Privacy Policy

Cedar Privacy Policy

‍[Last Updated: October 16, 2025]

‍

1. Introduction

Welcome to MDB Financial Canada Inc., doing business as Cedar ("we," "our," or "us"). We are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services, in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the Retail Payments Activities Act (RPAA) and its associated regulations, applicable provincial laws, and the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) regulations. We are registered as an MSB with FINTRAC and as a Payment Services Provider (PSP) with the Bank of Canada. This Privacy Policy applies to any use of our services through the Cedar website (www.cedar.money) (the “Site”) or any mobile applications or platforms we make available to you (the “Services”). 

‍

PLEASE READ THIS POLICY CAREFULLY. By creating an account and clicking on ‘I agree’ or by accessing the Services, you acknowledge that you have read, understand and agree to be legally bound by this Privacy Policy, and other policies incorporated herein by reference. 

‍

2. Definitions

• Personal Information: Information about an identifiable individual, including but not limited to name, address, financial information, and identification numbers. This is information that can be used on its own or with other information to identify, contact, or locate a single person.
• Processing: Any operation performed on personal information, including collection, storage, use, and disclosure.
• Consent: Voluntary agreement to the collection, use, or disclosure of personal information.

Money Services Business (MSB): A business engaged in currency exchange, money transfers, or the issuing or redeeming of money orders, traveller's cheques, or other similar activities.

‍

3. Information We Collect

We may collect the following types of personal information:

• Identity Information: Name, date of birth, Social Insurance Number (SIN), driver's license, or passport details.
• Contact Information: Email address, physical address, and phone number.
• Financial Information: Bank account details, credit card information, virtual currency wallet address information, transaction history, and credit reports.
• Usage Data: IP addresses, browser type, access times, and device information.
• Transaction Information: Details of payments, transfers, account activities, and currency exchanges.
• Compliance Information: Details needed to verify identity or comply with anti-money laundering and financial regulations. 

4. How We Collect Your Information

When you visit our Site, or use our Services, sign up or set up an account with us or contact us, you may directly provide, and we may collect a variety of personal information about you. If you authorize us or third parties to do so, we may also collect information about you from other sources such as third-party service providers, our partners or affiliates, public databases, identity verification providers, merchants who use the Services, advertising networks, analytics providers, social media platforms. 

We may also use third party providers to store your information safely. Third party providers may also help us review your use of the Services and accounts for fraud or other concerns.

We collect personal information through the following methods:

• Directly from you when you register for an account, submit an invoice, complete a transaction, or engage with our Services in any way.
• Automatically through cookies and analytics tools when you visit our website or platform.
• From third-party sources, such as financial institutions, credit bureaus, and regulatory bodies.

5. Purpose of Collection

We collect your personal information to:

• Provide and maintain our services.
• Verify your identity and prevent fraud.
• Process transactions, currency exchanges, and manage accounts.
• Comply with legal and regulatory obligations under FINTRAC, PIPEDA, RPAA and any other applicable laws.
• Maintain records as required by FINTRAC and the RPAA. 
• Monitor and report suspicious activities to FINTRAC as required.
• Improve our services and personalize your experience.
• Respond to questions, disputes or legal requests.

6. Legal Basis for Processing

We process your personal information based on:

• Consent: When you provide us with your information.
• Contractual Necessity: To deliver services you have requested.
• Legal Obligations: Compliance with laws, FINTRAC regulations, and reporting requirements.
• Legitimate Interests: Enhancing our services and ensuring security.

7. Consent and Withdrawal

We require your consent for the collection, use, and disclosure of your personal information. You may withdraw your consent at any time by contacting us at support@cedar.money, but this may affect our ability to provide certain services.

8. RPAA Compliance and Oversight

As a PSP registered with the Bank of Canada, we comply with the RPAA and its regulations. This means that we: 

• Maintain a documented operational risk management framework. 
• Keep records of all payment activities for at least five (5) years. 
• Have an incident response plan for any operational or data-related incident. 
• Provide accurate and timely information to the Bank of Canada, if requested. 

These controls ensure we manage your payment information safely and transparently. 

‍

9. Sharing and Disclosure

There are situations where we may share your personal information with our third party service providers, our partners or affiliates and other parties as described in our Terms of Service and this Privacy Policy. By entering into our Terms of Service and agreeing to this Privacy Policy, you are affirmatively opting into this sharing of your personal information. 

Our service providers and affiliates are required to handle personal information consistent with this Privacy Policy and according to our instructions. They cannot use your personal information shared by us for their own purposes and must delete or return shared personal information once they have completed our request. We are responsible for the practices of our third party servicers as it relates to payment functions under the RPAA. 

‍

We may also disclose personal information if we determine that for purposes of national security, law enforcement, or other issues of public importance where disclosure is necessary or appropriate. We may also disclose personal information where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our Terms of Service or to protect our operations or users, or in the event of a reorganization, merger, or sale of Cedar.

We may share your information with:

• Service Providers: For identity verification, payment processing, cloud storage, and IT services.
• Regulatory Authorities: To comply with legal obligations (e.g., FINTRAC, Bank of Canada).
• Business Partners: With your consent, if necessary for services.

