XBase Unified Terms and Conditions
Effective Date: 15.12.2025
This Master Agreement governs the relationship between XBase Group, its affiliates, subsidiaries, and licensed partners, as listed in Annex L (XBase Group – Entities and Licensed Partners) to this Agreement ("XBase", "we", "our", or "us") and each client, merchant, trader, platform user, or integration partner ("Client", "you", or "your") that accesses or uses any product, service, or interface offered by XBase. These Terms and Conditions ("Agreement") are intended to provide comprehensive governance over all operational, commercial, compliance, and technical aspects of XBase’s global service offering.
The document is structured in the following three parts:
Part A – General Terms: Legal provisions applicable to all XBase Clients and Services.
Part B – Service-Specific Schedules: Product-specific legal modules covering Banking, OTC, POS, Checkout, FX, White Label, and APIs.
Part C – Annexes: Operational, technical, pricing, risk, and compliance policies incorporated by reference.
Clients are expected to read this Agreement carefully and ensure full understanding of their obligations and entitlements. This document may be supplemented or modified by specific Service Orders, Platform Contracts, or Partnership Frameworks executed by the parties, and shall govern all aspects of the Client relationship unless expressly superseded by a negotiated instrument.
Certain Services described in this Agreement may not yet be available to any or all Clients. The inclusion of such Services reflects XBase’s intended service roadmap and shall not constitute an offer or representation that such Services are currently operational or available to the Client.
1. Interpretation and Definitions
1.1 Interpretation Rules Unless the context otherwise requires:
Headings are for reference only and do not affect interpretation;
The singular includes the plural and vice versa;
A reference to a document includes any amendments, supplements, or replacements thereto;
“Including” or “such as” shall be interpreted as “including without limitation.”
1.2 Defined Terms. Capitalized terms used throughout this Agreement shall have the meanings set out in Annex K – Definitions, unless expressly stated otherwise in a specific Schedule or Annex.
2. Agreement Formation and Applicability
2.1 Binding Nature of Agreement. This Agreement constitutes a binding legal contract between XBase and the Client. By accepting this Agreement, executing a Service Order, or accessing any part of the Services, the Client acknowledges that it has read, understood, and agreed to be bound by these Terms. In the event the Client accesses multiple services (e.g., Banking, POS, FX, and OTC), the entire Agreement and all applicable Schedules and Annexes shall govern the relationship.
2.2 Electronic Acceptance. The Client may accept this Agreement by:
Clicking to accept or agree through an online registration form or platform interface;
Executing a Service Order that references these Terms;
Continuing to use the Services after being notified of updates to the Terms. No handwritten signature is required unless expressly agreed or required by law.
2.3 Hierarchical Precedence. In the event of conflict or inconsistency:
The terms of a Service Order or signed Master Services Agreement (MSA) shall prevail over this Agreement;
The body of this Agreement (Part A) shall prevail over Schedules (Part B), unless a Schedule explicitly states otherwise;
The Schedules (Part B) shall prevail over the Annexes (Part C) in case of conflict related to service-specific procedures or limitations.
2.4 Incorporation of Schedules and Annexes. All Schedules and Annexes referenced in this Agreement form an integral part of the Agreement. Use of a specific Service constitutes agreement to the relevant Schedule and its provisions. Where a Client subscribes to or activates a new Service, the relevant Schedule shall automatically apply.
2.5 No Exclusivity or Minimum Commitment. Unless expressly stated otherwise in a Service Order/ Order Form or MSA, the Agreement does not grant the Client exclusivity or impose minimum usage commitments. XBase may offer Services to other clients, including those in similar sectors or jurisdictions.
2.6 Client Category and Access Rights. XBase may categorize Clients into service tiers (e.g., Standard, Business, Enterprise) based on volume, integration, or risk classification. Access to certain Services, features, or support channels may depend on the Client’s tier, jurisdiction, or onboarding status.
