Privacy & Data Protection Policy

1. Who We Are

Teto Bank is the trade name of TETO FINANCE INC. / FINANCIÈRE TETO INC., a company incorporated in the Province of British Columbia, Canada, and registered as a Money Services Business (MSB) with FINTRAC under registration number M23533267. In this Policy, “Teto Bank”, “we”, “us” or “our” refers to TETO FINANCE INC. / FINANCIÈRE TETO INC.

We are committed to protecting your privacy and handling your personal data in a transparent, secure and responsible way.

2. Scope of This Policy

This Privacy & Data Protection Policy applies to:

• Individuals who use or apply for Teto Bank products and services, including cardholders and app users;
• Representatives, directors, beneficial owners and employees of business customers;
• Visitors to our website or digital channels;
• Any person who interacts with us in connection with our regulated financial services activities.

This Policy should be read together with our Terms and Conditions and any product-specific disclosures that apply to your relationship with us.

3. Categories of Personal Data We Collect

Depending on your relationship with us and the services you use, we may collect and process the following categories of personal data:

• Identification data: full name, date of birth, nationality, place of birth, identification numbers (such as passport or national ID number), images of identity documents.
• Contact details: residential address, mailing address, email address, telephone number.
• KYC and due diligence data: copies of identity documents, proof of address, occupation, source of funds, information on business activities, beneficial ownership information and related compliance documentation.
• Account and card data: account identifiers, card numbers (stored and displayed in a masked or tokenised form where possible), card usage details, preferences and settings.
• Transaction data: details of payments, transfers, top-ups, withdrawals, merchants, amounts, dates, times, currencies and related metadata.
• Technical and device data: IP address, device identifiers, browser type and version, operating system, app version, device settings and diagnostic information.
• Usage data: information about how you use our website, app and services, including clicks, navigation events and interaction with features.
• Communications data: records of correspondence with us, including emails, messages, support tickets and call logs where applicable.

4. How We Collect Your Data

We collect personal data in several ways, including:

• Directly from you when you apply for, use or interact with Teto Bank products and services;
• Through our website, mobile application and online forms;
• From identity verification and compliance providers such as Sumsub when performing KYC checks;
• From card networks, payment processors and partner banks involved in processing your transactions;
• From public sources, sanctions lists and databases where permitted by law;
• From your employer or business (for corporate or business-related services).

5. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and, where applicable, on the following legal bases:

• To provide and manage our services: opening accounts, issuing cards, processing transactions, providing customer support and operating our app and website.
• To comply with legal and regulatory obligations: including AML/CFT requirements, KYC, sanctions screening, reporting to FINTRAC and other competent authorities, and fulfilling obligations under the PCMLTFA and other applicable laws.
• To manage risk and protect our business: preventing fraud, financial crime, abuse of services, and ensuring the security and integrity of our systems.
• To improve and develop our products: analysing usage patterns, performance and feedback to enhance our services and user experience.
• To communicate with you: sending service-related notifications, security alerts, updates to terms, and important information related to your account or transactions.
• With your consent where required: for certain marketing communications or optional features, which you may withdraw at any time.

6. KYC, Sumsub and Identity Verification

Know Your Customer (KYC) is a core component of Teto Bank’s commitment to security, trust and regulatory compliance. To perform KYC and related checks, Teto Bank relies on Sumsub, a leading global identity verification and compliance platform.

Sumsub assists us by:

• Performing automated and risk-based document checks for users across multiple jurisdictions;
• Using advanced liveness detection to help prevent spoofing and deepfake attempts;
• Supporting fraud detection and risk-based decisioning;
• Handling a wide range of document types and formats.

During the KYC process, you may be asked to upload identity documents, take a selfie and provide proof of address. Sumsub processes this information securely and returns a verification outcome to Teto Bank. We use this outcome, alongside our own risk rules and regulatory requirements, to determine whether we can establish or continue a customer relationship.

As a specialised identity verification provider, Sumsub operates under strict security and privacy standards and holds industry-recognised certifications (for example, ISO 27001 and SOC 2) as well as compliance with major data protection regimes such as GDPR and CCPA, helping Teto Bank operate to a high standard of data protection and risk management.

