Privacy Policy

Last updated: July 13, 2026

PaymentEvolution Corporation (“PaymentEvolution,” “we,” “us” or “our”) provides payroll, payment, benefits, HR and related technology. This Privacy Policy explains how we handle Personal Information when you visit our websites, communicate with us, create or use an Account, receive a payment through our Services, apply for a role, or otherwise interact with us.

Personal Information means information about an identifiable individual and any equivalent term under applicable privacy law.

1. When we act for a client and when we act for ourselves

Our role depends on why we handle the information.

  • Client-directed processing. An employer, business, Reseller or Partner may give us employee, payee, benefits, HR or other information so we can provide Services on its instructions. That client normally decides why the information is used and should give you its privacy notice. We process the information for the client under our Canadian Data Processing Agreement.

  • PaymentEvolution’s own purposes. We decide how to handle information needed to manage Accounts, verify identity and businesses, prevent fraud, secure the Services, bill clients, communicate, meet tax and regulatory duties, respond to legal claims, improve our business using appropriate data, and market our Services where permitted. For these activities, PaymentEvolution is responsible for the information under applicable privacy law.

The facts and law determine our role. A contract label does not change it. If you ask us about information we process only for a client, we may direct you to that client and reasonably help it respond.

2. Information we collect

The information depends on your relationship with us and the Service used.

2.1 Account and contact information

We may collect name, business name, title, mailing address, email, phone number, preferred language, username, authentication details, communication preferences and support messages.

2.2 Identity, business and compliance information

We may collect date of birth, government-issued identification, business registration and tax numbers, beneficial ownership, directors and signing authorities, business activity, source-of-funds information, sanctions results, verification records and information required for fraud, anti-money-laundering, retail-payment or other compliance.

2.3 Payroll, employment, HR and benefits information

We may collect employee or contractor identifiers; address and contact details; social insurance or tax identifiers; job, compensation, time, leave, deduction and taxable-benefit information; tax forms; banking instructions; payroll history; workplace documents; benefits enrolment, dependent and beneficiary information; and other information a client submits for the selected Services. Some of this may be sensitive.

2.4 Financial and transaction information

We may collect bank account and routing information, payment amounts, payees, funding and settlement status, remittances, invoices, PAD authorizations, returns, reversals, disputes and transaction records. We may receive confirmation or risk information from banks and payment providers.

2.5 Device, usage and security information

We may collect IP address, device and browser type, identifiers, operating system, login and activity records, API calls, approximate location derived from IP, cookies, diagnostic data, fraud signals and security-event information. We do not use this information to make unrelated decisions about employees.

2.6 Communications and marketing information

We may collect webinar or event registration, survey responses, content preferences, marketing interactions, call or chat records, feedback and information you choose to provide. We will give notice before recording a call where required.

2.7 Recruitment information

If you apply to work with us, we may collect a résumé, employment and education history, references, interview notes, eligibility-to-work information and other application materials.

3. Where information comes from

We collect information:

  • directly from you;

  • from your employer, a Client, Reseller, Partner or Authorized User;

  • from banks, payment networks, benefits providers, insurers and service providers;

  • from identity, fraud, sanctions, credit and business-verification sources;

  • from government authorities and public registries where permitted; and

  • automatically when you use our websites, applications or APIs.

If you give us information about another person, you must have authority to do so and give any notice required by law.

4. How we use information

We use Personal Information only for reasonable, identified purposes, including to:

  • provide, configure, support and improve the Services;

  • calculate payroll, prepare reports, transmit authorized payments and remittances, and support tax filings;

  • administer benefits and HR features requested by a client;

  • create, authenticate and protect Accounts;

  • verify individuals, businesses, authority, bank information and eligibility;

  • detect, investigate and prevent fraud, misuse, money laundering, security threats and illegal activity;

  • safeguard, reconcile, return and report on end-user funds;

  • process Fees, invoices, PADs, returns and disputes;

  • meet legal, regulatory, accounting, tax, audit, recordkeeping and reporting obligations;

  • investigate incidents, enforce agreements and establish or defend legal claims;

  • communicate about transactions, support, security, product changes and legal terms;

  • understand performance and improve products using data proportionate to the purpose;

  • send marketing where permitted and honour opt-outs; and

  • recruit and manage candidates.

We will not use Client Data to train a general-purpose generative AI model unless the client gives express written permission. AI-assisted features may process information to provide the requested output, operate safely and prevent misuse. Material payroll and payment decisions remain subject to client approval and applicable human-review controls.

Depending on the circumstances, we handle Personal Information with express or implied consent, to perform a contract, to comply with law, for a reasonable purpose authorized by privacy law, or another lawful basis available in the relevant jurisdiction.

You may withdraw consent to future optional uses, subject to legal and contractual limits and reasonable notice. Withdrawal may prevent us from providing a feature that needs the information. It does not affect processing already lawfully completed or information we must retain or use for payments, fraud, security, legal claims or regulatory duties.

We seek express consent for sensitive or unexpected uses where required. We do not sell Personal Information for money. We do not disclose it for another organization’s targeted advertising across unrelated services.

