Legal

AML & KYC Policy

Last updated: 6 July 2026

BitVault Europe S.A. LTD. (“BitVault”, “we”, “us”, or “our”) is committed to the prevention, deterrence, detection, and reporting of money laundering, terrorist financing, sanctions evasion, and other forms of financial crime, and to the maintenance of a control environment commensurate with the nature, scale, and complexity of its activities. This Anti-Money-Laundering and Know-Your-Customer Policy (the “Policy”), as may be amended, restated, supplemented, or otherwise modified from time to time, summarises, in general and non-exhaustive terms, the framework maintained by BitVault for such purposes, which framework is designed to align with the European Union’s anti-money-laundering directives and regulations, as amended and supplemented from time to time, and with applicable Austrian law. This Policy is a summary furnished for informational purposes; it does not confer rights on any person, and the internal procedures, thresholds, and criteria applied by BitVault, which may be more extensive than those described herein, are confidential and subject to change without notice.

1. Risk-Based Approach

BitVault applies a risk-based approach pursuant to which the nature, timing, and extent of the measures applied to any customer, transaction, or relationship are calibrated by reference to such risk factors, indicators, and assessments as BitVault considers relevant from time to time, including factors relating to customer type, geography, product, channel, and behaviour. BitVault may adjust its risk appetite, methodologies, and control measures at any time, and no inference should be drawn from the application or non-application of any particular measure in any particular case.

2. Customer Due Diligence

Prior to the establishment of a business relationship, upon the occurrence of specified trigger events, and otherwise as BitVault may determine, customers are subject to identification and verification procedures of a multi-step character, which may include, without limitation, the collection and verification of name, date of birth, residential address, contact particulars, government-issued identification, banking details, and, where considered relevant, information concerning the source of funds or wealth, together with such further information or documentation as BitVault may request from time to time. The extent of the access afforded to any customer may be conditioned upon the satisfactory completion of such procedures.

3. Enhanced Due Diligence

Enhanced measures, of such nature and extent as BitVault considers appropriate, are applied in circumstances presenting elevated risk, including, without limitation, in respect of customers identified as politically exposed persons, their family members and known close associates, and relationships or transactions connected with higher-risk jurisdictions or exhibiting other higher-risk characteristics.

4. Ongoing Monitoring

Business relationships and account activity are monitored on an ongoing, risk-sensitive basis, with a view to identifying activity that is unusual, inconsistent with the known profile of the customer, or otherwise indicative of potential financial crime. Such monitoring may employ transaction analytics, distributed-ledger analysis, and such other tools and techniques as BitVault considers appropriate, and may result in requests for further information, delay in processing, or such other measures as the circumstances may warrant.

5. Sanctions & Prohibited Jurisdictions

Customers, counterparties, and transactions are screened against the sanctions and restrictive-measures lists maintained by the European Union, the United Nations, and such other authorities as BitVault considers applicable, at onboarding and on an ongoing basis. BitVault does not knowingly establish or maintain relationships with, or process transactions for the benefit of, any person subject to applicable sanctions, or any person located in, ordinarily resident in, or otherwise relevantly connected with a jurisdiction in respect of which BitVault has determined not to provide the Services.

6. Reporting of Suspicion

Where circumstances arise which give grounds for knowledge or suspicion, or reasonable grounds for suspicion, of money laundering, terrorist financing, or related conduct, reports are made to the Austrian Financial Intelligence Unit and, where applicable, to other competent authorities, in accordance with applicable law, and BitVault cooperates with such authorities as required. You are advised that applicable law prohibits the disclosure to a customer or to any third party of the fact that such a report has been, may be, or is being considered to be made (commonly referred to as the prohibition on “tipping off”), and BitVault will not make, and shall not be obliged to make, any such disclosure.

7. Freezing, Suspension & Restriction

Without prejudice to any other provision of this Policy or of the Terms of Service, BitVault may, where it considers it necessary or prudent for the purposes described in this Policy or where required by applicable law or by any competent authority, decline, delay, suspend, or reverse any transaction, restrict any functionality, or suspend or terminate any relationship, in each case without notice where the giving of notice would be unlawful or inconsistent with the objectives of this Policy, and without liability to any person for any resulting loss, delay, or inconvenience, to the fullest extent permissible under applicable law.

8. Record Keeping

Identification and verification documentation, transaction records, and related materials are retained for such periods as are required or permitted by applicable law, generally being a period of up to ten (10) years from the termination of the business relationship or the execution of the relevant transaction, or such other period as may be prescribed from time to time. The processing of personal data in this connection is described in our Privacy Policy.

9. Governance & Training

Responsibility for the oversight of BitVault’s anti-financial-crime programme is vested in a designated Money Laundering Reporting Officer. Relevant personnel receive training of appropriate frequency and content, and the programme is subject to periodic review, the scope and frequency of which are determined by reference to the risk profile of the business.

10. Customer Cooperation

You undertake to provide, promptly upon request, such information and documentation as BitVault may require for the purposes described in this Policy, and to ensure that all information provided is and remains true, accurate, current, and complete. A failure to provide requested information or documentation, or the provision of information which is or appears to be false, misleading, or incomplete, may result in delay, restriction of access, suspension, termination, or such other measures as BitVault considers appropriate, without prejudice to any obligation of BitVault under applicable law.

Enquiries of a compliance-related nature may be directed to compliance@bitvaultapp.net.