This Privacy Policy sets out the principles and practices relating to the collection, use, disclosure, and protection of personal information by Norenor Technologies Inc., located at 1135 Stellar Drive, 2nd floor Newmarket ON, L3Y 7B8, Canada ("Company") in connection with the provision of bill payment and related digital services within Canada. The Policy applies to all users of the Company’s website, mobile application, and associated services, and covers all personal information processed by the Company, whether collected directly from individuals or through authorized third parties. For the purposes of this Policy: "Personal Information" means information about an identifiable individual, including identification data, financial information, account details, and documents required under applicable anti-money laundering and know-your-customer regulations. "Service Providers" means third parties engaged by the Company to support the delivery of services, including but not limited to payment processors, banks, identity verification partners, and cloud hosting providers. "Regulatory Authorities" means governmental bodies and agencies, including the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), to which the Company may be required to disclose information under applicable law. "Services" means the Company’s mobile application, website, and all related tools, features, and content provided thereon. This Privacy Policy is intended to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable privacy laws.

The Company may collect the following categories of personal information: 1. Identification Information — such as full name, date of birth, residential address, and government-issued identification documents. 2. Contact Information — including email address, phone number, and mailing address. 3. Financial Information — information necessary to add and use a payment method within the service. This may include the collection of payment card details (such as card number, expiry date, and billing information) at the time of registration of a payment method. Such information is transmitted securely to third-party payment processors engaged by the Company for the purpose of processing transactions. 4. Authentication and Security Information — including login credentials, passwords, security questions, and one-time passcodes. 5. Regulatory and Compliance Information — documents and details required for identity verification and anti-money laundering (AML/KYC) compliance. 6. Transaction Information — including payment instructions, amounts, dates, recipients, and related account records. 7. Technical Information — such as IP address, browser type, device identifiers, operating system, and geolocation data when required for service delivery or fraud prevention. 8. Usage Information — details of interactions with the Company’s website, mobile application, and digital services. 9. Communications — any correspondence or communications with the Company, including support requests or inquiries.

The Company may collect personal information through the following methods: 1. Directly from individuals — when information is provided during account registration, identity verification, communication with customer support, or when adding and using a payment method. 2. Automatically through the Service — including the use of cookies, tracking technologies, and system logs that capture technical and usage information when accessing the website or mobile application. 3. From third-party service providers — such as payment processors, identity verification partners, and regulatory databases, where permitted by law, in order to process transactions, prevent fraud, and comply with applicable anti-money laundering (AML/KYC) requirements.

The Company may use personal information for the following purposes: 1. Service Delivery — to provide, operate, and maintain access to the Company’s website, mobile application, and bill payment services. 2. Account Management — to create, verify, and manage user accounts, payment methods, and service preferences. 3. Transaction Processing — to process bill payments and related transactions through third-party payment processors. 4. Compliance — to meet legal and regulatory obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements. 5. Fraud Prevention and Security — to detect, investigate, and prevent fraudulent activities, unauthorized access, or other security incidents. 6. Communication — to send service-related updates, confirmations, support responses, and other administrative communications. 7. Improvement of Services — to analyze usage patterns, troubleshoot issues, and develop new features and enhancements. 8. Legal Purposes — to establish, exercise, or defend legal claims and to protect the rights and safety of the Company, its users, and third parties.

The Company may disclose personal information only in the following circumstances: 1. Service Providers — to trusted third-party providers engaged to support the Service, including payment processors, banks, cloud hosting providers, customer support platforms, and identity verification partners. Such providers are contractually required to protect personal information and use it solely for the purposes of providing services to the Company. 2. Regulatory and Legal Requirements — to governmental or regulatory authorities, including the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), law enforcement agencies, or courts, where disclosure is required to comply with applicable laws and regulations. 3. Corporate Transactions — in connection with a merger, acquisition, financing, sale of assets, or similar corporate transaction, where personal information may be transferred as part of the business assets. 4. Protection of Rights and Safety — where necessary to protect the rights, property, or safety of the Company, its users, or third parties, or to detect, prevent, and address fraud or security issues. The Company does not sell personal information to third parties.

The Company retains personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. 1. Account and Profile Information — retained for the duration of the user’s relationship with the Service, and for a reasonable period thereafter to resolve disputes, enforce agreements, and maintain business records. 2. Transaction Records — retained for a minimum of five (5) years in accordance with anti-money laundering (AML) and financial reporting obligations under Canadian law. 3. Technical and Usage Data — retained for shorter periods, typically as long as needed to ensure the security, stability, and proper functioning of the Service. 4. Communications and Support Requests — retained as long as necessary to address inquiries and maintain appropriate records. When personal information is no longer required, it will be securely deleted, anonymized, or otherwise disposed of in accordance with applicable legal and regulatory requirements.

