crypt.pe — AML and KYC Notice

Effective Date: 30 May 2026 Operator: HACKASTRA INFOSEC L.L.C-FZ

This notice explains our position on anti-money-laundering (AML) and know-your-customer (KYC) practices. It is written deliberately so that you, the user, understand both what we do and what we do not do.

1. Our position in one paragraph

crypt.pe is a non-custodial software product. We do not hold funds, do not move funds, do not act as a money-transmitter, and are not classified as a regulated financial institution or virtual asset service provider (VASP) under the regimes of our jurisdiction or, to the best of our knowledge, under FATF guidance. We do not currently perform KYC or customer due diligence (CDD) on our users, because the regulatory framework applicable to our activity does not require it. This may change as our product or applicable law evolves; if it does, we will give affected users reasonable notice.

2. What this means in practice

• We do not verify your legal identity, ask for government-issued ID, photographs, proof of address, source-of-wealth documentation, or beneficial-ownership information at sign-up.
• We do not screen each individual cryptocurrency transaction against sanctions lists in real time.
• We do not issue tax statements (e.g., 1099, P60, AIS) on behalf of users; that is your responsibility in your jurisdiction.
• We do not report transactions to financial-intelligence units except where compelled by valid legal process in our jurisdiction.

3. What we expressly do not permit

Even though we do not perform KYC, using the Service for any of the following is strictly prohibited:

• Money laundering — using the Service to layer, integrate, or otherwise disguise the source of unlawful proceeds.
• Terrorist financing — receiving or facilitating payments for, or on behalf of, organisations or individuals designated as terrorists by your jurisdiction or by competent international bodies.
• Sanctions evasion — receiving payments from, or sending payments on behalf of, individuals, entities, or jurisdictions subject to sanctions imposed by the United Nations, the European Union, the United Kingdom, the United States (including OFAC SDN), or the United Arab Emirates.
• Fraud, theft, extortion, ransomware, or any other criminal activity under the laws of your jurisdiction or ours.
• Receiving payments for goods or services that are illegal in either your jurisdiction or in the United Arab Emirates.
• Operating an unlicensed money-services business, unregistered exchange, or unauthorised securities offering through crypt.pe links.
• Mixing, tumbling, chain-hopping, or laundering services, or any activity primarily designed to obfuscate the origin of cryptocurrency.

By using the Service you confirm that none of your activity falls within any of the categories above.

4. Our rights — including the right to suspend

We reserve the right, in our sole reasonable discretion and without prior notice, to:

• suspend or terminate any account that we reasonably suspect is being used for any prohibited activity listed in Section 3;
• disable profile pages, API keys, and webhook deliveries;
• block specific wallet addresses from being added to user accounts (for example, addresses that appear on public sanctions lists or are flagged as belonging to known illicit-finance clusters by reputable on-chain analytics providers);
• report suspected illicit activity to the competent authorities of the United Arab Emirates or other relevant jurisdictions where we are legally compelled or reasonably believe it is appropriate to do so;
• preserve and disclose account records and on-chain data in response to a lawful order from a court, regulator, or law-enforcement agency with jurisdiction over us;
• cooperate with on-chain analytics partners, law-enforcement, and victims of theft in the lawful tracing of funds, recognising at all times that we do not have custody and cannot freeze or return funds.

Because the Service is non-custodial, account suspension prevents future use of the Service but does not affect cryptocurrency already received on-chain. We have no ability to freeze, return, or seize funds.

5. Sender-side responsibility

When you accept a payment through crypt.pe, you are accepting it directly from the sender's wallet, on-chain, without our involvement in the flow of funds. The sender's identity, the source of their funds, and the legality of their transaction in their own jurisdiction are matters between the sender and the authorities that apply to them.

If you are operating a business at scale and accept payments from many counterparties, you should evaluate whether you have independent KYC/AML obligations under the laws applicable to you. The Service does not perform that function for you.

6. Future changes

The Company actively monitors regulatory developments, including:

• the UAE VARA Virtual Assets and Related Activities Regulations;
• FATF Travel Rule guidance for virtual assets;
• EU MiCA implementation in the European Union;
• equivalent rules in other major jurisdictions.

If our activity becomes regulated such that KYC or other compliance steps are required, we will:

1. update this Notice;
2. notify affected users with reasonable advance notice;
3. introduce the minimum necessary identity-verification flow; and
4. continue to remain non-custodial.

7. Reporting suspected abuse

If you believe an account on crypt.pe is being used for any of the prohibited activities listed in Section 3, please report it to us at legal@crypt.pe with the subject "abuse report" and any supporting information. We treat such reports seriously and confidentially.

8. Governing law

This Notice is governed by the laws of the United Arab Emirates, as applicable to entities licensed in the free zone of registration of HACKASTRA INFOSEC L.L.C-FZ.

9. Contact

legal@crypt.pe

© 30 May 2026 HACKASTRA INFOSEC L.L.C-FZ — operator of crypt.pe.