1. Introduction and Acceptance

These Terms of Use (“Terms”) constitute a legally binding agreement between you (“User”, “you”, or “your”) and Glacix Finance Solution Ltd, a company incorporated under the laws of the Province of British Columbia, Canada, with its registered office at 112-970 Burrard Street, Office #1678, Vancouver, BC V6Z 2R4, Canada (“Glacix”, “Company”, “we”, “us”, or “our”).

Glacix operates a payment processing and aggregation platform (the “Platform” or “Service”) that facilitates and redirects payment transactions between users, merchants, and third-party payment service providers. The Platform is offered on a pay-per-use basis.

Glacix is a licensed Money Services Business (MSB) registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and operates in compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations.

Glacix may provide certain services in conjunction with its affiliated entities: (a) Glacix Tech Pty Ltd (ABN 36 644 983 595), located at Level 5, 7 Eden Park Dr, Macquarie Park, NSW 2113, Australia (“Australian Entity”), which is registered as a Remittance Service Provider with the Australian Transaction Reports and Analysis Centre (AUSTRAC) under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act); and (b) Glacix Tech Inc., located at 5900 Balcones Drive STE 100, Austin, TX 78731, USA (“US Entity”), which is registered as a Money Services Business (MSB) with the Financial Crimes Enforcement Network (FinCEN) of the United States. Services in Asia and Australia are provided by the Australian Entity. Services in the United States are provided by the US Entity. All other services are provided by Glacix Finance Solution Ltd (Canada). References to “Glacix” in these Terms include the Affiliated Entities where applicable.

By accessing, browsing, or using the Platform, including by registering an account, accessing our APIs, or initiating any transaction through the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms, together with our Privacy Policy, which is incorporated herein by reference. If you do not agree to these Terms, you must immediately cease using the Platform.

If you are using the Platform on behalf of a business, organization, or other legal entity, you represent and warrant that you have the authority to bind such entity to these Terms, in which case “you” and “your” shall refer to such entity.

2. Definitions

“Account” means the account created by a User to access and use the Platform.

“API” means the application programming interface provided by the Platform to enable programmatic access to the Service.

“Applicable Law” means all laws, regulations, rules, orders, and directives applicable to the provision or use of the Service, including but not limited to Canadian federal and provincial laws, anti-money laundering legislation, data protection laws, and the laws of any jurisdiction in which a User is located.

“Fees” means the charges payable by the User for use of the Service, as described in Section 8.

“Payment Provider” means any third-party payment service provider, gateway, acquirer, or financial institution through which the Platform facilitates or redirects transactions.

“Platform” or “Service” means the payment processing and aggregation platform operated by the Company, including the website, APIs, dashboards, documentation, and all related services.

“Transaction” means any payment, transfer, or financial operation facilitated or redirected through the Platform.

“User” means any individual or entity that accesses or uses the Platform, whether as a merchant, developer, business, or consumer.

“User Content” means any data, information, or materials submitted, uploaded, or transmitted by a User through or to the Platform.

3. Eligibility and Registration

3.1 Eligibility Requirements

To use the Platform, you must: (a) be at least 18 years of age or the age of legal majority in your jurisdiction; (b) have the legal capacity and authority to enter into these Terms; (c) not be a person or entity barred from using the Service under any Applicable Law, including but not limited to sanctions administered by the Government of Canada, the United States, the European Union, or the United Nations; and (d) provide accurate, current, and complete registration information.

3.2 Account Registration

To access certain features of the Platform, you must create an Account. You agree to: (a) provide truthful, accurate, and complete information during the registration process; (b) maintain and promptly update your Account information to keep it accurate, current, and complete; (c) maintain the security and confidentiality of your Account credentials, including your API keys; and (d) accept all responsibility for activity that occurs under your Account.

3.3 Know Your Customer (KYC) and Anti-Money Laundering (AML)

As a licensed MSB in Canada, through its Australian Entity as a registered Remittance Service Provider in Australia, and through its US Entity as a registered MSB in the United States, the Company is required to comply with anti-money laundering and counter-terrorism financing legislation, including the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) of Canada, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) of Australia, the Bank Secrecy Act (BSA) of the United States, and any other applicable AML/CTF laws in jurisdictions where the Service is offered. The Company may require you to provide documentation or information to verify your identity, the nature of your business, the source of your funds, and the purpose of your Transactions. This may include, but is not limited to, government-issued identification, proof of address, business registration documents, beneficial ownership information, and source of wealth declarations. You agree to promptly provide any such documentation upon request. Failure to comply may result in the delay, suspension, or termination of your Account and the reporting of suspicious activities to the relevant financial intelligence units, including FINTRAC, AUSTRAC, and FinCEN, as required by law.

4. Description of Service

4.1 Payment Facilitation

The Platform provides payment processing and aggregation services that facilitate and redirect payments between Users and third-party Payment Providers. Glacix does not hold, store, or otherwise take custody of User funds at any time. All funds are processed and settled directly by the relevant Payment Providers in accordance with their own terms and conditions.

4.2 No Custodial Services

Glacix is a licensed Money Services Business (MSB) in Canada, operates through its Australian Entity which is a registered Remittance Service Provider in Australia, and operates through its US Entity which is a registered MSB in the United States. Notwithstanding such registrations, the Platform acts primarily as a technical intermediary that facilitates and routes payment instructions to the appropriate Payment Provider. Glacix does not act as a bank or deposit-taking institution and does not hold User funds in custody beyond what is strictly necessary to complete the processing or routing of a Transaction. Glacix does not guarantee the completion, settlement, or timing of any Transaction.

4.3 Third-Party Payment Providers

Transactions processed through the Platform are subject to the terms, conditions, and policies of the relevant third-party Payment Providers. Users acknowledge and agree that: (a) the Company is not a party to the contractual relationship between the User and any Payment Provider; (b) the Company is not responsible for any acts, omissions, errors, or failures of any Payment Provider; and (c) Users should review and understand the terms of each Payment Provider before initiating a Transaction.

4.4 API Access

The Platform provides API access to enable Users to integrate payment processing into their applications and services. API access is subject to the API documentation and any applicable rate limits, usage restrictions, and technical requirements specified by the Company from time to time.

5. Acceptable Use Policy

5.1 Permitted Use

You may use the Platform only for lawful purposes and in accordance with these Terms. You agree to comply with all Applicable Laws in connection with your use of the Platform.

5.2 Prohibited Activities

You shall not use the Platform to: (a) engage in any activity that violates any Applicable Law, including anti-money laundering, sanctions, or counter-terrorism financing laws; (b) process Transactions related to illegal goods or services, including but not limited to illegal drugs, weapons, counterfeit goods, child exploitation material, or unlicensed gambling; (c) facilitate fraud, money laundering, terrorist financing, or other financial crimes; (d) process Transactions that involve sanctioned persons, entities, or jurisdictions; (e) engage in unauthorized access to the Platform or any system connected to the Platform; (f) interfere with or disrupt the integrity or performance of the Platform; (g) reverse engineer, decompile, or disassemble any aspect of the Platform; (h) use the Platform in any manner that could damage, disable, overburden, or impair it; (i) use automated means, including bots, scrapers, or crawlers, to access the Platform except through our published APIs; or (j) sublicense, resell, or redistribute access to the Platform without prior written consent.

5.3 Compliance with Payment Network Rules

Users who process card-based or wallet-based Transactions through the Platform agree to comply with all applicable rules and regulations of relevant card networks (e.g., Visa, Mastercard) and digital wallet providers (e.g., Alipay, WeChat Pay), as communicated by the Company or the relevant Payment Provider from time to time.

6. Regulatory Compliance

6.1 Money Services Business (Canada)

Glacix is registered as a Money Services Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). As a FINTRAC-registered MSB, the Company is subject to, and complies with, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), including obligations related to client identification, record-keeping, suspicious transaction reporting, and terrorist property reporting.

6.2 Remittance Service Provider (Australia)

The Australian Entity, Glacix Tech Pty Ltd, is registered as a Remittance Service Provider with the Australian Transaction Reports and Analysis Centre (AUSTRAC) under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). The Australian Entity maintains an AML/CTF program and complies with all applicable reporting, record-keeping, and customer due diligence obligations under Australian law. The Australian Entity provides services to users in Asia and Australia.

6.3 Money Services Business (United States)

The US Entity, Glacix Tech Inc., is registered as a Money Services Business (MSB) with the Financial Crimes Enforcement Network (FinCEN) of the United States Department of the Treasury. The US Entity complies with the Bank Secrecy Act (BSA) and all applicable federal and state regulations, including obligations related to customer identification, record-keeping, suspicious activity reporting, and currency transaction reporting. The US Entity provides services to users in the United States.

