Bullring FinanceBullringBack to Home

Privacy Policy

Last updated: 17/06/2026

Effective Date: 20/06/2026
Last Updated: 17/06/2026

Introduction

www.bullring.finance and the related dashboards, application programming interfaces, software tools, documentation, communications and services made available through it are provided by Teso Pay Inc., doing business as Bullring Finance (“Bullring”, “we”, “us” and “our”).

At Bullring, we value your privacy, and we are committed to safeguarding your personal information. All personal information that you provide to us, or that we collect in connection with your relationship with us, will be processed in accordance with this Privacy Policy and applicable Data Protection Legislation.

This Privacy Policy (“Policy”) explains how we collect, use, share, retain, transfer and protect personal information in connection with our website, platform, APIs, onboarding processes, customer support, compliance operations and related services (together, the “Platform”).

This Policy applies to our customers, potential customers, authorised users of customer accounts, representatives of customers, beneficial owners, directors, officers, employees, contractors, recipients, counterparties, website visitors, applicants, partners, service providers and any other person about whom we process personal information in connection with the Platform. Our services are primarily designed for businesses and organisations. However, we may process personal information about individuals who act for those businesses or organisations, including their directors, officers, shareholders, beneficial owners, authorised users, employees, contractors, recipients and other counterparties.

For the purposes of this Policy, “personal information” and “personal data” mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable person. The meaning of these expressions may vary under applicable law, but they are used together in this Policy for ease of reference.

Where Bullring determines the purposes and means of processing personal information, Bullring acts as a data controller or business. Where we process personal information only on behalf of, and in accordance with the instructions of, a business customer, we act as a data processor or service provider to that customer. In those circumstances, the customer remains responsible for its own privacy notices and privacy obligations to the relevant individuals.

This Policy should be read together with our Terms of Service and any other agreement, disclosure, consent, notice or addendum that applies to your use of the Platform. By visiting our website, opening or using an account, integrating our APIs, submitting information to us or otherwise using the Platform, you acknowledge that you have read this Policy.

Our website and services are not directed at you if we are prohibited by any applicable law, regulation or regulatory requirement from making the Platform available to you, or if your use of the Platform would be contrary to any law or regulation applicable to you.

Definitions

  • “Consent” means a freely given, specific, informed and unambiguous indication by which a person signifies agreement to the processing of personal information relating to that person.
  • “Customer” means any business, organisation or other person that applies for, accesses or uses the Platform or any Bullring service.
  • “Data Controller” means the person or organisation that determines the purposes and means of processing personal information. Where Bullring determines the purposes and means of processing personal information, Bullring is the data controller of that personal information.
  • “Data Processor” means the person or organisation that processes personal information on behalf of a data controller. This includes service providers and vendors that process personal information on our behalf.
  • “Data Protection Legislation” means all applicable data protection, privacy, electronic communications and related laws, regulations and guidance that apply to the processing of personal information under this Policy, including, where applicable, the EU General Data Protection Regulation, the UK General Data Protection Regulation, the UK Data Protection Act 2018, Canada’s Personal Information Protection and Electronic Documents Act and applicable provincial privacy laws, and any successor or implementing legislation.
  • “Personal Information” has the meaning given in clause 1.6 above and includes “personal data” under the EU GDPR, UK GDPR and similar laws.
  • “Personal Information Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or otherwise processed.
  • “Processing” means any operation performed on personal information, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, sharing, transfer, alignment, restriction, erasure or destruction.

Personal Information we Collect

In providing the Platform, we collect personal information that is reasonably necessary for us to onboard customers, provide our services, support our users, comply with legal and regulatory obligations, maintain the security and integrity of the Platform and operate our business.

