Privacy Policy

This Privacy Policy describes how Scotiaconnect collects, uses, protects, and retains information obtained through the commercial banking platform. By accessing Scotiaconnect services, your organization acknowledges the data practices described in this document. This policy applies to all business client interactions with the platform including portal access, payment processing, account monitoring, and reporting functions.

Scotiaconnect is committed to protecting the confidentiality and integrity of business client information. The platform's data practices are designed to meet financial services industry standards for information security, privacy protection, and regulatory compliance. All data handling procedures undergo regular review and update to address evolving security threats and regulatory expectations. If you have questions about this policy, contact the support team at (844) 555-0172 during business hours.

Information Collection

Scotiaconnect collects information required to establish and maintain commercial banking services. During organizational enrollment, the platform collects business identifiers including legal entity names, tax identification numbers, physical and mailing addresses, contact information for authorized representatives, and banking relationship details. Individual user provisioning collects names, business contact information, assigned user identifiers, and role designations within the organization. Authentication systems collect and store credential hashes, second-factor method preferences, device fingerprint data, and session activity logs.

Transaction processing within Scotiaconnect collects payment instructions including beneficiary names, account numbers, routing codes, payment amounts, currencies, value dates, and any additional information provided in payment reference fields. Account monitoring functions collect balance data, transaction histories, and credit facility positions as they appear in banking system records. Report generation collects user-specified parameters and the resulting report outputs. Platform interaction logs collect page views, feature usage, error events, and performance metrics to support system operation and troubleshooting.

Information Use

Scotiaconnect uses collected information to authenticate users and establish secure sessions through multi-factor verification and device recognition. Payment instructions are used exclusively to process the requested transactions — transferring funds, validating routing details, applying exchange rates, and generating confirmations. Account data is displayed to authorized users according to role-based permissions and is used to calculate consolidated positions, generate reports, and populate dashboards.

Authentication logs, session records, and audit trail data are used for security monitoring, fraud detection, regulatory compliance, and system administration. Scotiaconnect does not sell business client information to third parties. Information is not shared with external parties for marketing, advertising, or promotional purposes. Data sharing outside the platform occurs only as required by law, regulation, or legal process, or as directed by the client organization through authorized administrative controls. The platform's data usage practices align with consumer financial protection principles published by the CFPB regarding appropriate use and safeguarding of financial information.

Data Protection and Security

Scotiaconnect employs multiple layers of technical and organizational safeguards to protect business client data. All data transmitted between client devices and Scotiaconnect servers is encrypted using TLS with 256-bit cipher strength, preventing interception of information in transit. Data stored within the platform infrastructure is encrypted at rest using industry-standard encryption algorithms. Access to stored data is restricted through role-based access controls that limit visibility to personnel with a legitimate need for specific information categories.

Authentication systems enforce mandatory multi-factor verification for all user access, combining something the user knows with something the user possesses. Device fingerprinting and geographic analysis detect unusual access patterns and trigger additional verification when anomalies are identified. Real-time fraud monitoring analyzes transaction patterns to identify potentially unauthorized activity. All data access events, whether by client users or platform administrators, generate audit log entries with user identity, timestamp, and action details. The platform infrastructure undergoes regular penetration testing by independent security firms and maintains SOC 2 Type II certification through continuous compliance monitoring.

Data Retention and Disposition

Scotiaconnect retains transaction data and associated records for seven years from the date of each transaction. This retention period aligns with financial services regulatory requirements for recordkeeping, audit, and examination purposes. Authentication logs, session activity records, and system access data are retained for the same seven-year period to support security investigations and regulatory examinations. User account profiles remain active throughout the commercial banking relationship and are archived according to the client organization's disposition instructions when the relationship concludes. Archived data may be retained in encrypted, access-controlled storage for an additional period required by regulatory obligations before permanent deletion.