OmniRemit Privacy Policy and Consent Notice
Last Updated: 8 Dec 2025
Please read this Privacy Policy carefully and keep a copy for your records.
This Privacy Policy ("Policy") explains how OmniRemit Inc. and its affiliates ("OmniRemit", "we", "us") collect, use, disclose and protect your personal information when you use our services.
This Policy applies to your use of:
- OmniRemit websites
- OmniRemit mobile applications
- OmniRemit money transfer and related services ("Services")
By using our Services, you consent to the collection, use and disclosure of your information as described in this Policy.
If you do not agree, please discontinue using our Services.
Important Consents
By agreeing to this Policy, you expressly consent to:
• Collection and processing of personal and sensitive information
Including identity document scans and biometric verification where applicable.
• Disclosure of information to identity verification and compliance service providers
Used for KYC / AML, sanctions screening, and compliance verification.
• Cross-border data transfer
Your information may be processed in countries other than your residence.
• Receiving marketing and service-related communications
(You may opt-out at any time.)
If you do not wish to consent, please do not use OmniRemit Services.
1. Scope
This Policy describes:
- the information we collect
- how we use it
- to whom we disclose it
- how you can control, access or correct your information
- your privacy rights and how to contact us
This Policy applies to personal information under our control, including information handled by service providers acting on our behalf.
2. Information We Collect
We may collect the following categories of information:
2.1 Information you provide
Examples:
- name
- email address
- phone number
- date of birth
- government-issued ID details
- selfie or video verification (where applicable)
- bank account or payment account details
If you contact us, we may keep records of that communication.
2.2 Information about recipients
To complete your transfers we collect:
- recipient name
- recipient contact details
- recipient bank information
This information is used only to complete your transaction and meet regulatory requirements.
2.3 Information collected automatically
Including:
- device identifiers
- IP address
- usage data
- browser and device information
- mobile OS version
- transaction activity
- pages you visit
2.4 Information from third parties
Including:
- identity verification providers
- sanctions screening providers
- KYC providers
- analytics service providers
- partners involved in FX, settlement or payouts
2.5 Location data
We may use location-based data to help prevent fraud and meet regulatory requirements. You may disable location services on your device, although some features may not function.
2.6 Sensitive personal information
We may collect sensitive information where required by law or compliance policies, including biometric identity verification.
2.7 Face Data (Biometric — Face ID)
Collection
We collect your face data solely for the purpose of authenticating your identity when you log in to our mobile application. This collection is performed securely through Apple's Local Authentication framework (Face ID), which processes your biometric data directly on your device. OmniRemit servers never receive or store your raw face data.
Use
Your face data is used exclusively for login authentication. It is not used for any other purpose, including marketing, analytics, profiling, or any purpose beyond verifying that you are the legitimate account holder at the time of login.
Disclosure
We do not disclose, share, or sell your biometric or face data to any third party, including advertisers, data brokers, partners, or other service providers. Face data never leaves your device and is never transmitted to OmniRemit servers or any external system.
Sharing
We do not share your biometric data with any entity. Apple's Local Authentication framework keeps your biometric information stored securely in the Secure Enclave on your device, and we have no access to it. OmniRemit processes only a pass/fail authentication result (not the biometric data itself) to grant or deny access.
Retention
Because face data is processed and stored entirely on your personal device by Apple's operating system, OmniRemit does not retain any face data on its servers. If you disable Face ID for OmniRemit or delete the application, no face data is retained by OmniRemit. You may manage or disable Face ID at any time through your device's Settings.
2.8 Face Data Collected as Part of KYC Verification
Collection
As part of our Know Your Customer (KYC) verification process, we collect face data in the form of a live selfie image from you. This image is captured through our mobile application or website and is used to verify your identity against the government-issued identification you provide. The face data is collected with your explicit consent and is transmitted securely to our identity verification service providers for processing.