2.7 Amendments and Future Versions. XBase may amend this Agreement at any time. Changes will take effect 30 days after publication or notification unless a shorter notice period is required by law or for urgent regulatory compliance. Continued use of the Services after the effective date of changes constitutes acceptance.
2.8 Language and Translation. This Agreement is written and interpreted in English. If translated versions are provided for convenience, the English version shall prevail in the event of any inconsistency.
2.9 Governing Scope. This Agreement governs all aspects of the Client’s use of XBase’s Services, whether provided directly by XBase or through third-party integrations, affiliates, or white-label structures, unless a separate agreement states otherwise in writing.
3. Eligibility and Client Onboarding
3.1 Eligibility Criteria. To access XBase Services, the Client must meet the following eligibility requirements:
Be a legally incorporated entity, partnership, trust, or other recognized business form, with a valid legal presence and up-to-date corporate records;
Have full legal capacity to enter into and perform its obligations under this Agreement in accordance with the laws of the jurisdiction in which it is established and operates;
Be engaged in lawful, ethical, and transparent business activities, subject to evaluation under XBase’s internal risk classification and activity matrix, including reputational risk review;
Not be subject to any sanctions, restrictions, or prohibitions issued by OFAC (U.S.), the EU, the UK (OFSI), Canada (OSFI), Lithuania (FCIS), the United Nations Security Council, or any other competent national or supranational authority;
Not be located in, established under, or maintaining business operations within any high-risk or non-cooperative jurisdiction identified by FATF, or designated as such under XBase’s internal jurisdictional risk framework (refer to Annex E);
Not have been previously terminated or suspended by XBase or any of its affiliates for breach, compliance violations, or misconduct.
3.2 Onboarding Procedure. All Clients must undergo and complete XBase’s onboarding process before any access credentials, account provisioning, or service activations are permitted. The onboarding procedure may include, but is not limited to:
Completion and signing of a full Client Application Form, which may include commercial declarations, corporate history, and beneficial ownership chart;
Submission of required legal documents, which may include Certificate of Incorporation, Articles of Association, recent Certificate of Good Standing, or equivalent documentation as recognized by Client’s local authority, and official company registry extract;
Provision of certified or non-certified copies of identity documents and address verification for directors, shareholders (above threshold), and authorized signatories;
Description and supporting documentation regarding the Client’s business model, anticipated use of services, transaction flows, average and peak monthly volumes, primary and secondary counterparties, and operational footprint;
Explicit acceptance of service-specific schedules, confirmation of technical integration (if applicable), and acknowledgment of XBase’s Acceptable Use Policy and any applicable local requirements (e.g., VAT registration, PCI-DSS declarations for merchants).
3.3 Risk-Based Assessment. XBase applies a structured, multi-layered due diligence approach under which each Client is categorized and onboarded using a risk scoring methodology. This approach takes into account:
Legal form, jurisdiction of registration, and tax transparency rating;
Nature, complexity, and regulatory classification of business activities (including whether regulated by any competent authority);
Volume, frequency, and diversity of services requested (e.g., FX conversion, SWIFT outbound, POS merchant settlements);
Sector-specific risk (e.g., gambling, cryptocurrency, remittance) and vulnerability to fraud, sanctions, or PEP exposure;
Historical, adverse media records, and connection to offshore or bearer share structures.
3.4 Enhanced Due Diligence (EDD). XBase will apply an Enhanced Due Diligence (EDD) layer, which may involve additional verification steps based on factors such as jurisdictional risk, client risk scoring, and the nature of services requested, including but not limited to:
Additional verification via third-party compliance tools and screening databases (e.g., SumSub, which leverages the ComplyAdvantage database;
Collection of audited financial statements, tax clearance certificates, source of wealth/funds declarations and evidence of local business activity or economic substance;
Recorded or written interviews with C-level management or controlling shareholders to clarify business practices and policies, where applicable based on jurisdictional requirements;
Collection and verification of transactional or counterparty-level data from previous banking or payment providers;
Obtaining references or verification from regulators, auditors, legal counsel, or other qualified professionals.
