Login
Contact Sales
Login
CONTACT SALES

Privacy Policy

iComply Privacy Policy

Effective Date: October 14, 2025
Last updated: October 14, 2025

 

1.  INTRODUCTION

iComply Investor Services Inc. (“iComply,” “we,” “our,” or “us”) is committed to protecting your privacy and maintaining your trust. This Privacy Policy explains how we collect, use, share, and safeguard personal data when you visit https://icomplyis.com and https://icomplykyc.com (collectively the “Website”) or use our products and services (collectively, the “Services”).

When you access the Website, iComply acts as a data controller. By using the Website or our Services, you agree to this Privacy Policy and to our Website Terms of Use. If you do not agree, please discontinue use of the Website.

When we process data on behalf of customers who use our compliance platform under the Master Services Agreement (MSA) and the Data Processing Addendum (DPA), we act as a data processor. 

2. Information We Collect

We collect only the personal data that is necessary to provide and improve our Services. This may include your name, company, job title, postal address, email address, and phone number. If you purchase or subscribe to our Services, we may collect limited financial information such as billing or payment details, which are processed securely through third-party payment providers.

When you visit our Website, we automatically collect certain technical information including your IP address, browser type, device identifier, operating system, and referring URL. Our Website is intended for business and professional use. We do not knowingly collect information from or market to anyone under eighteen years of age.

In the course of providing regulated onboarding, identity verification, know your customer, or anti-money-laundering (AML) compliance services, we may also collect identity documents, transaction, historical or other verification data as required by law. Where legally required for identity verification or AML compliance, we may process biometric identifiers or government-issued documents with your explicit consent and in accordance with applicable data-protection laws.

3. How We Use Information

We use personal data only for lawful purposes that are clearly defined. These include providing the Services you request, maintaining your account, delivering customer support, and improving our technology through analytics and quality-assurance activities. We also use data to communicate with you about product updates, marketing materials, or service changes where you have chosen to receive such communications.

Information may also be processed to ensure system security, prevent fraud, and comply with applicable laws and regulations, including  AML and KYC requirements. We do not sell, rent, or trade personal data to third parties.

4. How We Share Information

We share personal data only when necessary to operate our business and in accordance with contractual safeguards. Data may be shared with trusted service providers and subprocessors that support hosting, analytics, payments, or regulatory screening. These providers are listed in our Data Processing Addendum and operate under strict confidentiality and security obligations.

We may also disclose data in connection with a merger, acquisition, or sale of assets, or when required by law, regulation, or valid legal process. In all other cases, your consent will be sought before information is shared. A current list of subprocessors used by iComply is available in our Data Processing Addendum and may be updated from time to time.

5. Your Rights

Depending on your jurisdiction, you may have rights of access, correction, deletion, restriction, portability, or objection to certain processing activities. You may exercise these rights by contacting our Data Protection Officer at [email protected]. Requests will be handled within the time frames and procedures set out in our DPA and applicable law.

6. Data Security

We maintain administrative, technical, and organizational measures to protect personal data from unauthorized access, alteration, or destruction. All information transmitted between you and our systems is encrypted using TLS 1.2 or higher, and stored data is encrypted with AES-256. Our edge-computing architecture allows sensitive information to be processed locally on user devices whenever feasible, further reducing exposure.

Our technical and organizational controls are further described in our SPARC Statement (Security, Privacy, Availability, Reliability, and Confidentiality), which forms part of our compliance framework and is incorporated by reference into this Policy.

We apply multi-factor authentication, least-privilege access controls, continuous monitoring aligned with SOC 2 standards, and regular testing of our security controls. While no security system is completely immune from risk, we strive to maintain a level of protection that is appropriate to the nature of the data processed. In the event of a personal data breach, we will promptly notify affected clients, data subjects, and regulatory authorities as required by law.

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, to meet legal obligations, or to enforce contractual rights. For AML and KYC records, we typically retain information for five years after the end of a client relationship, unless a longer period is required by law. When data is no longer needed, it is securely deleted or anonymized.

8. International Transfers

As an international company, iComply may transfer personal data to jurisdictions outside your country. International transfers are governed by the Standard Contractual Clauses set out in Schedule 4 of our Data Processing Addendum, or equivalent frameworks under applicable privacy laws.