6.4 Sanctions Compliance

The Company maintains a sanctions compliance program and screens Users and Transactions against applicable sanctions lists, including those maintained by the Government of Canada (under the Special Economic Measures Act, the Justice for Victims of Corrupt Foreign Officials Act, and the United Nations Act), the Australian Department of Foreign Affairs and Trade (DFAT), the United States Office of Foreign Assets Control (OFAC), the European Union, and the United Nations Security Council. You represent and warrant that neither you nor any of your beneficial owners, directors, or officers are subject to sanctions imposed by any of these authorities.

6.4 Suspicious Transaction Reporting

The Company is required by law to report suspicious transactions and activities to the relevant financial intelligence units. You acknowledge and agree that the Company may, without notice to you: (a) delay, block, freeze, or refuse any Transaction; (b) restrict or suspend your Account; or (c) report any Transaction or activity to FINTRAC, AUSTRAC, or any other relevant authority, where the Company has reasonable grounds to suspect that a Transaction or activity may be related to money laundering, terrorist financing, sanctions evasion, fraud, or other criminal activity. The Company shall not be liable for any loss or damage arising from any action taken pursuant to its legal obligations under this Section.

6.5 Record Retention

The Company retains records of Transactions, client identification, and related documentation for a minimum period of five (5) years from the date of the Transaction or the closure of the Account, or such longer period as may be required by Applicable Law. Users are advised to maintain their own records of all Transactions.

6.6 User Compliance Obligations

Users who are themselves subject to AML/CTF, sanctions, or other financial regulatory obligations in their respective jurisdictions acknowledge that use of the Platform does not relieve them of such obligations. Users are solely responsible for ensuring their own compliance with all Applicable Laws, including obtaining and maintaining any necessary licenses, registrations, or authorizations.

7. User Obligations

As a User of the Platform, you are responsible for: (a) ensuring that your use of the Platform complies with all Applicable Laws in your jurisdiction and the jurisdiction of your customers or end users; (b) obtaining all necessary licenses, permits, and authorizations required for your business activities; (c) providing accurate and complete information in connection with all Transactions; (d) maintaining adequate security measures to protect your API keys, credentials, and Account access; (e) promptly notifying the Company of any unauthorized use of your Account or any security breach; (f) ensuring that any integration with the Platform complies with the API documentation and technical requirements; and (g) maintaining your own records of all Transactions for the period required by Applicable Law.

8. Fees and Payment

7.1 Fee Structure

The Platform operates on a pay-per-use pricing model. Fees are charged on a per-Transaction basis and may vary depending on the payment method, Payment Provider, Transaction type, currency, and volume. Current fee schedules are available on the Platform or upon request.

7.2 Fee Changes

The Company reserves the right to modify its Fees at any time by providing reasonable prior notice to Users. Continued use of the Platform following any fee change constitutes acceptance of the new fee schedule. If you do not agree to a fee change, you may terminate your Account in accordance with Section 13.

7.3 Taxes

All Fees are exclusive of applicable taxes, including but not limited to goods and services tax (GST), harmonized sales tax (HST), value-added tax (VAT), and sales tax. You are responsible for payment of all such taxes in connection with your use of the Platform, except for taxes on the Company’s net income.

7.4 Payment of Fees

Fees are deducted automatically from the Transaction amount or charged to the payment method associated with your Account. If the Company is unable to collect any Fees owed, you agree to pay such amounts within fourteen (14) days of receipt of an invoice.

7.5 Chargebacks and Disputes

You are responsible for all chargebacks, reversals, claims, penalties, and fines arising from Transactions processed through your Account. The Company reserves the right to deduct any such amounts from your Account or invoice you separately.

9. Intellectual Property

8.1 Company IP

All intellectual property rights in and to the Platform, including but not limited to the software, APIs, documentation, trademarks, trade names, logos, and any improvements or modifications thereto, are and shall remain the exclusive property of Glacix or its licensors. Nothing in these Terms grants you any right, title, or interest in any such intellectual property, except for the limited license to use the Platform in accordance with these Terms.

8.2 License to Use

Subject to your compliance with these Terms, Glacix grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Platform solely for the purposes contemplated by these Terms.

8.3 User Content

You retain ownership of your User Content. By submitting User Content to the Platform, you grant Glacix a worldwide, non-exclusive, royalty-free license to use, process, store, and transmit such User Content solely to the extent necessary to provide the Service and as described in our Privacy Policy.

8.4 Feedback

If you provide any suggestions, ideas, feedback, or recommendations regarding the Platform (“Feedback”), you hereby assign to Glacix all rights in such Feedback and agree that Glacix is free to use, disclose, reproduce, and otherwise exploit such Feedback without restriction or compensation to you.

10. Data Protection and Privacy

Your use of the Platform is subject to our Privacy Policy, which describes how we collect, use, disclose, and protect your personal information. By using the Platform, you consent to the collection and use of your information as described in the Privacy Policy.

Glacix processes personal data in accordance with Applicable Law, including the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, the Australian Privacy Act 1988, and, where applicable, the General Data Protection Regulation (GDPR) of the European Union and the Personal Information Protection Law (PIPL) of the People’s Republic of China.

You acknowledge that in connection with the provision of the Service, Transaction data and related information may be transmitted to and processed by third-party Payment Providers in jurisdictions outside of Canada. The Company takes commercially reasonable measures to ensure that such transfers are conducted in compliance with Applicable Law.

11. Disclaimers and Limitation of Liability

10.1 Disclaimer of Warranties

THE PLATFORM IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. THE COMPANY DOES NOT WARRANT THAT THE PLATFORM WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.

10.2 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL GLACIX, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, AFFILIATES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, DATA, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION WITH: (A) YOUR USE OF OR INABILITY TO USE THE PLATFORM; (B) ANY TRANSACTION PROCESSED THROUGH THE PLATFORM; (C) ANY UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR DATA OR TRANSMISSIONS; (D) ANY ACTS OR OMISSIONS OF ANY THIRD-PARTY PAYMENT PROVIDER; OR (E) ANY OTHER MATTER RELATING TO THE PLATFORM.

10.3 Cap on Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GLACIX’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR YOUR USE OF THE PLATFORM SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY YOU TO THE COMPANY IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED CANADIAN DOLLARS (CAD $100.00).

10.4 Essential Basis

The disclaimers and limitations of liability set forth in this Section 11 are an essential basis of the bargain between you and the Company and shall apply regardless of the legal theory upon which a claim is based, including contract, tort (including negligence), strict liability, or any other basis, and even if the Company has been advised of the possibility of such damages.

12. Indemnification

You agree to indemnify, defend, and hold harmless Glacix, its directors, officers, employees, agents, and affiliates (including Glacix Tech Pty Ltd and Glacix Tech Inc.) from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to: (a) your use of the Platform; (b) your violation of these Terms or any Applicable Law; (c) your violation of any rights of a third party; (d) any Transaction processed through your Account; (e) any dispute between you and any of your customers or end users; or (f) your negligence or willful misconduct.

13. Term and Termination

12.1 Term

These Terms are effective from the date you first access or use the Platform and continue until terminated in accordance with this Section 13.

12.2 Termination by User

You may terminate your Account at any time by contacting the Company or using the Account closure functionality available on the Platform. Termination does not relieve you of any obligations arising prior to the date of termination, including the payment of any outstanding Fees.

12.3 Termination by Company

Glacix may suspend or terminate your Account and access to the Platform at any time, with or without cause, and with or without notice. Without limiting the foregoing, the Company may suspend or terminate your Account if: (a) you breach any provision of these Terms; (b) the Company is required to do so by Applicable Law or a regulatory authority; (c) the Company reasonably believes that your Account is being used for fraudulent, illegal, or unauthorized activities; (d) you fail to pay any Fees when due; or (e) the Company decides to discontinue the Platform or any part thereof.

12.4 Effect of Termination

Upon termination: (a) your license to use the Platform shall immediately cease; (b) you shall promptly cease all use of the Platform, including any API integrations; (c) the Company may delete your Account and associated data in accordance with its data retention policies and Applicable Law; and (d) Sections 2, 9, 11, 12, 14, 15, and 16 shall survive termination.

14. Governing Law and Dispute Resolution

13.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Province of British Columbia and the federal laws of Canada applicable therein, without regard to conflict of law principles.

13.2 Dispute Resolution

Any dispute, claim, or controversy arising out of or relating to these Terms or the Platform shall first be attempted to be resolved through good faith negotiation between the parties for a period of not less than thirty (30) days. If the dispute cannot be resolved through negotiation, it shall be submitted to and finally resolved by arbitration administered by the British Columbia International Commercial Arbitration Centre (BCICAC) in accordance with its rules. The seat of arbitration shall be Vancouver, British Columbia, Canada. The language of the arbitration shall be English.

