Proud Canadian Company

Our Privacy Policy: At A Glance

[Last update: December 24th, 2025]
[Prior Version]

At nesto Inc., together with all of its affiliates (“nesto”, “we”, “us”, “our”), the protection of your personal information is not just a standard we respect: it’s a commitment. Whether you’re browsing our website or using our services (including mortgage brokering, approved lending and other top-tier mortgage services), through phone, email, online chat or otherwise, protecting your personal information is a core commitment for us.

This policy describes how we collect, use, and disclose your personal information, how we protect it, and the controls you have over it. It does not extend to websites, mobile applications or other services of third parties. Please consult their privacy documents as we are not responsible for their own practices.

For more details, please refer to the full policy below and open the section that interests you.

What is personal information?

Personal information means any information that can be used to identify you, directly or indirectly. 

This includes details that identify you on its own, such as your name or email address, and information that may be used to identify you when combined with other data, such as your date of birth, income, or certain digital identifiers (for example, IP addresses) or device identifiers when they can be connected to information you provide as part of your interactions with our services.

What information do we collect about you?

  • Information you voluntarily provide us with when using our services, such as identification and contact information (e.g. name, phone number), financial assessment information (e.g. credit score, annual income), property information (e.g. property that you wish to finance, down payment), career information, where applicable (e.g. resume, cover letter).
  • Information we automatically track (collected through a device), such as IP address, cookie information, your browsing history, interactions with our website or online advertisements. You can manage or disable cookies at any time through your browser settings. For more information, please refer to our full ‘Cookie Policy’ below.

How do we use your personal information?  

We process personal information based on your consent, to perform a contract, or when otherwise permitted by law. Your personal information is used for many reasons, the primary purposes being to: 

  • Fulfill our core financial services (assessing creditworthiness, verifying eligibility, and providing requested products and services)
  • Manage your account and site access (creating your profile, verifying your identity, and enhancing site usability)
  • Develop and personalize our offerings (enhancing services, user experience, and communications, including marketing and advertising)
  • Comply with our legal and compliance obligations (verifying customer identities, preventing fraud, and meeting legal or audit obligations)
  • Support funding and investor processes (coordinating with insurers, brokers, and financial institutions)
  • Facilitate recruitment (evaluating applications and assessing qualifications)
  • Perform analytics and reporting (monitoring performance and improving operations)

Who do we share your personal information with?  

Depending on the situation that applies to you, we share your information with: 

  • Our affiliates
  • Our employees 
  • Financial institutions and investors 
  • Referral partners 
  • Credit rating agencies
  • Service providers
  • Promotional and advertising partners (including social media platforms)
  • Third parties in the event of a business transaction
  • Legal and government authorities

What data privacy rights do you have?  

Subject to certain legal exceptions, you have the following rights regarding your personal information:

  • Access the personal information we hold about you and receive a general account of how we use it
  • Correct your data if it is inaccurate or incomplete
  • Ask us to delete your information in certain cases, such as when we no longer need it
  • Obtain your personal information in a structured, machine-readable format
  • Ask us to transfer your information to a third party of your choice
  • Withdraw your consent at any time if it was used as a legal basis for processing your information
  • Inform you if a decision affecting you has been made through a fully automated process, where required by applicable law
  • Ask us to address a complaint if you are not satisfied with how we handle your personal information, or raise it with your local privacy regulator

Keep in mind that withdrawing your consent does not affect any processing that happened before you withdrew it. If we can no longer process that information, we may not be able to provide you with certain services.

How can you contact us? To ask questions, provide comments, or exercise your rights, email our Privacy Officer at privacy@nesto.ca

What Information Is Collected

We only collect the personal information that is necessary for the products or services you request, to meet our legal obligations, or to support the operation and security of our services. Not all of the categories below apply to every individual. The information we collect depends on your relationship with us (for example, customer, applicant, website visitor, or job candidate).