Information you provide to us. We may collect personal information that you provide directly to us when you complete onboarding forms, request access to the Platform, use our website, integrate our APIs, contact us, communicate with our team or otherwise interact with us. This may include:

  • business and contact information, including name, business name, registered address, trading address, email address, telephone number, job title, role, country of residence, country of operation and preferred contact details;
  • account registration information, including username, password, account preferences, authorised user details, access permissions and authentication information;
  • customer due diligence, KYC and KYB information, including incorporation documents, constitutional documents, business licences, tax identification numbers, source-of-funds information, source-of-wealth information, ownership and control information, shareholder information, ultimate beneficial owner information and details of directors, officers and authorised signatories; and identity verification information, including copies of identification documents, passports, national identity cards, driver’s licences, proof of address, date of birth, nationality, photographs, video or liveness check information and other information required to verify identity or authority;
  • financial, settlement and payment instruction information, including bank account details, account names, wallet addresses, currency preferences, transaction references, invoices, payment instructions, beneficiary or recipient information, remittance information and other details necessary to process or support a customer instruction;
  • communications information, including emails, chat messages, call notes, support tickets, feedback, survey responses, enquiries, complaints and other records of your communications with us;
  • marketing and event information, including your communication preferences, newsletter subscriptions, event registrations and responses to marketing campaigns; and
  • any other information you choose to provide to us.

Information relating to recipients and counterparties. Where a customer uses the Platform to make or receive payments, manage collections, process payouts, perform reconciliations or submit instructions, we may receive personal information relating to that customer’s customers, suppliers, recipients, payees, payors, contractors, employees, agents, representatives or other counterparties. This may include names, contact details, bank account details, wallet addresses, transaction references, invoice details, payment purpose, location, currency and other information submitted by the customer or required to process, screen, monitor or reconcile the instruction.

Information collected automatically. Whenever you visit our website or use the Platform, we and our service providers may automatically collect technical and usage information, including internet protocol address, browser type, operating system, device identifiers, access times, pages viewed, links clicked, referral URLs, log files, approximate location derived from IP address, API usage data, webhook activity, authentication logs, error logs, session information, security events and other information about your interaction with the Platform.

Information we receive from third parties. We may receive personal information about you from third parties and combine it with information that we already hold. These third parties may include:

  • customers who identify you as an authorised user, director, officer, beneficial owner, signatory, recipient, payee, payor, counterparty, employee, contractor or other representative;
  • affiliates, group companies and local partners involved in providing, supporting or monitoring the Platform;
  • financial institutions, payment service providers, card networks, banks, stablecoin issuers, on-ramp providers, off-ramp providers and other regulated counterparties involved in processing, approving, settling, screening or reconciling customer instructions;
  • identity verification, KYB, KYC, sanctions screening, politically exposed person screening, adverse media screening, fraud prevention, blockchain analytics, transaction monitoring, open banking, credit reference and compliance service providers;
  • publicly available sources, including company registries, corporate affairs registries, insolvency registers, sanctions lists, government databases, court records, media reports, professional networks and publicly available blockchain records; and
  • professional advisers, regulators, law enforcement agencies, dispute resolution bodies and other persons where permitted or required by law.

Special categories of personal information. We do not intentionally collect special categories of personal information unless it is necessary for identity verification, fraud prevention, legal compliance, employment or other purposes permitted by law. Where identity verification requires the processing of biometric or similar information, such information may be collected by or shared with our verification providers and will be processed only where permitted by applicable law and subject to appropriate safeguards.

Cookies and similar technologies. We use cookies, pixels, tags, web beacons, local storage, SDKs and similar technologies to operate the website, keep the Platform secure, remember preferences, understand usage, improve performance and support marketing where permitted. The categories of cookies and similar technologies we may use include:

  • strictly necessary cookies, which are required for the website or Platform to function, including security, authentication, fraud prevention, session management and load balancing;
  • performance and analytics cookies, which help us understand how visitors and users interact with the website and Platform, identify errors, measure performance and improve functionality;
  • functional cookies, which remember choices you make, such as language, region or other preferences; and
  • advertising or targeting cookies, which may be used to measure the effectiveness of campaigns, understand engagement and provide more relevant information about our services, where permitted by law and subject to any consent requirements.

