Privacy Policy
How ScotiaConnect collects, uses, protects, and shares information obtained through the business banking portal.
Last updated: May 2026. This privacy policy describes how ScotiaConnect collects, uses, and safeguards information obtained through the ScotiaConnect business banking portal at sconnectbusiness.gr.com and the ScotiaConnect mobile banking app. By accessing ScotiaConnect, you consent to the data practices described in this policy.
Information We Collect
ScotiaConnect collects information necessary to provide business banking services, maintain account security, and comply with regulatory obligations.
Account information collected during enrollment includes business name, tax identification number, business address, authorized representative names and contact details, and banking information required to establish and service commercial accounts. User account information includes names, email addresses, phone numbers, usernames, and role assignments for each individual authorized to access the ScotiaConnect platform. ScotiaConnect does not collect personal consumer data unrelated to business banking operations.
Transaction data is collected automatically as you use ScotiaConnect services. This includes payment initiation details, wire transfer instructions, ACH batch specifications, account balance inquiries, report generation parameters, and alert configuration settings. Each transaction record includes the initiating user identity, timestamp, device information, and IP address — information retained as part of ScotiaConnect's regulatory compliance obligations under FinCEN recordkeeping requirements.
How We Use Collected Information
ScotiaConnect uses collected information exclusively to deliver, maintain, and secure the ScotiaConnect business banking platform.
Primary uses include processing payment transactions initiated through ScotiaConnect, maintaining accurate account records and transaction histories, generating reports and account statements requested by authorized users, delivering configured alerts and notifications, authenticating ScotiaConnect login attempts, enforcing role-based access controls, detecting and preventing fraudulent activity, and complying with legal and regulatory obligations including those established by the OCC. ScotiaConnect does not sell, rent, or lease user information to third parties. Data collected through ScotiaConnect is not used for marketing purposes unrelated to the ScotiaConnect platform.
Data Sharing and Disclosure
ScotiaConnect shares information only as necessary to provide ScotiaConnect services, comply with legal obligations, or protect the security of the platform.
Information may be shared with correspondent banks and payment networks to process wire transfers and ACH payments initiated through ScotiaConnect. Service providers that support ScotiaConnect operations — including cloud infrastructure, authentication services, and communications delivery — may process data under contractual agreements that require equivalent security standards. ScotiaConnect may disclose information when required by law, court order, or regulatory request, including examinations conducted by financial regulatory authorities. In all cases, ScotiaConnect limits shared data to the minimum necessary for the specific purpose and requires recipients to maintain confidentiality and security protections consistent with this policy.
Data Handling Summary
The table below summarizes the categories of data ScotiaConnect collects and how each category is used, shared, and retained.
| Data Category | Collection Purpose | Shared With | Retention Period | User Control |
|---|---|---|---|---|
| Account enrollment data | Account establishment, KYC compliance | Regulatory authorities | Account life + 7 years | View via administrator |
| User credentials | Authentication, access control | Authentication service provider | Account life | Reset, deactivate |
| Transaction records | Payment processing, reporting, audit | Correspondent banks, regulators | 7 years minimum | View via reports |
| Login and session data | Security monitoring, audit trail | Not shared | 3 years | View via administrator |
| Alert and notification settings | Alert delivery | Communications provider | Account life | Configure, disable |
Data Security
ScotiaConnect employs multiple layers of security controls to protect information collected through the ScotiaConnect platform.
All data transmitted between your browser or ScotiaConnect mobile banking app and ScotiaConnect servers is encrypted using TLS 1.3 with 256-bit encryption. Stored data is encrypted at rest using AES-256 encryption. ScotiaConnect access requires multi-factor authentication combining a password with a one-time verification code or biometric credential. The ScotiaConnect platform undergoes regular security assessments, penetration testing, and compliance audits to verify the effectiveness of security controls. Access to ScotiaConnect systems by operations personnel is restricted by role and logged for audit review.
User Rights and Choices
ScotiaConnect users have rights regarding the information maintained in their ScotiaConnect accounts.
Authorized users can access their account information, transaction history, and user profile data through the ScotiaConnect portal at any time. Account administrators can manage user access permissions, deactivate ScotiaConnect login credentials for former employees, and configure alert and notification preferences for all users on the business account. Users can request correction of inaccurate account information through ScotiaConnect customer support. Data required for regulatory compliance — including transaction records and audit logs — cannot be deleted during the mandated retention period but will be purged according to ScotiaConnect's data retention schedule after retention obligations expire.
Cookies and Tracking Technologies
ScotiaConnect uses essential cookies and similar technologies required for platform functionality and security.
Session cookies maintain your authenticated ScotiaConnect session as you navigate between ScotiaConnect pages. These cookies are deleted when you close your browser or your ScotiaConnect session expires. Security cookies support fraud detection by helping ScotiaConnect recognize authorized devices and identify anomalous access patterns. ScotiaConnect does not use tracking cookies for advertising, analytics, or cross-site tracking purposes. Your browser settings control cookie acceptance; however, disabling essential cookies will prevent successful ScotiaConnect login and platform access.
Changes to This Privacy Policy
ScotiaConnect may update this privacy policy to reflect changes in data practices, platform capabilities, or regulatory requirements.
Material changes will be communicated through the ScotiaConnect portal notification center and, where appropriate, via email to account administrators at least thirty days before the changes take effect. Continued use of ScotiaConnect after policy changes become effective constitutes acceptance of the updated terms. The effective date at the top of this page indicates when the current policy was last revised.
Contact Information
For questions about this privacy policy or ScotiaConnect data practices, contact ScotiaConnect through the service desk portal within the ScotiaConnect platform or by phone at (866) 472-6842 during extended business hours. Written inquiries may be directed to the ScotiaConnect privacy office through the contact information provided in the ScotiaConnect support hub.
Popular ScotiaConnect Services