13.3 Class Action Waiver

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. IF FOR ANY REASON A CLAIM PROCEEDS IN COURT RATHER THAN IN ARBITRATION, YOU WAIVE ANY RIGHT TO A JURY TRIAL.

15. General Provisions

14.1 Modifications to Terms

Glacix reserves the right to modify these Terms at any time. Material changes will be communicated to Users via email or through a notice on the Platform at least thirty (30) days prior to taking effect. Your continued use of the Platform after the effective date of any modification constitutes your acceptance of the modified Terms.

14.2 Modifications to Service

Glacix reserves the right to modify, suspend, or discontinue any aspect of the Platform at any time, with or without notice. The Company shall not be liable to you or any third party for any modification, suspension, or discontinuation of the Platform.

14.3 Assignment

You may not assign or transfer these Terms, or any rights or obligations hereunder, without the prior written consent of Glacix. The Company may assign these Terms, in whole or in part, to any affiliate or in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets.

14.4 Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving its original intent.

14.5 Waiver

The failure of the Company to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver of any provision of these Terms will be effective only if in writing and signed by the Company.

14.6 Entire Agreement

These Terms, together with the Privacy Policy and any other agreements or policies referenced herein, constitute the entire agreement between you and the Company regarding your use of the Platform and supersede all prior and contemporaneous agreements, proposals, and communications, whether oral or written.

14.7 Force Majeure

Glacix shall not be liable for any failure or delay in performing its obligations under these Terms to the extent that such failure or delay results from circumstances beyond its reasonable control, including but not limited to acts of God, natural disasters, pandemics, war, terrorism, riots, government actions, power failures, internet or telecommunications failures, or failures of third-party Payment Providers.

14.8 Notices

All notices to the Company under these Terms shall be sent to: Glacix, 112-970 Burrard Street, Office #1678, Vancouver, BC V6Z 2R4, Canada, or by email to the address specified on the Platform. Notices to Users may be sent to the email address associated with the User’s Account or posted on the Platform.

14.9 Language

These Terms are drafted in the English language. In the event of any conflict between the English version and any translation, the English version shall prevail.

16. Contact Information

If you have any questions or concerns about these Terms, please contact us at:

Company: Glacix Finance Solution Ltd

Address: 112-970 Burrard Street, Office #1678, Vancouver, BC V6Z 2R4, Canada

Email: [support@glacix.com]

Website: [www.glacix.com]

For the complete Terms of Use document, please contact us at legal@glacix.io

© 2026 Glacix Finance Solution Ltd, Glacix Tech Pty Ltd & Glacix Tech LLC. All rights reserved.

1. Introduction

This Privacy Policy (“Policy”) describes how Glacix Finance Solution Ltd (“Glacix”, “Company”, “we”, “us”, or “our”), a licensed Money Services Business (MSB) registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), and its affiliated entities Glacix Tech Pty Ltd (ABN 36 644 983 595), a registered Remittance Service Provider with the Australian Transaction Reports and Analysis Centre (AUSTRAC), and Glacix Tech Inc., a registered Money Services Business (MSB) with the Financial Crimes Enforcement Network (FinCEN) of the United States (collectively, “Glacix Group”), collect, use, disclose, store, and protect personal information in connection with our payment processing and aggregation platform (the “Platform” or “Service”).

This Policy applies to all individuals and entities who access or use the Platform, including merchants, developers, businesses, and consumers (“Users”, “you”, or “your”). By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Policy.

This Policy should be read in conjunction with our Terms of Use, which govern your use of the Platform.

2. Data Controllers and Responsible Entities

The primary data controller for information collected through the Platform is Glacix Finance Solution Ltd, located at 112-970 Burrard Street, Office #1678, Vancouver, BC V6Z 2R4, Canada. For Users who interact with services provided through our Australian and Asian operations, Glacix Tech Pty Ltd, located at Level 5, 7 Eden Park Dr, Macquarie Park, NSW 2113, Australia, may act as a data controller or joint controller. For Users who interact with services provided through our United States operations, Glacix Tech Inc., located at 5900 Balcones Drive STE 100, Austin, TX 78731, USA, may act as a data controller or joint controller.

For the purposes of the General Data Protection Regulation (GDPR), the Company acts as the data controller. For the purposes of the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, the Company is the organization accountable for personal information under its control. For the purposes of the Australian Privacy Act 1988, the Australian Entity is the APP entity responsible for handling personal information in accordance with the Australian Privacy Principles (APPs). For the purposes of applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA), the US Entity is responsible for handling personal information of US-based users.

3. Information We Collect

3.1 Information You Provide Directly

Account Registration Information: When you create an Account, we collect your full legal name, email address, phone number, business name, business registration number, registered address, and other information required to establish your Account.

Identity Verification (KYC) Information: To comply with our obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) of Canada and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) of Australia, we collect government-issued identification documents (such as passports, driver’s licenses, or national identity cards), proof of address documents, date of birth, nationality, beneficial ownership information, source of funds and wealth declarations, and business incorporation documents and director information.

Transaction Information: When you use the Platform, we collect details of Transactions processed through your Account, including transaction amounts, currencies, dates and times, payment methods used, merchant and payer identifiers, and transaction status and results.

Financial Information: We may collect bank account details, payment card information (which is processed by our third-party Payment Providers and not stored on our servers), and billing and invoicing information.

Communications: We collect information you provide when you contact our customer support, respond to surveys, or otherwise communicate with us, including email correspondence, support tickets, and feedback.

3.2 Information Collected Automatically

Device and Usage Information: When you access the Platform, we automatically collect your IP address, browser type and version, operating system, device identifiers, referring URLs, pages visited and features used, date and time of access, and API call logs and request metadata.

Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your use of the Platform. For more information, please see Section 11 (Cookies and Tracking Technologies) of this Policy.

3.3 Information from Third Parties

Payment Providers: We receive Transaction confirmation data, settlement information, and chargeback or dispute notifications from third-party Payment Providers.

Identity Verification Services: We may receive identity verification results, sanctions screening results, and politically exposed person (PEP) screening results from third-party verification service providers.

Public Sources: We may collect information from publicly available sources, including business registries, sanctions lists, and adverse media sources, for the purposes of due diligence and ongoing monitoring.

4. How We Use Your Information

4.1 Provision of Services

We use your information to operate, maintain, and provide the Platform and its features, process and facilitate Transactions, manage your Account, provide customer support, and communicate with you about the Service.

4.2 Legal and Regulatory Compliance

We use your information to comply with our obligations under the PCMLTFA (Canada), the AML/CTF Act (Australia), the Bank Secrecy Act (United States), and other applicable anti-money laundering and counter-terrorism financing laws, perform client identification and verification (KYC/CDD), conduct ongoing monitoring of Transactions for suspicious activity, screen against sanctions lists and PEP databases, file suspicious transaction reports (STRs) with FINTRAC, AUSTRAC, FinCEN, or other relevant financial intelligence units, file large cash transaction reports and electronic funds transfer reports as required by law, and maintain records as required by Applicable Law.

4.3 Fraud Prevention and Security

We use your information to detect, prevent, and investigate fraud, unauthorized access, and other illegal or malicious activities, protect the security and integrity of the Platform, enforce our Terms of Use and other agreements, and conduct risk assessments and manage our exposure.

4.4 Business Operations

We use your information to analyze usage patterns to improve the Platform, develop new features and services, conduct internal audits and quality assurance, manage billing, accounting, and financial reporting, and resolve disputes and enforce legal rights.

4.5 Communications

We use your information to send you service-related notices, updates, and security alerts, respond to your inquiries and requests, and, with your consent where required, send you marketing communications about our products and services.

5. Legal Bases for Processing

We process your personal information on the following legal bases:

Performance of a Contract: Processing is necessary for the performance of our agreement with you, including the provision of the Service and processing of Transactions.

Legal Obligation: Processing is necessary to comply with our legal obligations, including under the PCMLTFA, AML/CTF Act, PIPEDA, the Australian Privacy Act, tax laws, and other regulatory requirements.

Legitimate Interests: Processing is necessary for our legitimate interests, including fraud prevention, security, business operations, and improvement of the Platform, provided such interests are not overridden by your rights and freedoms.

Consent: Where required by Applicable Law, we process your information based on your consent. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6. How We Share Your Information

6.1 Third-Party Payment Providers

We share Transaction data and related information with third-party Payment Providers to facilitate and complete Transactions. These providers include payment gateways, acquirers, card networks (e.g., Visa, Mastercard), and digital wallet providers (e.g., Alipay, WeChat Pay). Each Payment Provider processes your information in accordance with its own privacy policy and applicable regulations.

