SIGMA LOYALTY GROUP

Privacy Policy

Last Modified: July 1, 2025

Identity protection services (“Service”) are provided by Sigma Loyalty Group Inc. (“Sigma”, “we”, “us” or “Our”).

This privacy policy (“Privacy Policy”) is designed to help you understand how we collect, use, and manage Personal Information and to whom this information may be disclosed. “Personal Information” means any information about an identifiable individual but does not include the name, title, business address or telephone number of an employee or organization. As used in this Privacy Policy, the term Personal Information includes Personal Information relating to you.

This Privacy Policy applies to the Service but does not extend to the data management practices of third- party sites that may be linked to the Service.

When you become a subscriber to the Service, you agree to the terms of this Privacy Policy as updated from time to time.

Consent

By subscribing to the Service you consent to the collection, use, disclosure and management of your Personal Information as described in this Privacy Policy.

You may withdraw your consent to the use of Personal Information by contacting the Privacy Officer as provided below. However, if you withdraw your consent you will not be able to continue to use the Service.

Collection of Information

We may collect the following Personal Information in connection with your subscription to the Service:

  • First, middle (optional), and last name; 
  • street name and number (and/or apartment #); 
  • city; 
  • province; 
  • postal code; 
  • language preference 
  • date of birth; 
  • email address; 
  • home phone number; 
  • business phone number (optional); 
  • cell phone number (optional, unless you would like to receive alerts and notification of changes via text message); 
  • credit card type, number, expiry date; 
  • a username and a password, to authenticate you on the Service website or mobile app; 
  • selection of two security questions, to enable us to authenticate you when you call us for assistance; 
  • an answer to each security question; and
  • any feedback, comment, or enquiry you choose to submit through communication channels related to the Service. 
 

In addition, you may also be required to provide or authorize us to collect the following Personal Information in order to use certain Service features. The Personal Information which we may collect depends on Service features available as part of your subscription; consult our website or the materials provided with your subscription for details:

Online Identity Monitoring: This section applies if your subscription includes online identity monitoring Services, including online credit card monitoring and/or online Personal Information monitoring. We collect the following Personal Information when you use this Service: 

  • Other Personal Information you have the option of registering for the purposes of monitoring, include:
    • email addresses 
    • social insurance number 
    • phone numbers 
    • credit and debit card numbers 
    • bank account information (chequing and saving account information) 
    • drivers’ license number 
    • passport numbers 
    • loyalty card numbers 
    • health benefit plan numbers 
    • permanent resident card number

       

  • We will automatically register the email address and/or payment card information you provided at the time you purchased your subscription in online monitoring Services on your behalf. 
  • The types of Personal Information available for monitoring may change over time. Please consult your Services subscription materials and the website for details. 
  • All information you register for online monitoring can be subsequently removed from your list of registered items through your online account and will no longer be monitored 
 

Lost Wallet Assistance: This section applies if your subscription includes lost wallet assistance Services. We collect the following Personal Information when you use this Service:

  • Payment card numbers (including credit card and debit card numbers) you register with us so we can report any loss or theft to the card issuer.
 

Identity Theft Assistance: This section applies if your subscription includes identity theft assistance Services. We collect the following Personal Information when you use this Service: 

  • Previous mailing address (optional). This information will be required in the event of fraud to initiate credit monitoring and fraud alert Services; 
  • Personal Information not previously provided to us which may be necessary to report and remediate an identity theft; 
  • Any Personal Information required by any power of attorney service provider or other third party engaged to provide identity theft assistance Services. 
 

Credit Bureau Services: This section applies if your subscription includes credit bureau Services such as credit reports, credit scores and/or credit monitoring and alerts. We may collect your Personal Information from you and provide it to credit bureaus in order to fulfill credit monitoring Services. In the course of providing these services we may, based on the authorization you have provided, retrieve your credit information from credit bureaus on your behalf and provide that information to you. Credit information is defined by applicable provincial legislation and may include information such as: your name, current/ former address, date of birth, marital status, social insurance number, current/ former employment, credit history, paying habits, outstanding debt obligations, estimated income, cost of living obligations, and other information. You may also be required to provide or confirm other Personal Information, including certain elements of your credit information, with us or a credit bureau in order to verify your identity and access these Services. 

ID Assist Password Manager: This section applies if your subscription includes ID Assist Password Manager. All information stored within ID Assist Password Manager accounts, including Personal Information, is encrypted using secure cryptographic keys under your control. We cannot access any of this information. You may add, modify, and delete your information at any time. 