3.5 Ongoing Monitoring and KYC Refresh. XBase continuously monitors Client activity throughout the business relationship. Clients shall:
Cooperate with regular KYC refresh cycles, including full document re-verification on a periodic basis based on client risk profile (typically: High Risk - 12 months, Medium Risk – 24 months, Low Risk – months) or in response to a triggering event;
Promptly report material changes in ownership, control, line of business, or geographic presence;
Provide explanatory documents, transaction contracts, invoices, and other materials for transactions flagged as inconsistent, high value, or unusual;
Undergo reassessment following regulatory changes, internal policy updates, or exposure to new risk indicators.
3.6 Right to Decline or Terminate. XBase reserves the absolute right to:
Decline any onboarding application at its sole discretion without the obligation to provide a rationale or justification, except where required by law;
Interrupt onboarding at any stage for cause, including where red flags arise, risk scores are exceeded, or suspicious behavior is detected;
Reassess and suspend existing accounts where Clients become ineligible or refuse to cooperate with periodic compliance audits;
Terminate all services and freeze accounts in accordance with Clause 13 (Suspension, Termination and Closure) of this Agreement.
3.7 Delegated or Partner Onboarding. In cases where XBase permits a third party (e.g., white-label provider, fintech platform, acquiring partner) to assist in onboarding, the Client acknowledges that:
All Client records and documentation will be subject to review and approval by XBase’s Compliance team;
The third party acts as a data collector or facilitator and does not bind XBase to approval unless expressly authorized;
XBase retains full discretion to modify, reject, delay, or escalate the onboarding irrespective of third-party representations;
Additional documentation or declarations may be requested to satisfy internal onboarding thresholds.
4. Client Representations and Warranties
4.1 General Representations. Upon entering into this Agreement and each time the Client accesses or uses any XBase Service, the Client makes the following representations and warranties:
It is duly organized, validly existing, and in good standing under the laws of its jurisdiction of incorporation or registration, and has not been the subject of any insolvency or dissolution proceedings;
It has full power, authority, and capacity to enter into this Agreement, perform its obligations, and carry out the transactions contemplated herein, and such execution has been authorized in accordance with its internal governance procedures;
The execution, delivery, and performance of this Agreement has been duly authorized and will not conflict with or result in a breach of any provision of its charter documents, any agreement, contract, or applicable law to which it is bound;
All information, documentation, and declarations submitted to XBase (including during onboarding, KYC refreshes, compliance investigations, or incident responses) are true, accurate, complete, and not misleading in any material respect;
The Client is not, and has not been, subject to any sanctions, regulatory investigations, financial crime allegations, or material litigation that would impair its eligibility or reputation for accessing the Services;
The Client maintains and will continue to maintain adequate internal systems of control, corporate compliance functions, financial recordkeeping, and decision-making protocols to ensure secure, lawful, auditable, and transparent use of the Services.
4.2 Ongoing Warranties. The Client undertakes and warrants that it shall, throughout the duration of its relationship with XBase:
Use the Services exclusively for legitimate business purposes and shall not resell, assign, sublicense, or provide access to third parties without express prior written consent from XBase;
Immediately notify XBase in writing of any material change in ownership structure, legal entity name, control, regulatory classification, or scope of operations;
Take all commercially reasonable steps to ensure that its Users and representatives with access to the Services are properly trained on the terms of this Agreement and applicable law, and that such Users do not misuse the Services or violate platform policies;
Maintain an information security program that includes appropriate physical, technical, and administrative safeguards to protect against unauthorized access, misuse, disclosure, or destruction of systems and data;
Comply with all applicable financial services laws, consumer protection rules, AML/CTF requirements, sanctions regimes, export controls, and data protection frameworks (including the GDPR and any applicable cross-border transfer mechanisms).
