Identity Verification (KYC) and Anti-Money Laundering (AML) Policy

Effective Date: May 15, 2025

1. Purpose of the Policy

This policy aims to ensure EAPES.COM’s compliance with laws and regulations concerning anti-money laundering (AML) and counter-terrorism financing, as well as identity verification (KYC). It seeks to prevent illegal activities, protect users, and promote transparency within the platform.

Applicable Legal Frameworks:

• Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) in Canada;
• Recommendations of the Financial Action Task Force (FATF) for international operations, where applicable.

2. Scope of Application

This policy applies to any individual or entity that:

• Uses EAPES’s token or NFT staking services via the dApp;
• Accesses yield pools, financial tools, or the marketplace;
• Participates in the DAO (Decentralized Autonomous Organization);
• Engages in events involving fund transfers or financial rewards;
• Must comply with local or international legal obligations.

3. Data Collected for KYC Purposes

For identity verification, EAPES may request:

• Official identification (passport, ID card, driver’s license);
• A selfie or real-time facial verification;
• Proof of residence (recent utility bill, bank statement, etc.);
• For legal entities: business registry and beneficial owner information.

Verification Process:
It would be possible for us to use advanced technologies such as facial recognition, automated document verification, and biometric checks to ensure data reliability.

4. Purposes of Verification

Identity verification serves to:

• Prevent money laundering and terrorist financing;
• Comply with legal obligations in relevant jurisdictions;
• Protect the EAPES ecosystem and its users;
• Meet the requirements of regulated partners (e.g., payment processors).

5. Data Retention and Security

Collected data is:

• Stored on secure servers with AES-256 encryption;
• Accessible only to authorized personnel, protected by two-factor authentication (2FA);
• Retained for the legally required period, then deleted;
• Protected by regular security audits to ensure integrity.

6. Refusal or Failure of Verification

EAPES reserves the right to:

• Refuse access to services in case of non-submission of KYC information;
• Suspend or limit an account if data is suspicious or incomplete;
• Block high-risk users, particularly those linked to sanctions or illegal activities.

7. Information Sharing

KYC data may be shared with:

• Approved third-party verifiers;
• Competent authorities, if required by law;
• No commercial use: Data is neither sold nor shared for marketing purposes.

8. User Rights

In accordance with Canada’s Personal Information Protection and Electronic Documents Act and, where applicable, the GDPR, users may:

• Access their data;
• Rectify inaccurate information;
• Request deletion, subject to legal obligations.

Contact: legal@eapes.com

9. Staff Training

Staff receive ongoing training on:

• KYC/AML compliance standards;
• Data security practices;
• Regulatory developments.

10. Data Breach Management

In the event of a breach:

• Notification to users and authorities within 72 hours;
• Immediate measures to secure data;
• Communication of corrective actions to users.

11. Regular Review

The policy is audited annually and updated to reflect legal and technological changes. Modifications will be notified via the website and email.

12. Accessibility

Available in French and English on EAPES.COM (under "Legal Policies"), with additional versions as needed.

13. Contact

For any questions:

• Email: legal@eapes.com
• Address: EAPES Operations, 1055 Lucien-L’Allier Street, Suite #886, Montreal, QC H3G 3C4, Canada

Response within 30 days.