Identification and Contact InformationFull name
Title
Date of birth 
Marital status
Number of dependents
Address and proof of address (such as your current address, address history, and documents that confirm your residence)
Email address
Telephone number(s)
Identification documents (e.g., government-issued photo ID such as passport, driver’s license, or provincial ID card)
Secondary identification documents, where applicable (e.g., birth certificate, permanent resident card, citizenship certificate, student or employee status)
Tax residency or taxpayer identification number (TIN) information
Signature(s) 
Social insurance number (SIN)*

*SIN may appear on income documents you provide and is only used to verify your income, assess eligibility, and confirm your identity.  You are not required to provide it, except where the law requires it, such as for tax reporting on income-earning accounts, where applicable. 
Account InformationUser name and password
Credit Assessment Information and Property InformationCredit reports and credit or Beacon scores
Debts and financial liabilities
Bankruptcy, consumer proposals, or discharge records (if applicable)
Institution where your primary account is held and bank account information
Income and employment details (e.g., paystubs, job confirmation letter, income verification, income sources, annual income)
Insurance information (e.g., property insurance binder, proof of coverage, insurer name, and policy number)
Financial statements and net worth information
Down payment documentation
Investments and related financial assets
Property details for financing (e.g., address, ownership, or purchase information)
Residential situation (e.g., rent, own, live with parents)
Mortgage statements and property tax records
Appraisals, rent rolls, and leases (if applicable)
Operating and property-level financial statements
Legal and security documents related to the property
Service InformationMortgage and transaction details (e.g., mortgage amount, down payment, application, funding, and servicing records)
Property intent and occupancy information (e.g., whether the property will be owner-occupied)
Compliance, verification, and screening results
Budget, appraisal, and project-level financial information
Investor, vendor, and broker information
Authorization and consent records
Client Communications InformationRecorded calls
Emails, forms, and written correspondence related to services
Messages and their content
Questions, comments, opinions, and evaluations
Complaints or feedback shared with us
Career InformationName and contact details (e.g., phone number)
Resume or CV
Cover letter
Language proficiency
Background and criminal check results (where applicable)
Reference contact information
Interview notes or assessment results
Income source and verification documents
Professional or corporate affiliations (if applicable)
Any other information you voluntarily include in your job application
Technical InformationInternet protocol (IP) address
Geolocation information
Cookies and other technology on the devices you use to access our websites
Internet Activity InformationWebsite usage and analytics data (e.g., Smartlook or similar tools)
Device identifiers or browser fingerprints (e.g., unique device ID, operating system, browser type/version)
Browsing history and behavior
Date, time, and frequency of your visits to our websites
Pages or sections of our websites that you view
Duration of your visits and number of return visits
Websites visited before or after visiting our own
Click-stream data and interactions with our websites or online advertisements
Search history and on-site interactions

Some of the information we collect may be considered sensitive, such as financial details or credit history. We collect it only when it’s necessary to perform a contract with you, when required by law, or when you have given us explicit consent.

How and Why We Collect Your Personal Information

While we offer brokerage, loan, and mortgage services, we’re not a financial institution. To provide these services, we need to collect standard mortgage details such as credit, property, and service information.

  • For brokerage services: we act as an intermediary and collect the personal information needed to connect you with suitable lenders and facilitate your mortgage application. 
  • For loan and mortgage services: we use this information to verify your application and manage your mortgage. If you’re a co-borrower, we’ll also need their information.

Calls with our customer-facing teams are recorded for training and quality purposes. If you share someone else’s personal information, you confirm that you’ve obtained their consent for us to use it as outlined in this policy.

We process your personal information only when we have a legal basis to do so, such as to perform a contract with you, with your consent, or when permitted by law.

When you use our services, we collect personal information in two ways: what you voluntarily share with us and information collected automatically. Most of the personal information we hold is received from you. We may also obtain additional details from credit reporting agencies and other authorized third parties.

Data You Voluntarily Provide Us:  

When you create and we manage your account

In this case, we collect the following types of personal information: Identification and Contact Information, Account Information and Client Communications Information.

When we collect it: 

  • When you create an account or profile on our website, manage your preferences, or sign up for our newsletter.
    • Examples: Creating and managing your profile, verifying identity for login, saving preferences, providing a faster or more personalized experience.

When you request or use our financial services

In this case, we collect the following types of personal information: Identification and Contact Information, Account Information, Credit Assessment Information and Property Information, Service Information and Client Communications Information.

