Legal
Privacy Policy
Last updated 22 June 2026
This Privacy Policy explains how Nordgate Financial Inc. ("Nordgate", "we", "us", or "our") collects, uses, discloses, stores, and protects personal information when you use our website, checkout, payment services, merchant of record platform, vendor onboarding process, support services, or related services.
This Privacy Policy applies whether Nordgate acts as a merchant of record, payment platform, billing provider, compliance provider, vendor onboarding platform, or technology provider. It does not replace any mandatory privacy rights that may apply under applicable law.
1. Scope of this Privacy Policy
This Privacy Policy applies to personal information we collect from or about:
- visitors to the Nordgate website;
- buyers or end customers who complete or attempt to complete purchases through a Nordgate checkout;
- vendors, submerchants, software sellers, platforms, creators, or business clients applying to use Nordgate;
- directors, officers, beneficial owners, representatives, employees, contractors, and authorized users of vendors or business clients;
- individuals who contact Nordgate for support, refunds, disputes, receipts, chargebacks, sales, onboarding, privacy requests, or complaints;
- individuals whose information is processed for fraud prevention, AML, sanctions screening, KYB/KYC, compliance, tax, transaction monitoring, or risk management purposes.
2. Nordgate's privacy role
For certain transactions, Nordgate acts as Merchant of Record. This means Nordgate may be responsible for payment processing, invoicing, receipts, refunds, chargebacks, payment-related claims, tax calculation, fraud prevention, compliance checks, and settlement to approved vendors or submerchants.
Nordgate is generally an independent controller / responsible organization for personal information processed for merchant of record, payment, tax, refund, dispute, chargeback, fraud prevention, AML, sanctions, KYC/KYB, vendor onboarding, settlement, accounting, and compliance purposes.
In limited cases, Nordgate may act as a processor or service provider where it processes personal information strictly on behalf of a Vendor, Submerchant, business client, or other customer under that party's documented instructions. Third-party infrastructure, compliance, payment, identity verification, tax, hosting, analytics, and support providers used by Nordgate may also process personal information on behalf of Nordgate as service providers or processors.
Where the exact legal terminology differs by jurisdiction, references to controller, responsible organization, processor, and service provider should be interpreted consistently with applicable privacy and data protection laws.
3. Personal information we collect
3.1 Buyer information
When a buyer makes or attempts to make a purchase through Nordgate, we may collect:
- full name, email address, phone number, billing address, country or region;
- IP address, device information, browser information, language preference, and approximate location derived from IP address;
- transaction amount, currency, product or service purchased, vendor name, order number, invoice number, transaction ID, payment method type, payment status, refund status, chargeback or dispute information;
- tax information required for VAT, GST, sales tax, or similar indirect taxes;
- communications with Nordgate support, including refund, receipt, dispute, and chargeback correspondence.
Nordgate does not intentionally store full buyer card numbers, CVV/CVC codes, wallet passwords, bank passwords, or similar buyer payment credentials directly. Such payment credentials are processed by third-party payment providers, acquiring banks, wallets, card networks, payment processors, or other payment partners where required to complete a transaction.
3.2 Vendor / submerchant information
When a vendor, submerchant, business client, platform, creator, or software seller applies to or uses Nordgate, we may collect:
- legal business name, trading name, registered office, business address, website URLs, business registration number, tax identification number, licences or registrations;
- industry, product description, expected transaction volumes, target markets, payout currency, settlement schedule, and customer support information;
- settlement bank account details, payout details, and related financial information required to make payouts, settlements, reconciliations, reserves, refunds, chargeback adjustments, accounting entries, and payment partner reporting;
- beneficial ownership information, director, officer, representative and authorized user details, ownership structure, corporate documents, shareholder registers or beneficial ownership documents;
- compliance policies, proof of address, domain ownership proof, financial statements or projections, source of funds, source of wealth, and other due diligence documents.