4.3 Tax and Regulatory Compliance. The Client acknowledges and warrants that:
It is fully responsible for identifying and fulfilling all tax obligations, including VAT, sales tax, withholding tax, and transaction reporting requirements arising from the use of the Services;
XBase shall not be liable for any failure by the Client to correctly calculate, remit, or declare taxes, and will not act as a tax advisor unless expressly engaged in that capacity by a separate agreement;
If the Client is subject to sector-specific licensing or registration requirements (e.g., for providing financial services, digital assets trading, remittance, or payment intermediation), it has obtained and shall maintain such authorizations at all times, and will disclose the same to XBase on request;
The Client shall indemnify XBase from any liabilities or losses resulting from failure to comply with its regulatory responsibilities, including fines, penalties, back taxes, and legal expenses.
4.4 Transaction Representations. Each time the Client submits a Payment Instruction, executes a trade, or initiates a transaction using the Services, the Client represents and warrants that:
It has all requisite rights, authorizations, and internal approvals necessary to initiate the transaction and designate beneficiaries, payment amounts, and currencies involved;
The transaction is not intended to facilitate, conceal, or support fraudulent activity, money laundering, tax evasion, market manipulation, or other financial crime;
The transaction is fully compliant with all relevant legal frameworks, regulatory guidelines, and the Acceptable Use Policy, and does not breach the rights of any third party or introduce reputational or compliance risk to XBase.
4.5 Indemnity for Misrepresentation. The Client agrees to defend, indemnify, and hold harmless XBase, its officers, directors, employees, affiliates, licensors, vendors, and agents from and against any liability, loss, damage, penalty, fine, cost, expense (including reasonable legal fees), or third-party claim arising out of or in connection with:
Any breach of the representations, warranties, or undertakings set out in this Section;
Any reliance by XBase on false, incomplete, outdated, or misleading information provided by or on behalf of the Client;
Any investigation, enforcement action, or third-party complaint triggered by the Client’s failure to comply with applicable law, provide necessary disclosures, or uphold its obligations under this Agreement.
5. Fees and Billing
5.1 General Pricing Structure. All Services provided by XBase are subject to fees as outlined in the applicable Service Order, Subscription Plan, or the published Fee Schedule (Annex A). Fees may include but are not limited to:
One-time account or platform setup fees;
Monthly or annual subscription and maintenance charges;
Per-transaction processing fees (e.g., incoming/outgoing payments, FX, OTC trades);
Platform usage charges (e.g., API requests, dashboard access, feature modules);
Investigation, amendment, or refund service fees;
Penalties for non-compliance, breach of thresholds, or manual intervention requests
Custom integration charges and service migration costs;
Regulatory pass-through costs incurred as a result of enhanced compliance or reporting obligations specific to the Client’s operations or jurisdiction.
5.2 Invoicing and Payment Terms. Unless otherwise stated in a Service Order:
Fees for recurring services (e.g., subscriptions) are invoiced monthly in arrears or annually in advance, based on usage and contracted entitlements;
Transactional and variable fees are invoiced on a rolling basis or deducted automatically from the Client's XBase account balance in real-time or at batch settlement intervals;
Invoices are due within seven (7) calendar days of issuance unless agreed otherwise in writing, and must be paid in full without set-off or counterclaim;
Fees are invoiced in the base currency of the account (e.g., EUR, USD, or GBP), or as specified per service line. Multicurrency billing is available only by separate agreement.
5.3 Currency, Exchange Rates, and FX Fees. Where fees or charges are applied in a currency other than the Client’s default settlement currency:
Currency conversions will be performed by XBase or its partners at the prevailing mid-market rate plus a pre-agreed spread in accordance with Annex B (FX Margin Policy);
The applicable exchange rate will be displayed in the client portal or invoice, and Clients may access historical rates and audit trails through their reporting dashboard;
The Client shall bear any associated risks of currency fluctuations between the invoice date and the actual date of settlement, unless otherwise covered by a separate FX hedging arrangement.
