Anti-Money Laundering (AML) Policy

1. Scope

This policy applies to all uses of the Service, including the public website at [example.com] (the "Website") and any operator-mediated communication channels (email, WhatsApp, Telegram). The Service exchanges Euro (SEPA-denominated) for the following crypto-assets, in both directions: BTC, ETH, LTC, USDT (TRC-20), BNB (BEP-20).

2. Risk-based approach

The Service applies a risk-based approach to anti-money-laundering controls. Risk factors considered include the size of an individual transaction, the frequency of transactions from a single customer, the source country of the SEPA transfer, the chain and address profile of the receiving crypto wallet, and known patterns of high-risk customer behaviour.

3. Customer due diligence

At the current scope of operation, individual transactions are limited to a maximum of €999 per transaction and €999 per customer per rolling 24-hour window. Within these limits, the Service does not currently perform mandatory identity verification at the point of sale.

The Service collects, and retains for not less than five (5) years, the following information for each transaction: - Customer full name (as provided by the customer). - Customer email address. - Optional WhatsApp or Telegram identifier provided by the customer. - Receiving crypto wallet address. - Source IBAN used to fund the SEPA transfer. - A timestamped record of all status transitions and operator notes.

The operator reserves the right to request additional identifying information, or to refuse to process a transaction, where any risk factor in Section 2 is present.

4. Sanctions screening

Before processing any outgoing crypto transfer, the operator performs a manual review of the customer-provided wallet address and the source IBAN against publicly available sanctions and watchlists, including: - The EU consolidated list of persons, groups, and entities subject to financial sanctions. - The OFAC SDN list. - The UK OFSI consolidated list.

Where a positive or near-positive match is identified, the transaction will be refused and refunded (net of any applicable cost-recovery fee defined in the Terms of Service), and the matter recorded internally.

5. Suspicious transaction reporting

The operator records, and may report to the relevant Financial Intelligence Unit ("FIU") in the jurisdiction(s) where the Service is established or where the operator becomes resident for AML reporting purposes, any transaction which the operator has reasonable grounds to suspect is connected with money laundering, the financing of terrorism, or other serious financial crime.

The specific reporting channel will be confirmed by counsel once the operating entity and registered jurisdiction are finalised.

6. Refusal and reversal

The operator may refuse or reverse any transaction where: - The customer-provided information is materially incomplete or inconsistent. - The wallet, IBAN, or customer profile is matched on a sanctions or watchlist. - The transaction pattern indicates layering, structuring, or other recognised money-laundering typologies. - Continuing the transaction would, in the operator's reasonable judgement, expose the operator to material legal or compliance risk.

In each case, the operator will refund the EUR received (less the cost-recovery fee defined in the Terms of Service) to the same source IBAN, within five (5) working days.

7. Record retention

Records described in Section 3 are retained for a minimum of five (5) years from the date of the relevant transaction, in line with EU AMLD record-keeping guidance, even where the Service is not directly subject to EU AMLD.

8. Training and updates

The operator reviews this policy at least annually and updates it in line with changes to applicable law or to the Service's operating posture. The current version of the policy is the version published on this page.

9. Contact

Questions about this policy should be sent to legal@klyroswap.com or via the channels listed on the Contacts page.

Document control (internal): - Pending review and finalisation by qualified counsel. - The published version on launch must replace all [bracketed placeholders] and be signed off by the operating entity's legal counsel.