The Company implements appropriate technical, organizational, and administrative measures to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, or destruction. Such measures include, but are not limited to: 1. Encryption of sensitive data in transit and at rest; 2. Secure storage of authentication and access credentials; 3. Restricted access to personal information, limited to authorized personnel only; 4. Regular monitoring, testing, and assessment of security controls; 5. Reliance on third-party service providers that comply with recognized security standards, including Payment Card Industry Data Security Standard (PCI DSS). While the Company takes reasonable steps to safeguard personal information, no method of transmission over the internet or method of electronic storage can be guaranteed to be 100% secure. Accordingly, absolute security of information cannot be ensured.

The Company uses cookies and similar tracking technologies to enhance the functionality, performance, and security of its website and mobile application. These technologies may be used for the following purposes: 1. Essential Functionality — to enable core features of the Service, such as session management, authentication, and navigation. 2. Performance and Analytics — to understand how the Service is used, monitor performance, troubleshoot errors, and improve user experience. 3. Security and Fraud Prevention — to identify irregular activity, prevent unauthorized access, and maintain the integrity of transactions. 4. Preferences — to remember user settings and service preferences. Most web browsers allow control over cookies through their settings. Users may choose to disable or restrict cookies; however, doing so may limit the functionality or availability of certain features of the Service.

Personal information collected by the Company may be stored or processed outside of Canada, including in the United States, where certain service providers and cloud hosting providers are located. As a result, personal information may be subject to the laws of those jurisdictions and accessible to courts, law enforcement, and regulatory authorities in those countries. The Company takes reasonable measures to ensure that any transfer of personal information outside of Canada is carried out in compliance with applicable privacy laws, including the use of contractual safeguards and other measures designed to protect the confidentiality and integrity of the information.

The Company processes personal information as necessary to detect, prevent, and mitigate fraudulent activities, unauthorized access, money laundering, terrorist financing, and other illegal or harmful conduct. Measures may include: 1. Monitoring transactions for unusual or suspicious activity; 2. Verifying identity and payment methods through third-party providers; 3. Using risk scoring, device recognition, and other security technologies; 4. Sharing relevant information with service providers, financial institutions, or regulatory authorities where required for fraud detection and prevention. These activities are carried out in compliance with applicable laws and regulations and are necessary to ensure the integrity and security of the Service.

The Company may collect, use, and disclose personal information as required to comply with anti-money laundering (AML) and know-your-customer (KYC) obligations under applicable laws and regulations. This may include the collection and verification of identification documents, proof of address, date of birth, and other information necessary to confirm identity and prevent illegal or fraudulent activity. Such information may be shared with regulatory authorities, including the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), and with third-party service providers engaged to assist in identity verification and compliance processes.

The Company ensures that payment card information is handled in accordance with the Payment Card Industry Data Security Standard (PCI DSS). When users add or use a payment card within the Service, sensitive payment information is transmitted securely to third-party payment processors for authorization and processing. The Company does not store complete payment card numbers or sensitive authentication data. Only limited details, such as the last four digits of the card number, the card type, the expiration date, or tokenized identifiers, may be retained for account management, fraud prevention, and regulatory compliance. All third-party payment processors engaged by the Company are required to maintain PCI DSS certification and to implement industry-standard security measures for the protection of payment card information.

Individuals have certain rights regarding their personal information, subject to applicable laws and regulations. These rights may include: 1. Access — the right to request access to personal information held by the Company. 2. Correction — the right to request correction or update of inaccurate or incomplete information. 3. Withdrawal of Consent — where processing is based on consent, the right to withdraw consent at any time, subject to legal or contractual restrictions. 4. Complaint — the right to file a complaint with the Company or with the Office of the Privacy Commissioner of Canada (OPC) regarding the handling of personal information. Requests to exercise these rights may be submitted using the contact details provided in this Privacy Policy. The Company will respond to such requests in accordance with applicable privacy laws.

The Service is not directed to individuals under the age of eighteen (18), and the Company does not knowingly collect personal information from individuals under this age. If such information is inadvertently collected, it will be deleted promptly.

The Company may revise this Privacy Policy from time to time to reflect changes to its business, the Services, or applicable laws. The revised Privacy Policy will be effective as of the date indicated as "Last Updated." If material changes are made, notice will be provided in accordance with applicable law, which may include posting the updated policy on the Company's website or by other appropriate means. Continued use of the Services after the effective date of the revised Privacy Policy will constitute acknowledgment of and agreement to the updated terms.

If you have any questions or concerns about this Privacy Policy or practices, please contact us at: Norenor Technologies Inc. 1135 Stellar Drive, 2nd floor, Newmarket ON, L3Y 7B8, Canada Email: info@allsettled.com