Measures to prevent money laundering, terrorist financing, fraud, sanctions violations, and misuse of the ecosystem.
This AML/CTF Policy describes the measures applied by INNOVAPPSOFT LLC to prevent its platforms, including KeyCard BBM, KeyPay, KeyCoin, and KeyStore, from being used for money laundering, terrorist financing, fraud, control evasion, sanctions violations, service abuse, or any illegal activity.
INNOVAPPSOFT LLC applies measures to prevent misuse of its services for money laundering, terrorist financing, fraud, control evasion, sanctions violations, or any illegal activity.
Our approach is risk-based and aligned with compliance, security, fraud prevention, transaction monitoring, identity verification, and internal control practices.
Use of our services means acceptance of this policy and the applicable security and compliance controls.
This policy applies to all users, accounts, operations, services, and products within the INNOVAPPSOFT LLC ecosystem.
It includes KeyCoin operations, internal transfers, P2P operations, top-ups, KeyStore purchases, gift cards, payments, third-party provider integrations, KYC checks, and any other related service.
It also applies to registrations, access, attempted use, account changes, technical activity, devices, IP addresses, geolocation, connection methods, and behavior within the platform.
We continuously evaluate the risk of users, accounts, devices, and transactions.
We may consider factors such as transaction volume and frequency, source and destination of funds, payment method, country, jurisdiction, geolocation, device, activity history, unusual behavior, account relationships, use of high-risk services, and technical signals associated with fraud or evasion.
We may apply additional controls at any time when an account, user, transaction, device, IP, or activity pattern shows risk indicators.
We may require identity verification at any time, before or after enabling specific features.
Verification may include official documents, selfie, biometric validation, date of birth, country, additional user information, device validation, IP review, and checks through third-party providers such as Didit or other authorized services.
Failure to verify, or providing false, incomplete, altered, inconsistent, or unverifiable information, may result in feature restrictions, temporary transaction holds, transaction rejection, account suspension, or account closure.
We may also request additional information to evaluate source of funds, transaction purpose, relationship with third parties, business activity, transaction history, or any data necessary to complete a compliance review.
All transactions may be monitored through automated systems, internal controls, and manual reviews.
Red flags include unusual activity compared with the user profile, high volume over short periods, structured transactions, repetitive patterns, use of multiple related accounts, frequent payment method changes, rapid conversion between value methods, unauthorized triangulation, or attempts to evade limits and controls.
We may also review transactions related to crypto assets, payment processors, P2P, gift cards, top-ups, digital purchases, external services, integrated APIs, and any other value flow within or outside the ecosystem.
Monitoring may include account data, transaction history, IP, device, approximate location, payment method, internal identifiers, browsing behavior, technical logs, and signals provided by third-party providers.
The use of VPNs, proxies, Tor, anonymous networks, IP-hiding services, data center IPs, manipulated connections, modified devices, or any mechanism intended to hide, falsify, or modify the user’s location, technical identity, true origin, or behavior is prohibited.
The use or attempted use of these tools may trigger automatic blocks, manual review, feature limitations, transaction rejection, temporary holds, account suspension, or account closure.
Access from inconsistent locations, frequent IP changes, abuse-reported IPs, technical patterns associated with anonymization, simultaneous use from multiple regions, or any attempt to evade security controls may also be treated as risk indicators.
We reserve the right to reject, cancel, pause, review, or block transactions when there is reasonable risk, inconsistency, violation of this policy, or signs of prohibited activity.
We may also limit features, block access, request additional information, temporarily hold operations, suspend accounts, close accounts, restrict payment methods, or prevent the use of certain services depending on the level of risk detected.
These measures may be applied without prior notice when necessary to protect the system, users, third-party providers, the integrity of the ecosystem, or to comply with legal, regulatory, contractual, or security obligations.
An internal review does not guarantee that a transaction will be approved. If risk cannot be mitigated or the provided information is insufficient, the transaction may be rejected or the account may remain restricted.
We do not allow the platform to be used by persons, entities, jurisdictions, addresses, accounts, services, or activities linked to economic sanctions, terrorist financing, money laundering, fraud, organized crime, or other illegal activity.
We may apply controls related to sanctions lists, restricted jurisdictions, geolocation, risk signals, third-party provider information, and applicable legal obligations.
