Close menu icon

Contact Us

Send us a message via the form below.
Or email us at

*Required Fields

Xumi Privacy Notice

Xumi (referred to below as “Xumi”, “we” or “us”) understands that your time is valuable. Therefore, we have set out below some important highlights of our Privacy Policy. You can obtain more information about how we collect, use, disclose and protect your personal information by reviewing our full Privacy Policy or clicking on the links provided below. We encourage you to read our full Privacy Policy, as it contains important information for you.

This Privacy Policy governs how we collect personal information from both consumers and merchants for the purpose of facilitating transactions by providing enhanced security through party verification and legitimacy checks.

What personal information do we collect?

  • We collect only that information you provide to us in connection with the calls to action on our Website. This information includes, without limitation, your name and e-mail address.
  • Our Platform also automatically collects certain information about the way our Platform is used.

Why do we collect personal information and how is it used?

  • Information that you provide to us is used to communicate with you.
  • Information collected from is used to verify your identity and protect you and us from fraud.
  • Information collected by our Platform is used to monitor and improve the functioning and security of the Platform.
  • Information necessary for card issuers and merchant acquirers to establish tokenization and/or establish a merchant account for the purposes of accepting payments.

Is personal information shared or disclosed?

  • We share information with our Service Providers.
  • We may also disclose information in other circumstances as required or permitted by law (e.g., to law enforcement), or in the event of a business transaction.

How do we protect personal information?

  • We have implemented safeguards to protect personal information under our control, and regularly review our practices to ensure they align with reasonable practices appropriate to the level of sensitivity of the information, in order to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.

What are the risks?

  • Although we take steps to safeguard the personal information under our control, “perfect security” does not exist online or elsewhere. In particular, we cannot guarantee the security of information posted or transmitted using the Platform, our Website or via email. It is possible that third parties may unlawfully intercept or access such information.

What are your choices?

  • You may request access to and review of your personal information in our possession, subject to certain limitations.
  • Clients may also request that we change or delete their personal information in our possession, which we will make best efforts to comply with subject to certain limitations.

What else should you know?

  • Some of our Service Providers transfer and/or store personal information outside Canada. This means that your information may be accessible to foreign courts, law enforcement and national security authorities.
  • We may amend our Privacy Policy from time-to-time. Although we will notify you of material changes, we encourage you to check for updates.
  • You can contact us with questions, complaints or to access your personal information.


Xumi Privacy Policy

At Xumi, we believe that you should understand the way in which we collect, use, disclose, and protect your personal information. This Privacy Policy outlines how we process your personal information, and the principles that we follow when collecting, using, disclosing and protecting your personal information.

We may amend this Privacy Policy from time to time. Please visit our Website or contact our Privacy Officer as described below, for the most up to date version of this Privacy Policy.

Who Are We?

Xumi applications are available on (our “Website”) and associated commercial application websites, API’s or our consumer or merchant applications (the “Platform”).

Xumi, “we”, “us” and similar terms as used throughout this Privacy Policy refer to Stonebridge Solutions Inc., carrying on business as Xumi, and its subsidiaries.

What is Personal Information?

Personal information is any information that identifies you, or by which your identity could be deduced. It does not include aggregate or de-identified information that cannot be directly or indirectly linked to you.

It does not include information that is publicly available, as defined by applicable laws.

Why Do We Collect Personal Information from You?

We collect your personal information to:

  • Establish your identity;
  • Communicate with you concerning Xumi, including responding to any inquiries you may submit;
  • Comply with legal and regulatory requirements, including but not limited to anti- money laundering laws;
  • Establish a secure token to replace credit card details for payment purposes, and
  • Establish a secure merchant account for the purpose of accepting secure token payments

What Personal Information Do We Collect About You?

The personal information we collect from you includes:

  • Name,
  • E-mail address,
  • Billing address, and
  • Mobile Phone number

How Do We Collect Your Personal Information?

We collect your personal information when you submit it to us through the Website. We continue to collect and update personal information throughout our relationship with you.

For example, we collect personal information from you directly through:

  • On boarding process of the Xumi application(s); and
  • Your requests to our Websites.