When we collect it: 

  • When you request our brokerage, loan, or mortgage services.
    • Examples: Completing applications, requesting quotes or pre-approval letters, or uploading supporting documents.
  • When we verify your identity, eligibility, or qualifications for a mortgage or financial product.
    • Examples: Checking identification, confirming eligibility, validating application information, evaluating the credit risk.
  • When we collect and review documents required to support your application
    • Examples: Collecting proof of income, employment, down payment, or property details.
  • When we assess your creditworthiness, financial capacity, or risk profile.
    • Examples: Performing credit checks, underwriting, and funding reviews
  • When we process or fund your mortgage or loan.
    • Examples: Validating payment details, confirming bank information, instructing your file to a notary.
  • When we seek to understand your financial needs and identify financial products or related services that may be suitable for you, and to offer those to you directly or through organizations with which we have strategic alliances.
    • Examples: Conducting financial assessments, analyzing goals and preferences, and presenting mortgage or related product options (either from us or through our trusted partners) to help meet your needs.
  • When we share limited information with insurers or investors.
    • Examples: Sharing information for mortgage insurance, risk assessment, audit, or funding requirements.

When we perform regulatory, risk, or compliance activities

In this case, we collect the following types of personal information: All categories of information.

When we collect it: 

  • When we conduct checks to verify customer identities, detect fraud, and comply with anti–money laundering laws.
    • Examples: Ensuring accuracy, quality assurance, and regulatory compliance
  • When we monitor or audit transactions or underwriting activities.
    • Examples: Processing outstanding balances or missed payments.
  • When we need to collect or recover payments owed to us.
    • Examples: Processing outstanding balances or missed payments.
  • When we investigate potential breaches or legal issues.
    • Examples: Investigating suspected fraud or violations of our Terms of Service or this policy.

When we improve and personalize our services

In this case, we collect the following types of personal information: Identification and Contact Information, Account Information, Credit Assessment Information and Property Information, Service Information, Client Communications Information, Technical Information, Internet Activity Information.

When we collect it: 

  • When you interact with our marketing materials or promotional offers
    • Examples: Participating in contests, campaigns, or receiving personalized advertisements.
  • When we seek to understand your needs and interests.
    • Examples: Conducting surveys or analytics to improve services and communications.
  • When we use your information to make investment, lending, or credit decisions.
    • Examples: Assessing project viability, borrower strength, or market analysis.

When you communicate or interact with us

In this case, we collect the following types of personal information: All categories of information.

When we collect it: 

  • When you interact with our marketing materials or promotional offers.
    • Examples: Participating in contests, campaigns, or receiving personalized advertisements.
  • When you communicate with us by phone, email, or online chat.
    • Examples: Providing customer support and responding to inquiries.
  • When you schedule a meeting with a representative or advisor.
    • Examples: Coordinating appointments and follow-ups.
  • When you submit a complaint.
    • Examples: Managing customer feedback and issue resolution.
  • When you interact with digital content on our websites.
    • Examples: Submitting forms, using calculators, or browsing product pages.
  • When you participate in a contest or survey.
    • Examples: Engaging in promotional or research activities.
  • When you post comments or reviews on our websites.
    • Examples: Publishing your input on our online platforms.
  • When you allow us to access your information from third-party websites.*
    • Examples: Linking your account to social media or third-party tools.

* In this last case, you allow us to collect information based on your settings and in accordance with the privacy policies of those third-party services. It is your responsibility to control your settings and to read and understand those policies.

When you apply for a job

In this case, we collect the following types of personal information: Identification and Contact Information, Career Information and Technical Information.

When we collect it: 

  • When you apply for a job opening or submit career information.
    • Examples: Providing your resume, cover letter, and other application materials for recruitment purposes.

Data We Collect Automatically:  

When you interact with our websites, we automatically collect technical and internet activity information about your device, browsing actions, and usage patterns. This information is collected through cookies, pixels, server logs, and other similar technologies. We may also receive this information if you visit other websites that use our cookies. For more details on how we use cookies and similar technologies, please refer to our ‘Cookie Policy’ below.

Cookie Policy

This policy explains how nesto uses cookies and similar technologies on our websites. 

This policy applies only to our websites and digital platforms. When you leave our site or interact with third-party content, their own cookie and privacy policies apply.

What Are Cookies

Cookies are small text files saved to your computer when you visit our websites. We use them to:

  • Show you personalized content and ads
  • Track how our site is used
  • Improve our services

Third-Party Cookies

We also use third-party cookies from services like Google Analytics for site analysis (such as gathering details about user interests). You can opt out of Google Analytics tracking by installing their opt-out browser add-on. For full details on Google’s privacy practices, see the Google Privacy & Terms web page.

