Compliance

Compliance & KYC Policy

Last Updated: 10 March 2025
Status: Website‑posted policy (not separately signed)

---

1. Purpose

This Policy sets out TechTomize’s risk‑based Know Your Customer (KYC) requirements and procedures. It supports the prevention of fraud, money‑laundering, terrorist financing, human trafficking and other unlawful activity and forms part of our compliance framework together with the General Terms of Service, Acceptable Use Policy (AUP), Privacy, Data Collection & Data Protection Policy and Abuse Reporting & Handling Policy (collectively, the Website Policies).

---

2. Scope & Applicability

2.1 Who is covered. This Policy applies to all Customers (individuals and legal entities) and, where relevant, their authorized users, directors, officers, and ultimate beneficial owners (UBOs).
2.2 When it applies. KYC is not requested in every case; however, TechTomize may request KYC at any time in accordance with Section 4.
2.3 No access to hosted data. TechTomize does not access or collect Customer Content hosted on dedicated servers for KYC purposes. KYC materials are collected and processed separately from hosted data.

---

3. Definitions

• Customer: The contracting party using the Services.
• KYC: Identity verification and due‑diligence measures undertaken to validate the identity and legitimacy of a Customer.
• UBO: Natural person(s) who ultimately owns or controls a legal entity.
• Business Day: Any day other than a weekend or public holiday in our primary support time zone.

---

4. Risk‑Based Triggers for KYC

TechTomize may require KYC, at its reasonable discretion, including where:

• there are indicators of fraud or abuse (e.g., chargebacks, payment irregularities, substantiated abuse reports);
• orders originate from higher‑risk geographies, anonymization services, or proxy networks;
• requests involve sensitive resources (e.g., large IP allocations, high bandwidth, unusual configurations);
• there are material account changes (ownership/control, contacts, payment methods, legal name);
• periodic re‑verification or sample‑based reviews are conducted; or
• required to comply with law, lawful process, or sanctions/export controls.

---

5. KYC Requirements — Individuals

TechTomize may request one or more of the following (subject to risk and jurisdiction):

1. Government‑issued photo ID (passport, national ID, or driver’s license; front and back where applicable).
2. Selfie/liveness check (image/video) to match the individual to the ID.
3. Proof of address (issued within 3 months): utility bill; bank/credit card statement with sensitive data redacted; government letter; or tenancy agreement showing full name and address.
4. Proof of payment: screenshot or statement extract showing payer name, merchant, date and amount (mask card numbers except the last 4 digits; do not send CVV/CVC).

---

6. KYC Requirements — Legal Entities (Corporate)

For companies and other legal entities, TechTomize may request:

1. Certificate of incorporation/formation and a recent company registry extract (≤ 3 months).
2. Directors and authorized signatories register or equivalent.
3. UBO details: names and ownership percentages; KYC for each UBO and authorized signatory (ID + proof of address).
4. Proof of business address (lease/utility/bank statement with address, ≤ 3 months).
5. Tax/VAT ID and, where available, LEI or equivalent.
6. Authority to act (board resolution or power of attorney).
7. Proof of payment from a corporate account or card in the entity’s name (sensitive data masked).

---

7. Submission Method & Security

7.1 Designated channel. Submit KYC only via TechTomize’s secure upload link/portal (when provided) or by encrypted email to [email protected]. TechTomize can provide PGP details or a one‑time upload link on request.
7.2 Accepted formats. To protect privacy (including GDPR) and reduce malware/IP‑tracking risk, we accept .png or .jpg/.jpeg image files only. Please do not send PDFs, archives, or office documents.
7.3 Redaction. Redact information that is not required (e.g., mask card numbers except last 4).
7.4 No cloud links. Do not send expiring or access‑controlled cloud links unless expressly approved by our compliance team.

---

8. Review Process & Timelines

8.1 Acknowledgement. TechTomize acknowledges receipt within 1 Business Day of a complete submission.
8.2 Review. Typical review time is 1–2 Business Days from complete submission; complex cases may require more time.
8.3 Additional information. TechTomize may request clarifications or additional documents where necessary to complete verification.

8.4 Reminder cadence. If KYC has not been received within 24 hours of the initial request, TechTomize sends a second reminder to the Customer’s registered contacts.

8.5 Submission deadline. Unless a different deadline is expressly stated in the request, the Customer must submit the requested KYC within 48 hours of the initial request. Failure to do so may result in enforcement under Section 10 (Failure to Comply).

---

9. Outcomes

Upon review, TechTomize will notify the Customer of one of the following:

• Approved – verification completed; normal provisioning/continuation of Services.
• Information required – specified items must be supplied by a stated deadline.
• Declined – verification unsuccessful or risk unacceptable (a general reason will be provided where lawful and appropriate).

---

10. Failure to Comply

If the Customer fails to submit the requested KYC within 48 hours of the initial request (or by any later deadline expressly stated by TechTomize), and after a reminder sent within 24 hours of the initial request, or if documents appear forged, altered, or unverifiable, TechTomize may, at its sole discretion: (a) delay or decline an order or any change/upgrade; (b) suspend or terminate Services (in whole or in part); (c) apply technical restrictions (e.g., IP null‑routing, port blocks, traffic shaping); and/or (d) notify or cooperate with competent authorities where required by law.

---

11. Data Protection & Retention

11.1 Lawful basis. KYC data is processed under legal obligation, legitimate interests (fraud prevention, network security), and/or contract necessity.
11.2 Separation from hosted data. KYC data is processed and stored separately from Customer Content; TechTomize has no routine access to hosted data.
11.3 Minimisation & security. We request the minimum data necessary and secure it using encryption and least‑privilege access limited to authorized compliance personnel.
11.4 Retention & Deletion on Termination. Upon termination or account closure, the Customer may request deletion of submitted KYC materials. Subject to applicable law and legal retention obligations, TechTomize will delete KYC materials within 7 days of a verified request. Where a longer period is required by law, TechTomize will retain only the minimum necessary records for 5 years after account closure or the last relevant transaction and then securely delete them.

11.5 Data subject rights. Subject to applicable law and exemptions, Customers may exercise access, correction, and deletion rights as described in the Privacy Policy.

---

12. Re‑Verification & Ongoing Monitoring

TechTomize may request re‑verification where ownership or control changes, payment methods change, suspicious activity is detected, risk profile changes, or as part of periodic reviews.

---

13. Prohibited Use & High‑Risk Activities

TechTomize does not knowingly provide Services for: terrorism or violent extremism; human trafficking or exploitation; child sexual abuse material (CSAM); large‑scale malware/botnet operations; or other serious crimes. TechTomize may decline or terminate Services where such risk is present.

---

14. Contact

For KYC matters, contact [email protected]. Law‑enforcement agencies should use the contact channels listed in the Abuse Reporting & Handling Policy.

---

15. Updates to this Policy

We may update this Policy from time to time. Each version is dated on this page. Continued use of the Services after an update constitutes acceptance.