Privacy Policy

Last Updated: October 15, 2026

Who We Are

Saltic Inc. operates from 326 Hunter Street West, Hamilton, Ontario L8P 4A7. When we say "we" in this policy, we mean Saltic Inc. and anyone working on our behalf — our employees, our technology providers, our compliance team. Six people run this operation. We know where your data lives because we built the systems that store it.

We provide commercial banking services: deposit accounts, payment processing, treasury management, and working capital facilities. Every one of those services requires us to collect, use, and protect your information. This policy explains how.

What We Collect and Why

Banking is a regulated industry. We collect information because federal law requires it and because we cannot serve you without it. There is no version of a banking relationship that works without knowing who you are.

Personal identification. Your name, date of birth, address, and government-issued ID. We collect this during account opening to satisfy Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. Every federally regulated financial institution in Canada does this. We verify your identity through a combination of document review and electronic verification services.

Business information. Articles of incorporation, beneficial ownership declarations, business registration details, financial statements, and receivables data. We use this to open your account, underwrite credit facilities, and structure treasury products around your actual cash conversion cycle. The more accurately we understand your business, the better the banking infrastructure we build for you.

Transaction data. Every deposit, withdrawal, payment, and transfer that moves through your Saltic accounts. We use this to operate your accounts, detect fraud, generate statements, calculate earnings credit rates, and comply with federal reporting requirements. Transaction data is the operational core of the banking relationship.

Contact details. Your email address, phone number, and mailing address. We use these to communicate with you about your accounts — transaction confirmations, facility renewals, regulatory notices, platform updates. Your named contact at Saltic uses these details to reach you directly.

Device and browser data. When you access our digital banking platform, we collect IP addresses, browser type, operating system, and session data. We use this for security — detecting unauthorized access attempts, preventing fraud, and maintaining session integrity. We do not use device data for advertising or profiling.

How We Use Your Information

We use your information for six purposes. Each one has a clear reason.

Operating your accounts. Processing transactions, generating statements, managing signatory controls, running sweep configurations, and maintaining your account analysis records. This is the fundamental reason we have your data.

Processing transactions. Clearing EFT payments through Payments Canada, settling merchant transactions, executing wire transfers through correspondent banks, and processing pre-authorized debits. Every payment you send or receive requires us to use your account and transaction data.

Underwriting credit facilities. When you apply for working capital, a receivables-based facility, or a commercial real estate loan, we analyze your business information, transaction history, and receivables data to make credit decisions. Our underwriting model evaluates your cash conversion cycle and counterparty credit quality — not just your personal credit score.

Preventing fraud. We monitor transaction patterns, flag anomalies, and maintain positive pay fraud protection on disbursement accounts. Device data helps us identify suspicious login attempts. This protects your money.

Complying with regulations. FINTRAC requires us to report certain transactions and maintain records for prescribed periods. OSFI supervises our capital reserves and operational controls. We comply because we must, and because the regulatory framework exists to protect depositors.

Improving our platform. Aggregated, anonymized usage data helps us identify which features clients use, where the platform creates friction, and what to build next. We never use individual client data for product development without anonymization.

We don't sell your data. We don't share it with marketers. We don't monetize your transaction patterns. Your banking data exists to operate your banking relationship.

Who We Share With

We share the minimum information required with the fewest parties possible. Here's who and why.

Payments Canada network. Every domestic EFT, direct deposit, and pre-authorized debit clears through Payments Canada's infrastructure. Processing your payments requires sharing transaction details — amounts, account identifiers, routing information — with the clearing network.

Correspondent banks. International wire transfers and FX transactions route through correspondent banking relationships. We share beneficiary details and transaction amounts as required to complete cross-border payments in USD, EUR, GBP, and CNY corridors.

FINTRAC. Federal law requires us to file Suspicious Transaction Reports (STRs), Large Cash Transaction Reports, and Electronic Funds Transfer Reports. We cannot opt out of this reporting. Neither can you. The requirement exists to combat money laundering and terrorist financing.

Credit bureaus. For credit facilities only, and with your consent. When you apply for working capital or a line of credit, we may report facility details to credit bureaus. We explain this during the application process and obtain your authorization before reporting.

Technology providers. Our digital banking platform, payment processing systems, and data storage infrastructure involve third-party technology providers. Each operates under a strict data processing agreement that limits their use of your information to performing services on our behalf. They cannot use your data for their own purposes. We audit these agreements annually.

We name who we share with because you deserve to know. If a new sharing arrangement arises, we update this policy and notify affected account holders.

How We Protect Your Data

Security is infrastructure, not a feature. We invest in it because your money depends on it.

Encryption at rest. All stored data uses AES-256 encryption. Your account information, transaction records, and personal details are encrypted in our databases. Even if storage media were physically compromised, the data would be unreadable without decryption keys managed through a hardware security module.