10. Data Security

We use reasonable administrative, technical and physical safeguards to protect your personal information, taking into account the nature of your personal information, processing of this data and threats posed. We conduct periodic reviews of these safeguards and work to improve our safeguards to keep your information safe.  
‍

We use reasonable measures designed to limit access to your personal information only to the persons, employees, or affiliates who have a need to access such information.  

‍

However, as an online electronic system, we cannot guarantee that there will be no loss, misuse, unauthorized access or acquisition, or alteration of your personal information. Notwithstanding our efforts, no security measure is perfect or impenetrable and no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee complete security of the transmission or storage of your personal information. We cannot ensure the security or confidentiality of any information that you transmit or receive from us by internet or wireless connection, as we do not control the methods of transmission.  If you believe that any of your personal information has been compromised, please contact us immediately.  
‍

It is important that you maintain the security and control of your account credentials and not share your password with anyone. 
‍

We will notify you if there is a breach of our security where required by law or deemed necessary.

‍

12. Cross-Border Data Transfers

We are based in Canada and have related entities in other locations. Your personal information may be transferred, stored or processed in or outside of Canada. Our operations are supported by a network of computers, servers, information technology, and other infrastructure that includes, but is not limited to third party service providers.  While we are based in Canada, we and our third party service providers may store and process your personal information in locations around the world, including but not limited to the United States and the European Union.  You consent to processing and transfer of information in and to the United States, and to other countries, where you may not have the same rights.

‍

In connection with providing the Services, it may be necessary for us to transfer your personal information to third parties that are outside the European Economic Area (“EEA”).  If your personal information is subject to such transfer, we shall take reasonable measures, including appropriate physical, technical, and administrative practices to protect your information, and will have appropriate contractual protections in place with any third parties.  By using our Services, you consent to your personal information being transferred to other countries, even if those countries have different data protection rules than your country.

‍

13. Your Rights

You have the right to:

• Access your personal information.
• Request corrections to inaccurate information.
• Withdraw consent for certain uses of your information.
• Request for the transfer of your personal information. 
• Ask questions or make a complaint about how we handle your data. 

To view, change or update your personal information, you may log into your account to make such changes. 

Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. 

There may also be situations where we cannot grant your request, for example if you ask us to delete your personal information and we are legally obligated to keep a copy of it to comply with applicable law. We may also decline to grant a request where doing so would undermine our legitimate use of the personal information for anti-fraud or security purposes. Other reasons we may decline your request if it jeopardizes the privacy of others, is frivolous or would be extremely impractical. 

​

If you are unable to make said changes in your account, to request that your information be deleted, to withdraw consent for use of your personal information, or for other changes, you may email us at support@cedar.money . We may be required to verify your identity before proceeding with a request and will explain the impact on your use of the Services at the time of the request to help you with your decision.

‍

14. Automated Decision-Making

If we use automated decision-making, you have the right to request human intervention or challenge the decision.

‍

15. Cookies and Tracking Technologies

Cookies are small data files that are stored in your device memory or on your hard drive when you visit a website. We may use cookies or other automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns to enhance user experience.  Cookies may be used as a mechanism to recognize you, record behavior, and/or customize your experience with the Site and Services. They can also be used to monitor Site activity, mitigate risk, measure the effectiveness of promotions and prevent potential fraud. If you choose to disable cookies, your use of the Site or Services may be limited or otherwise limited or unavailable. 

‍

16. Monitoring and Reporting Obligations

As a FINTRAC-registered MSB, we are required to monitor and report suspicious transactions, large cash transactions (CAD $10,000 and above), and international electronic funds transfers to FINTRAC as per regulatory requirements.

‍

17. Privacy of Minor Children

We do not knowingly request or collect personal information from any person under the age of 18 or the legal age of the province in which you reside, or where the Services may be used (a “Minor”).  Use of the Services by a Minor is expressly prohibited by our Terms of Service.  If we learn that we have inadvertently collected the personal information of a Minor, we shall immediately take steps to delete the information as soon as possible.

‍

18. Communication Preferences

You may manage your receipt of marketing and communication emails from us by clicking the unsubscribe link located at the bottom of our marketing emails. You may also specify your communication preferences in your account. You may not opt out of receiving emails or notifications for certain elements of the Services, including those that are essential to the Services.

‍

19. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on our website with the "Last Updated" date. We strongly recommend that you frequently review the Privacy Policy to ensure that you understand it, and how it applies to your access to and use of the Services. All updates to the Privacy Policy take effect from the last update date listed above, unless otherwise indicated in the Privacy Policy. By continuing to use or access the Services you confirm your agreement to the modified Privacy Policy.  If you do not agree, your sole remedy is to discontinue use of the Services and close your account.

‍

20. Contact Us

If you have questions or concerns regarding this policy or your personal information, please contact us at:

Privacy Officer
MBD Financial Canada, Inc.
3200 - 650 West Georgia St Vancouver, BC, V6B 4P7 Canada

Compliance@cedar.money

‍

21. Complaints

If you are not satisfied with our handling of your personal information, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at 1-800-282-1376, or with FINTRAC and the Bank of Canada directly for issues related to money services business and PSP compliance respectively.

‍

‍