DaisyLink

Security Statement

Effective July 1, 2026 · Version 1.0

DaisyLink Financial Ltd (“DaisyLink”, “we”, “us”, or “our”) treats the security of end-user funds, personal information, and payment infrastructure as a core operating responsibility. This Statement summarizes the security, operational risk, and fund-safeguarding practices DaisyLink maintains as a Bank of Canada RPAA-registered payment service provider and FINTRAC-registered money services business with virtual currency permissions.

Unlike DaisyLink’s sanctions and AML/CTF obligations (which arise under separate legislation), operational risk management, safeguarding of end-user funds, and incident reporting are matters the Bank of Canada directly supervises under the Retail Payment Activities Act (RPAA). That said, RPAA registration confirms DaisyLink met the Bank’s registration requirements — it is not a certification or guarantee by the Bank of Canada of any specific security control, technology, or practice described in this Statement.