Scan & Score: This section applies if your subscription includes Scan & Score. We may collect the following Personal Information when you use this Service: 

  • For manually submitted email scans: email sender name (if available), email sender’s email address, and email message content that you provide for analysis. 
  • For manually submitted text message scans: text sender name (if available), text sender phone number, and text message content that you provide for analysis. 
  • For manually submitted image or screenshot scans: image or screenshot of the email or text message you provide for analysis, including any personal, financial, or other information contained within the image or screenshot. If the image or screenshot is of an email message, we also collect email sender name (if available), and email sender’s email address.  If the image or screenshot is of a text message, we also collect text sender name (if available), and text sender phone number. 
  • For manually submitted URL scans: website address (URL) that you submit for analysis. 
  • For auto-scan email scans: all email-related information contained in the emails you designate for auto-scan may be used for analysis, including email sender name, email sender’s email address, email metadata, email message content which may include links, and/or personal, financial, or other information

     

The information you submit or designate for analysis through Scan & Score is analyzed using an artificial intelligence (AI)-powered analysis tool designed to help detect the likelihood of potential scams and fraudulent communications. The result from analysing any submitted or designated information with the Scan & Score Service does not constitute any automated decision-making about you or any other individual related to the analysed information. To complete the analysis this may include sharing the submitted or designated content with a third-party service provider who operates the AI-powered analysis tool. The third party is only provided the information you manually provide or designate and receives no additional identifiable information related to your subscription from us. We maintain appropriate security measures to protect all submitted or designated content for analysis.  All information submitted or designated for analysis through Scan & Score is shared only with a third party for the express purpose to provide the Service or as required by law. Aggregated, non-identified data from Scan & Score submissions and associated analysis results may be used to improve our Services, including fraud detection algorithms and statistical insights about fraud patterns and trends. 

Website Collection of Information

When you visit the Services website or download the Services mobile app, information is collected by us as you interact with the website or mobile app. We collect certain information from your browser using “cookies”. Cookies are small files that are stored on your computer that help us to optimize your experience on the Services website or mobile app. We may use cookies to monitor and improve the website or mobile app experience. These cookies do not contain Personal Information. They gather statistical data such as the average time spent on a specific webpage. This kind of information provides us with insight into how to improve the design, content and navigation of the website and mobile app. Your choice not to accept these cookies will not interfere with your use of the Services.

We may also use cookies as part of the functionality and security of the Services. These cookies may include a persistent cookie installed on your computer or device that contains information to help us verify you as the subscriber and to help block unauthorized attempts to access your information through the website or mobile app. Your choice not to accept these cookies may interfere with your ability to personalize and be recognized by the website or mobile app, and/or may prevent the operation of the Services or certain features within the Services from operating.

Mobile App Collection of Information

We also collect information about your device such as device model, unique device number, browser type, and IP address. Information about your device helps us to improve the functionality of the Services mobile app, meet our clients’ needs, measure the effectiveness of our Services, enhance security measures and protect you. 

When accessing the Services through the Services mobile app, no Personal Information will be stored on your device. If you choose to use the “Remember Me” functionality, the Services mobile app will store your username and password to help us verify you as the subscriber and recognize you in future sessions. 

When you use the mobile application, the app will determine your current location and report that information to us. We will not share your current location with other users or partners. If you do not want us to use your location for the purposes set forth above, you should turn off the location services for the mobile application located in your account settings or in your mobile phone settings and/or within the mobile application. 

Use of Your Personal Information

We may use your Personal Information: 

  • to verify your identity and provide the Services and customer support you request, including but not limited to the following Services:
    • Online Identity Monitoring; 
    • Lost Wallet Assistance;
    • Identity Theft Assistance; 
    • Credit Bureau Services; and 
    • Scan & Score.

       

This may include disclosure of the information we collect, as described above, to non-affiliated third parties that are acting on our behalf or with whom we interact in performing the Services, including:

    • Credit bureaus; 
    • Companies that perform data searches and support services for us; 
    • Parties with whom there may be possible cases of identity theft or fraud, and then only to detect the actual facts or to resolve the case; 
    • Parties which could include governmental units, courts or other entities (in response to subpoenas and other legal processes), and those with whom you have requested us to share information; 
    • To obtain information which may help detect fraud or identity theft; and 
    • To notify appropriate parties of possible identity theft or fraud.

       

  • for administrative purposes; 
  • to understand your needs and preferences so that we may notify you of new Service offerings or send you advertisements that respond to your needs or preferences based on your communication preferences 
  • to resolve disputes, collect payments, and troubleshoot problems; 
  • on an aggregate, non-identified basis for the purposes of planning a service or product and to monitor patterns, gather data and generate reports. This aggregated information may be published or shared with third parties. We or our service providers may perform statistical analyses of user and online behaviour and characteristics to measure interest in and use of the Services so as to improve the Service. We or our service providers may also perform various analyses of de-identified online interactions and activity of the users we monitor to improve the usefulness of our alerts, as well as to provide behavioral and statistical insight and context across the system. 
  • to process payment transactions; 
  • to send you notices about your transactions; and 
  • to provide a record of correspondence with you, whether by telephone, mail, email or text message, to ensure instructions are properly followed and to ensure customer service levels are maintained.
 

We may also monitor or record any telephone call we have with you. Monitoring and recording of calls are done to establish a record of the information you provide; to ensure that instructions are properly followed; and to ensure customer service levels are maintained. We will inform you of the possibility that your call is being monitored or recorded prior to proceeding with the call. If you prefer not to have your call recorded you can conduct your transaction online or contact our Privacy Officer to arrange an alternate procedure.