You may control cookies through your browser settings and, where available, through any cookie preference tool provided on our website. If you disable certain cookies, some parts of the website or Platform may not function properly.

We do not collect more personal information than is reasonably necessary for the purposes described in this Policy. However, because our services involve regulated financial activity, we may be required to collect and verify detailed customer, ownership, control, transaction, payment, wallet and compliance information before or during the provision of services.

How We Use Personal Information

We primarily use personal information to provide the Platform, manage our relationship with customers, comply with legal and regulatory obligations, prevent fraud and financial crime, maintain accurate records, communicate with you and improve our services.

We may use personal information for the following purposes:

  • to verify your identity, authority, ownership, control, eligibility and suitability to access or use the Platform;
  • to onboard customers, create and manage customer profiles, authenticate authorised users, administer accounts and provide customer support;
  • to receive, review, validate, process, monitor, reconcile, report on and respond to customer instructions;
  • to perform customer due diligence, enhanced due diligence, sanctions screening, politically exposed person screening, adverse media checks, transaction monitoring, fraud prevention, risk scoring and other compliance checks;
  • to comply with anti-money laundering, counter-terrorist financing, sanctions, tax, recordkeeping, reporting, audit, regulatory and other legal obligations;
  • to share information with regulated partners, service providers, compliance providers and other persons where necessary to provide the Platform or comply with applicable obligations;
  • to prevent, detect, investigate and respond to fraud, misuse, prohibited activities, cyber incidents, suspicious activity, disputes, complaints and security threats;
  • to maintain, test, improve and troubleshoot the website, APIs, dashboards, sandbox environments, integrations, security controls and other Platform functionality;
  • to analyse usage trends, measure performance, generate internal reports, develop new features and improve the accuracy, effectiveness and usability of the Platform;
  • to communicate with you about your account, onboarding, transactions, service updates, operational notices, security alerts, policy changes, support requests and administrative matters;
  • to send marketing communications, newsletters, event invitations, product updates or other information about our services where permitted by law and subject to your communication preferences;
  • to enforce our agreements, protect our rights, defend or establish legal claims, recover amounts owed to us and comply with court orders or legal processes;
  • to conduct due diligence, audits, restructuring, financing, investment, merger, acquisition, sale or other corporate transactions; and
  • for any other purpose that is compatible with the purposes described in this Policy, or that we explain to you at the time of collection.

Where the EU GDPR or UK GDPR applies, we rely on one or more lawful bases for processing personal information. These lawful bases include:

  • performance of a contract, where processing is necessary to provide the Platform, manage accounts, process instructions, respond to enquiries or perform our contractual obligations;
  • legal obligation, where processing is necessary to comply with applicable laws, regulatory obligations, sanctions obligations, tax requirements, recordkeeping requirements, court orders or lawful requests from competent authorities;
  • legitimate interests, where processing is necessary for our legitimate business interests or those of a third party, provided those interests are not overridden by your rights and freedoms. These interests include fraud prevention, financial crime prevention, risk management, service improvement, network and information security, corporate administration, business development and the protection of our rights;
  • consent, where we rely on your consent for a specific processing activity, such as certain marketing communications, optional cookies or processing that requires consent under applicable law; and
  • establishment, exercise or defence of legal claims, where processing is necessary in connection with actual or potential claims, investigations, disputes or proceedings.

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before consent was withdrawn, and it may not affect processing that we are required or permitted to continue on another lawful basis.

We do not use personal information to make decisions based solely on automated processing that produce legal or similarly significant effects concerning you, unless such processing is authorised by law, necessary for a contract, or based on your explicit consent. We may use automated tools to support identity verification, sanctions screening, fraud prevention, transaction monitoring and risk assessment, but human review may be applied where required or appropriate.

Our employees, agents, contractors and service providers shall process personal information only where necessary for the performance of their duties or services, and only in accordance with this Policy, our instructions, applicable law and any confidentiality or data protection obligations applicable to them.