Third-party cookies may also be placed by our advertising or analytics partners, who are responsible for how they use that data. We encourage you to review their respective cookie and privacy policies to learn more about their practices.

Interest-Based Advertising

We also use interest-based advertising (also called targeted or behavioral advertising) on our websites. We employ tracking tools (like cookies from services such as Bing, Snapchat, LinkedIn, and X) to personalize the ads you see based on your online browsing behavior. You might see one of our ads on another website or platform even after you have left ours. You can opt out by managing the cookies and tracking technologies in your browser settings.

Social Media Plugins

We use social media plugins to connect with platforms like Facebook and X through cookies. Because these buttons are on our site, your information might be automatically shared with that social media platform, even without you clicking. We do not control this sharing. Please check the privacy policy of each social media platform to understand how they use cookies and track your activity.

Smartlook

We use Smartlook, a web analytics tool, to help us improve our websites and offer visitors the best possible experience. Smartlook uses cookies to analyze how people interact with our website during each session. The information collected through these cookies, along with other visit data, may be stored and processed by Smartlook and shared with us in reports. Smartlook only records your IP address, which is automatically deleted within 30 days. You can opt out of this data collection at any time by visiting Smartlook’s opt-out page. For more details, please review Smartlook’s privacy policy.

Managing cookies

Some cookies are essential for our websites to function properly (for example, to keep you logged in or remember your language preferences). Others are optional and used for analytics or advertising purposes. You can choose to accept all, some, or none of these cookies at any time.

You can manage your cookie preferences through your browser settings, where you can accept, decline, or delete cookies already stored on your device. If you clear your browsing data or block cookies, your preferences may be reset, and certain website features may not function as intended.

To Whom We Disclose Your Personal Information

We may share your personal information in the following circumstances and for the purposes outlined in this policy:

  • with our affiliates in order to provide you with the requested products or services or understand your financial needs better.
  • with our employees, when there is a legitimate business need for them to use this information to provide you with the requested products and services.
  • with our service providers who support our operations, including e-commerce, mortgage servicing or administration, hosting, data storage and processing, and marketing (including social media) providers, as well as those who help us analyze the profiles and characteristics of our website visitors, service users and job applicants through research and analytics.
  • with financial institutions and approved lenders, in order to provide you with the services.
  • with credit-rating agencies (such as Equifax and TransUnion), in order to assess your application and provide the services.
  • with our promotional partners for any marketing activities such as contests and other promotions.
  • with law enforcement, regulators, or other authorized third parties to comply with legal obligations, respond to investigations, subpoenas, or court orders, investigate fraud or legal violations, or protect the rights, property, and safety of nesto, our users, and partners.
  • with an acquiring organization in connection with a proposed or actual merger, acquisition, financing, liquidation, or other business transaction involving nesto or its assets.
  • with referral partners (with your express consent) who can assist in meeting your mortgage needs if we are unable to do so.

When we share your personal information with trusted partners, we require them to protect it and use it only for the purposes we’ve agreed upon. They are not allowed to share it further or use it for their own marketing, except for our advertising partners who help us promote our services.

Where We Store and Transfer Your Personal Information

Your personal information may be transferred, stored, or processed in jurisdictions outside your place of residence, including on servers located across Canada and in the United States. In these cases, your information may be subject to the laws of those jurisdictions and accessible to their courts, law enforcement, and national security authorities. We take steps to protect your information through contractual and other safeguards, and we comply with our legal and regulatory obligations when making such transfers.

Before transferring information outside of Québec, we conduct assessments required by law and use contractual safeguards to ensure adequate protection.

How We Protect Your Personal Information

We implement physical, technological, and administrative safeguards to protect the integrity of our websites and services, as well as the confidentiality of personal information. These measures are designed to prevent unauthorized access or disclosure, maintain data accuracy, and ensure appropriate data use. We take steps to protect your personal information, but since the Internet is not completely secure, we cannot guarantee that communications or data will always remain private. If a security incident occurs involving your personal information, we will take appropriate steps and notify you in accordance with applicable breach notification laws, where required.

How Long We Keep Your Personal Information

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected or as required to meet legal obligations and in accordance with our retention policies. The retention period varies depending on the nature of the information and may, in some cases, extend beyond the end of your relationship with nesto and its affiliates.

