This policy covers onboarding, monitoring, and off-boarding of natural persons and legal entities interacting with SDA's token lifecycle. We follow applicable EU AML/CFT rules (including the Crypto-Asset Transfer Rule) alongside investor-protection duties where relevant. Local laws may impose additional requirements in certain jurisdictions. This policy is complemented by Section 11 (Prohibited Business Activities) and Section 12 (Sanctions & Restricted Territories), which define risk appetite exclusions.

Who: presale participants and holders during the utility-token phase.

We collect (everyone):
• Self-declaration: PEP status and sanctions screening.
• Wallet checks: proof of ownership (signed message or micro-transaction loopback) for payout/withdrawal addresses.

Tiering during Phase 1:
- Tier A (under €1,000 cumulative, low risk):
  – Wallet and IP identification only.
  – Self-declaration PEP/sanctions status; geofencing for restricted countries.
- Tier B (≥ €1,000 or heightened risk):
  – Photo ID capture + automated liveness/face-match or robust bank-KYC evidence (e.g., SEPA account in same name).
  – Full KYC before further funding, voting, withdrawals or profit-sharing; apply EDD where flags exist.

Individuals
• Government ID (passport/ID card/driver's license) + liveness/face-match; second document if needed
• Proof of address (≤3 months): utility bill, bank/credit statement, government letter
• Sanctions/PEP/adverse media cleared; PEPs require senior approval (EDD)
• Purpose & intended use; expected activity profile
• Source of Funds (SoF) for the transaction; Source of Wealth (SoW) where size/risk warrants
• Ongoing monitoring and periodic refresh

Entities (KYB)
• Legal name, registration number, registered address, formation documents/registry extract; LEI where available
• Ownership & control: identify UBOs ≥25% or effective control; Full KYC on UBOs and directors/signatories
• Business profile, licenses (if applicable), expected activity
• SoF/SoW at entity and UBO levels as appropriate
• Sanctions/PEP/adverse media at entity/UBO/director levels; ongoing monitoring

Who: clients converting to, receiving, or transacting SDA's regulated security-token and any equity-linked rights.

Required before Phase 2 access:
• Full KYC/KYB: completion and approval
• Refreshed screening: sanctions/PEP
• Investor categorization: retail vs. professional; record appropriateness/suitability questionnaires
• SoF/SoW evidence: aligned to transaction size/risk and distribution flows
• Travel Rule: readiness for any on/off-ramp crypto movements; self-hosted wallets > €1,000 require ownership proof

We collect and transmit required originator/beneficiary data for external crypto-asset transfers.
For CASP-to-CASP transfers, we exchange data using industry-standard messaging.
For self-hosted wallets, we apply ownership-proof procedures; above €1,000, we verify control (message-sign or loopback transaction).
Transfers lacking minimum data or with unresolved red flags are rejected or held pending review.

We score risk across customer, geography, product, delivery channel, and behavior. EDD applies to: PEPs, high-risk jurisdictions/sectors, unusual velocity/structuring. EDD measures may include senior-management approval, stricter SoF/SoW, lower limits, or refusal/exit. Customers engaged in Prohibited Activities (Section 11) are not eligible for onboarding or continued servicing.

ID: passport; national ID; driver's license (where accepted).
Address: bank/credit statement, utility bill, government letter, lease/tenancy (with authority contact), property tax.
SoF/SoW (examples): pay slips, employment contract, audited statements, tax returns, company sale docs, property sale docs, inheritance/probate, exchange withdrawal history with bank trails, etc.

We store only data needed for AML/CTF, onboarding, servicing, and legal obligations.
KYC and transactional records are retained for the legally required period and then deleted or anonymized.
You may exercise privacy rights via privacy@sdafintech.com (subject to AML retention exemptions).

We maintain reproducible records of who was identified, how, and when, including screening results, SoF/SoW evidence, investor categorization (Phase 2), and Travel Rule data exchanges.

To comply with applicable AML/CTF, sanctions, and financial-services regulations, SDA prohibits any use of the SDA Token or participation in the SDA Token Sale by, or on behalf of, persons or entities engaged in the businesses or activities listed below (together, the "Prohibited Activities"). SDA may refuse onboarding, block transactions, suspend or exit relationships, and make regulatory filings where required. This list is illustrative, not exhaustive.

Privacy-Enhancing Technologies

• Development, promotion, or facilitation of privacy coins, mixers, tumblers, or other technologies designed to obfuscate transaction trails or enhance financial anonymity beyond standard cryptocurrency features.

Gambling and Betting

• Online or offline gambling, betting, gaming, or lottery services (including prediction markets, fantasy sports, and casino operations).

Adult Content and Pornography

• Production, distribution, or facilitation of pornographic content, escort services, or other adult entertainment.

Weapons and Military Trade

• Sale, manufacture, or distribution of firearms, ammunition, military equipment, dual-use goods subject to export controls, or other weapons.

Drugs and Controlled Substances

• Sale, distribution, or facilitation of illegal drugs, controlled substances, or pharmaceutical products without proper authorization.

Human Exploitation and Trafficking

• Activities involving forced labor, human trafficking, child exploitation, or modern slavery.

Other Illegal or High-Risk Activities

• Any activity that is unlawful in the jurisdiction where it is carried out, or that in SDA's sole discretion presents unacceptable AML/CTF, sanctions, or reputational risk.

SDA complies with sanctions regimes administered by the United Nations, United States (OFAC), European Union, and United Kingdom, and applies a risk-based approach to high-risk jurisdictions identified by FATF.

Scope & Data Sources

• Screening at onboarding and on an ongoing basis against UN/OFAC/EU/UK lists (individuals, entities, vessels).
• Jurisdictional risk based on FATF lists (High-Risk Jurisdictions subject to a Call for Action; Jurisdictions under Increased Monitoring) and SDA's risk appetite.
• Geolocation controls (IP/device), payment-rail risk flags, and wallet provenance checks.

Controls

• Prohibited: customers located in, organized in, or ordinarily resident in comprehensively sanctioned countries; transactions that would breach sanctions.
• Restricted: targeted sanctions (e.g., SDNs/asset freezes) — block, report, and do not onboard/service.
• High-risk jurisdictions (FATF grey list): apply enhanced due diligence, lower limits, or decline per risk appetite.
• Escalation: Compliance approval for any edge case; licenses/authorizations documented where applicable.

Enforcement & Record-Keeping

We may refuse onboarding, block or exit relationships, freeze assets/transfers where required, and make required regulatory filings. Screening results and decisions are recorded per Record-Keeping.

Questions or escalations:

Sustainable Digital Assets Inc.
Corporation Number: C 61288
LEI: 89450058XEES8WCSCQ03
Huggins House
P.O. Box 187
Old Manor Estate
Gingerland, Nevis
Compliance: compliance@sdafintech.com

v1.1 — 22 Aug 2025: Added Prohibited Business Activities section; expanded Sanctions & Restricted Territories controls.
v1.0 — 18 Aug 2025: Initial publication; Phase 1/Phase 2 split; Travel Rule procedures; investor categorization for Phase 2.