KYC Policy

We conduct customer due diligence (CDD), sanctions screening, and identity verification to mitigate legal, regulatory, reputational, and operational risk.

Processing is based on legitimate interests in fraud prevention, contract performance, and compliance with applicable anti-money laundering (AML), counter-terrorist financing (CTF), and sanctions laws where they apply to us.

No verification obligation arises from casual website browsing or unsolicited contact form messages.

Full KYC applies to legal entities, beneficial owners, directors, and authorized signatories before execution of a master services agreement (MSA), statement of work (SOW), or grant of production access.

We may apply simplified due diligence for low-risk preparatory discussions; enhanced due diligence (EDD) for high-risk jurisdictions, complex ownership, or elevated technical scope.

aegis21 reserves the right to decline, suspend, or terminate any relationship without stating grounds, except where prohibited by mandatory law.

The client represents and warrants that all information and documents provided are true, complete, current, and not misleading.

The client confirms it is not listed on applicable sanctions lists, is not acting on behalf of a sanctioned person, and will notify aegis21 immediately of any investigation, listing, or material adverse change.

Breach of these representations may constitute an event of default under the governing contract and grounds for immediate termination.

Depending on risk rating: corporate registry extracts, articles of association, ownership chart, Politically Exposed Person (PEP) declarations, source-of-funds or source-of-wealth statements, government-issued ID, proof of address, and technical contact verification.

We process data on a need-to-know basis. We do not sell personal data, engage in automated decision-making with legal effect without notice where required, or transfer KYC data except to bound subprocessors under confidentiality or as compelled by competent authority.

Exchange occurs via mutually agreed end-to-end encrypted channels. Unencrypted email is not an approved channel for identity documents unless explicitly accepted in writing for a single transmission.

Records are protected with encryption at rest and role-based access controls. Internal retention follows documented procedures.

We may rely on reputable third-party verification services; outcomes remain subject to our independent assessment.

The client shall promptly disclose change of control, beneficial ownership, registered address, business activity, or intended use of infrastructure.

Periodic re-verification may be required at renewal, upon scope increase, or when triggered by compliance alerts.

Failure to cooperate with a reasonable refresh request may result in suspension of services without refund of prepaid amounts, to the extent permitted by contract.

Records are retained for the term of the engagement and thereafter for the minimum period required by applicable law, statute of limitations, or internal policy, then deleted or anonymized.

We may disclose information to regulators, courts, or law enforcement when legally compelled by valid subpoena, court order, or mandatory reporting obligation.

Data subjects may exercise rights of access, rectification, erasure, restriction, or objection where applicable law provides — subject to exemptions for legal retention and defense of legal claims.

Verification reduces risk but does not constitute a guarantee of client integrity, legality of use, or future conduct.

To the maximum extent permitted by law, aegis21 disclaims liability for losses arising from reliance on client-supplied information, false documentation, or undisclosed material facts, except where caused by our gross negligence or willful misconduct.

The client agrees to indemnify and hold harmless aegis21 against claims, fines, and reasonable costs arising from the client's breach of this policy or misrepresentation during due diligence.

This policy is incorporated by reference into applicable contracts where stated. In case of conflict, the signed MSA or SOW prevails.

We may amend this policy by publication; material changes apply to new engagements from the effective date shown above.

Questions: secure onboarding channel or site contact form. This policy is governed by the same law and dispute resolution mechanism as the client's active agreement with aegis21, or otherwise the law of aegis21's principal place of business.