6.2 Regulatory and Law Enforcement Authorities

We may disclose your information to FINTRAC, AUSTRAC, FinCEN, or other financial intelligence units as required by anti-money laundering and counter-terrorism financing laws, law enforcement agencies, courts, or regulators in response to lawful requests, subpoenas, court orders, or legal process, and sanctions authorities in connection with sanctions compliance obligations. We are prohibited by law from informing you if a suspicious transaction report or similar disclosure has been made to a financial intelligence unit or law enforcement authority.

6.3 Service Providers

We engage third-party service providers to perform functions on our behalf, including cloud hosting and data storage providers, identity verification and KYC service providers, sanctions and PEP screening providers, analytics and business intelligence providers, customer support platforms, and professional advisors (legal, accounting, and audit). These service providers are contractually bound to process your information only on our instructions and in accordance with applicable data protection laws.

6.4 Affiliated Entities

We share information between Glacix Finance Solution Ltd, Glacix Tech Pty Ltd, and Glacix Tech Inc. as necessary to provide the Service, comply with regulatory obligations, conduct internal reporting, and manage risk across the Glacix Group.

6.5 Corporate Transactions

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the acquiring or successor entity, subject to the commitments made in this Policy and Applicable Law.

6.6 With Your Consent

We may share your information with other parties where you have provided your explicit consent.

7. International Data Transfers

As Glacix operates globally with entities in Canada and Australia and works with Payment Providers and service providers around the world, your personal information may be transferred to, stored, and processed in countries other than the country in which it was collected. These countries may include, but are not limited to, Canada, Australia, the United States, Singapore, Hong Kong, the People’s Republic of China, and countries within the European Economic Area.

When we transfer personal information across borders, we implement appropriate safeguards to ensure that your information receives an adequate level of protection, including entering into data processing agreements that incorporate standard contractual clauses (where required under the GDPR), ensuring that recipients in third countries are subject to laws providing adequate protection, relying on the recipient’s binding corporate rules or certifications where applicable, and obtaining your explicit consent where required by Applicable Law.

For transfers of personal information from the European Economic Area, the United Kingdom, or Switzerland, we rely on adequacy decisions, standard contractual clauses adopted by the European Commission, or other approved transfer mechanisms under the GDPR.

8. Data Retention

8.1 General Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. Specific retention periods are determined based on the nature of the information, the purposes for which it is processed, and our legal obligations.

8.2 Regulatory Retention Requirements

Certain information must be retained for minimum periods under applicable law. Under the PCMLTFA and its regulations (Canada), client identification records, Transaction records, and related documents must be retained for a minimum of five (5) years from the date the record was created or the date of the last Transaction, whichever is later. Under the AML/CTF Act (Australia), similar records must be retained for a minimum of seven (7) years. Under applicable tax laws, financial and accounting records may be retained for periods required by relevant tax authorities.

8.3 Post-Retention

Upon expiry of the applicable retention period, we will securely delete or anonymize your personal information, unless further retention is required by Applicable Law or necessary for the establishment, exercise, or defense of legal claims.

9. Data Security

We implement and maintain appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest using industry-standard protocols (TLS 1.2 or higher, AES-256), access controls and role-based permissions for internal personnel, regular security assessments, penetration testing, and vulnerability scanning, secure coding practices and code review processes, incident response and business continuity plans, physical security measures at data centers and offices, and employee training on data protection and security awareness.

We do not store full payment card numbers on our servers. Payment card information is processed directly by our PCI DSS-compliant third-party Payment Providers.

While we take commercially reasonable measures to protect your information, no method of electronic storage or transmission over the internet is completely secure. We cannot guarantee the absolute security of your information.

10. Your Rights

10.1 Rights Under Canadian Law (PIPEDA)

If you are located in Canada or your information is processed under PIPEDA, you have the right to access your personal information held by us, request correction of inaccurate or incomplete personal information, withdraw your consent to the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions), and file a complaint with the Office of the Privacy Commissioner of Canada.

10.2 Rights Under Australian Law (Privacy Act 1988)

If you are located in Australia or your information is processed under the Australian Privacy Act 1988, you have the right to access your personal information held by the Affiliated Entity, request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information, request that we cease using or disclosing your personal information for direct marketing purposes, and file a complaint with the Office of the Australian Information Commissioner (OAIC).

10.3 Rights Under the GDPR (European Economic Area, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, or if your information is processed under the GDPR, you have the right to access your personal data and obtain a copy, rectification of inaccurate or incomplete personal data, erasure of your personal data (“right to be forgotten”), subject to legal retention requirements, restriction of processing in certain circumstances, data portability in a structured, commonly used, and machine-readable format, object to processing based on legitimate interests or for direct marketing purposes, not be subject to automated decision-making, including profiling, that produces legal effects, and lodge a complaint with a supervisory authority in your jurisdiction.

10.4 Rights Under Chinese Law (PIPL)

If you are located in the People’s Republic of China or your information is processed under the Personal Information Protection Law (PIPL), you have the right to know about and make decisions regarding the processing of your personal information, access and obtain a copy of your personal information, request correction or supplementation of inaccurate or incomplete personal information, request deletion of your personal information in certain circumstances, request an explanation of the processing rules, and withdraw your consent.

10.5 Exercising Your Rights

To exercise any of the rights described above, please contact us using the details set out in Section 16. We will respond to your request within the timeframe required by Applicable Law (generally within 30 days). We may need to verify your identity before processing your request. Please note that certain rights may be subject to limitations or exceptions under Applicable Law, including where retention or processing is required for regulatory compliance (e.g., AML/CTF record-keeping obligations).

11. Cookies and Tracking Technologies

11.1 Types of Cookies

Strictly Necessary Cookies: These cookies are essential for the operation of the Platform and cannot be disabled. They enable core functionalities such as security, session management, and account authentication.

Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings.

Analytics Cookies: These cookies help us understand how Users interact with the Platform by collecting information about pages visited, features used, and errors encountered. This information is used to improve the Platform.

Marketing Cookies: With your consent where required, we may use cookies to deliver relevant advertisements and measure the effectiveness of our marketing campaigns.

11.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

12. Children’s Privacy

The Platform is not directed to individuals under the age of 18 (or the age of legal majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to promptly delete such information.

13. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Policy does not apply to any third-party sites or services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Platform. We are not responsible for the privacy practices or content of any third-party sites or services.

14. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Material changes will be communicated to Users via email or through a prominent notice on the Platform at least thirty (30) days prior to taking effect. Your continued use of the Platform after the effective date of any updated Policy constitutes your acceptance of the changes. We encourage you to periodically review this Policy for the latest information on our privacy practices.

15. Complaints

If you have a complaint about how we handle your personal information, please contact us using the details in Section 16. We will investigate your complaint and respond within a reasonable timeframe. If you are not satisfied with our response, you may escalate your complaint to the relevant supervisory authority:

Canada: Office of the Privacy Commissioner of Canada (OPC) — www.priv.gc.ca

Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au

European Union: The supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

United Kingdom: Information Commissioner’s Office (ICO) — www.ico.org.uk

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Data Controller (Canada): Glacix Finance Solution Ltd

Address: 112-970 Burrard Street, Office #1678, Vancouver, BC V6Z 2R4, Canada

Email: [privacy@glacix.com]

Privacy Officer: [Name of Privacy Officer]

Data Controller (Australia): Glacix Tech Pty Ltd

ABN: 36 644 983 595

Address: Level 5, 7 Eden Park Dr, Macquarie Park, NSW 2113, Australia

For US Users:

Glacix Tech Inc.

Address: 5900 Balcones Drive STE 100, Austin, TX 78731, USA

Email: [privacy@glacix.com]

For the complete Privacy Policy document, please contact us at legal@glacix.io

© 2026 Glacix Finance Solution Ltd, Glacix Tech Pty Ltd & Glacix Tech LLC. All rights reserved.

1. INTRODUCTION

GLACIX FINANCE SOLUTION LTD. (“GLACIX FINANCE SOLUTION LTD.”) is registered with FINTRAC – Canada as Money Service Business under registration number of C10001382, GLACIX FINANCE SOLUTION LTD. has responsibilities in relation to Anti-Money Laundering and Terrorist Financing. GLACIX FINANCE SOLUTION LTD. operates in conjunction with its affiliated entities: (a) Glacix Tech Pty Ltd (ABN 36 644 983 595), registered as a Remittance Service Provider with the Australian Transaction Reports and Analysis Centre (AUSTRAC), providing services in Asia and Australia; and (b) Glacix Tech Inc., registered as a Money Services Business (MSB) with the Financial Crimes Enforcement Network (FinCEN) of the United States, providing services in the United States. All other services are provided by GLACIX FINANCE SOLUTION LTD. (Canada) as the main operating entity. This AML/CTF Policy applies to all entities within the Glacix Group.