Vendor settlement bank details are different from buyer payment credentials. Vendor settlement bank details are collected for approved vendor and submerchant payouts and related compliance, accounting, and reconciliation purposes.
3.3 KYC, KYB, AML, sanctions, and compliance information
For onboarding, monitoring, AML, sanctions, fraud prevention, and compliance purposes, we may collect:
- identity documents, passport or national ID details, proof of address, date of birth, nationality, citizenship, tax residency, role or title, and ownership percentage;
- source of funds and source of wealth information;
- sanctions, PEP, adverse media, fraud, transaction monitoring, and risk screening results;
- business risk assessments, transaction risk assessments, compliance review notes, due diligence records, and supporting documents requested by Nordgate or its payment, banking, regulatory, or compliance partners;
- biometric, liveness, or identity verification data where required, which may be processed by third-party identity verification providers. Nordgate does not generally store biometric templates directly unless specifically required, disclosed, and supported by an appropriate legal basis.
3.4 Website, technical, and communications information
When you use our website, checkout, APIs, dashboards, or support channels, we may collect:
- IP address, device identifiers, browser type, operating system, referring pages, pages visited, time spent on pages, clicks and interactions;
- cookie identifiers, analytics data, error logs, security logs, session data, API usage data, monitoring and logging information;
- name, email address, phone number, company name, role, message content, attachments, support tickets, chat transcripts, call notes, dispute correspondence, refund requests, and complaint records.
4. How we collect personal information
We may collect personal information:
- directly from you, buyers, vendors, submerchants, business clients, and authorized representatives;
- from checkout, onboarding, account, support, refund, dispute, and payment flows;
- from payment providers, banks, acquiring institutions, wallets, local payment methods, settlement banks, payout providers, and card schemes;
- from tax, accounting, fraud prevention, identity verification, sanctions, PEP, adverse media, compliance, and transaction monitoring providers;
- from public registers, company registries, domain registrars, website records, business partners, and integration providers;
- from cookies and similar technologies;
- from regulators, law enforcement, courts, financial intelligence units, or competent authorities where permitted or required by law.
5. How we use personal information
We may use personal information for the following purposes:
5.1 Payment and merchant of record services
- to process, authorize, confirm, decline, refund, reverse, or reconcile payments;
- to display checkout information, issue receipts and invoices, calculate taxes, manage chargebacks and disputes, and provide buyer support;
- to identify transactions on bank, card, wallet, or payment account statements, including where a transaction appears as NORDGATE FINANCIAL or a related descriptor;
- to settle funds to approved vendors or submerchants, manage reserves, payment adjustments, refunds, chargebacks, and reconciliation.
5.2 Vendor onboarding and account management
- to review applications, verify business identity, verify directors, officers, beneficial owners, and representatives;
- to assess business model, products, websites, refund terms, markets, payment risk, sanctions risk, and compliance profile;
- to approve, reject, monitor, suspend, or terminate vendors or submerchants;
- to configure payment methods, calculate fees and settlement, communicate with vendors, and enforce vendor agreements.
5.3 AML, sanctions, fraud, risk, and compliance
- to conduct KYC and KYB checks, verify identity and beneficial ownership, and screen against sanctions, PEP, adverse media, and fraud indicators;
- to monitor transactions, detect suspicious activity, prevent money laundering, terrorist financing, sanctions evasion, fraud, and misuse of payment services;
- to respond to regulator, payment provider, bank, card scheme, law enforcement, financial intelligence unit, or court requests where required or permitted;
- to maintain records required by law, payment provider rules, banking requirements, regulatory obligations, or internal risk controls.
5.4 Tax, accounting, support, communications, analytics, and improvement
- to calculate VAT, GST, sales tax, or other applicable taxes, issue tax invoices or receipts, maintain accounting records, support audits, and reconcile transactions;
- to respond to enquiries, provide buyer and vendor support, investigate complaints, send transactional emails, service notices, security alerts, onboarding requests, refund, dispute, invoice, and compliance communications;
- to operate and secure our website and services, monitor performance, detect errors, improve checkout and onboarding flows, understand usage trends, develop features, and troubleshoot services;
- to send business-to-business marketing or commercial communications about Nordgate products, services, updates, events, or opportunities, with an opt-out where required.
