KYC / AML Policy — Smart Scalping Life

(KNOW-YOUR-CUSTOMER & ANTI-MONEY-LAUNDERING)

Smart Scalping Life (scalping.life) Last updated: 1 May 2026 Effective from: 1 May 2026

Preamble

This KYC/AML Policy (the "Policy") describes the customer-identification and anti-money-laundering procedures applied on the Smart Scalping Life platform (the "Platform").

This document is an integral part of the Terms of Use and is aimed at:

anti-money-laundering (AML);
counter-terrorism financing (CTF);
compliance with sanctions regimes of the EU, UK, US, UN and other applicable regimes;
fulfilment of contractual obligations to the Platform's partners.

The Platform applies the FATF principles and the standards of the EU 5th and 6th AMLD on a voluntary basis, having regard to the unregulated status of the Operator.

1. The Platform's approach to KYC

1.1. Registration without KYC

(a) Creation of an Account through Google OAuth does not require KYC; (b) Marketplace purchases do not require KYC; (c) Pro / Titan Subscriptions do not require KYC; (d) Registration for and payment of a Challenge does not require KYC.

1.2. KYC at the Payout stage — mandatory thresholds

KYC becomes mandatory in any of the following circumstances:

(a) a single Payout request in an amount equivalent to USD 1,000 or more (including the equivalent in stable-coins); (b) cumulative Payouts in an amount equivalent to USD 5,000 or more, in any rolling 30-day period; (c) reasonable suspicion of an AML/CTF breach on the basis of internal compliance indicators; (d) a request from a competent law-enforcement, tax or regulatory authority; (e) the participant falls into a higher-risk category (PEP, jurisdictions designated as higher-risk under FATF, sanctions lists); (f) objective need for identification under the AML/CFT law applicable to the participant or the Operator.

Threshold review. The above thresholds may be revised by the Operator in connection with changes to the applicable AML/CFT standards (FATF, AMLD), regulatory requirements, recommendations of the dedicated KYC provider or changes in the risk profile of the Platform's activity. Any change of thresholds:

is brought to the attention of participants by way of publication of an updated version of this Policy;
enters into force fourteen (14) days after publication;
does not apply retroactively to previously approved requests.

1.3. Voluntary advance KYC

A participant may voluntarily complete KYC in advance, in order to:

accelerate processing of the first Payout request;
avoid delays when reaching the relevant threshold;
obtain "verified user" status in the dashboard.

2. Required documents

2.1. Standard KYC (Tier 1)

For most Payouts the following is sufficient:

Document	Requirements
Identification document	One of: international passport, national ID, driving licence, residence permit. Clear colour photograph of both sides. Not expired.
Selfie with the document	The participant's face + the document held + a piece of paper showing the current date and the text "Smart Scalping Life KYC" written by hand.
Proof of address	One of: utility bill, bank/broker statement, tax notice. Not older than three (3) months. In the participant's name.

2.2. Enhanced Due Diligence (EDD, Tier 2)

For higher-risk cases, or larger Payouts (above the prescribed thresholds), the following may be requested in addition:

Source of Funds — a description of the origin of the initial capital used to pay for the Challenge;
Source of Wealth — a general description of the participant's principal activity (employment, business, investments);
Tax identification number (TIN / NIE / NIF / equivalent) — for the purposes of any required reporting;
Confirmation of non-PEP status or disclosure of PEP status;
Video verification (a live Q&A via a secure video channel) — to confirm that the identity matches the documents;
Confirmation of ownership of the crypto-wallet to which the Payout is to be sent (signed message).

2.3. PEP declaration

If you are a Politically Exposed Person — a senior public servant, a politician, a judge, a senior military official, the head of an international organisation, or a close relative or partner of any such person — you are obliged to disclose that status as part of KYC.

Concealment of PEP status constitutes a material breach of the Terms of Use.

3. KYC provider

3.1. The Platform uses a certified KYC provider that meets the applicable AML/CTF and data-protection requirements, in order to:

automatically verify the authenticity of documents;
carry out a liveness check (verification of the live face on the selfie);
screen against sanctions lists and PEP databases;
match the face on the document and the selfie;
detect indicators of forgery on the document.

3.2. The KYC provider acts as a Processor within the meaning of GDPR Art. 28. A Data Processing Agreement (DPA) with the provider has been concluded, or will be concluded before any Processing begins.

3.3. The transmission of data to the KYC provider is described in the Privacy Policy §5.

4. AML monitoring procedure

4.1. Risk-based approach

The Platform applies a risk-based approach:

low risk — standard KYC procedure, minimal monitoring;
medium risk — enhanced KYC, periodic re-verification;
high risk — EDD, continuous monitoring, restrictions on the amount and frequency of Payouts.

4.2. Higher-risk factors

Higher-risk factors include:

(a) residence or citizenship in a jurisdiction on the FATF "grey" or "black" list; (b) PEP status; (c) the use of addresses on high-risk networks / mixers / privacy-coins; (d) a Payout request to a new wallet not previously used; (e) frequent small payments displaying the appearance of structuring (smurfing); (f) inconsistency between the declared profile and trading conduct; (g) accelerated large Payouts shortly after the first Challenge; (h) inconsistency of IP, KYC documents, wallets and time zones.

