
• Analyzing usage patterns to improve the Website, user experience, and service offerings;
• Enforcing the Client Agreement and these Rules.
• The Company does not use personal information of persons located or established in the European Union or the European Economic Area for the purposes of active marketing, retargeting, personalized advertising, or behavioural profiling directed at EU/EEA persons. Personal information of EU/EEA persons who access the Services at their own exclusive initiative is processed solely to the extent necessary to provide the requested service and to comply with applicable legal obligations.

4.2. The Company processes personal information on the following legal bases, as recognized under PIPEDA and BC PIPA:

• Consent, where the Client has provided express or implied consent for the processing of their personal information for specified purposes;
• Contractual necessity, where processing is necessary to fulfill the terms of the Client Agreement and provide the Service;
• Legal obligation, where processing is required to comply with the PCMLTFA, FINTRAC directives, or other applicable laws;
• Legitimate interests, where processing is necessary for the Company's legitimate business interests (such as fraud prevention, network security, and service improvement), provided such interests are not overridden by the Client's privacy rights.

4.3. The Company may share personal information with third-party service providers, including:

• Allpass.ai: for identity verification (KYC) purposes;
• Guardarian (GRNTech Solution Inc. and FinSeven CZ s.r.o.): for payment processing;
• Google LLC (Google Analytics): for website analytics (anonymized and aggregated data only);
• Financial institutions and payment partners: for transaction settlement;
• Legal and professional advisors: for compliance and dispute resolution;
• FINTRAC and other regulatory or law enforcement authorities: as required by law.

4.4. The Company enters into contractual agreements with all third-party service providers to ensure they provide a comparable level of protection for personal information as required under PIPEDA and BC PIPA.

4.5. The Company may disclose personal information without the Client's knowledge or consent where required or permitted by law, including:

• To comply with a subpoena, warrant, court order, or other lawful request by a government institution;
• To FINTRAC in accordance with reporting obligations under the PCMLTFA;
• To law enforcement agencies investigating unlawful activities;
• In an emergency situation where an individual's life, health, or security is threatened.

4.6. The Company does not sell personal information to third parties.

4.7. The Company may use aggregated, anonymized data (which cannot identify an individual) for business analysis, operational planning, and reporting purposes. Such data is not subject to these Rules.

4.8. Retention of personal information. The Company retains personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law.

4.9. Pursuant to the PCMLTFA and its regulations, the Company retains:

• Records of all monitoring activities and any information obtained during monitoring for at least five (5) years from the date the record was created;
• Client identification and verification records for at least five (5) years following the end of the business relationship;
• Transaction records for at least five (5) years from the date of the transaction.

4.10. Upon expiry of the applicable retention period, personal information will be securely deleted or anonymized, unless further retention is required by law or for legitimate business purposes.

5.1. The Company does not intentionally collect, use, or disclose the following categories of sensitive personal information, except where explicitly required by law or necessary for identity verification:

• Sensitive health or medical information, unless voluntarily provided by the Client in the course of communications with the Service;
• Religious, philosophical, or political beliefs;
• Membership in trade unions;
• Racial or ethnic origin;
• Sexual orientation or sexual life information;
• Genetic data (except as may be derived from Biometric Information for identity verification purposes).

5.2. Where the Company collects Biometric Information (facial recognition data via liveness selfie) for KYC purposes, such collection is limited strictly to what is necessary for identity verification under the PCMLTFA and FINTRAC guidelines. This Biometric Information is processed solely for identity verification and is not used for any other purpose, including surveillance or profiling not related to AML compliance.

5.3. If the Client voluntarily provides any of the excluded categories of personal information listed in Clause 5.1 (e.g., in correspondence with the Company), the Company will, where possible, minimize its use and retention and will process it only in accordance with these Rules and applicable law.

5.4. The Company does not process personal information of individuals under the age of 18 without verifiable parental or guardian consent. If the Company becomes aware that it has collected personal information from a minor without such consent, it will take steps to delete that information promptly, subject to legal retention requirements.

