At theBNK, protecting client data is fundamental to our operations. We are committed to safeguarding your personal, business, and financial information through privacy, security, and governance practices designed to meet Canadian regulatory requirements and align with international best practices where applicable.

PIPEDA Compliance Statement:

theBNK is Canadian-built and operated in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s national privacy law. Where applicable, our practices are also designed to align with international privacy frameworks, including the General Data Protection Regulation (GDPR).

1. Eligibility and Age Restrictions:

Our services are intended only for individuals who are at least 18 years old and legally authorized to represent a business or organization. We do not knowingly collect information from minors.

2. Information We Collect:

We may collect, process, and store the following categories of information:

Personal Information:

• Full name
• Email address
• Phone number
• Job title
• Government-issued identification where required for verification
• Business ownership or authorized representative details

Business Information:

• Company name
• Business registration details
• Tax identification numbers
• Revenue records
• Banking details
• Financial statements
• Funding application documentation
• Collateral or asset documentation

Technical Information:

• IP address
• Browser type
• Device identifiers
• Cookies and tracking technologies
• Website usage patterns
• Security logs

3. Legal Basis for Processing (Where Applicable):

Depending on your jurisdiction, we may process your information based on:

• Your consent
• Contractual necessity
• Legal and regulatory obligations
• Legitimate business interests, including fraud prevention, underwriting, and service improvement

4. How We Use Your Information:

We use collected information to:

• Evaluate and process funding applications
• Verify identity through Know Your Customer (KYC) procedures
• Conduct Anti-Money Laundering (AML) and fraud prevention checks
• Assess creditworthiness and business eligibility
• Provide tailored financing solutions
• Communicate updates regarding applications, approvals, or account activity
• Improve website performance and user experience
• Maintain internal records and compliance obligations
• Comply with legal, regulatory, tax, and enforcement requirements

5. Sharing Your Information:

We may share your information where necessary with:

• Funding Partners:
To evaluate, structure, secure, or facilitate financing solutions, we may share relevant business, financial, and application data with banks, private lenders, institutional capital providers, alternative financing providers, syndication partners, or other funding partners.

Trusted Service Providers: Including but not limited to:

• Credit bureaus
• Identity verification providers
• Payment processors
• KYC/AML compliance vendors
• Cloud storage providers
• Analytics providers
• CRM and customer support platforms
• Legal and Regulatory Authorities:
Where required by law, subpoena, court order, regulatory investigation, fraud prevention, or legal compliance.

We do not sell personal information to third parties.

6. International Data Transfers:

Your information may be processed or stored outside of your jurisdiction, including outside Canada, where trusted service
providers or funding partners operate. When international transfers occur, we implement reasonable contractual, technical,
and organizational safeguards consistent with applicable privacy laws.

7. Cookies and Tracking Technologies:

We use cookies and similar technologies for:
• Essential website functionality
• Performance monitoring
• Security
• Analytics
• Marketing optimization (where permitted)
You may disable cookies through browser settings; however, some features may not function properly.

8. Data Security:

We use administrative, technical, and physical safeguards designed to protect your data, including:

• Encryption
• Secure servers
• Access controls
• Monitoring systems
• Third-party security tools

While we implement commercially reasonable safeguards, no digital system can guarantee absolute security.

9. Data Retention:

We retain information only for as long as necessary to:

• Deliver services
• Meet contractual obligations
• Comply with legal, tax, AML, and regulatory requirements
• Resolve disputes
• Enforce agreements
When no longer required, data is securely deleted, anonymized, or archived as legally required.

10. Data Breach Notification:

In the event of a security breach involving personal information that poses a real risk of significant harm, theBNK will notify
affected individuals and relevant regulatory authorities in accordance with applicable law.

11. Your Rights:

Subject to applicable law, you may have the right to:

• Access your personal information
• Correct inaccuracies
• Withdraw consent where applicable
• Request deletion
• Restrict certain processing
• Request data portability where legally applicable
• Opt out of marketing communications

Requests may be subject to identity verification and legal limitations.

12. Third-Party Links and Services:

Our platform may contain links to third-party websites or services. theBNK is not responsible for the privacy or security practices of third-party platforms.

13. Governing Law:

This Privacy Policy is governed by the laws of Canada and applicable provincial laws, unless otherwise required by local
regulations.

14. Policy Updates:

We may revise this Privacy Policy periodically to reflect legal, operational, or regulatory changes. Updated versions will be
posted on our website with a revised effective date.

15. Contact Us:

For privacy questions, data requests, or complaints:
theBNK Privacy Office
Email: info@theBNK.com