4.3. Operations monitoring

The Platform uses a combination of automated systems and block-chain analytics to verify:

payment and Payout patterns;
the source and destination of crypto-transactions;
matches with known high-risk addresses (hack/exploit/sanctioned);
consistency between the participant's trading conduct and his or her declared profile.

The specific algorithms, analytics suppliers, thresholds and indicators are internal information of the Operator. Where indicia of suspicious activity are detected, the Account may be placed in manual-review mode, with possible requests for further documentation or temporary restrictions on operations.

4.4. Suspicious Activity Reporting (SAR)

Where suspicious activity is detected, the Platform may:

(a) suspend operations on the Account; (b) request further documentation; (c) report the suspicious activity to the competent authorities, in the manner provided by applicable law; (d) where there is a court order or other lawful requirement, disclose information about the customer without prior notice.

The law of most jurisdictions prohibits notifying the customer of the fact that a SAR has been filed (the "tipping-off" rule).

5. Cryptocurrency operations — special rules

5.1. Accepted cryptocurrencies

USDT (Tether) — BEP-20, ERC-20 networks;
USDC (USD Coin) — BEP-20, ERC-20 networks;
other stable-coins — by separate agreement.

5.2. Not accepted

(a) privacy coins — Monero (XMR), Zcash (ZEC), Dash, others with built-in anonymisation; (b) cryptocurrency from addresses flagged as mixers / tumblers (Tornado Cash, ChipMixer, Wasabi-coordinator addresses, etc.); (c) payments from addresses associated with darknet marketplaces; (d) payments from addresses appearing on the OFAC SDN List or other sanctions lists; (e) payments from addresses associated with known hacks and exploits; (f) payments that exhibit peel-chain, smurfing or layering patterns.

5.3. Travel Rule

In accordance with FATF Recommendation 16 (the Travel Rule), in respect of certain amounts of crypto-asset transfers the following may be required:

identification of the originator and the beneficiary;
transmission of identification information between VASPs (Virtual Asset Service Providers).

The Platform is not a VASP in a strict sense (it does not provide custody, exchange or transfer services for crypto-assets to third parties); however, it cooperates with partners that may request such data.

5.4. Wallet addresses for Payouts

(a) The wallet address to which a Payout is sent must be under the control of the participant (with confirmation by signed message on request); (b) the address must not be on a sanctions list and must not exhibit indicia of high risk; (c) use of a centralised-exchange hot wallet (deposit address of an exchange) is permitted; (d) use of addresses clearly associated with mixers, peel chains or unlawful activity is prohibited.

6. Storage of KYC data

6.1. KYC data is stored:

on the side of the certified KYC provider (encrypted, with restricted administrator access);
on the Platform's side — only metadata and verification status, with documents themselves not being stored on the Platform's own servers wherever possible.

6.2. Retention period:

5 years after the end of the relationship with the participant — standard for AML compliance;
may be extended where there is an open investigation or other lawful requirement.

6.3. Transfer to third parties only in the following cases:

to the KYC provider — for the purposes of processing in connection with identification;
to law-enforcement and supervisory authorities — pursuant to lawful requests;
to the Operator's professional advisers (lawyers, auditors) under NDA;
to partners as part of lawful compliance obligations (e.g. exchanges, where shared risks are identified).

7. Your rights in respect of KYC data

In accordance with the Privacy Policy §9:

right of access to the KYC data collected;
right to rectification of inaccurate data;
right to erasure of the data once the retention periods have elapsed;
right to lodge a complaint with the supervisory authority.

The exercise of rights in respect of AML data may be limited by mandatory rules of law:

where data is subject to mandatory retention under AML legislation, erasure is possible only after the retention periods have elapsed;
where there is an open investigation, erasure is suspended.

8. Refusal of KYC

8.1. Where a participant:

(a) refuses to undergo KYC where there are grounds for the request; (b) provides incomplete or forged documents; (c) does not respond to compliance requests within thirty (30) calendar days;

the Operator may:

refuse to process the Payout request;
withhold funds pending completion of the procedure or termination of the relationship;
initiate an Account-termination procedure under Terms of Use §13.

8.2. Refunds where KYC cannot be completed. Where, for objective reasons, KYC cannot be completed (documents not meeting the requirements, technical difficulties), the Operator may refund only the Entry Fee paid for the Challenge (where applicable), without payment of the accumulated Payout.

9. Compliance Officer

9.1. As at the date of this Policy, the functions of Compliance Officer are performed by the Operator personally. As the legal-entity registration is completed and the activity expands, a separate Compliance Officer will be appointed.

9.2. Contacts:

Email: legal@scalping.life (subject: "KYC" or "Compliance")
Telegram: @artio_ssl

10. Updates to this Policy

10.1. This Policy may be updated in connection with:

changes in international FATF standards;
new sanctions regimes;
changes in applicable law;
expansion of the Operator's activity.

10.2. Material changes are published with notice and take effect after fourteen (14) days.

11. Governing law

11.1. This Policy is governed by the laws of England and Wales. Mandatory rules of the AML legislation of your jurisdiction shall apply to the extent applicable.

12. Contact

Email (KYC / Compliance): legal@scalping.life
Email (general support): support@scalping.life
Telegram: @artio_ssl