6. Legal bases for processing
Where applicable privacy laws require us to identify a legal basis for processing personal information, we may rely on one or more of the following legal bases:
- Contract: to provide services, process purchases, issue receipts, manage vendor agreements, and perform our obligations;
- Legal obligation: to comply with AML, sanctions, tax, accounting, regulatory, payment, dispute, reporting, and recordkeeping requirements;
- Legitimate interests: to prevent fraud, secure our platform, manage risk, improve services, operate our business, and protect Nordgate, buyers, vendors, payment providers, financial institutions, and other stakeholders;
- Consent: where required for marketing, cookies, optional data collection, identity verification, biometric or liveness checks, or specific processing activities;
- Vital interests or public interest: where applicable and required or permitted by law.
7. How we share personal information
We may share personal information with the following categories of recipients where necessary for the purposes described in this Privacy Policy:
- payment providers, payment processors, acquiring banks, card schemes, digital wallets, local payment method providers, bank transfer providers, settlement banks, payout providers, fraud and chargeback management providers;
- vendors and submerchants where necessary to deliver the product or service, provide technical support, verify account access, investigate refunds, handle disputes, confirm fulfilment, prevent fraud, or comply with contractual obligations;
- compliance, identity verification, beneficial ownership verification, sanctions, PEP, adverse media, fraud detection, transaction monitoring, device intelligence, risk scoring, AML, and compliance providers;
- tax providers, accounting providers, auditors, lawyers, consultants, insurers, corporate service providers, and compliance advisors;
- cloud hosting providers, analytics providers, CRM systems, customer support tools, email providers, document storage providers, security tools, database providers, API infrastructure providers, monitoring and logging tools;
- regulators, financial intelligence units, law enforcement agencies, courts, tax authorities, payment networks, banks, card schemes, government agencies, and other competent authorities where required or permitted by law;
- parties involved in a merger, acquisition, financing, corporate restructuring, sale of assets, bankruptcy, or similar business transaction.
The public Privacy Policy describes these recipients by category. Nordgate does not name specific payment providers or infrastructure providers in this Policy unless required or appropriate. References to "payment providers" and "payment partners" are intentionally general and may include current or future payment infrastructure providers.
8. International transfers
Nordgate is incorporated in Canada and has a business / operating address in the United Kingdom. Nordgate's buyers, vendors, submerchants, payment providers, compliance providers, technology providers, and other service providers may be located in different countries.
Your personal information may be processed in countries other than the country where you live, including Canada, the United Kingdom, the European Union, the United States, Latvia, and other countries where Nordgate, its vendors, submerchants, payment providers, or service providers operate.
Where required, Nordgate will use appropriate safeguards for international transfers, such as contractual protections, data processing agreements, standard contractual clauses, adequacy mechanisms, or other lawful transfer mechanisms.
9. Data retention
We retain personal information for as long as necessary for the purposes described in this Privacy Policy, including to provide services, process transactions, comply with legal obligations, resolve disputes, prevent fraud, manage risk, enforce agreements, and maintain business records.
Retention periods may vary depending on the type of information and the reason it is retained. Transaction, tax, accounting, payment, dispute, chargeback, KYC/KYB, AML, sanctions, fraud prevention, compliance, and settlement records may be retained for the period required or permitted by applicable law, payment provider rules, regulatory obligations, banking requirements, contractual obligations, or internal risk controls.
Marketing preferences may be retained until you unsubscribe or request deletion, subject to legal and operational requirements. When personal information is no longer required, we will delete, anonymize, or securely retain it where deletion is not immediately possible due to legal, technical, security, backup, dispute, or compliance reasons.