The manual covers the following areas:

• The Financial Crime Risk to our Business

• Proceeds of Crime (Money Laundering) and Terrorist Financing

• Customer Due Diligence

• Training and Record keeping

• Suspicious Activity Reporting

These policies may be subject to amendment or addition as required for legislative and business operational reasons.

We confirm that it is the responsibility of the Money Laundering Reporting Officer (MLRO) to monitor Compliance with all of the policy issues mentioned above.

As and when required, the MLRO will make a report to senior management about any operational or strategic issues for the company which arises as a result of the policies set down in this manual.

We also confirm that it is our company policy that all members of staff must read and confirm in writing their understanding of the policies set down here – and their personal responsibilities arising for them.

In the event that staff members fail to comply as required with the policies in this manual, this will be regarded as a material breach in contractual obligations and may lead to disciplinary proceedings.

2. OBJECTIVE’S OF THE POLICY

GLACIX FINANCE SOLUTION LTD. is committed to a comprehensive Anti-Money Laundering (AML) programme which aims to prevent the use of any part of the organization for Money Laundering and other forms of financial crime (including, but not exclusively, the combating of Terrorist Financing, Fraud and Bribery & Corruption).

Furthermore, management is committed to co-operating with the appropriate authorities in an effort to prevent any person from misusing GLACIX FINANCE SOLUTION LTD. systems.

The aim of the policy is to ensure complete adherence by GLACIX FINANCE SOLUTION LTD. and its staff to all.

Anti-Money Laundering, Combating Terrorist Financing and Fraud Prevention legislation in Canada and to follow the rules and procedures issued by the Fintrac to prohibit and prevent both actual and potential Money Laundering. Fintrac aims to communicate good practice in countering Money Laundering and to give practical assistance in interpreting the Canada Money Laundering Regulations.

GLACIX FINANCE SOLUTION LTD. intends that this AML Policy will be reviewed at least annually and updated from time to time as necessary to keep up with changes in applicable law and changes in GLACIX FINANCE SOLUTION LTD.’s operations. The Policy is intended to be supplemented by training of all GLACIX FINANCE SOLUTION LTD.’s employees.

GLACIX FINANCE SOLUTION LTD.’s employees are required to comply in full, with the Policy and supporting procedures that are in place to manage its Money Laundering and Terrorist Financing risks. Deliberate or wilful failure to do so will be regarded as a disciplinary offence, may lead to dismissal, and in certain circumstances may result in a criminal prosecution, fine and/or imprisonment.

3. CANADA'S LEGISLATION TO COMBAT MONEY LAUNDERING AND TERRORIST FINANCING

Anti-money laundering:

Money laundering became an offence in Canada several years ago, under amendments to the Criminal Code. These amendments also gave law enforcement the ability to search, seize and restrain property believed to be proceeds of crime.

The criminalization of the laundering of proceeds of crime (money laundering) led to many other legislative changes, such as amendments to the Customs Act and the Excise Act, among others. The first components of Canada's anti-money laundering regime consisted of certain record keeping and client identification requirements to assist in the detection and deterrence of money laundering. Although there were no reporting requirements at that time, information about any suspicious transactions could be provided voluntarily to law enforcement.

In 2000, the Proceeds of Crime (Money Laundering) Act was introduced as part of these measures to create an anti-money laundering regime. In 2001, the first reporting requirement came into effect for suspicious transactions. These measures were subsequently enhanced and additional components were introduced. That same year, the scope of the Proceeds of Crime (Money Laundering) Act was expanded to include terrorist financing (see information about the Anti-terrorism Act in subsection 4.2). This resulted in the former Proceeds of Crime (Money Laundering) Act becoming the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

Over the course of 2002 and 2003, other requirements under the PCMLTFA and related Regulations were phased-in, such as record keeping, client identification and other reporting obligations.

In 2006, amendments to the PCMLTFA introduced changes such as the establishment of a money services businesses registry, the authority to levy administrative monetary penalties and the addition of new reporting sectors, among others. They also included measures to strengthen reporting, record keeping, client identification and compliance regime requirements. These changes were phased in over the course of 2007 to 2009.

Anti-terrorism:

The Government of Canada has taken steps to combat terrorist activities at home and abroad. These steps include signing and ratifying United Nations (UN) Conventions, such as the International Convention for the Suppression of the Financing of Terrorism and implementing related UN resolutions through Regulations. They also include introducing tough new anti-terrorism measures in legislation called the Anti-terrorism Act.

The Proceeds of Crime (Money Laundering) and Terrorist Financing Act:

Objectives of the Act

The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) has three key objectives:

• to implement specific measures to detect and deter money laundering and the financing of terrorist activities and to facilitate investigations and prosecution of the related offences.

• to respond to the threat posed by organized crime by providing law enforcement officials with the information they need to deprive criminals of the proceeds of their criminal activities, while protecting individual privacy; and

• to help fulfil Canada's international commitments to fight multinational crime.

The specific measures include the following:

Compliance regime, record keeping, client identification and reporting

Reporting entities (see subsection 5.2) have to implement a compliance regime, keep certain records and ascertain client identification. They have to report suspicious transactions and terrorist property to FINTRAC. They also have to report certain other financial transactions to FINTRAC (see subsection 5.3).

Cross-border currency reporting

The import or export of currency or monetary instruments of $10,000 or more has to be reported to the Canada Border Services Agency (CBSA). For more information on cross-border currency reporting, visit the CBSA Web site at http://www.cbsa-asfc.gc.ca, or call their toll-free enquiries line at 1-800-461-9999.

Creation of FINTRAC

FINTRAC is an independent agency, at arm's length from law enforcement agencies, responsible for collecting, analysing and, in appropriate circumstances, disclosing certain limited information to law enforcement agencies.

FINTRAC is required to ensure that personal information under its control is protected from unauthorized disclosure and is subject to the Privacy Act.

These measures contribute to maintaining the integrity of Canada's financial infrastructure. They also represent sound business practices for reporting entities to help them minimize their risk of being exposed to money laundering or terrorist financing and their negative consequences. Canada's regime is consistent with FATF's initiative to establish international standards aimed at improving national legal systems, enhancing the role of financial systems and strengthening international co-operation in the fight against money laundering and terrorist financing. The measures help detect and deter organized criminal activities as well as terrorist activities in Canada and help ensure Canada is not used to facilitate money laundering or terrorist financing.

Anti-terrorism Act:

In 2001, Canada's Anti-terrorism Act (ATA) created measures to deter, disable, identify, prosecute, convict and punish terrorist groups. It provided new investigative tools for law enforcement and national security agencies. It also ensured that Canadian values of respect and fairness are preserved and the root causes of hatred are addressed through stronger laws against hate crimes and propaganda. The package also included rigorous safeguards to ensure that the fundamental rights and freedoms of Canadians are upheld.

The ATA brought significant additions to the Criminal Code to include offences relating to terrorist activities and the financing of terrorism. These make it a crime to do any of the following:

• knowingly collect or provide funds, either directly or indirectly, to carry out terrorist activities;

• knowingly participate in, contribute to or facilitate the activities of a terrorist group;

• instruct anyone to carry out a terrorist activity on behalf of a terrorist group; or

• knowingly harbour or conceal a terrorist.

The Criminal Code also included a requirement similar to the one described under the heading United Nations Suppression of Terrorism Regulations above. This requires anyone in Canada, as well as Canadians outside Canada, to disclose to the RCMP and CSIS the existence of any property in their possession or control that they know is owned or controlled by or on behalf of a terrorist group. This includes information about any transaction or proposed transaction relating to that property. Information is to be provided to them, without delay, as follows:

RCMP, unclassified fax: 613-825-7030

CSIS Financing Unit, unclassified fax: 613-369-2303

A terrorist group includes anyone that has as one of their purposes or activities facilitating or carrying out any terrorist activity. This can be an individual, a group, a trust, a partnership or a fund. It can also be an unincorporated association or organization. A list of terrorist groups is published in the Regulations Establishing a List of Entities made under the Criminal Code.

4. MONEY LAUNDERING

Money Laundering is the process by which criminals attempt to hide and disguise the true origin and ownership of the proceeds of their criminal activities, thereby avoiding criminal prosecution, conviction, and confiscation of the illegally obtained funds.

The ability to launder the proceeds of criminal activity through the financial systems of the world is vital to the success of criminal operations.

It is always our duty to be vigilant in all aspects of our business as criminals continuously probe to find weaknesses in the system and look at various methods to convert illegally obtained money.