5.4 Taxes and Withholding
All fees are exclusive of applicable taxes, including VAT, GST, sales taxes, duties, and withholding taxes, unless expressly stated otherwise. XBase may apply local taxes in accordance with Client billing location and legal classification;
If any withholding or deduction is required by Applicable Law, the Client shall gross-up the payment such that XBase receives the full amount it would have received absent the deduction;
The Client is responsible for determining, collecting, reporting, and remitting all taxes applicable to its business transactions and financial flows through the Services.
5.5 Fee Changes and Notification
XBase may revise its Fee Schedule with at least thirty (30) days’ written notice via the platform, client portal, or email, accompanied by a summary of the material changes;
Urgent changes mandated by regulation, third-party partners, or risk management policies may be implemented with shorter notice, subject to proportionality and fairness;
Continued use of the Services after the effective date of any fee adjustment shall constitute deemed acceptance by the Client. The Client may terminate affected Services within ten (10) business days of notification without penalty if materially adversely impacted.
5.6 Disputed Charges
If the Client wishes to dispute an invoice or deduction, it must do so in writing within fifteen (15) calendar days of the billing date and must include supporting documentation and a detailed explanation;
Undisputed portions of an invoice must be paid on time and may not be withheld during dispute resolution;
XBase will investigate all bona fide disputes in good faith and respond with a determination or revised invoice within five (5) business days. Dispute resolution timelines may be extended with notice.
5.7 Late Payment Consequences
Overdue balances may incur interest at a rate of 1.5% per month or the maximum rate permitted by law, whichever is lower, calculated daily and compounded monthly;
Failure to pay on time may result in temporary service suspension, initiation of a service downgrade protocol, the disabling of API access, or the rejection of new Payment Instructions;
XBase may appoint a third-party collections agency or pursue legal remedies in the relevant jurisdiction. The Client shall be liable for all reasonable collection costs, including legal fees, court fees, and administrative expenses.
5.8 Deposit Requirements and Prepaid Balances
For certain Services or risk-rated Clients, XBase may require the Client to maintain a prepaid account balance, reserve fund, or collateral deposit against which fees and charges will be deducted automatically;
Clients may be required to replenish such balances within a specified timeframe following notification. Failure to top up the account balance may result in immediate service interruption, declined transaction requests, or account freeze.
5.9 Custom Pricing and Volume Discounts
Enterprise Clients or Clients operating under long-term commercial agreements, minimum volume commitments, or exclusive service usage mandates may be eligible for negotiated custom pricing tiers, rebates, or milestone-based commercial incentives;
Any such pricing structures must be agreed in writing in an executed Service Order, Addendum, or side letter, and are subject to annual review, audit rights by XBase, and revocation for breach or non-performance.
6. Platform Use and Security
6.1 Access Credentials and Authentication
XBase shall provide the Client with secure access credentials to its platform(s), including user logins, passwords, API keys, or multi-factor authentication (MFA) tokens as applicable. Credentials may be provided per user, per integration, or per service scope.
The Client shall maintain the confidentiality of all access credentials and ensure that such credentials are not shared, exposed, reused, or embedded in insecure environments (e.g., client-side code, public repositories).
The Client is solely responsible for all activity conducted through its account(s), including actions taken by Users, employees, contractors, affiliated agents, and third-party software using Client credentials.
Clients must promptly notify XBase of any unauthorized use, suspected compromise, or loss of credentials, and follow XBase’s incident containment procedures. Affected credentials must be rotated immediately following notification.
XBase may, in its sole discretion, revoke or rotate issued credentials if security concerns arise, including suspected token leakage, elevated threat levels, or violation of authentication best practices.
6.2 User Roles and Permissions
Clients may designate multiple Users with configurable access levels and security scopes, including (but not limited to) Administrators, Viewers, Finance/Operations, or API-Only roles. Role-based access control (RBAC) ensures that sensitive operations (e.g., payment approvals, credential creation) are segregated by function.
Administrator-level Users are responsible for configuring internal approval workflows, dual-control mechanisms (e.g., maker-checker protocols), role hierarchies, and audit log review policies.
The Client agrees to regularly review, audit, and update user permissions to ensure alignment with current organizational responsibilities and to immediately revoke access for any departed or deauthorized individuals.
