Security & Data Protection

At RPNPay, safeguarding our clients’ information and funds is at the core of everything we do. We take a
proactive approach to security by implementing advanced controls to protect against fraud, data breaches, andunauthorized access—aligned with Canadian standards and global best practices.

Confidential Information Handling

We treat all sensitive and confidential information with the highest level of care. Access is strictly limited to authorized personnel with a legitimate business need. Following the latest internal risk assessments, we have implemented a range of proportional and effective controls to address evolving information security threats and vulnerabilities.
As part of our ongoing risk management practices, we regularly review the effectiveness of these controls. Whenoperational changes impact our threat landscape, we take immediate steps to strengthen our security posture accordingly.

Privacy and Data Protection

RPNPay is committed to protecting your personal data in accordance with Canada’s Personal Information
Protection and Electronic Documents Act (PIPEDA).

We adhere to the following core principles:

  • Immediate response and mitigation in the event of a data breach, in line with Office of the Privacy Commissioner ofCanada (OPC) guidelines.
  • Clear documentation of the type and source of client data.
  • Controlled and limited access based on role-based permissions.
  • Lawful, transparent, and purpose-specific data processing.

Physical and Cloud Security

We utilize the Odoo cloud platform to store and manage sensitive client information. All Odoo servers are housed in highly secure environments and regularly updated to defend against the latest SSL threats, maintaining a Grade “A” SSL security rating at all times.

Network and Application Security

To proactively detect and respond to any unauthorized access or breach attempts, we leverage:

  • Odoo’s Monitoring and Auditing tools for real-time alerts.
  • Continuous threat analysis and activity logging.
  • Automated and manual incident response processes.

Encryption & Data Integrity

We follow best-in-class encryption practices:

  • All data is encrypted in transit and at rest
  • Encryption keys are securely stored and managed
  • Secure Socket Layer (SSL) protocols are strictly enforced

Regulatory Compliance

FINTRAC Registration (Canada):
RPNPay is registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as a
Money Services Business (MSB). This includes full compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) requirements under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.