9. Cookies and Analytics

We use cookies and similar technologies to understand how visitors interact with our Website and to improve user experience. You can configure your browser to block or delete cookies; however, certain features of the Website may not function properly without them. Additional details can be found in our Cookie Notice, available on our Website.

10. Changes to This Policy

We may revise this Privacy Policy from time to time. The effective date at the top of this document reflects the most recent version. Material changes will be posted on the Website and, where legally required, notified by email or in-application message. Continued use of the Website or Services after any modification constitutes acceptance of the updated Policy.

11. Contact Us

Questions, concerns, or complaints about this Privacy Policy or our data-protection practices should be directed to our Data Protection Officer at [email protected].

12. Governing Law and Dispute Resolution

This Privacy Policy and any dispute or claim arising from it are governed by the laws of British Columbia, Canada. The parties will first attempt to resolve any disagreement directly and in good faith. If the matter cannot be resolved within a reasonable timeframe, the dispute shall be submitted to binding mediation before a mediator mutually chosen from the list of registered British Columbia mediation services. Mediation will take place in Vancouver, British Columbia, and the mediator’s decision will be final and binding, enforceable in any court of competent jurisdiction.

13. Relationship to Other Agreements

This Privacy Policy forms part of and is subject to the Website Terms of Use, the Master Services Agreement (MSA), and the Data Processing Addendum (DPA). In the event of any inconsistency, the MSA will prevail.

Vaidyanathan Chandrashekhar

Vaidyanathan Chandrashekhar

Advisors

“Chandy,” is a technology and risk expert with executive experience at Boston Consulting Group, Citi, and PwC. With over two decades in financial services, digital transformation, and enterprise risk, he advises iComply on scalable compliance infrastructure for global markets.
Thomas Linder

Thomas Linder

Advisors

Thomas is a global tax and compliance expert with deep specialization in digital assets, blockchain, and tokenization. As a partner at MME Legal | Tax | Compliance, he advises iComply on regulatory strategy, cross-border compliance, and digital finance innovation.
Thomas Hardjono

Thomas Hardjono

Advisors

Thomas is a renowned identity and cybersecurity expert, serving as CTO of Connection Science at MIT. With deep expertise in decentralized identity, zero trust, and secure data exchange, he advises iComply on cutting-edge technology and privacy-first compliance architecture.
Rodney Dobson

Rodney Dobson

Advisors

Rodney is the former President of ADP Canada and international executive with over two decades of leadership in global HR and enterprise technology. He advises iComply with deep expertise in international service delivery, M&A, and scaling high-growth operations across regulated markets.
Praveen Mandal

Praveen Mandal

Advisors

Praveen is a serial entrepreneur and technology innovator, known for leadership roles at Lucent Bell Labs, ChargePoint, and the Stanford Linear Accelerator. He advises iComply on advanced computing, scalable infrastructure, and the intersection of AI, energy, and compliance tech.
Paul Childerhose

Paul Childerhose

Advisors

Paul is a Canadian RegTech leader and founder of Maple Peak Group, with extensive experience in financial services compliance, AML, and digital transformation. He advises iComply on regulatory alignment, operational strategy, and scaling compliance programs in complex markets.
John Engle

John Engle

Advisors

John is a seasoned business executive with senior leadership experience at CIBC, UBS, and Accenture. With deep expertise in investment banking, private equity, and digital transformation, he advises iComply on strategic growth, partnerships, and global market expansion.
Jeff Bandman

Jeff Bandman

Advisors

Jeff is a former CFTC official and globally recognized expert in financial regulation, fintech, and digital assets. As founder of Bandman Advisors, he brings deep insight into regulatory policy, market infrastructure, and innovation to guide iComply’s global compliance strategy.
Greg Pearlman

Greg Pearlman

Advisors

Greg is a seasoned investment banker with over 35 years of experience, including leadership roles at BMO Capital Markets, Morgan Stanley, and Citigroup. Greg brings deep expertise in financial strategy and growth to support iComply's expansion in the RegTech sector.
Deven Sharma

Deven Sharma

Advisors

Deven is the former President of S&P and a globally respected authority in risk, data, and capital markets. With decades of leadership across financial services and tech, he advises iComply on strategic growth, governance, and the future of trusted data in AML compliance.