10. Security
We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, disclosure, alteration, and destruction. These safeguards may include access controls, encryption, authentication controls, secure cloud infrastructure, monitoring and logging, third-party service provider security reviews, internal policies, confidentiality obligations, fraud detection tools, compliance procedures, and incident response processes.
Nordgate does not claim any specific security certification in this Privacy Policy unless separately confirmed in writing. Where applicable, Nordgate may rely on payment providers and payment partners that maintain payment security controls, including PCI-related controls, for the processing of cardholder data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Cookies and similar technologies
Nordgate may use cookies, pixels, local storage, SDKs, and similar technologies to operate our website, checkout, and services. These technologies may be used for essential website functionality, checkout functionality, fraud prevention, security, session management, analytics, performance monitoring, user preferences, and marketing or remarketing where enabled.
Where required by law, we will request consent before using non-essential cookies or similar technologies. You can manage cookies through your browser settings or, where available, through our cookie preference tool.
If Nordgate publishes a separate Cookie Policy, it will be available at: https://www.nordgate.financial/cookie-policy
12. Your privacy rights
Depending on your location and applicable law, you may have rights regarding your personal information, including the right to access, correct, delete, object to, restrict, or request portability of certain personal information; withdraw consent where processing is based on consent; opt out of marketing communications; lodge a complaint with a privacy authority; or request information about how your personal information is used or disclosed.
To exercise your rights, contact us at: privacy@nordgate.financial
We may need to verify your identity before responding to your request. Some rights may be limited by legal, regulatory, fraud prevention, AML, tax, accounting, payment, dispute, chargeback, security, or contractual obligations. For example, we may be unable to delete information that we are required or permitted to retain for AML, tax, accounting, transaction monitoring, dispute, chargeback, or legal compliance purposes.
13. Canada privacy rights
If Canadian privacy law applies to you, you may have rights to access and correct your personal information, subject to applicable exceptions. You may also contact us to ask how your personal information has been collected, used, or disclosed. If you are not satisfied with our response, you may have the right to contact the applicable privacy commissioner or privacy authority, including the Office of the Privacy Commissioner of Canada where applicable.
14. EU/EEA and UK privacy rights
If you are located in the European Economic Area or the United Kingdom, you may have additional rights under applicable data protection laws. These may include rights of access, rectification, erasure, restriction, objection, portability, and the right to lodge a complaint with a supervisory authority.
Where we process your personal data based on consent, you may withdraw that consent at any time. Where we process your personal data based on legitimate interests, you may object to that processing in certain circumstances. If Nordgate is required to appoint an EU or UK representative, Data Protection Officer, or similar contact, Nordgate will provide the relevant details in this Privacy Policy or through another appropriate notice.
15. United States privacy rights
If you are located in the United States, you may have privacy rights under applicable federal or state privacy laws. Depending on your state, these may include rights to access, correct, delete, or obtain a copy of personal information, and to opt out of certain types of sale, sharing, targeted advertising, or profiling.
Nordgate does not sell personal information in the traditional sense of exchanging it for money. Nordgate does not use personal information for cross-context behavioural advertising, targeted advertising, or profiling unless this is disclosed and any required opt-out, consent, or other legal mechanism is provided.
16. Marketing communications
If you receive marketing emails from Nordgate, you may unsubscribe using the link in the email or by contacting us. Even if you unsubscribe from marketing communications, we may continue to send non-marketing communications, including transaction emails, payment confirmations, receipts and invoices, refund and dispute communications, account notices, compliance requests, security alerts, legal notices, and service updates.
17. Automated decision-making and risk scoring
Nordgate may use automated tools, rules, risk scoring, fraud detection, transaction monitoring, sanctions screening, device intelligence, and compliance systems to help assess risk and protect Nordgate, buyers, vendors, payment providers, and financial institutions.