We also collect some personal information from third parties and other sources, if necessary , as follows:

  • Merchant Acquirer
  • Payment Gateway
  • Token Service Provider

Our Web Sites

Each time you provide any personal information to us through our Platform, you consent to the collection, use and disclosure of such information in accordance with this Privacy Policy.

In addition, each time you visit our Platform, we gather the date, time, browser type, name of the visitor’s Internet service provider, the site that referred the visitor to us, any pages that are requested, and the navigation history and IP address of the visitor. We also use Google Analytics to track your interaction with the Platform, including without limitation, your traffic sources and your activity on the Platform. The foregoing information does not generally contain anything that can identify users personally. If you object to this gathering of information, you should not use or access our Platform. We use this information for our internal security audit log, trend analysis and system administration, and to gather broad demographic information about our user base for aggregate use. This information may be shared with third parties in order to provide services to us or to analyze, store or aggregate the information.

Our Website uses “cookies” and similar technologies like single-pixel GIFs and web beacons. A “cookie” is a text file that is sent to your computer or device and from your computer each time you use the site. Cookies can track how and when you use the Website and which site you visited immediately before. A cookie does not damage your system and identifies your browser, not you personally.

We use cookies to collect information such as the server your computer is logged onto, the domain name of your internet service provider, your browser type and version (for example, Netscape or Internet Explorer) and your IP address. We may also derive the general geographic area associated with an IP address.

Sometimes, we use cookies in combination with “web beacons” or similar technology to collect information about how our Website is used, such as:

  • average time spent browsing;
  • pages viewed;
  • information searched for;
  • access times;
  • response rates to online or email advertising; and
  • any other relevant information about your online experience.

If you are an anonymous visitor, the information in this paragraph does not personally identify you but rather numerically identifies your device, and we share this cookie’s information with a third party marketing provider that will use it to deliver marketing about us to you while you visit other sites on the internet.

If you do not wish to receive cookies, you may be able to disable them. Although this may provide you with enhanced anonymity, it may affect the functioning of our Website.

To the extent that our Website contains links to other sites, the owners of those sites are responsible for the privacy practices or content of those other sites. We do not endorse and will not be responsible for the privacy practices on third party websites.

How Do We Obtain Your Consent for the Collection, Use and Disclosure of Your Personal Information?

Consent for the collection, use and disclosure of personal information may be expressly given or implied. Your express consent may be given in writing, verbally or through electronic means. Your implied consent may be given through an action you have taken, such as supplying your personal information for a specified purpose.

Upon creating an Account or submitting your e-mail address, you provide your consent to the collection, use and disclosure of your personal information in accordance with this Privacy Policy. Consent may be withdrawn by contacting us as described below. If you do not notify us of the withdrawal of your consent, we will consider you to have consented to our continued collection, use and disclosure of your personal information as outlined in this Privacy Policy. Withdrawal of consent to any collection, use or disclosure your personal information that is necessary to provide our service will result in closure of your Account and/or revocation of your authorization to use the Platform.

What Do We Do With Your Information?

Your information will only be used by Xumi for the purposes outlined above under “Why Do We Collect Personal Information from You?” Your personal information will be accessible to customer support, account verification and IT staff, who have a need to know such information for the purposes outlined above.

Your information is generally stored online, in servers located in Canada. Although we do not transfer your information outside Canada, some of our service providers may do so (as explained further below).

We do not sell personal information provided to us by you, or disclose it to any third party marketers. However, information may be shared or disclosed to third parties in the following circumstances:

Third Party Services

There are certain services supplied to us by third parties (“Third Party Service Providers”), which may require that we share your personal information with service providers or allow them to collect or access such information for the same purposes that we collect, use and disclose your personal information, as outlined in this Privacy Policy.

These Third Party Service Providers are authorized to use your personal information only as necessary to provide these services to us, and in a manner consistent with this Policy. We have selected Third Party Service Providers who will only use your information in compliance with this Policy, but they may have their own specific policies regarding the collection, use and disclosure of personal information.