Money Laundering can take many forms including:

▪ Handling the proceeds of crimes generated by such activities as theft, drug smuggling, fraud and tax evasion

▪ Being knowingly involved in any way with criminal property

▪ Entering arrangements to facilitate laundering criminal property

▪ Investing the proceeds of crime- in another financial product (e.g. a money transfer)

▪ Investing the proceeds of crime into the acquisition of property/assets

There are three recognized stages in the money laundering process:

Placement: involves placing the proceeds of criminal conduct in the financial system.

Layering: involves converting the proceeds of criminal conduct into another form and creating complex layers of financial transactions to disguise the audit trail and the source and ownership of funds. This stage may involve transactions such as the buying and selling of stocks, commodities, or property.

Integration: involves placing the laundered proceeds back in the economy to create the perception of legitimacy

5. TERRORIST FINANCING

Terrorism financing is the provision or collection of funds with the intention that they should be used (or in the knowledge that they are to be used), in full or in part, in order to carry out acts that are associated with the support of terrorists or terrorist organizations, whether to further their causes or to commit acts of terrorism.

Money, usually in the form of hard cash, is vital for any terrorist organization. The absence of money makes it almost impossible for the organization to function.

Therefore, to protect themselves and achieve success in their harmful acts, terrorists work hard to concealing their money and its true origin. The process is a joint effort between people who are recruited to raise funds for terrorist PAY and the terrorist quartermaster/PAY Director who mastermind the process the remittance and receipt of the funds.

Elements of Terrorist Funding

▪ The primary objective behind terrorist funding is to intimidate or force a government or population to do or abstain from doing any act. In money laundering the objective is monetary gain.

▪ The volume of remittances for terrorist funding need not have to be large as compared to money laundering. They will vary according to the strategies and methods adopted by the terrorists.

▪ Terrorist funds need not be from illegal sources always. In some cases, funds are also sourced from legal income.

What can we do to fight terrorist funding?

Prevention- We have to prevent our products and services from used by terrorists for transferring their money. This can be done by applying appropriate “Know Your Customer” Policies and Procedures.

Pursuit- We have to track down the terrorist transactions by blocking their names. In case you come across any blacklisted names, it has to be immediately reported to the concerned authorities.

Protection- We have to protect our institution, our reputation, customers, our jobs and our communities where we operate. We have to protect by being responsible in our duties. If you have reasonable cause to suspect that it may be used, in whole or in part for the purpose of terrorism, then it should be immediately reported the concerned Compliance Officer for necessary action.

The fight against money laundering & terrorist financing is an evolving and never-ending process. Money laundering not only harms the public as a whole, but it taints the financial services industry. It clearly is in the best interests of the financial industry to take all feasible action to prevent money laundering. Therefore, we need to work together and cooperate to fight against the challenges posed by this social evil.

All staff, partners and affiliates of “GLACIX FINANCE SOLUTION LTD.” are required to maintain the highest level of due diligence when engaging in any aspects of remittance services.

Our policy has always been to conduct our business in compliance with all applicable laws and regulations.

6. MLRO/NOMINATED OFFICER (NO) DESIGNATION AND DUTIES

The MLRO/NO/Manager Compliance is the focal point within the company for the oversight of all activity related to anti-financial crime issues.

Their responsibilities include:

▪ Reviewing all new laws and deciding how they impact on the operational process of the company

▪ Preparing a written procedures manual and making it available to all staff and other stakeholders

▪ Making sure appropriate due diligence is carried out on customers and business partners

▪ Receiving internal Suspicious Activity Reports (SARs) from staff

▪ Deciding which internal SAR’s need to be reported to National Crime Agency FINTRAC

▪ Recording all decisions relating to SARs appropriately

▪ Ensuring staff receive anti-financial crime training when they join and that the receive regular Refresher training

▪ Monitoring business relationships and recording reviews and decisions taken about continuing or Terminating trading activity with particular customers

▪ Making sure that all business records are kept for at least five years from the date of the last customer transaction

Business Monitoring

It is the responsibility of the MLRO/Nominated Officer to monitor all the activity of the business with particular reference to the potential financial crime risk. The MLRO/Nominated Officer will keep a close eye on the following criteria and provide a report to senior management when required.

The report is likely to include commentary on the following issues (in the case that there is no information to report, there should be a ‘nil return’ should be indicated)

▪ Confirmation that adequate CDD information is being collected and that on-going monitoring is taking place

▪ Summary data relating to complex or unusual transactions

▪ Number of internal consents/SARs received from staff members

▪ Number of SARs made to FINTRAC.

▪ Information on status of staff training within the company

▪ Confirmation that all business records have been stored

▪ Changes in the law/operating environment which are or will impact the business

▪ Changes in risk matrix effecting the business

▪ Contacts with the regulator

Reports should normally be written.

The MLRO/Nominated Officer should indicate where there is action of the regulator, law enforcement or other agency which raises any potential issues for the business.

The MLRO/Nominated Officer will, as a matter of policy, submit an annual report to the board of directors.

The “GLACIX FINANCE SOLUTION LTD.” MLRO/CCO contact details are given below for your information:

Name: WING HEUNG KWOK

Email: Jazz.kwok@alloyx.com

7. REMIT CHOICE RISK BASED APPROACH– ASSESSMENT& MITIGATION

The development and implementation of an effective AML Program must be based on a risk assessment. For this reason, GLACIX FINANCE SOLUTION LTD. is required to conduct an AML risk assessment of its business, customers, products, and the geographic location in which it operates, in accordance with a standard risk assessment methodology.

The Compliance Manager/MLRO must determine the AML vulnerabilities of GLACIX FINANCE SOLUTION LTD.’s products/services, the AML risks associated with the geographies in which it operates, and the AML risks of the customers with whom it deals. The Compliance Manager/MLRO must also assess the effectiveness of GLACIX FINANCE SOLUTION LTD.’s controls to manage and mitigate the AML risks. The selection of risk categories and the weights given to risk categories in a money laundering risk assessment vary depending on the circumstances.

In order to provide a framework for identifying AML risks, the Compliance Manager/MLRO shall conduct a money laundering risk assessment by first determining inherent money laundering risk, then reviewing mitigating controls, and in consideration of the inherent risk and mitigating controls, determine the overall residual money laundering risk. The results of the risk assessment and any recommendations for control improvements must be provided to senior management for review and approval. Results of the money laundering risk assessment, the methodology, the analysis, and any supporting documentation of each will be maintained for at least five years. GLACIX FINANCE SOLUTION LTD. will carry out regular reviews of accounts to understand the nature of the relationship with the customer by conducting a profile assessment. This will involve analyzing the history of the account including, frequency of transactions, amounts sent and received, beneficiaries, source of funds and jurisdictions used. This list is not exhaustive.

GLACIX FINANCE SOLUTION LTD.’s money laundering risk assessments must be updated on a regular basis, generally at least annually. GLACIX FINANCE SOLUTION LTD.’s AML risk assessment must also be updated whenever material changes occur to

products, services, customer or geographies that would directly impact the risk assessment. Any new product or new line of business must undergo a full AML risk assessment.

8. CUSTOMER IDENTIFICATION & VERIFICATION

GLACIX FINANCE SOLUTION LTD. will collect specific Customer Due Diligence from each user and will use the services of an external electronic KYC solutions provider – (Sumsub - https://sumsub.com/main/) software to verify the customer’s identity as provided in their identification document, according to the verification limit as specified in Section “C” below. “SumSub” utilizes proprietary technology and document experts to verify credentials such as passports and driver licenses and is able to authenticate different global identity document types. GLACIX FINANCE SOLUTION LTD. had deployed in house solution and also utilizing the technology and sources of “Lexis Nexis” to authenticate customers against Sanction & PEP listing, Globally. Sanction Sources includes but not limited to CCASL, OFAC, HMT, EU & UN.

A. REQUIRED CUSTOMER INFORMATION – MINIMUM ID REQUIREMENTS

Individual Customers;

Prior to engaging in any activity, which potentially may involve money laundering, GLACIX FINANCE SOLUTION LTD. will collect the following standard due diligence for all its customers:

➢ Full Name

➢ Date of Birth - Verifiable via an unexpired government-issued identification, evidencing nationality or residence and bearing a photograph or similar safeguard, such as a government-issued passport or driver’s license.

➢ Country of Residence

Corporate Customers;

Before carrying out any business with our company, the following documentation must be obtained from each company client:

▪ Full name, registration number and registered address

▪ Business activity

▪ Confirmation of the names all directors and beneficial owners (anyone who owns or controls, directly or indirectly, more than 25% of the company)

▪ Proof of ID and proof of address

▪ Length of establishment

The above information must be supported by:

▪ Extract from appropriate company register

▪ Certificate of Incorporation

▪ Memorandum and Articles

▪ Company structure chart (where necessary)

B. CUSTOMERS WHO REFUSE TO PROVIDE INFORMATION

For those customers who have queries regarding the necessity of providing identification, we will advise that identifying and verifying all our customers is part of the Anti-Money Laundering regulations. If, however a potential or existing customer refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, we will not approve the customer’s registration, and if, after consultation with the Compliance Manager/MLRO or Designee, it is deemed to be appropriate GLACIX FINANCE SOLUTION LTD LTD will fill the SAR.