How We Share Personal Information

Bullring does not sell, trade or rent personal information. We will not disclose personal information to a third party except as necessary to provide the Platform, operate our business, comply with applicable law, protect our rights or as otherwise described in this Policy.

We may share personal information with the following categories of recipients:

  • Affiliates and group companies. We may share personal information with our affiliates and related companies where this is necessary for customer onboarding, compliance, service delivery, customer support, internal administration, reporting, audit, security, technology operations or business continuity.
  • Customers and authorised users. Where you act for a customer, or where your information is submitted in connection with a customer’s use of the Platform, we may share relevant information with that customer and its authorised users, administrators and representatives.
  • Financial institutions and regulated partners. We may share personal information with banks, payment service providers, card networks, stablecoin issuers, on-ramp providers, off-ramp providers, wallet infrastructure providers, settlement providers, liquidity providers and other regulated counterparties where necessary to onboard customers, support accounts, process instructions, screen transactions, settle payments, reconcile activity, manage risk or comply with partner requirements.
  • Verification and compliance providers. We may share personal information with identity verification, business verification, beneficial ownership verification, sanctions screening, politically exposed person screening, adverse media screening, transaction monitoring, fraud prevention, blockchain analytics, open banking, credit reference and other compliance providers.
  • Service providers. We may share personal information with vendors, agents and contractors who provide hosting, cloud storage, analytics, cybersecurity, encryption, customer relationship management, communications, email, document management, support, audit, finance, legal, compliance, software development and other services on our behalf.
  • Professional advisers. We may disclose personal information to lawyers, auditors, accountants, insurers, consultants, banks and other professional advisers where necessary for the provision of professional advice, audit, financing, insurance, dispute management or corporate administration.
  • Regulators, law enforcement and public authorities. We may disclose personal information where we believe this is necessary or appropriate to comply with applicable law, respond to lawful requests, submit regulatory reports, report suspicious activity, cooperate with supervisory authorities, enforce sanctions requirements, respond to court orders or protect the rights, property or safety of Bullring, our users, our partners or others.
  • Corporate transaction parties. We may disclose personal information in connection with a proposed or actual merger, acquisition, investment, financing, restructuring, bankruptcy, sale, transfer or other transaction involving all or part of our business or assets, subject to appropriate confidentiality and data protection safeguards.

Where third parties process personal information on our behalf, we require them to process such information only in accordance with our instructions and to implement appropriate technical, organisational and contractual safeguards. Where a third party acts as an independent data controller, its own privacy policy and legal obligations will apply to its processing of personal information.

We may share aggregated, anonymised or de-identified information that cannot reasonably be used to identify you for analytics, research, reporting, product development, marketing or other lawful purposes.

We may request information about you from third parties, and provide information about you to third parties, where necessary to provide the Platform, verify information, comply with law, prevent fraud, detect suspicious activity, resolve disputes or protect our rights.

To the extent practicable and legally permitted, we will attempt to notify you before disclosing personal information in response to compulsory legal process, so that you may seek a protective order or other appropriate relief. We may not be able to provide such notice where prohibited by law, where notice would compromise an investigation, or where urgent disclosure is necessary.

Your Rights

Subject to applicable law, you may have rights in relation to the personal information that we hold about you. These rights may vary depending on your location, the nature of the personal information and the basis on which we process it.

Depending on applicable Data Protection Legislation, your rights may include the right to:

  • be informed about how we collect and use your personal information;
  • request access to, or a copy of, the personal information we hold about you;
  • request correction or rectification of inaccurate or incomplete personal information;
  • request deletion or erasure of your personal information;
  • request restriction of, or object to, certain processing of your personal information;
  • request portability of personal information that you provided to us, where applicable;
  • withdraw consent where processing is based on consent;
  • object to direct marketing;
  • request information about, or object to, certain automated decision-making or profiling, where applicable; and
  • lodge a complaint with a data protection authority, privacy commissioner or other competent supervisory authority.