Dispute Resolution

In the event that you dispute any transaction carried on using your Account, including but not limited to requests for refunds, we will disclose any or all of your personal information to the relevant payment provider for the purpose of facilitating investigation and resolution of such dispute. For the avoidance of doubt, this may involve disclosure of your photo identification and other personal information to third parties. Xumi is not responsible for any use, disclosure or failure to protect information by such payment providers.


We may be involved, from time to time, in transactions to sell all or part of our business or assets or merge with other businesses. Since our customer information may be part

of such transactions, we may disclose this information to other parties involved in the transaction. In such cases, the information that is shared is limited to what is necessary to accomplish the transaction, and we use contractual measures to protect the information from improper use or disclosure.

Other Disclosures

There are a number of other circumstances where we may collect, use or disclose personal information without consent when required or permitted by law.

From time to time, we may be compelled by legal action to release information (e.g., statutory reporting obligation, search warrant, court order, bankruptcy or insolvency proceedings etc.).

In certain circumstances, we may also be permitted by law to collect, use or disclose information without the consent of the individual concerned. For example, we may disclose personal information without consent if it is to be used in an emergency that threatens the life, health or security of the individual, when investigating a potential breach of contract or law, or when collecting unpaid amounts owed or owing to us.

How Do We Protect Your Personal Information?

We protect your personal information using appropriate physical, technological and organizational safeguards, including but not limited to:

  • all connections to the Platform are encrypted using SSL;
  • all servers are protected by multiple firewalls; and
  • our employees receive training respecting secure and confidential handling of personal information.

We regularly review our practices to ensure they align with reasonable industry practices appropriate to the level of sensitivity to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.

Despite using the Safeguards outlined above, “perfect security” does not exist, particularly online. We cannot guarantee the security of information posted or transmitted via our Website, the Platform, or online. It is possible that third parties may unlawfully intercept or access such information.

If you think someone is impersonating Xumi, there has been a breach of your personal information, you may be the victim of fraud, or your Account credentials may have been compromised, please notify us as soon as possible at

How Do We Retain Personal Information?

We generally keep personal information for only as long as it is needed to accomplish the purposes for which it was collected, or as needed for authorized or legitimate purposes. More specifically, we retain your personal information as long as necessary for the fulfillment of the identified purposes for its collection or as otherwise necessary to comply with applicable laws or protect our interests. When personal information is no longer necessary or relevant for the identified purposes, or is required to be retained by applicable laws, we will take steps to have it deleted, destroyed, erased, aggregated or made anonymous. Xumi uses reasonable industry practices to ensure we have adequate controls, schedules and practices for information and records retention and destruction which apply to your personal information.

Accessing and Keeping Your Personal Information Accurate

We endeavor to ensure that any personal information provided to us by you is as accurate, current, and complete as necessary in order to meet the reason for which it was obtained.

For example, the following mechanisms allow individuals the opportunity to alert us of any potential inaccuracies in the information that we hold about them:

1. Access

Clients may request access to and review of their personal information in our possession. However, access may be declined where permitted or required by applicable law, which may include (without limitation) the following circumstances:

  • the information is protected by solicitor-client privilege;
  • disclosure of the personal information would compromise the confidentiality of another individual or threaten the safety of another person; or
  • non-disclosure of the personal information is required or permitted by law.

2. Requests to Change or Delete Personal Information

Clients may request that we change or delete their personal information in our possession. We reserve the right not to change any personal information if we do not agree that it is inaccurate or outdated, but will append any alternative text the individual concerned believes appropriate.

Where a request for access, alteration, or deletion of personal information is declined, we will provide reasons for declining the request.

Resolving your questions and concerns

If you have questions or concerns about our Privacy Policy, the handling of your personal information, or Xumi’s privacy or data protection practices, including but not limited to our use of any service providers outside Canada, please contact our Privacy Officer at

You may also contact our Privacy Officer, as described above, to withdraw consent to continued collection, use or disclosure of your personal information, or to request a copy of the most up-to-date version of this Privacy Policy.

Changes to this Privacy Policy

This Privacy Policy was last updated in March 2019. We will occasionally update this Privacy Policy and revise the “last updated” date appearing in this paragraph. Although we will notify individuals with whom we have a relationship (and up-to-date contact information) of material changes, we encourage you to check for updates to refresh your understanding of our personal information policies and practices