C.VERIFICATION OF INFORMATION

To the extent reasonable and practicable, at the time a customer relationship is established, GLACIX FINANCE SOLUTION LTD. will ensure, based on our assessment of the AML-related risks posed by the customer’s location, nationality, and overall profile, that we have sufficient information to form a reasonable belief that we know the true identity of our customers. In verifying customer identity, we will analyze any logical inconsistencies in the information we obtain through documentary evidence.

Verification Thresholds;

➢ For individual Customers we collect and verify IDs at the time of account/relationship establishment

➢ For Corporate/Business Customers we do complete verification at the stage of On-boarding and all transaction carried by Corporate customers are supported with Invoices/Proof.

We will rely on a government-issued identification as verification of a customer’s identity. However, if we detect that the document evidences some form of fraud or other irregularities, we will consider that factor in determining whether we can form a reasonable belief that we know the customer's true identity.

If a customer’s identity cannot successfully be validated based on the information in GLACIX FINANCE SOLUTION LTD.’s possession, GLACIX FINANCE SOLUTION LTD. may, in its sole discretion, contact the customer and request that the customer provide:

➢ a true and correct copy of the customer’s unexpired, government-issued identification with a photograph, and;

➢ a copy of any current utility bill where the name and mailing address on the bill match the information provided by the customer.

In cases where we find information that indicates possible suspicious activity such as money laundering, terrorist financing activity, or any other criminal activity, a SAR will be filed.

Customers who have been identified as genuine sanctioned individuals at onboarding or during the relationship with GLACIX FINANCE SOLUTION LTD., will result in their account being blocked/cancelled. The KYC/

Monitoring analysts will coordinate with the Compliance Manager/MLRO who will raise and report a Suspicious Activity Report (SAR) to the National Crime Agency (FINTRAC). In addition, a report will also be made to the office of Financial Sanctions. A record will be maintained of the account in line with GLACIX FINANCE SOLUTION LTD.’s record keeping requirements.

D. RECORDKEEPING

We will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancy in the identifying information. We will maintain records confidentially containing a description of any document that we relied on to verify a customer's identity, noting the type of document, any identification number contained in the document, the place of issuance, the date of issuance, if any, and expiration date. These records will be retained for at least five (5) years following termination of the customer relationship or dormancy of an account. However, in accordance with the General Data Protection Regulation (GDPR), after obtaining data, we will not retain personal data longer than is necessary.

E. PROHIBITED CUSTOMERS/BUSINESS

Countries, governments, entities and individuals subject to sanctions or included in any applicable internal caution list;

Customers whose identities are not known or cannot be verified;

Production or trade in weapons and munitions;

Production or trade in alcoholic beverages (including beer and wine);

Production or trade in tobacco;

Production or trade in radioactive materials;

Production or trade in pharmaceuticals subject to international phase outs or bans;

Any business relating to pornography or prostitution;

Quarries, mining, or processing of metal ores or coal;

Diamond trading without Kimberley Certification;

Non-licensed Offline Gambling/Betting/Casino/Horse Racing/Bingo/Sports Betting;

Non-licensed Online Casino/Online Poker/Online Gambling/Online Betting/Prize Draws/Gift Cards/Any form of Lottery/Scratch cards;

Drug trafficking including chemicals used to manufacture synthetic drug or drugs;

9. TRANSACTION MONITORING

Transaction monitoring is an essential aspect of effective KYC procedures. GLACIX FINANCE SOLUTION LTD. aims to effectively control and reduce the risk by having an understanding of normal and reasonable account activity of all customers, to ensure transactions which fall outside the regular pattern of an account’s activity can be identified. The extent of the monitoring is risk-sensitive by establishing limits for all accounts, with particular attention paid to transactions which are declined or exceed these limits.

Certain transactions may raise an alert to unusual or suspicious activities (see suspicious activity reporting policy). These may include transactions that do not appear to make economic or commercial sense, or that involve large amount transfers which are not consistent with the normal and expected transactions of the customer.

Intensified monitoring is conducted for accounts deemed to be of a higher risk. A risk assessment will be conducted, taking into account the background of the customer, such as the country of origin and source of funds, the type of transactions involved, and other risk factors. For higher risk accounts:

➢ GLACIX FINANCE SOLUTION LTD. ensures that adequate management information systems are in place to provide senior managers and compliance with timely information needed to identify, analyse and effectively monitor higher risk accounts.

➢ GLACIX FINANCE SOLUTION LTD. has a clear policy and internal guidelines, procedures and controls and remains especially vigilant regarding business relationships with PEPs, high profile individuals or with any persons that are clearly related or associated to a PEP. As all PEPs may not be identified initially and since existing customers may subsequently acquire a PEP status, regular reviews will be conducted periodically.

Enhanced Due Diligence Limits for Individual/Corporate customers are as follows;

➢ 5,000 CAD in one-off Transaction by any individual customer and or accumulative in period of 360 days exceeds 30,000 CAD

➢ All Transaction of Corporate customer are subject to Monitoring and approval of MLRO/NO, Enhanced Due Diligence will be carried in case Corporate customer exceeds the Transaction Limits (Count/Volume) as specified at on-boarding stage.

10. SUSPICIOUS ACTIVITY REPORTING

What is Suspicious Activity:

“Suspicious activity” is a difficult concept to define because it can vary from one transaction to another based upon on all the circumstances surrounding the transaction, or group of transactions. However in general suspicious transactions refers to any transaction or group of transactions about which doubts arise with the registered person concerning their link to money laundering and terrorist financing through their unusual size, repetition, nature, conditions and circumstances surrounding them, their unusual pattern that does not involve a clear economic objective or an obvious legal purpose, if the activities of the persons involved in the transaction(s) do not conform with their normal activities. For example, transactions by one customer may be normal because of your knowledge of that customer, while similar transactions by another customer may be suspicious.

In brief, the factors involved in determining whether transactions are suspicious, including the amount, the location of your business, comments made by your customer, the customer’s behavior etc. A good rule to follow is that if a transaction is inconsistent with the business or personal circumstances of a customer and there is no reasonable explanation for the inconsistency, then it may be suspicious. Just because a customer appears on the suspect list it does not mean that he/she is involved in illegal activity. It only means that such transaction requires closer scrutiny.

What is Suspicious Activity Reporting:

The Suspicious Activity Report is a tool for identifying and reporting transactions that could be related to money laundering or terrorist financing. You need to refer any transactions you consider suspicious to “GLACIX FINANCE SOLUTION LTD.” by:

▪ Completing a Suspicious Activity Report Manual/Electronic form for any transaction or pattern of transactions – completed or attempted – that is suspicious.

▪ Faxing the completed Manual form to “GLACIX FINANCE SOLUTION LTD.” or to your local Regulator if required by law as soon as the suspicious activity is discovered

The JMLSG guidance explains the core obligations of receiving and reporting of suspicious activity

▪ All staff must raise an internal report where they have knowledge or suspicion, or where there are reasonable grounds for having knowledge or suspicion, that another person is engaged in money laundering, or that terrorist property exists

▪ The firm’s nominated officer (or their appointed alternate) must consider all internal reports

▪ The firm’s nominated officer (or their appointed alternate) must make an external report to the National Crime Agency (FINTRAC) as soon as is practicable if he considers that there is knowledge, suspicion, or reasonable grounds for knowledge or suspicion, that another person is engaged in money laundering, or that terrorist property exists

▪ The firm must seek consent from the FINTRAC before proceeding with a suspicious transaction or entering arrangements

▪ Firms must freeze funds if a customer is identified as being on the Consolidated List on the HM Treasury website of suspected terrorists or sanctioned individuals and entities, and make an external report to HM Treasury

▪ It is a criminal offence for anyone, following a disclosure to a nominated officer or to the FINTRAC, to do or say anything that might either ‘tip off’ another person that a disclosure has been made or prejudice an investigation

▪ The firm’s nominated officer (or their appointed alternate) must report suspicious approaches, even if no transaction takes place

▪ Actions required, to be kept under regular review

▪ Enquiries made in respect of disclosures must be documented

▪ The reasons why a Suspicious Activity Report (SAR) was, or was not, submitted should be recorded

▪ Any communications made with or received from the authorities, including the FINTRAC, in relation to a SAR should be maintained on file

▪ In cases where advance notice of a transaction or of arrangements is given, the need for prior consent before it can proceed should be considered

Persons in the regulated sector are required to make a report in respect of information that comes to them within the course of a business in the regulated sector:

▪ where they know or

▪ where they suspect or

▪ where they have reasonable grounds for knowing or suspecting

That a person is engaged in, or attempting, money laundering or terrorist financing. Within this guidance, the above obligations are collectively referred to as “grounds for knowledge or suspicion”.