6.1. Under PIPEDA and BC PIPA, the Client has the following rights regarding their personal information:

6.1.1. Right to Access. The Client has the right to request access to the personal information that the Company holds about them, and to receive a copy of that information, subject to certain exceptions under PIPEDA and BC PIPA (e.g., information that would reveal personal information about another individual, or information subject to solicitor-client privilege).

6.1.2. Right to Correction. The Client has the right to request the correction of any inaccurate, incomplete, or outdated personal information held by the Company. The Company will make the correction promptly and, where appropriate, send the corrected information to any third parties to whom the incorrect information was disclosed.

6.1.3. Right to Withdraw Consent. The Client has the right to withdraw their consent to the collection, use, or disclosure of their personal information at any time, subject to legal and contractual restrictions. The Client understands that withdrawal of consent may affect the Company's ability to provide the Service. Where the Company is required by the PCMLTFA or other legislation to collect, use, or retain certain information, consent withdrawal may not be possible for that specific processing activity.

6.1.4. Right to Erasure. The Client may request the deletion of their personal information where it is no longer necessary for the purposes for which it was collected. However, the Company may be required to retain certain personal information to comply with its legal obligations under the PCMLTFA and other applicable laws (see Clauses 4.8 - 4.9 on retention periods). Where deletion is not possible due to legal requirements, the Company will inform the Client and restrict processing of that data to the minimum necessary for compliance.

6.1.5. Right to Request Review of Automated Decisions. Where the Company uses automated processing to make decisions that significantly affect the Client (such as transaction risk scoring), the Client has the right to request human review of such a decision and to be informed of the logic involved, to the extent permitted under applicable law and consistent with the Company's legal and compliance obligations.

6.1.6. Right to Data Portability (Voluntary Commitment). Although not expressly required under PIPEDA, the Company will, upon written request and where technically feasible, provide the Client with a copy of their personal information in a structured and commonly used format. This is offered as a voluntary service and does not constitute an obligation under Canadian privacy law.

6.1.7. Right to be Informed. The Client has the right to be informed about the collection, use, and disclosure of their personal information in a clear and understandable manner, as provided in these Rules.

6.1.8. Right to Complain. If the Client has any concerns about the Company's handling of their personal information, they may:

• Contact the Company's Privacy Officer (see Section 10);
• File a complaint with the Office of the Privacy Commissioner of Canada (OPC):
• Website: https://www.priv.gc.ca
• Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3
• Phone: 1-800-282-1376
• File a complaint with the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC):
• Website: https://www.oipc.bc.ca
• Address: PO Box 9038, Stn Prov Govt, Victoria, BC V8W 9A4
• Phone: 1-250-387-5629

6.2. The Company will respond to all requests under Section 6 within thirty (30) calendar days of receiving the request, as required under PIPEDA. If the request is complex or requires additional time, the Company will notify the Client within the initial 30-day period and provide an estimated response time.

6.3. The Company will not charge a fee for responding to a request under Section 6, unless the request is manifestly unfounded, excessive, or repetitive, in which case a reasonable administrative fee may be charged.

6.4. The Company may require the Client to provide sufficient identification information to verify their identity before processing a request under Section 6. This is a security measure to ensure that personal information is not disclosed to unauthorized individuals.

7.1. The Company provides access to the Client's personal information to its employees, agents, and contractors only on a need-to-know basis, where such access is necessary for the performance of their duties and the provision of the Service.

7.2. The Company may disclose personal information to the following categories of recipients:

7.3. The Company may disclose personal information to a third party in connection with a business transaction, such as a merger, acquisition, or sale of assets. In such cases, the Company will require the third party to agree to protect the personal information in accordance with these Rules and applicable privacy laws.

7.4. The Company does not disclose personal information to third parties for their own marketing purposes without the Client's express consent.

7.5. Where the Company is required by law (including the PCMLTFA) to disclose personal information to FINTRAC or other regulatory authorities, such disclosure may occur without the Client's knowledge or consent. The Company will not notify the Client of such disclosures where doing so would compromise a law enforcement investigation or violate applicable law.

8.1. The Company primarily stores and processes personal information within Canada. However, to provide the Service, personal information may be transferred to, stored, or processed in jurisdictions outside of Canada, including:

• United States: Google Analytics (Google LLC) may process anonymized analytics data;
• Czech Republic (European Union): Guardarian payment processing (FinSeven CZ s.r.o.), which is subject to applicable EU data protection requirements as an EU-based data processor.