These tools may help determine whether a transaction, buyer, vendor, payment method, or product should be approved, reviewed, delayed, refunded, declined, suspended, or subject to additional information requests. Nordgate does not intend to make final decisions solely by automated means where such decisions would produce legal or similarly significant effects, unless permitted by applicable law. Where required by law, individuals may have the right to request information about automated decisions or request human review.
18. Children's privacy
Nordgate's services are not intended for children or persons under the age of 18. We do not knowingly collect personal information from persons under 18. If we become aware that we have collected personal information from a child or minor without appropriate consent, we will take steps to delete it where required.
Vendors and submerchants must not use Nordgate to sell products or services to children or minors unless expressly approved by Nordgate and permitted by applicable law.
19. Vendor responsibilities for personal information
Vendors and submerchants are responsible for ensuring that they have a lawful basis to provide personal information to Nordgate and to use Nordgate's services. They must provide accurate information, obtain required notices, consents, or permissions where necessary, maintain their own privacy policy where required, comply with applicable data protection laws, respond to product-specific privacy requests where applicable, cooperate with Nordgate on privacy, compliance, fraud, refund, dispute, and regulatory matters, and not provide personal information to Nordgate unlawfully.
Where required, Nordgate and vendors or submerchants may enter into a data processing agreement or similar data protection terms.
20. Payment data
Nordgate may process payment-related information required to complete a transaction, issue receipts, manage refunds, handle disputes, prevent fraud, and comply with legal obligations. Full payment credentials, such as full card numbers, CVV/CVC codes, wallet passwords, bank passwords, or similar sensitive payment credentials, are processed by third-party payment providers rather than stored directly by Nordgate.
Buyers should not send full card numbers, CVV/CVC codes, wallet passwords, bank passwords, or other sensitive payment credentials to Nordgate by email, chat, or support ticket.
21. Financial crime prevention
Because Nordgate provides payment, merchant of record, billing, settlement, and compliance-related services, we may collect and process personal information to prevent financial crime. This includes processing information for AML checks, sanctions screening, fraud prevention, terrorist financing prevention, source of funds checks, source of wealth checks, identity verification, beneficial ownership verification, suspicious activity detection, transaction monitoring, regulatory reporting, and payment provider or banking compliance.
We may refuse, suspend, delay, block, refund, reverse, or terminate a transaction, account, vendor, submerchant, or service where required or appropriate for financial crime prevention, payment risk, or compliance reasons.
22. Links to third-party websites
Our website, checkout, emails, or support communications may contain links to third-party websites, including vendor websites, payment provider pages, tax pages, documentation, or support resources. Nordgate is not responsible for the privacy practices, content, or policies of third-party websites. You should review the privacy policies of any third-party websites you visit.
23. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised "Last Updated" date. If we make material changes, we may notify you by email, website notice, dashboard notice, checkout notice, or other reasonable means. Your continued use of Nordgate after the updated Privacy Policy becomes effective means that you acknowledge the updated Privacy Policy.
24. Contact us
For privacy questions, requests, complaints, or concerns, contact:
- Company: Nordgate Financial Inc.
- Privacy Contact: privacy@nordgate.financial
- Support Contact: support@nordgate.financial
- General Contact: info@nordgate.financial
- Website: https://www.nordgate.financial
- Registered Office: 6d - 7398 Yonge St PMB 889, Thornhill, Ontario, L4J 8J2, Canada
- Business / Operating Address: Studio WR.1.05, Wenlock Studios, 50-52 Wharf Road, Islington, London N1 7EU
If you contact us to exercise a privacy right, please include enough information for us to identify you and understand your request. We may request additional information to verify your identity before responding.
Company details
- Legal entity
- Nordgate Financial Inc.
- Registration
- Ontario Corp. No. 1001036413, FINTRAC MSB C100000791
- Registered office
- 6d - 7398 Yonge St PMB 889, Thornhill, Ontario, L4J 8J2, Canada
- Office
- Studio WR.1.05, Wenlock Studios, 50-52 Wharf Road, Islington, London N1 7EU, United Kingdom