Disclosure of Personal Information

We do not sell, rent or trade any Personal Information to any third party for financial gain or marketing purposes. Except as stated in this Privacy Policy, we will not disclose your Personal Information to any persons other than you without your prior consent, unless as permitted or required by law, for example:

  • to a government institution, law enforcement or other authority that has lawful authority to obtain the information; 
  • to comply with a subpoena or warrant or an order made by a court, person or entity with jurisdiction to compel the production of information; 
  • in urgent circumstances to protect the life, health or security of any person; or 
  • to comply with court rules regarding the production of records and information. 
 

We may transfer certain Personal Information to business service providers, but only to provide the Services and fulfill the purposes as described in this Privacy Policy. When we do, we select a company carefully and, by contractual means, ensure that it uses privacy and security standards that are at least as stringent as ours. 

As part of the Services, we may retrieve your credit bureau information from credit reporting agencies on your behalf and provide that information to you. We do not disclose your credit bureau information to anyone but you, except to our service providers who help us provide the Services to you. 

We may disclose your Personal Information in connection with a corporate reorganization, merger or amalgamation, provided that the use of such Personal Information so disclosed continues to be the use permitted by this Privacy Policy. 

Your Personal Information may be transferred, stored and/or processed by us or by our third party service providers outside of the country where you reside, such as in the United States. In that case, your Personal Information would be subject to the laws of the country in which it is stored or transferred. That country may have laws that require your Personal Information be disclosed to the government under different circumstances that exist in your country of residence. 

Safeguards

We have implemented reasonable technical, physical and administrative safeguards designed to protect Personal Information from unauthorized access, use, modification, disclosure, or other breach of privacy. We have comprehensive physical and logical security policies and procedures, based on industry best practices, designed to address practices for the secure access, storage, transmission, and disposal/destruction of Personal Information. We will maintain appropriate security upon the disposal and destruction of Personal Information. 

In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of Personal Information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities. 

Information Security

We make significant efforts to protect your Personal Information from loss, theft, unauthorized access, use or disclosure, and from any other breach of security.  We have security programs in place to keep pace with changing information or security threats and follow industry best practices to protect your data.  We have key controls in place such as endpoint protection, threat detection, and firewalls to ensure your online data is secured. Other controls include: 

  • Databases fully encrypted with the highest level of industry standard security. Our environment is PCI certified, meaning our systems meet and are independently audited to the technical and operational standards set by the Payment Card Industry Security Standards Council. 
  • Limiting personnel who have access to our database, environment, and physical offices by requiring them to authenticate themselves through multiple levels of security and only accessing data that is required to complete their job function.
  • Not sending data to third parties for the purposes of direct-to-consumer marketing or loan solicitation as others may do.


Other than limited access by us in order to carry out the Services as described above, your Personal Information is accessible only by you using a password created by you. To protect the security of your Personal Information, you must keep your password confidential. You are responsible for all uses of Services by anyone using your password, including any disclosures of Personal Information.

Openness

We will make available information about our general policies and practices relating to the processing of Personal Information. We will not make available information about processing or management of Personal Information for a specific customer except to that customer or as directed by that customer. 

Accuracy of Personal Information and Access

We rely on you to ensure the Personal Information you provide to us is accurate and up to date for the purposes set out in the Policy.

You may update, review or correct your Personal Information at any time on-line by accessing your password protected registration page or by contacting our Privacy Officer as specified under “Questions or Concerns About Your Privacy” below.

Limiting Retention

We will keep Personal Information that remains relevant for the intended purposes or as required by law. We may keep Personal Information about you in our records as long as it is needed for the purposes described above, including statutory or regulatory retention requirements, even if you cease to be a customer. 

Once Personal Information is deleted, you will not be able to access it any longer. 

Changes to the Privacy Policy

We regularly review all of our policies and procedures and as a result may change this Privacy Policy from time to time. The most recent modification date of this Privacy Policy will appear at the top of this page. If we materially change our practices in processing Personal Information, we will post an updated policy in place of this Privacy Policy, to keep you informed of what information we collect, how we use it and with whom we share it. If you currently receive product material via mail, you will receive a printed version of the updated policy in advance of the effective date. Your continued access and use of the Services after the effective date of any changes to this Privacy Policy constitutes your acceptance of all such changes.

Links to Third Party Websites

The Services website may contain links to other websites that operate independently of the Services and that are not under our control. We provide links to other websites solely for your convenience and information. Other websites may have their own privacy policies, which we suggest you review if you visit any linked websites. We are not responsible for information that is collected through those websites or for any other use or disclosure of information by the operators of those websites. 

Questions or Concerns About Your Privacy?

We welcome you to contact us at any time should you have any questions, comments or concerns regarding this Privacy Policy or the manner in which we or our service providers treat your Personal Information. Please contact our Privacy Officer at the coordinates listed below: 

Privacy Officer Sigma Loyalty Group 

P.O. Box 3020 STN D Toronto, Ontario M9A 5C7 

Email: privacy.canada@sigmaloyaltygroup.com