Encryption in transit. Every connection between your device and our platform uses TLS 1.3. Data moving between our systems and partner networks is encrypted using current best-practice protocols. We do not support deprecated encryption standards.

Multi-factor authentication. All account access requires multi-factor authentication. You authenticate with something you know (password) and something you have (authenticator app or SMS code). Signatory-level transactions require additional verification.

Penetration testing. We engage independent security firms to conduct penetration testing quarterly. They attempt to breach our systems, and we fix what they find. Results are reviewed by our COO and reported to the board.

SOC 2 Type II compliance. Our operational controls are audited against SOC 2 Type II standards annually. This covers security, availability, processing integrity, confidentiality, and privacy. The audit is performed by an independent firm and the report is available to clients on request.

Access controls. Internally, access to client data operates on a least-privilege basis. Your named contact at Saltic can access your account information. The compliance team accesses data for regulatory reporting. Engineers access anonymized data for platform maintenance. Nobody else.

Your Rights

You have specific rights regarding your personal information under Canadian privacy law. Here's what you can do.

Access your data. You can request a copy of the personal information we hold about you. We'll provide it in a readable format within 30 days of your request. Contact your named account manager or email contact@salticservs.com.

Correct inaccuracies. If your information is wrong — a misspelled name, an outdated address, an incorrect business registration number — tell us and we'll fix it. Accurate data is in both our interests.

Request deletion. You can ask us to delete your personal information. We'll comply where legally possible. Banking regulations require us to retain certain records for a minimum of five years after the end of the business relationship — FINTRAC mandates this for transaction records, account opening documentation, and beneficial ownership information. We'll tell you which records we must keep and why, and we'll delete everything else.

Withdraw consent. For processing activities that depend on your consent (analytics cookies, for example), you can withdraw consent at any time. Essential processing — account operations, regulatory compliance, fraud prevention — does not depend on consent and continues as long as the banking relationship exists.

File a complaint. If you believe we've mishandled your information, you can file a complaint with the Office of the Privacy Commissioner of Canada. We'd prefer you talk to us first — email contact@salticservs.com or call (343) 348-7225 — but the OPC is available as an independent recourse at any time.

Cookies

We'd like to set some cookies to enhance your browsing experience. You can manage your preferences below.

Essential cookies. These maintain your login session, remember your authentication state, and keep the platform functional. They're required for the digital banking platform to work. You cannot opt out of essential cookies while using our services — without them, the platform breaks.

Analytics cookies. With your consent, we use analytics cookies to understand how clients use our platform — which features get used, where users encounter friction, which pages receive the most traffic. This data is aggregated and anonymized. We use it to improve the platform. You can accept or reject analytics cookies through the cookie banner or by contacting us.

Advertising cookies. We do not use advertising cookies. None. We don't run retargeting campaigns, we don't track you across other websites, and we don't sell cookie data to ad networks. Your banking platform is not an ad platform.

Data Retention

We keep your data for as long as necessary to operate your accounts and comply with regulatory requirements. The retention schedule breaks down like this.

Active accounts. All data retained for the duration of the banking relationship. Transaction records, account documentation, and communication logs maintained in full.

Closed accounts. FINTRAC requires us to retain transaction records, account opening documents, and beneficial ownership information for a minimum of five years after the business relationship ends. Credit facility records are retained for seven years after facility closure. We delete non-required data within 90 days of account closure.

Prospect data. If you contact us but don't open an account, we retain your inquiry details for 12 months, then delete them. If you ask us to delete sooner, we will.

Changes to This Policy

We update this policy when our practices change. Minor wording adjustments happen without notice. Material changes — a new sharing arrangement, a change in data retention periods, a new category of data collection — trigger direct notification to all account holders via email. We'll give you 30 days' notice before material changes take effect, and we'll clearly describe what changed and why.

The "Last Updated" date at the top of this page reflects the most recent revision. Previous versions are available on request.

Contact

Questions about this policy, your data, or how we handle information? Reach us directly.

Email: contact@salticservs.com
Phone: (343) 348-7225
Mail: Privacy Officer, Saltic Inc., 326 Hunter Street West, Hamilton, Ontario L8P 4A7

A human reads every inquiry. Expect a response within two business days.

Important Disclosures

Saltic Inc. is a federally regulated financial services company operating under the Bank Act (Canada). Member of the Canada Deposit Insurance Corporation (CDIC). Eligible deposits insured up to $100,000 per depositor, per insured category.

Service fees may apply — see our Schedule of Fees for complete details. All credit facilities are subject to approval and standard underwriting criteria.

Registered office: 326 Hunter Street West, Hamilton, Ontario L8P 4A7. FINTRAC MSB Registration No. M08934721. Supervised by the Office of the Superintendent of Financial Institutions (OSFI).

© 2026 Saltic Inc. All rights reserved.