To exercise your rights, please contact us using the details in the “Contact Us” section below. We may request information from you to verify your identity and authority before responding to your request.

Your rights are not absolute. We may refuse, limit or delay a request where permitted by law, including where compliance would adversely affect the rights and freedoms of others, reveal confidential information, prejudice a legal or regulatory obligation, interfere with anti-money laundering, sanctions, fraud prevention or security obligations, or conflict with recordkeeping requirements.

If you are located in the United Kingdom or the European Economic Area, you may have the right to complain to your local supervisory authority. If you are located in Canada, Nigeria, Ghana or the United States, you may also have rights under the privacy laws applicable in your jurisdiction. We encourage you to contact us first so that we may try to resolve your concern.

Where we process personal information only on behalf of a customer, we may refer your request to that customer or ask you to contact that customer directly. We will provide reasonable assistance to the customer in responding to your request where required by applicable law or our agreement with that customer.

Opting-Out of Communications

You may opt out of receiving marketing or promotional communications from us at any time by following the unsubscribe instructions included in the relevant communication, adjusting your communication preferences where available, or contacting us using the details in this Policy.

If you opt out of marketing communications, we may still send you service-related, transactional, operational, legal, compliance, security and administrative communications. These may include account notices, onboarding requests, transaction updates, support messages, security alerts, policy updates, regulatory notices and other communications necessary for the provision or administration of the Platform.

We may ask you to confirm or update your communication preferences from time to time. Where applicable law requires consent for certain marketing communications, we will obtain such consent before sending those communications.

Children

The Platform is intended for use by businesses and their authorised representatives. It is not directed at children or individuals under the age of 18.

We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate authority or where such collection is not permitted by law, we will take reasonable steps to delete that information.

If you believe that a child has provided personal information to us, please contact us using the details in this Policy.

Security of Your Personal Information

We are committed to ensuring that your personal information is secure. In order to prevent unauthorised access, disclosure, alteration, loss or misuse, we maintain reasonable and appropriate technical, organisational and administrative safeguards designed to protect the personal information we process.

These safeguards may include access controls, role-based permissions, authentication measures, encryption, secure transmission protocols, logging, monitoring, vulnerability management, segregation of duties, vendor assessments, confidentiality obligations, staff training, incident response processes and other measures appropriate to the nature of the information and the risks of processing.

We restrict access to personal information to employees, contractors, agents, service providers and partners who require access for legitimate business, legal, compliance or operational purposes.

You also play an important role in protecting your personal information. You are responsible for maintaining the confidentiality of your login credentials, access tokens, API keys, passwords and authentication devices, and for ensuring that only authorised persons access the Platform on your behalf.

No method of transmission over the internet or method of electronic storage is completely secure. While we take reasonable steps to protect personal information, we cannot guarantee absolute security. You should notify us immediately if you suspect unauthorised access to your account, credentials, API keys or information.

In the event of a Personal Information Breach that is likely to result in a risk to your rights and freedoms, or that is otherwise notifiable under applicable law, we will take steps to investigate, contain and remediate the breach and notify affected persons and competent authorities where required by law.

Retention of Your Personal Information

We retain personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, provide the Platform, comply with legal and regulatory obligations, resolve disputes, enforce agreements, maintain security, prevent fraud and establish, exercise or defend legal claims.

Because the Platform involves regulated financial services, compliance screening, transaction monitoring and recordkeeping, we may be required to retain customer identification records, KYB and KYC records, transaction records, payment instructions, wallet information, screening results, audit logs, communications and supporting documents for minimum statutory or regulatory periods.

Retention periods vary depending on the nature of the information, the service used, the country in which the customer is located, the countries involved in a transaction, the requirements of our regulated partners and the laws applicable to Bullring or the relevant partner. In many cases, compliance and transaction records may be retained for five to seven years from the end of the customer relationship, the completion of a transaction or the date on which the record was created, whichever is later.