Administrator Users may be required to re-verify their identity through a multi-factor or out-of-band challenge in order to approve critical actions or override risk-based controls.
6.3 Platform Availability and Maintenance
XBase shall use commercially reasonable efforts to maintain platform uptime in accordance with Annex F (Service Level Commitments), targeting a monthly availability of 99.9%.
Planned maintenance windows will be announced with reasonable prior notice, typically at least 24 hours, and scheduled during low-traffic or off-peak hours to minimize service disruption.
Emergency maintenance may be performed without prior notice where required to address urgent system integrity, cybersecurity vulnerabilities, regulatory risk, or data availability issues.
XBase may deploy patches, feature updates, new APIs, or interface improvements without requiring Client consent, provided these do not materially degrade functionality, data integrity, or compliance status. Material UI/UX or API versioning changes will be communicated in advance.
6.4 Data Security and Encryption
XBase maintains an enterprise-grade security program consistent with ISO/IEC 27001 standards and other applicable regulatory security frameworks. Measures include encryption of data at rest and in transit, secure credential vaults, access control policies, and incident response simulations.
Client data stored or processed within the XBase platform is logically segregated from other clients’ data. Access is restricted on a need-to-know basis and audited at both the infrastructure and application layers.
All data ingress and egress over public networks is protected with TLS 1.2 or higher. XBase does not support deprecated protocols and reserves the right to disable weak cipher suites without notice.
API integrations must be secured by transport encryption, authenticated using signed tokens or verified keys, and integrated only into secured server environments. Clients must never transmit PII, authentication tokens, or transaction instructions over unencrypted channels.
6.5 API and Third-Party Integrations
Clients integrating with the XBase API are responsible for ensuring adherence to official documentation, versioning compatibility, authentication rules, rate limits, and request formatting protocols.
API credentials are issued per Client or per integration scope and must be stored securely. Usage of client-side browser-based keys is strictly prohibited.
XBase reserves the right to throttle, suspend, or revoke API access for Clients who:
⚬ Cause measurable service degradation;
⚬ Exceed defined usage thresholds;
⚬ Implement insecure or abusive calling patterns;
⚬ Fail to patch known vulnerabilities in their connected systems.The Client is fully responsible for all API activity conducted using their credentials, including unintended or malicious transactions introduced by integrated vendors or subcontractors.
6.6 Audit Trails and Activity Logs
XBase retains comprehensive logs of Client activity on the platform, including login attempts, permission changes, API calls, transaction instructions, user provisioning events, and payment approvals.
Clients may access audit trails through their portal interface or request structured export (e.g., JSON, CSV) for reconciliation, compliance, or internal control purposes.
Log retention periods follow regulatory and operational guidelines and may be extended upon request for enterprise Clients with custom data policies.
6.7 Cybersecurity Events and Breach Notification
In the event of a data breach or cybersecurity event materially affecting Client data or platform usage, XBase will notify affected Clients without undue delay in accordance with applicable data protection laws.
The notification shall include:
⚬ Nature and scope of the incident;
⚬ Categories of data potentially affected;
⚬ Known or suspected causes;
⚬ Containment, mitigation, and remediation actions taken;
⚬ Client actions required or recommended;
⚬ Designated contact point for incident coordination.XBase shall cooperate with the Client’s own incident response efforts, law enforcement engagements, and regulatory reporting obligations.
6.8 Client Security Obligations
The Client must implement technical and organizational measures appropriate to the sensitivity of data and criticality of services, including:
⚬ Endpoint protection, firewalls, intrusion detection systems (IDS), and access controls;
⚬ Regular patching and hardening of systems and applications;
⚬ Strong password management and token rotation;
⚬ Limiting administrator access by principle of least privilege.The Client agrees not to:
⚬ Probe, scan, or test the vulnerability of the XBase systems or networks without prior written authorization;
⚬ Circumvent platform access controls, session handling mechanisms, or authentication flows;
⚬ Introduce malware, ransomware, backdoors, denial-of-service traffic, or unauthorized network sniffers;
⚬ Use scraping, mining, or automation tools in a manner that exceeds reasonable usage policies.