Transactions or accounts related to restricted persons, entities, jurisdictions, addresses, services, or patterns may be blocked, rejected, held, closed, reported, or subject to additional review where appropriate.
The list of restrictions may change without prior notice according to internal risk, applicable laws, third-party providers, international sanctions, or compliance criteria.
A transaction may be considered high risk because of its amount, frequency, origin, destination, payment method, user history, associated behavior, relationship with other users, or connection with external services.
High-risk transactions may require manual review, additional documentation, identity validation, source-of-funds analysis, verification of transaction purpose, review of prior activity, or third-party validation.
When exchanges, payment processors, top-up providers, KYC providers, external APIs, gift card services, or other third parties are involved, the transaction may also be subject to their own review, compliance, blocking, refund, or resolution timelines.
INNOVAPPSOFT LLC does not control third-party internal processes, decisions, holds, or resolution timelines.
We may reject or block transactions originating from platforms, wallets, services, accounts, IPs, payment methods, or sources considered high risk for AML, fraud, abuse, or compliance.
This may include unregulated services, sanctioned entities, fraud-related accounts, tools designed to hide the origin of funds, mixers, anonymization services, abuse-reported sources, suspicious IPs, compromised payment methods, or activity incompatible with our policies.
We may also block transactions linked to illegal activity, unauthorized markets, third-party identity use, unauthorized triangulation, promotion abuse, price manipulation, document falsification, or any conduct that puts the ecosystem at risk.
The list of restricted services, sources, and patterns is dynamic and may change at any time.
Users must not use the platform for money laundering, terrorist financing, fraud, sanctions evasion, scams, promotion abuse, unauthorized operations, impersonation, third-party account use, sale or transfer of accounts, location manipulation, or control evasion.
Users are also prohibited from using the platform to hide the origin or destination of funds, structure transactions to avoid controls, operate on behalf of third parties without authorization, provide false information, or use altered documents.
Any attempt to interfere with security systems, monitoring, verification, limits, geolocation, device validation, or internal controls may result in immediate blocking, suspension, or account closure.
Users must provide true, complete, and updated information.
Users are responsible for complying with the laws applicable in their jurisdiction, keeping their account secure, not sharing credentials, not allowing third parties to use their account, and not using the platform for illegal or unauthorized activities.
Violation of this policy may result in feature limitations, loss of access, transaction cancellation, temporary holds, suspension, or permanent account closure.
We may preserve, review, and share information with competent authorities, third-party providers, authorized entities, or necessary parties when required by law, legal process, valid investigation, contractual compliance, or reasonable signs of illegal activity.
Shared information may include account data, identity, KYC, transactions, devices, IP addresses, approximate geolocation, logs, activity history, payment methods, account relationships, and any other data necessary to comply with legal, security, or compliance obligations.
We may also preserve information when necessary to investigate fraud, prevent harm, respond to disputes, protect users, comply with AML/CTF obligations, or enforce our terms and policies.
We may retain information related to identity, activity, operations, devices, verifications, internal reviews, risk signals, and AML/CTF controls for as long as necessary to operate the service, resolve disputes, prevent fraud, comply with legal obligations, or protect the ecosystem.
Deleting, suspending, or closing an account does not necessarily mean immediate deletion of information that must be retained for legal, regulatory, accounting, security, fraud prevention, or compliance reasons.
Compliance records, transactions, KYC checks, risk reviews, and technical signals may be retained even after the relationship with the user ends when necessary.
Some services may depend on third-party providers such as payment processors, KYC providers, top-up providers, gift card services, exchanges, APIs, anti-fraud systems, or other third parties.
These third parties may apply their own compliance controls, reviews, limits, rejections, holds, refunds, information requests, and resolution timelines.
INNOVAPPSOFT LLC may depend on the information, decisions, or timelines of such providers to complete, pause, review, reject, or release certain operations.
INNOVAPPSOFT LLC may modify this AML/CTF Policy at any time to adapt it to legal, regulatory, operational, technical, security, compliance, or risk changes.
Changes take effect once published on this page or from the moment indicated by the platform.
Continued use of the services after an update is published means acceptance of the current version of this policy.
Our team is ready to help. Reach out through official channels or by email.