We may retain information for longer where required by law, requested by a regulator or law enforcement authority, necessary for an investigation, audit, dispute or legal claim, or required to comply with sanctions, anti-money laundering, counter-terrorist financing, tax, accounting or other obligations.

When personal information is no longer required, we will take reasonable steps to delete, anonymise, de-identify or securely destroy it, unless we are required or permitted by law to retain it.

Backups, archived copies and system logs may retain personal information for a limited period after deletion from active systems. We will handle such information in accordance with our retention and security procedures.

Third Party Sites and Products

Our website, communications or Platform may contain links to third-party websites, products, services, applications or resources that are not owned or controlled by Bullring.

We have no control over, and assume no responsibility for, the content, privacy policies, security practices or data protection practices of third-party websites, products or services. If you provide personal information to a third party, or authorise us to share personal information with a third party, that information will be governed by the third party’s privacy policy and legal obligations.

Certain services may depend on third-party financial institutions, payment service providers, on-ramp providers, off-ramp providers, stablecoin issuers, identity verification providers, compliance providers, wallet infrastructure providers, cloud providers and other partners. Where those third parties process personal information as independent controllers, their own privacy notices and terms may apply.

We strongly advise you to review the privacy policies, terms and disclosures of any third-party website, product or service that you access or use in connection with the Platform.

Transfers of Information

Bullring operates across jurisdictions and may process personal information in more than one country. Your personal information may be collected, stored, accessed, processed or transferred in Canada, the United Kingdom, the European Economic Area, Nigeria, Ghana, the United States, Brazil, the United Arab Emirates and other countries where we, our affiliates, our service providers or our partners operate.

The data protection laws in the country where your personal information is processed may differ from those in your country of residence. Where we transfer personal information internationally, we will take reasonable steps to ensure that the transfer is carried out in accordance with applicable Data Protection Legislation.

Where required, we may rely on one or more of the following transfer safeguards or mechanisms:

  • an adequacy decision or equivalent finding that the destination country provides an adequate level of protection;
  • standard contractual clauses, the UK International Data Transfer Agreement, the UK Addendum to the EU standard contractual clauses or other approved contractual safeguards;
  • data processing agreements, intra-group arrangements and confidentiality obligations;
  • technical and organisational safeguards, including access controls, encryption, security monitoring and data minimisation;
  • your explicit consent, where applicable and where no other transfer mechanism is available;
  • necessity for the performance of a contract with you, or for the implementation of pre-contractual steps at your request;
  • necessity for the conclusion or performance of a contract in your interest;
  • necessity for important reasons of public interest, compliance with law, regulatory reporting, sanctions screening, anti-money laundering obligations or the establishment, exercise or defence of legal claims; or
  • any other transfer mechanism permitted by applicable Data Protection Legislation.

Policy Updates

We may update this Policy from time to time to reflect changes in our services, technology, legal obligations, regulatory requirements, business operations or privacy practices.

Where we make changes to this Policy, we will update the “Last Updated” date above and post the revised version on our website or otherwise make it available through the Platform. Where required by law, or where the changes are material, we may provide additional notice or request your consent.

Your continued use of the Platform after an updated Policy becomes effective will be treated as your acknowledgement of the updated Policy, subject to any rights you may have under applicable law.

Contact Us

If you would like more information about this Policy, or if you have any comments, questions, complaints or requests relating to personal information, please contact us at:

Teso Pay Inc. d/b/a Bullring Finance
Registered Address: 2300 2850 Shaughnessy Street, Port Coquitlam, BC V3C 6K5, Canada
Email: hello@bullring.finance

If you contact us by email, please include sufficient information to enable us to identify you and respond to your request. For security and privacy reasons, we may need to verify your identity or authority before acting on your request.

If you are contacting us on behalf of a customer, beneficial owner, authorised user, recipient or another person, we may request evidence of your authority to act on that person’s behalf.