6.9 Termination of Access
XBase may suspend, limit, or revoke access to all or part of the platform at any time, without prior notice, where:
⚬ A security breach or breach attempt has occurred;
⚬ Continued access presents a compliance, reputational, or financial risk;
⚬ The Client fails to adhere to platform rules, security obligations, or contractual usage terms;
⚬ Required by a court order, regulator, or law enforcement agency.Where feasible, XBase will provide advance notice and an opportunity to remediate the issue prior to suspension.
7. Confidentiality
7.1 Confidential Information Defined. For the purposes of this Agreement, "Confidential Information" means any non-public, proprietary, competitively sensitive, or commercially valuable information, data, documentation, processes, technical knowledge, or material of any nature, disclosed or made accessible in any format (including verbal, written, electronic, magnetic, or digital) by one party (the "Disclosing Party") to the other party (the "Receiving Party") whether before or after the Effective Date, and regardless of whether it is marked or identified as confidential at the time of disclosure, provided that:
It is designated as confidential at the time of disclosure; or
It would reasonably be considered confidential or proprietary in the circumstances of disclosure, having regard to the nature of the information and the industry norms.
This includes but is not limited to:
Client-specific information including but not limited to banking data, KYC files, payment routing instructions, beneficiary information, trade volumes, pricing terms, margin profiles, technical integrations, source code, deployment settings, APIs, credentials, sandbox data, test accounts, and audit logs;
XBase internal and forward-looking documentation such as infrastructure design, risk mitigation strategies, revenue models, unreleased features, investor materials, pricing algorithms, licensing agreements, institutional relationships, dispute histories, and any notes or minutes generated from strategic calls or internal compliance discussions.
7.2 Obligations of Confidentiality. Each party agrees and undertakes that it shall:
Treat all Confidential Information received from the other party as strictly confidential and not disclose it to any third party except as expressly permitted herein;
Employ administrative, technical, and physical safeguards to protect the confidentiality and prevent unauthorized access, disclosure, copying, use, or modification of such information, including through system logging and access governance protocols;
Not use the Confidential Information for any purpose outside the scope of this Agreement, except with the express written permission of the Disclosing Party or as required by applicable law;
Ensure that any person or entity granted access to Confidential Information (e.g., subcontractors, consultants, auditors) is legally bound to protect it on terms no less stringent than those contained in this Agreement and are subject to regular access reviews.
7.3 Exclusions. Confidential Information shall not include information that:
Is or becomes generally available to the public other than through a breach of this Agreement;
Was rightfully known by the Receiving Party prior to its disclosure by the Disclosing Party without an obligation of confidentiality;
Is obtained by the Receiving Party on a non-confidential basis from a third party lawfully entitled to disclose it without restriction;
Is independently developed by the Receiving Party without use of, reference to, or reliance on the Confidential Information of the Disclosing Party, as demonstrable through written records and documentation maintained in the ordinary course of business.
7.4 Required Disclosures. If the Receiving Party becomes legally compelled to disclose Confidential Information by court order, subpoena, government mandate, or applicable law, it shall:
Provide the Disclosing Party with prompt written notice (to the extent permitted by law) to enable the Disclosing Party to seek a protective order, motion to quash, or other appropriate remedy;
Disclose only the minimum amount of Confidential Information required to comply with the legal obligation;
Use reasonable efforts to ensure that disclosed information is treated confidentially by the recipient (e.g., under court seal or confidentiality stipulation).
7.5 Return or Destruction. Upon the termination or expiration of this Agreement or upon written request of the Disclosing Party at any time, the Receiving Party shall:
Return or irreversibly destroy all Confidential Information in its possession or under its control (including data stored on backup systems or in email archives), and certify such destruction in writing;
Ensure the secure deletion of all Confidential Information from hosted environments or internal systems unless preservation is legally required by applicable data retention obligations;
Acknowledge that metadata, derived insights, or anonymized analytics developed in compliance with privacy and data protection rules shall not be considered Confidential Information if dissociated from the original data source.