7. Data Security and Document Protection

Protecting your personal data and identity documents is a top priority for Teto Bank. We implement multiple layers of technical and organisational controls, which may include:

• Encryption of data in transit (for example, using TLS) and at rest;
• Segregation of environments and restricted access to sensitive systems;
• Role-based access controls and “least privilege” principles for staff and service providers;
• Logging and monitoring of access and security-relevant events;
• Regular security assessments and, where appropriate, independent audits;
• Policies governing secure data handling, retention and deletion.

Where we use third-party service providers such as Sumsub, card issuers, payment processors or cloud providers, we require them to implement appropriate security measures and to process data only in accordance with our instructions and applicable law.

8. Data Sharing and International Transfers

We may share your personal data with:

• Identity verification and compliance providers such as Sumsub;
• Card networks, issuing banks and payment processors involved in authorising and settling your transactions;
• Technology providers that host our infrastructure, applications and data;
• Professional advisers (for example, legal, tax, compliance and audit advisers) under appropriate confidentiality obligations;
• Regulators, law enforcement agencies and other authorities where required by law or in response to valid requests;
• Other entities where you have given your explicit consent or where the sharing is necessary to deliver a service you request.

Your data may be processed and stored in countries other than your country of residence, including Canada and other jurisdictions where our providers operate. Where we transfer personal data internationally, we take appropriate steps to ensure that a suitable level of protection is in place in accordance with applicable data protection laws.

9. Data Retention

We retain personal data for as long as necessary to:

• Provide our products and services to you;
• Comply with legal, regulatory and reporting obligations (including record-keeping requirements under AML/CFT laws);
• Resolve disputes, enforce our rights and respond to inquiries.

When data is no longer required for these purposes, we will securely delete or anonymise it in line with our retention schedules and applicable legal requirements.

10. Your Rights

Depending on your jurisdiction and applicable law, you may have some or all of the following rights in relation to your personal data:

• The right to access your personal data and receive information about how it is processed;
• The right to request correction of inaccurate or incomplete data;
• The right to request erasure of your data, subject to legal and regulatory retention requirements;
• The right to object to or request restriction of certain processing activities;
• The right to withdraw consent where processing is based on your consent;
• The right to lodge a complaint with a competent data protection authority.

To exercise your rights, please contact us using the details provided in Section 13 (Contact Information). We may need to verify your identity before responding to your request.

11. Cookies and Online Tracking

Our website and application may use cookies and similar technologies to:

• Enable core functionality and security features;
• Remember your preferences and improve your user experience;
• Measure performance and understand how our services are used;
• Support certain marketing or analytics activities where permitted by law.

You can manage your cookie preferences through your browser or device settings. For more information about how we use cookies, please refer to any dedicated cookie notice or settings available on our website or in the app.

12. Minors and Teto Teens

Teto Bank may offer products aimed at younger users (for example, “Teto Teens”) with parental oversight and specific controls. Where such services are available, we will:

• Ensure that parental or guardian consent is obtained where required by law;
• Apply appropriate limits and monitoring tools to protect minors’ financial and data privacy;
• Provide clear information to parents or guardians about how data is collected and used.

We do not knowingly establish standalone customer relationships with minors without appropriate parental or guardian involvement.

13. Contact Information

If you have any questions about this Policy or wish to exercise your data protection rights, you can contact us at:

• Company Name: TETO FINANCE INC. / FINANCIÈRE TETO INC.
• Trade Name: Teto Bank
• Address: 5811 Cooney Road, Suite #305 – South Tower, Richmond, BC, Canada, V6X 3M1
• Phone: +1 (778) 402-5007
• Email: info@tetobank.com

14. Changes to This Policy

We may update this Privacy & Data Protection Policy from time to time to reflect changes in our services, legal requirements or industry best practices. When we make material changes, we will notify you through our website, application or other appropriate channels and indicate the effective date of the updated Policy.

Your continued use of Teto Bank services after the effective date of any changes constitutes your acknowledgement of the updated Policy.

This Policy is provided for informational purposes and does not create any contractual right other than as set out in applicable law and our Terms and Conditions.