8.2. Where personal information is transferred outside Canada, the Company ensures that:

• The data is protected by contractual agreements with the recipient that provide a comparable level of protection to PIPEDA and BC PIPA, including provisions requiring the recipient to use the data only for the specified purposes and to maintain appropriate security safeguards;
• The transfer is necessary for the provision of the Service or the performance of a contract with the Client;
• The Client has been informed of the transfer and has consented where required.

8.3. The Client acknowledges that personal information transferred to jurisdictions outside Canada may be subject to the laws of those jurisdictions, which may permit access by foreign government authorities, courts, or law enforcement agencies under certain conditions.

8.4. The Company conducts due diligence on all third-party recipients of personal information outside Canada to assess their ability to provide an adequate level of data protection. The Company's Privacy Officer can provide further information on the safeguards in place for international transfers upon request.

8A. Processing of Personal Information of EU/EEA Persons.

8A.1. The Company does not actively solicit, market, or direct its Services at persons located or established in the European Union or the European Economic Area ("EU/EEA Persons"). Where an EU/EEA Person accesses the Services at their own exclusive initiative (as described in Section 4.9 of the Client Agreement), the Company processes their personal information solely on the following bases and for the following limited purposes:

(a) to verify the identity of the person and assess their eligibility to use the Services, in accordance with the Company's obligations under the PCMLTFA and FINTRAC requirements;

(b) to process the specific transaction requested by the person;

(c) to comply with applicable Canadian AML/CFT, sanctions, and reporting obligations.

8A.2. The Company does not process personal information of EU/EEA Persons for marketing, advertising, retargeting, profiling for commercial purposes, or any purpose other than those listed in Clause 8A.1.

8A.3. EU/EEA Persons who have questions regarding the processing of their personal information may contact the Company's Privacy Officer at [email protected]. The Company will respond to all such inquiries in accordance with Section 9 of these Rules.

8A.4. Personal information of EU/EEA Persons transferred to or processed by FinSeven CZ s.r.o. (Czech Republic) as part of payment processing is subject to a data processing agreement between the Company and FinSeven CZ s.r.o. in accordance with applicable requirements. Such processing is strictly limited to payment settlement purposes.

9.1. The Client may submit a request to exercise their rights under Section 6 by contacting the Company's Privacy Officer (see Section 10) in writing or by email.

9.2. The request must include sufficient information to allow the Company to identify the Client and locate their personal information, including:

• Full name;
• Email address associated with the Client's account;
• A clear description of the request;
• Any supporting documentation necessary to verify identity.

9.3. Upon receiving a request, the Company will:

• Acknowledge receipt of the request within five (5) business days;
• Process the request and provide a substantive response within thirty (30) calendar days from receipt;
• If additional time is required, notify the Client within the initial 30-day period with reasons and an estimated timeline.

9.4. The Company may extend the 30-day response period by an additional 30 days where:

• The request is complex or requires a detailed search;
• The request involves a large volume of information;
• Third-party consultations are required.

9.5. The Company may decline to act on a request where:

• The request is manifestly unfounded or excessive (e.g., repetitive requests);
• The information requested is subject to legal privilege;
• The disclosure would reveal personal information of another individual;
• The information is subject to an exception under PIPEDA or BC PIPA;
• The Company is prohibited from disclosing the information by law (including the PCMLTFA).

Where the Company declines a request, it will inform the Client in writing of the reasons for the refusal and the Client's right to complain to the OPC or OIPC BC.

9.6. The Company maintains a record of all data subject requests received, including the date of receipt, the nature of the request, the Company's response, and the date of response. These records are retained for a minimum of three (3) years.

10.1. The Company implements and maintains appropriate technical, organizational, and administrative security measures to protect personal information against unauthorized access, disclosure, alteration, or destruction, including:

• Encryption: personal information is encrypted in transit using TLS (Transport Layer Security) and at rest where appropriate;
• Access controls: Role-based access controls ensure that only authorized personnel have access to personal information on a need-to-know basis;
• Firewalls and intrusion detection systems: Network security measures to prevent unauthorized access;
• Secure authentication: Multi-factor authentication for administrative access;
• Regular security audits and vulnerability assessments;
• Staff training: All employees with access to personal information receive training on privacy and security obligations;
• Physical security: Secure premises and server facilities.

