AML & Risk Control Policy

This AML and Risk Control Policy describes the measures implemented by ExcaliburHQ B.V. ("Company") to prevent misuse of the ForestLaunch platform for:

• Money laundering
• Terrorist financing
• Sanctions evasion
• Fraudulent or unlawful activity

ForestLaunch is a non-custodial, accountless blockchain software platform. Risk controls are implemented at the service access and infrastructure level, rather than through traditional account-based KYC procedures.

• Does not require user accounts
• Does not custody digital assets
• Does not process fiat payments
• Does not act as an exchange, broker, or financial intermediary
• Provides technical tools via smart contracts on public blockchains

Users interact directly with blockchain infrastructure using their own wallets.

The Company provides software services only and does not perform regulated financial services requiring licensing under Dutch or EU financial supervision regimes. The Company voluntarily applies proportionate AML risk controls aligned with its operational model.

• Geographic access controls
• Sanctions screening
• Blockchain monitoring
• Abuse detection mechanisms
• Service-level restriction capabilities

The Platform is not available to individuals or entities located in, incorporated in, or acting on behalf of persons located in comprehensively sanctioned jurisdictions, including but not limited to:

• North Korea
• Iran
• Syria
• Cuba
• Russia (to the extent restricted under EU sanctions)

Sanctions frameworks considered: European Union, United Nations, and U.S. OFAC sanctions lists.

User location is determined via IP-based detection, technical fingerprinting, and VPN/proxy detection mechanisms.

Users may not use VPNs, proxies, Tor, or similar tools to conceal location, attempt to bypass sanctions or geographic restrictions, or access the Platform on behalf of restricted persons.

Where circumvention is detected, the Company may block access, disable interaction with smart contract interfaces, or restrict API/frontend access.

Where prohibited or suspicious activity is detected, the Company may:

• Block IP ranges
• Restrict frontend access
• Disable promotional visibility tools
• Prevent further interaction with platform-controlled infrastructure
• Implement smart contract-level safeguards where technically feasible

Although no standard KYC is conducted, the Company reserves the right to request additional information where there is credible suspicion of unlawful activity, a token launch raises fraud indicators, regulatory exposure increases, or legal requests are received. Failure to cooperate may result in permanent restriction of service access.

The Company may review public blockchain data, wallet interaction patterns, links to sanctioned wallet addresses, and activity associated with known illicit actors. Monitoring is limited to publicly available blockchain information and technical interaction logs.

If suspected unlawful conduct is identified, the Company may restrict access, preserve relevant technical records, and report to competent authorities where required or appropriate.

• Corporate governance
• Platform access logs
• Security investigations
• Compliance decisions

AML oversight is conducted by senior management. Compliance measures are proportionate to the risk profile of the business model.

This Policy may be updated to reflect regulatory developments, risk landscape changes, or modifications to the Platform. The latest version will be published on the Platform.