Privacy Policy at Scotiaconnect

Information We Collect

Scotiaconnect collects personal identification data, financial account information, transaction records, device and usage data, and communication records necessary to provide and secure our digital banking services.

When you open a Scotiaconnect account or use our digital banking platform, we collect information required to verify your identity, process transactions, and secure your account. Personal identification information includes your full legal name, date of birth, Social Insurance Number or Individual Tax Identification Number, home and mailing addresses, telephone numbers, email addresses, and government-issued identification document details. Financial information includes account numbers, account balances, transaction history, credit history, income information, employment details, and asset and liability data submitted during account applications. Device and usage data includes your IP address, browser type and version, operating system, device identifiers, Scotiaconnect sign in timestamps, pages visited within the platform, features used, and session duration. Communication records include messages exchanged with Scotiaconnect support, call recordings (with notification), and written correspondence sent through the platform's secure message center.

How We Use Your Information

Scotiaconnect uses collected data to deliver banking services, process transactions, verify identity, prevent fraud, improve our platform, communicate with you, and comply with legal obligations — we do not sell personal information to third parties.

Transaction processing is the primary use of your Scotiaconnect data. When you transfer funds, pay a bill, send a wire, deposit a check, or make a purchase with a Scotiaconnect card, we process the associated personal and financial information to complete the transaction. Identity verification and fraud prevention rely on your data to authenticate Scotiaconnect sign ins, detect unusual account activity, and protect against unauthorized access. Platform improvement uses aggregated, anonymized usage data — feature popularity, session patterns, and error rates — to refine the Scotiaconnect experience. Communication covers service announcements, transaction confirmations, security alerts, and account updates delivered via email, SMS, push notification, or in-platform messaging. Marketing communications are optional and require separate consent — Scotiaconnect never shares your financial data with advertisers or third-party marketing firms. Legal compliance includes reporting obligations to financial regulators, responding to valid court orders and subpoenas, and maintaining records required by Canadian and U.S. banking regulations.

Data Sharing and Disclosure

Scotiaconnect shares your data only with service providers who operate essential banking infrastructure, regulatory bodies as required by law, and authorized parties you explicitly designate — your financial data is never sold or rented.

Service providers that receive Scotiaconnect data operate under binding data processing agreements that limit their use of your information to the specific service they provide. These include payment network operators (Interac, SWIFT, card networks), cloud infrastructure providers, identity verification services, check imaging processors, and communication delivery platforms. Each provider contractually commits to Scotiaconnect data security standards and is prohibited from using your information for independent purposes. Legal and regulatory disclosures occur when Scotiaconnect receives a valid subpoena, court order, or regulatory inquiry from authorities such as FINTRAC, OSFI, provincial securities commissions, the Canada Revenue Agency, or U.S. regulatory counterparts. Scotiaconnect reviews every legal request for scope and validity before disclosing information and notifies affected account holders when legally permitted to do so. Authorized third-party access covers situations where you explicitly request Scotiaconnect to share data — linking external accounts through an aggregation service, providing mortgage verification to a lender, or sharing transaction data with an accounting platform — all initiated by you with explicit consent.

Data Categories and Usage

Cookies and Tracking Technologies

Scotiaconnect uses essential session cookies for platform functionality, security cookies for authentication integrity, and analytics cookies for platform performance measurement — all cookies can be managed through browser settings.

Essential cookies maintain your Scotiaconnect session state during an active sign in — they expire when you close your browser or after 15 minutes of inactivity. These cookies are required for Scotiaconnect to function and cannot be disabled. Security cookies support our fraud detection systems by establishing device fingerprints that help distinguish authorized Scotiaconnect sign ins from unauthorized access attempts. Analytics cookies collect anonymized data about platform performance — page load times, error frequencies, and feature usage patterns — to help Scotiaconnect improve reliability and user experience. These cookies do not contain personally identifiable information and are not used for advertising. Scotiaconnect does not use third-party advertising cookies, social media tracking cookies, or cross-site tracking cookies on its platform. You can manage cookie preferences through your browser settings, though disabling essential cookies will prevent Scotiaconnect sign in and platform functionality. For detailed cookie information, see the Scotiaconnect Cookie Policy linked in the footer of this page.

Your Privacy Rights

As a Scotiaconnect account holder, you have the right to access your personal data, correct inaccuracies, request deletion where legally permissible, restrict processing in certain circumstances, and receive a portable copy of your data.