10.2. The Company has designated a Privacy Officer who is responsible for overseeing compliance with these Rules, PIPEDA, BC PIPA, and related privacy legislation. The Client may contact the Privacy Officer at:

Privacy Officer REMITTIX GLOBAL CORPORATION 422 RICHARDS STREET, VANCOUVER BC V6B 2Z4, CANADA Email: ([email protected]) Phone: (+13435128080)

10.3. The Company encourages Clients to notify the Privacy Officer promptly if they become aware of any potential security breach or unauthorized access to their personal information.

10.4. Breach Notification. In the event of a privacy breach involving personal information that creates a real risk of significant harm to the Client, the Company will:

• Notify the affected Client as soon as feasible, in accordance with PIPEDA's mandatory breach reporting requirements;
• Report the breach to the Office of the Privacy Commissioner of Canada (OPC) as required by law;
• Take all reasonable steps to mitigate any harm resulting from the breach.

10.5. The Company maintains a record of all privacy breaches, including the nature of the breach, the affected data, the response taken, and the outcome. These records are retained for a minimum of 24 months as required under PIPEDA.

11.1. The Company processes personal information on the following legal bases, consistent with PIPEDA and BC PIPA:

11.2. Where the Company processes personal information based on consent, the Client may withdraw their consent at any time, subject to legal and contractual restrictions as described in Clause 6.1.3.

11.3. Where the Company processes personal information based on a legal obligation (including the PCMLTFA), the Company is required to process such data regardless of the Client's consent preferences, and such processing will continue for the duration required by law.

12.1. The Company reserves the right to amend these Rules at any time. The current version of these Rules is always available on the Service Website.

12.2. In the event of material changes to these Rules, the Company will notify Clients by:

• Sending an email notification to the email address associated with the Client's account; and/or
• Posting a prominent notice on the Service Website.

Such notification will be provided no less than fourteen (14) calendar days before the changes take effect.

12.3. Changes to these Rules take effect on the date specified in the notification. Continued use of the Service after the effective date constitutes acceptance of the amended Rules.

12.4. If the Client does not agree to the amended Rules, the Client must stop using the Service and may request the deletion of their account, subject to the Company's legal retention obligations under the PCMLTFA.

12.5. Non-material changes (such as clarifications, corrections of typographical errors, or updates to contact information) may take effect immediately upon posting without prior notice.

12.6. The Company is not responsible for any damages or losses incurred by the Client or third parties resulting from the Client's misunderstanding or failure to read these Rules, instructions, or guidelines on how to use the Service. The Company makes reasonable efforts to communicate these Rules clearly and encourages Clients to review them carefully.

13.1. If any provision of these Rules is found to be invalid, illegal, or unenforceable under applicable law, the remaining provisions shall continue in full force and effect.

13.2. The Company's failure to enforce any provision of these Rules shall not be construed as a waiver of that provision or any other provision.

13.3. These Rules are subject to the laws of Canada and the Province of British Columbia. In the event of any inconsistency between these Rules and the requirements of the PCMLTFA, FINTRAC directives, PIPEDA, or BC PIPA, the applicable statutory or regulatory requirements shall prevail.

13.4. These Rules are personal to the Client and may not be assigned or transferred without the prior written consent of the Company.

13.5. For any questions or concerns regarding these Rules or the Company's handling of personal information, please contact:

Privacy Officer REMITTIX GLOBAL CORPORATION 422 RICHARDS STREET, VANCOUVER BC V6B 2Z4, CANADA, Email: ([email protected]), Phone: (+13435128080)

Supervisory Authorities: Office of the Privacy Commissioner of Canada (OPC) Website: https://www.priv.gc.ca Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3 Phone: 1-800-282-1376

Office of the Information and Privacy Commissioner for British Columbia (OIPC BC) Website: https://www.oipc.bc.ca Address: PO Box 9038, Stn Prov Govt, Victoria, BC V8W 9A4 Phone: 1-250-387-5629