When personal information is no longer needed, we apply appropriate measures to securely delete or anonymize it. In certain cases, we may anonymize your personal information (so it can no longer be linked to you) for research, statistical, or other legitimate purposes. 

What Happens If You Provide Information About Someone Else

As detailed in our Terms of Services, information may be shared between accounts involved in the same transaction. For instance, if you are co-purchasing a property, you can act as the main applicant and add another individual (e.g., your spouse) as a co-applicant to the application. It is crucial that you obtain the necessary consent from your co-purchaser before sharing any of their personal information with us.

How We Handle Personal Information of Children

We do not knowingly collect personal information from children under the age of 14. If you are a parent or guardian and believe your child has provided us with personal information, please contact us using the details below. If we become aware that we have collected personal information from a child without verified parental consent, we will take steps to delete it.

How We Use Automated Decision-Making

We may use automated tools and technologies, such as artificial intelligence (AI), to enhance efficiency, assist with application and credit evaluations, detect fraud, meet legal or regulatory obligations, and manage security or other risks. In some situations, this may involve automated decision-making with limited or no human involvement.

We use these tools responsibly to support fair, accurate decisions and enhance your experience. When required by law, we will inform you if a decision affecting you has been made through a fully automated process. You may contact us to request more information about how the decision was made, to ask for a review by one of our representatives, or to correct any inaccurate personal information used in the process.

What Are Your Rights Regarding Your Personal Information

Subject to certain legal exceptions, you have the following rights regarding the personal information we hold about you:

Your right of access

You may request access to the personal information we hold about you and an overview of how we use it. Upon written request, we will provide a copy of your information, unless legal or privacy restrictions require us to limit or redact certain details to protect the rights of others. If we must limit access, we will explain why. 

Your right to rectification

If your personal information is inaccurate or incomplete, you can ask us to correct it. Updated information may also be shared with third parties to whom it was previously disclosed. You can update details directly in your account profile, and you may adjust cookie data stored on your own device.

Your right to erasure

You may ask us to delete your personal information in certain cases, such as when it is no longer needed for its original purpose. In some cases, we must keep your information for legal or regulatory reasons, such as anti–money laundering (AML) requirements.

Your right to portability

In some situations, you may request a copy of your personal information in a structured, commonly used, and machine-readable format, or ask that we transfer it to another organization.

Your right to withdraw consent

If we rely on your consent to process your information, you may withdraw it at any time. This will not affect processing carried out before withdrawal. However, doing so may limit our ability to provide some services. We will inform you if that occurs. Please note that we may still contact you for important service-related updates, even if you opt out of marketing communications.

Your rights in relation to automated decision-making

When required by law, we will inform you if a decision affecting you has been made through a fully automated process. You may contact us to request more information about how the decision was made, to ask for a review by one of our representatives, or to correct any inaccurate personal information used in the process.

Your right to lodge a complaint

If you are not satisfied with how we handle your personal information, you have the right to lodge a complaint with us or with the appropriate privacy regulator in your jurisdiction.

To learn how to exercise any of these rights, please refer to the ‘How to Contact Us’ section below.

How We Handle Links to Other Websites and Advertising

Our websites may include links to websites or services operated by third parties. These are provided for your convenience, but nesto does not control and is not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party website you visit.

Our websites may also display advertisements or links from third parties that use cookies or similar technologies. Any information collected through those tools is managed by the respective third parties, in accordance with their own privacy policies. We recommend reviewing those policies for more details on how your information may be used.

How We Interact with Social Networks

The use of social networks in connection with nesto’s websites may involve the collection and sharing of certain personal information between nesto and those networks. We encourage you to review the privacy policies of the social networks you use to understand what information may be shared with nesto and how they handle your data, including for advertising purposes. You can manage and adjust your privacy and sharing settings directly within your social network accounts. Please note that nesto is not responsible for how social networks use your information on their own platforms.

When We Make Changes to This Privacy Policy

Please revisit this page periodically to stay aware of any changes to this policy, which we may update from time to time. In this case, we will keep you informed by updating the “Last Updated” date at the top of this Privacy Policy or by any other means of communication where appropriate. 

How to Contact Us

If you have any questions or comments about this policy or how we handle your personal information or if you wish to make a complaint or exercise any of your privacy rights, please contact our Privacy Officer by:

nesto Inc.
2200 Stanley Street
Montreal Québec
H3A 1R6
Attn: nesto Privacy Officer