Data access: You can review and download much of your Scotiaconnect personal data directly from the platform — transaction history, account statements, profile information, and communication records are accessible within your dashboard. For a complete data access request covering all categories of personal data Scotiaconnect holds, submit a written request through the platform's secure message center or by mail to the Scotiaconnect Privacy Office. Scotiaconnect responds to data access requests within 30 calendar days as required by Canadian privacy legislation. Data correction: Inaccurate personal information can be updated through your Scotiaconnect profile settings for contact details and communication preferences. For corrections to identity documents, account ownership, or credit report data, contact Scotiaconnect support for guided correction procedures requiring identity verification.

Data deletion: You may request deletion of personal data that Scotiaconnect is not legally required to retain. Financial transaction records, identity verification documents, and account statements must be retained for periods specified by Canadian banking regulations and anti-money-laundering legislation — typically seven years from account closure or the date of the last transaction. Non-mandatory data, such as marketing preferences, communication history beyond the required retention period, and certain analytics records, can be deleted upon request. Data portability: Scotiaconnect provides transaction data in machine-readable CSV format and statements in PDF format through the platform's export features. For broader data portability requests, Scotiaconnect can provide your personal and financial data in a structured, commonly used electronic format. Processing restrictions: You may request that Scotiaconnect restrict processing of your data in specific circumstances — while contesting data accuracy, objecting to processing that you believe is unlawful, or when Scotiaconnect no longer needs the data but you require it for legal claims.

Data Security and Storage

Scotiaconnect stores your data on encrypted infrastructure in Canadian data centers with AES-256 encryption at rest and TLS 1.3 encryption in transit — access controls, audit logging, and penetration testing protect your information continuously.

Data at rest within Scotiaconnect's infrastructure is encrypted using AES-256 encryption. Data in transit between your device and Scotiaconnect servers is encrypted using TLS 1.3 with 256-bit cipher suites. Scotiaconnect's primary data storage is located in Canada, with backup and disaster recovery replication to geographically separated Canadian data centers. Scotiaconnect maintains a comprehensive information security program aligned with ISO 27001 standards and undergoes annual independent security audits. Access to personal data within Scotiaconnect is restricted to employees and contractors whose roles require it — all access is logged, monitored, and reviewed. Scotiaconnect conducts regular penetration testing, vulnerability scanning, and security assessments. In the event of a data breach that poses a risk of significant harm to affected individuals, Scotiaconnect notifies affected account holders and relevant regulatory authorities within the timeframes required by applicable Canadian privacy legislation. The FTC privacy and data security resources provide additional guidance on protecting personal financial information.

Children's Privacy

Scotiaconnect does not knowingly collect personal information from individuals under the age of 13 — our digital banking platform is designed for adult use, and youth accounts require a parent or guardian as a joint account holder.

Scotiaconnect youth and student banking products are available to individuals under 18 only when opened with a parent or legal guardian as a joint account holder. The parent or guardian is the primary account holder responsible for the account and associated data. Scotiaconnect does not market to children under 13 and does not knowingly collect personal data from minors without verified parental consent through the joint account opening process. If Scotiaconnect becomes aware that personal data from a child under 13 has been collected without verified parental consent, we will delete that data promptly. Parents and guardians with questions about children's privacy protections at Scotiaconnect may contact the Privacy Office through the platform's secure message center or by calling +1 (416) 555-0172.

Changes to This Privacy Policy

Scotiaconnect reviews and updates this privacy policy periodically — material changes are communicated to account holders through email, in-platform notification, or both, at least 30 days before the changes take effect.

Minor updates to the Scotiaconnect privacy policy — clarifications of existing language, updated contact information, or references to new regulatory resources — may be made without advance notice and are effective upon posting. Material changes that affect how Scotiaconnect collects, uses, or shares personal data are communicated to account holders at least 30 calendar days before the effective date via the email address registered on your Scotiaconnect account, an in-platform notification banner on the dashboard, or both. Continued use of the Scotiaconnect platform after the effective date of a policy update constitutes acceptance of the revised policy. If you do not agree with a material change, you may close your Scotiaconnect account before the effective date — your data will be handled according to the previous policy version during the account closure process. Archived versions of the Scotiaconnect privacy policy are available upon request from the Privacy Office.