Blokketen Solutions

HATI Global Privacy Notice

Core privacy notice for website visitors, prospects, customer administrators, and authorized business users.

1. Who we are

This Privacy Notice explains how Blokketen Solutions Inc. processes personal data in connection with HATI, related websites, demos, sandbox programs, and business communications. HATI is payment-orchestration software developed, owned, and managed by Blokketen Solutions Inc.

HATI is not a bank and does not take custody of customer funds or keys. Even so, HATI may process personal data that appears in payroll files, vendor records, onboarding materials, support tickets, audit logs, and similar operational workflows.

2. Categories of personal data we may process

  • identity and contact data, such as name, work email, business phone number, employer, title, and account details;
  • account, authentication, and device data, such as login records, IP address, browser data, MFA events, and security logs;
  • commercial and relationship data, such as contract records, invoices, support history, and trial or benchmark participation details;
  • customer-submitted operational data, such as names, payment references, organizational identifiers, or other information contained in payroll, vendor, onboarding, treasury, or payment workflow files;
  • communications data, such as emails, support tickets, meeting notes, and form submissions; and
  • cookie, telemetry, or analytics data where enabled.

3. Sources of personal data

  • directly from you or your organization;
  • from customer administrators or colleagues who provision access;
  • from banks, approved payment providers, identity-verification vendors, fraud / compliance vendors, or integration partners, where applicable;
  • from your browser or device when you use our websites or applications; and
  • from publicly available or commercially available business-information sources, where lawful.

4. Purposes of processing

  • provide, secure, maintain, and improve HATI and related services;
  • create and manage user accounts, permissions, support cases, and customer relationships;
  • operate sandbox, benchmark, and pilot programs;
  • process customer instructions and provide workflow orchestration features;
  • monitor security, prevent misuse, investigate incidents, and enforce our terms;
  • send operational notices, product updates, and business communications;
  • comply with law, respond to legal process, and protect our rights; and
  • carry out internal reporting, service analytics, and service planning using data in an aggregated or de-identified form where appropriate.

5. How we share personal data

  • with service providers that help us host, secure, support, analyze, or operate HATI;
  • with customer-selected or customer-approved providers when needed to support an integration or workflow requested by the customer;
  • with professional advisers, auditors, insurers, or investors under appropriate confidentiality protections;
  • with authorities, regulators, courts, or counterparties where required by law or to protect rights, safety, or the integrity of the service; and
  • in connection with a merger, financing, restructuring, acquisition, or asset transfer, subject to appropriate protections.

6. International transfers

HATI may involve cross-border access, cloud hosting, support operations, or provider integrations. Personal data may therefore be processed in more than one country. Where required, Blokketen Solutions Inc. will use contractual, organizational, and technical safeguards appropriate to the transfer and the role in which the data is processed.

Jurisdiction-specific transfer language can be added in the regional privacy addenda included in this policy pack.

7. Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Notice, including to provide the service, maintain security and audit logs, meet legal or tax requirements, resolve disputes, and enforce agreements.

Retention periods may vary based on the type of data, customer contract requirements, legal obligations, and whether the data sits in a sandbox, support, security, or production environment.

8. Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. No method of transmission, storage, or security control is perfect, and we cannot guarantee absolute security.

9. AI-assisted processing and human oversight

HATI may use rules, software agents, or machine-learning-assisted tools to classify files, identify workflow exceptions, estimate routing options, or support operational review. Where appropriate, HATI is intended to keep human review in the loop for approvals and execution decisions.

This Notice should be read together with the HATI terms, acceptable-use rules, and customer contracts that define the specific workflow and accountability model.

10. Your rights and choices

Depending on your location and the context in which we process your data, you may have rights to request access, correction, deletion, restriction, portability, objection, withdrawal of consent, or complaint to a regulator. These rights may vary by jurisdiction and are subject to legal limitations.

Regional rights and complaint options are described in the applicable privacy addendum for Canada, the EU / EEA / UK, and GCC / Middle East jurisdictions.

11. Cookies and similar technologies

We may use cookies and similar technologies for authentication, security, preferences, analytics, and site functionality. See the separate Cookie Notice for a fuller description and for choices that may be available to users.

12. Children's data

HATI is designed for business use and is not intended for children. Do not submit children's personal data to HATI unless you have a clear lawful basis and an approved business reason to do so.

13. Contact and updates

Insert the correct privacy contact details, mailing address, and any required representative information before publication.

We may update this Notice from time to time. The version posted on the relevant website or otherwise communicated to customers will state the effective date.