6. When we disclose information

We may disclose Personal Information only as reasonably needed for an identified purpose, including to:

  • the Client, employer, payer, payee, Reseller, Partner or Authorized User involved in the Service;

  • banks, credit unions, payment networks, processors and payment recipients;

  • tax, payroll and government authorities for authorized filings, remittances or legal duties;

  • benefits brokers, advisors, insurers, administrators and professional providers selected for a Service;

  • cloud hosting, communications, identity, fraud, security, analytics, support and other service providers bound by appropriate protections;

  • auditors, insurers, lawyers and other professional advisors;

  • a purchaser, investor or successor in a proposed or completed business transaction, subject to confidentiality and legal limits;

  • law enforcement, courts, regulators or other authorities when required or permitted by law; and

  • another person where you direct us or give valid consent.

We require service providers to protect information and use it only for authorized services. When a provider independently decides its own purposes, its privacy notice also applies.

We maintain information about material subprocessors and will make a current list available through our legal site, trust centre or on request.

7. Processing outside your province or Canada

PaymentEvolution and its service providers may process or store Personal Information in Canada, the United States and other jurisdictions where approved providers operate. Information processed elsewhere may be subject to that jurisdiction’s laws and lawful access by its authorities.

We use contracts, security controls and vendor oversight appropriate to the sensitivity and risk. We assess cross-border transfers as required by applicable law, including Quebec privacy law. Contact our Privacy Office for more information about relevant service-provider locations.

8. Cookies and similar technologies

Our websites and Services may use:

  • essential cookies for login, security, preferences and core operation;

  • functional cookies to remember choices;

  • analytics tools to understand use and performance; and

  • marketing tools on public websites where permitted.

Where law requires, we ask for consent before using non-essential cookies. You can change available choices through our cookie tool or browser settings. Blocking essential cookies may prevent a Service from working. We honour legally required browser or platform preference signals where applicable.

9. De-identified and aggregated information

We may create information that cannot reasonably identify an individual, Client or End Client and use it for analytics, security, research, benchmarking and product improvement. We use technical and organizational measures appropriate to the risk of re-identification and do not attempt to re-identify it except to test safeguards or as required by law. If information can reasonably be re-identified, we continue to treat it as protected information.

10. Security

We use administrative, technical and physical safeguards appropriate to the sensitivity and risk. These include access controls, authentication, encryption in transit, monitoring, vulnerability management, secure development, vendor review, backups, staff training and incident response. We limit access to people who need it for authorized work.

No Internet or storage system is perfectly secure. Clients and users must protect credentials, devices, integrations and exported records and promptly report suspected misuse.

If a privacy or security breach creates a real risk of significant harm or otherwise triggers notice requirements, we will notify affected organizations, individuals and regulators as required by law. Where we process for a client, we will notify and support that client under the DPA.

11. Retention and deletion

We keep Personal Information only as long as reasonably needed for the purpose, including to provide Services and meet payroll, tax, payment, safeguarding, audit, fraud, legal-claim and regulatory recordkeeping duties. Retention periods vary by record type and jurisdiction.

When information is no longer required, we securely delete or de-identify it. Backups are isolated and expire on a controlled schedule. We may preserve information subject to a legal hold, an active dispute, a regulatory direction or an unresolved payment or fraud investigation.

12. Your privacy rights

Subject to applicable law, you may ask to:

  • access Personal Information about you and learn how it was used or disclosed;

  • correct inaccurate or incomplete information;

  • withdraw consent to an optional future use;

  • delete information where the law requires or permits deletion;

  • receive information about cross-border processing and service providers;

  • ask how a significant automated decision was made and provide observations where that right applies;

  • obtain or transfer information in a structured format where data-portability law applies; or

  • challenge our compliance.

Send a request to privacy@paymentevolution.com. We may verify identity and authority before responding. If we process the information only for your employer or another client, we may refer the request to that organization and assist it. We will respond within the time required by law and explain any lawful refusal.

You can unsubscribe from marketing email using its link. You will still receive transactional, security and legal messages.

13. Minors

Our public Services are not directed to children. We may process information about a minor employee, dependent, beneficiary or payee when a Client lawfully submits it for payroll, benefits or another Service. The Client is responsible for authority and required notices or consent. We use that information only for the relevant Service, legal duties and security.

Our Services may link to or integrate with another organization. Its terms and privacy notice apply when it independently collects or uses information. PaymentEvolution is not responsible for an unrelated third party’s privacy practices, but we remain responsible for service providers acting on our behalf as required by law and contract.

15. Changes to this policy

We may update this Policy as our Services or legal requirements change. We will post the new date and give prominent notice of a material change. If consent is legally required for a new use, we will seek it.

16. Contact and complaints

Privacy Office
PaymentEvolution Corporation
2600 Skymark Ave, Building 1, Unit 200
Mississauga, Ontario, Canada L4W 5B2
privacy@paymentevolution.com

We will investigate privacy complaints and explain our response. You may also contact the Office of the Privacy Commissioner of Canada or the provincial or territorial privacy regulator with jurisdiction, including the Commission d’accès à l’information du Québec.

Canada's most loved payroll, HR, and benefits

Canada's most loved payroll, HR, and benefits

Trusted by thousands of businesses, PaymentEvolution is Canada's largest and most loved cloud payroll, HR and benefits management service. Accountants, bookkeepers and financial institutions in Canada rely on us for payroll expertise and payroll services for their clientele. See why over 20,000 businesses trust us every day.

Trusted by thousands of businesses, PaymentEvolution is Canada's largest and most loved cloud payroll, HR and benefits management service. Accountants, bookkeepers and financial institutions in Canada rely on us for payroll expertise and payroll services for their clientele. See why over 20,000 businesses trust us every day.

© 2026 PaymentEvolution Corporation