B. SUSPICIOUS INDICATORS

The following lists are provided for staff as an aid to whether a particular transaction may be suspicious. The list is not limited to and staff & Agents should consider all the circumstances of a particular transaction before deciding whether to report any issues to the MLRO.

New customers and occasional or “one-off” transactions:

▪ Checking identity is proving difficult.

▪ The customer is reluctant to provide details of their identity.

▪ There is no genuine reason for the customer using the services of an MSB ▪ A transaction is unusually large.

▪ The customer does not disclose the source of funds.

▪ The explanation for the business and/or the amounts involved is not credible.

▪ A series of transactions are structured just below the regulatory threshold for due diligence identity checks.

▪ The customer has made an unusual request for collection or delivery.

▪ Transactions having no apparent purpose, or which make no obvious financial sense, or which seem to involve unnecessary complexity.

▪ Unnecessary routing of funds through third parties.

For Regular and established customers.

▪ The transaction is different from the normal business of the customer.

▪ The size of frequency of the transaction is not consistent with the normal activities of the customer.

▪ The pattern of transactions has changed since the business relationship was established.

▪ Money transfers to high-risk jurisdictions without reasonable explanation, which are not consistent with the customer’s usual foreign business dealings.

▪ Sudden increases in the frequency/value of transactions of a particular customer without reasonable explanation.

▪ Examples where customer identification issues have potential to indicate suspicious activity.

▪ The customer refuses or appears reluctant to provide information requested.

▪ There appears to be inconsistencies in the information provided by the customer.

▪ The customer’s area of residence is inconsistent with other profile details such as employment.

▪ An address appears vague or unusual.

▪ The supporting documentation does not add validity to the other information provided by the customer.

▪ The customer is in a hurry to rush a transaction through, with promises to provide the information later.

Examples of activity that might suggest to staff that there could be potential terrorist activity:

• The customer is unable to satisfactorily explain the source of income.

• Frequent address changes.

• Media reports on suspected or arrested terrorists or groups.

Below are some indications of suspicious behaviour for customers paying through online means:

• Having access to multiple number of cards compared to a normal customer

• IP difference

• AVS failure

• Provided contact details not correct or not reachable

• Changing address details per card usage

• Changing beneficiaries

• Ethnic difference between payer and sender

• Suspicion code issuance by the service provider

• 3d security status not being fully authenticated.

C.PROCEEDURE FOR REPORTING SUSPICIOUS CIRCUMSTANCES

Any member of staff, who is suspicious that a transaction may involve money laundering or who becomes aware in the course of their work that someone else is involved in money laundering, must make a disclosure to the MLRO using the report form, by mean of email or using system.

Upon receipt of the Internal SAR by the MLRO, he will then decide what is to be done as a result of the report, e.g., whether the matter must be reported to the FINTRAC or not, or further enquiries made and record its decision and the reason for it on the report form on the Database. The member of staff concerned must be informed of the decision and the reasons for it.

If the matter is referred to the FINTRAC the MLRO or his deputy will be responsible for completing the FINTRAC report form and discussing with the reporting member of staff how matters with the client/transaction are to be conducted from that stage.

In accordance with the tipping off provisions, the report must not be discussed with the customer.

11. AML/CTF TRAINING OF STAFF

Training is given to all staff members upon commencement of taking on the money transfer service and on regular occasions afterwards (at least once a year). Training covers the following issues:

▪ The law relating to financial crime

▪ Risks associated with the financial crime threat to the company

▪ Identity and responsibilities of the MLRO/Nominated Officer

▪ Internal policies and procedures put in place

▪ Customer Due Diligence/Enhanced due diligence monitoring measures

▪ Suspicious activity – what to look out for

▪ How to submit an internal Suspicious Activity Report to the MLRO

▪ Record-keeping requirement

The MLRO/Nominated Officer will take appropriate measures to keep a log of all training which is provided to staff members – a sample of the training log is attached in the appendix.

All staff will be required to sign the training log where required to confirm that they have received training.

The MLRO/Nominated Officer will circulate to all staff other material to heighten awareness of anti-financial crime issues.

Where possible, MLRO/Nominated Officer will arrange for external trainings for the staff and a record will be kept of the training material and results.

12. RETENTION OF RECORDS

General Legal Requirements

We will only be successful in demonstrating our compliance with the requirements of the regulations through keeping evidence and records of:

▪ Due diligence checks made and

▪ Information held on customers and transactions.

These records are crucial in any subsequent investigation by FIU, the police or other Supervisory Authority in the EU host state. They will enable the business to produce a sound defence against any suspicion of involvement in money laundering or terrorist financing, or charges of failure to comply with the Regulations.

The records that must be kept

The records that must be kept are:

▪ A copy of, or the references to, the evidence of the customer’s identity obtained under the customer due diligence requirements in the Regulations. Clear copies of the forms of identification presented by customers, or a record of where they can be obtained, should be retained.

▪ The supporting evidence and records in respect of the business relationships and occasional transactions which are the subject of customer due diligence measures or on-going monitoring. Records must be kept and should include the name and address of the customer.

In relation to the evidence of a customer’s due diligence “GLACIX FINANCE SOLUTION LTD.” must keep the following records:

• All copies of documents accepted and verified as evidence for conduct of due diligence and

• All other References to the evidence of customer’s identity

• Transaction and business relationship records including evidence of the customers’ source of fund (including account files, relevant business correspondence, daily log books, receipts, cheques etc.) should be maintained in a form from which a satisfactory audit trail may be compiled, and which may establish a financial profile of any suspect account or customer.

How long the customer due diligence records must be kept?

Evidence of customer’s identity records must be kept for minimum of five years beginning from the end of the year during which the date of completion of the transaction or the termination of the business relationship occurred.

The same retention period applies to records of transactions (whether undertaken as occasional transactions or part of a business relationship).

In what format must the records be kept?

Records may therefore be kept:

▪ By way of original documents

▪ By way of good photocopies of original documents

▪ In scanned form

▪ In computerized or electronic form.

It must be ensured, however, that the data stored electronically is consistent with the original document.

13. INDEPENDENT REVIEW OF THE ANTI-MONEY

LAUNDERING PROGRAM

At least once in every two years “GLACIX FINANCE SOLUTION LTD.” will appoint an internal or external reviewer to conduct independent review of its AML program

The review will cover the testing of the following area:

• Documented AML and Sanctions Screening Policies and Procedures

• Enterprise Wide AML Risk Assessments

• Senior Management/Board Approval of AML Program

• How the business ensures that it holds the appropriate authorizations and abides by local laws both where it has an on the ground presence and where it conducts business on a reach-in basis?

• Customer KYC/CDD and EDD Onboarding and Refresh Processes – Test Customer Files. If company adopts Machine Learning KYC ID&V, test escalation process for clients who do not pass ID&V.

• Customer Risk Scoring – Review of Methodology and Risk Matrices

• Transaction Monitoring System – Review of Methodology

• Transaction Monitoring – Alert Process – Testing of Actions on Alerts

• Transaction Monitoring - Review of QA process relating to discounting of Alerts

• Suspicious Activity monitoring, escalation, and reporting (SAR)

• Sanction and PEP Screening and Escalation Process

• Sanctions Screening System – Testing of Fuzzy Logic and List Maintenance

• Ongoing Monitoring Process – (Sanctions and Negative News) Testing

• AML system controls and data integrity

• Third Part Payment Process Policy Review and Testing

• Suspicious Activity Reporting Process - Testing

• AML Training – Program and Oversight Process

• Record keeping/retention

Management and key officers to be interviewed, including:

• Accountable Executives for awareness and responsibilities in the AML control Process

o AML Officer

o Compliance Team Leaders

• Business Leads and Support Unit Heads

• Front office management for AML Procedures and Customer Onboarding

• Operational Heads responsible for AML/Sanctions Screening controls

• IT Head for AML/Sanctions Screening operational system controls (transaction monitoring, customer information)

• Quality and Assurance Teams

• AML Compliance Committee and members

Scoping must ensure:

▪ Coverage of the entire AML/Sanctions Screening Program, while also being

▪ Risk based to allocate the independent reviewer’s time and staff resources to areas of greater risk and heavier testing of internal controls

For the complete AML/CTF Policy document, please contact us at compliance@glacix.io

© 2026 Glacix Finance Solution Ltd. All rights reserved. This document is proprietary and confidential.