Jurisdiction, Regulations, Licensing, and Practices

Crypfine is committed to maintaining a secure, compliant, and transparent environment for its users. Our approach to governance, security, and operational standards reflects our dedication to the trust and safety of the Crypfine community.

Security Policy

Crypfine recognizes and values the contributions of security researchers in improving the safety of our platform. We are dedicated to working with this community to validate and address legitimate vulnerabilities responsibly.

Responsible Disclosure Guidelines

We encourage responsible reporting of vulnerabilities and guarantee a cooperative and safe environment for researchers. Crypfine commits to:

1. Investigating legitimate reports promptly and addressing any validated vulnerabilities swiftly.

2. Refraining from legal action or involving law enforcement against researchers, provided they adhere to the following guidelines:

   • Include comprehensive details of the vulnerability, including the steps to reproduce it and a Proof of Concept (POC).
   • Avoid privacy breaches, data destruction, or service disruptions during the research.
   • Refrain from modifying or accessing data that does not belong to you.
   • Do not engage in data theft or other malicious activities.
   • Allow Crypfine a reasonable time to resolve the issue before disclosing any information publicly.

In case of a suspected security breach affecting your Crypfine account or our platform, you must notify our support team immediately at support@crypfine.com. Please provide timely and accurate updates throughout the investigation. Failure to notify Crypfine promptly may impact the resolution process.

Regulation and Licensing Information

Crypfine operates under strict compliance with global financial regulations and licensing requirements.

• Registration and Compliance: Crypfine is registered as a Money Services Business (MSB) with FinCEN and adheres to the Bank Secrecy Act (BSA). We are actively pursuing money transmitter licenses across various jurisdictions in the United States to ensure comprehensive compliance.

• Consumer Protection: Crypfine is committed to full disclosure of the applicable risks associated with our services, providing our users with transparent and accurate information.

• Global Operations: Crypfine’s licenses enable us to operate across multiple international jurisdictions, ensuring compliance with local laws and regulations.

Audit and Security Programs

Crypfine maintains rigorous internal and external auditing protocols to ensure the safety and reliability of its operations:

1. Anti-Money Laundering (AML): Annual reviews of our AML policies, procedures, and controls are conducted in alignment with the Office of Foreign Assets Control (OFAC).
2. Digital Asset Custody: Regular assessments by independent agencies validate the security of our digital asset custody systems, focusing on key controls and risk mitigation.
3. Penetration Testing: Independent vendors perform annual penetration tests to evaluate the robustness of our security measures.
4. Vulnerability Scans: Regular system vulnerability scans are conducted quarterly or more frequently as needed to proactively address potential threats.
5. Key Control Reviews: Crypfine conducts periodic key control tests to monitor the effectiveness of oversight mechanisms for critical internal processes.

Crypfine is steadfast in its commitment to providing a secure and compliant platform for all users, fostering confidence and reliability across our ecosystem.