Use
The face data collected during KYC is used solely for the following purposes:
- Identity verification — to confirm that you are the legitimate holder of the government-issued ID you submitted
- Compliance with applicable laws and regulations — including anti-money laundering (AML), counter-terrorist financing (CTF), sanctions screening, and fraud prevention requirements
- Fraud monitoring and prevention — to detect, prevent, and mitigate fraudulent activity, including identity theft
- KYC/AML verification — to comply with regulatory obligations and verify your identity against identity verification databases
- Regulatory reporting — to respond to lawful requests from regulators, law enforcement, or financial intelligence units
The face data is not used for any other purpose, including marketing, analytics, profiling, or advertising.
Storage
Face data collected during KYC is stored securely on our servers and in the systems of our identity verification service providers. Retention periods are as follows:
- Face data is retained for as long as necessary to provide our Services to you
- Face data is retained while your account remains active
- After account closure, face data is retained for the shorter of: (a) five (5) years after account closure, or (b) the maximum period required by applicable law, regulation, or regulatory policy in your jurisdiction
- Some jurisdictions may require longer retention periods for regulatory or compliance purposes
We implement administrative, technical, and physical safeguards designed to protect the confidentiality and integrity of your face data during storage.
Sharing
We share face data collected during KYC only with the following categories of third parties, and only to the extent necessary for the purposes described above:
- Identity verification providers — third-party vendors who perform facial recognition matching, identity document verification, and liveness detection
- Service providers — vendors who provide identity verification services to us under strict data processing agreements and who may not use your face data for their own purposes
- Regulators and law enforcement — only when required by law, regulation, or lawful governmental request
- Internal OmniRemit personnel — only on a need-to-know basis for compliance, fraud investigation, or regulatory response purposes
We do not sell your face data. We do not share your face data with advertisers, marketing partners, or any third party for purposes unrelated to the KYC process described in this section.
3. Cookies and Tracking
We use cookies and similar technologies to:
- operate our Services
- personalize user experience
- prevent fraud
- perform analytics
You may block cookies in your browser, but certain Services may not operate properly.
4. How We Use Personal Information
We use information for the following purposes:
- verifying identity and onboarding
- processing transfers
- fraud monitoring and compliance (AML, KYC, sanctions)
- preventing illegal activities
- providing support
- sending service updates and notifications
- meeting regulatory reporting requirements
- improving our website, app, and services
- trend and risk analysis
If we cannot collect necessary information, we may be unable to provide Services.
5. Disclosure of Information
We disclose information only as required for legitimate purposes including:
(a) identity verification & KYC providers
(including automated compliance systems)
(b) sanctions screening providers
(e.g., Neterium, WorldCheck, etc.)
(c) payout and settlement partners
(in the country of destination)
(d) payment processors
(e) regulators, financial intelligence units and law enforcement
where required by law
(f) service providers under contract
who must process data on our behalf and not for their own purposes
(g) other parties with your explicit consent
We do not sell your personal information.
6. International Transfers
Your personal information may be stored and processed outside your country of residence, including jurisdictions where privacy laws may differ.
We take steps to protect transferred data, including contractual safeguards.
7. Storage and Security
We implement administrative, technical and physical safeguards designed to protect the confidentiality and integrity of your data.
However, no system is completely secure and we cannot guarantee absolute security.
8. Data Retention
We retain information only for:
- the period required by law,
- regulatory requirements,
- tax and reporting rules,
- anti-money laundering requirements
Retention periods may vary by jurisdiction.
9. Marketing
You may receive:
- service updates
- marketing communications
You may opt-out by following the unsubscribe instructions in any message.
10. Your Rights
Subject to applicable law, you may have rights to:
- access your information
- request correction
- request deletion
- withdraw consent (where applicable)
Requests may be subject to identity verification.
11. Children
OmniRemit Services are not intended for individuals under 18. We do not knowingly collect personal information from minors.
If we learn a user is under 18, we will delete the account.
12. Changes to this Policy
We may update this Policy periodically. Your continued use of the Services constitutes acceptance of changes.
13. Contact Us
If you have questions regarding this Policy or wish to request access to your information, please contact:
privacy@omniremit.ca