7.6 Survival and Remedies
The confidentiality obligations of the Receiving Party shall survive termination or expiration of this Agreement for a period of five (5) years, or longer if required under data protection law, supervisory authority guidance, or where the Confidential Information qualifies as a trade secret;
In the event of actual or threatened breach, the Disclosing Party shall be entitled to seek interim or permanent injunctive relief, specific performance, or other equitable remedy before any competent court or arbitral forum without the need to post bond or demonstrate quantifiable monetary loss.
8. Data Protection and Privacy
8.1 General Commitment. XBase is committed to protecting the privacy, security, and integrity of all personal data and sensitive business information entrusted to it by Clients, Users, counterparties, and third-party service providers. XBase operates in compliance with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and any other national or international privacy laws applicable to the Client based on its jurisdiction, processing activities, or customer base. This commitment extends across all internal operations, system design, business partnerships, and vendor arrangements.
8.2 Roles of the Parties. For the purpose of data protection laws:
XBase generally acts as a Data Processor when processing personal data on behalf of Clients (e.g., payment instructions, end-user onboarding, transaction logs, or integration with the Client’s customer systems);
XBase acts as a Data Controller in relation to personal data that it collects for its own legitimate business purposes, including Client contact information, account credentials, platform usage logs, financial profiles, compliance scoring, and fraud prevention analysis.
Where applicable, a separate Data Processing Addendum (DPA) may be executed between the parties, which shall govern the roles, responsibilities, limitations, security standards, and permitted uses of personal data shared under this Agreement.
8.3 Categories of Personal Data Processed. XBase may process the following categories of personal data on behalf of or in relation to the Client:
Identification data (e.g., name, national ID/passport number, date of birth);
Contact data (e.g., registered address, email address, telephone number);
Business registration and financial data (e.g., VAT/tax IDs, bank account details, transaction references);
Authentication and access data (e.g., login history, device identifiers, IP addresses);
Usage and behavioral data (e.g., session duration, user preferences, browser configurations);
Regulatory and compliance data (e.g., AML/KYC declarations, risk scoring tags, sanction screening results, politically exposed person (PEP) status).
8.4 Purposes and Lawful Bases. XBase collects and processes personal data for a range of lawful purposes, including but not limited to:
Onboarding and verifying the identity of Clients and Users in accordance with legal obligations (e.g., AML, KYC);
Managing Client profiles, roles, credentials, and permissions within the XBase platform;
Executing and reconciling payments, transactions, FX conversions, and treasury operations;
Detecting, preventing, investigating, and mitigating fraud, abuse, regulatory breaches, data leakage, and unauthorized platform access;
Providing system-generated notifications, customer support, alerts, statements, and billing updates;
Conducting audits, transaction monitoring, dispute resolution, and service optimizations;
Supporting product development and usage analysis in aggregated or anonymized form;
Complying with legal obligations or fulfilling the Client’s legitimate interests, and in limited instances, processing on the basis of informed, revocable consent.
8.5 Data Sharing and Transfers. XBase may share or transfer personal data with:
Affiliates and group entities of XBase, where intra-group data flows are necessary for operations, support, or service localization;
Licensed banking and financial infrastructure partners who facilitate account provisioning, settlement, and reconciliation processes;
Regulated payment service providers (PSPs), card schemes, and payout agents involved in the transaction supply chain;
Professional advisers and service vendors (e.g., IT hosting, identity verification, risk scoring, legal counsel, auditors) who are bound by confidentiality and data protection terms;
Law enforcement agencies, regulatory authorities, tax agencies, courts, and dispute resolution bodies when required under Applicable Law.
Transfers of personal data to jurisdictions outside the EEA, UK, or other countries deemed to provide adequate protection shall be governed by Standard Contractual Clauses (SCCs), international data transfer agreements, binding corporate rules, or equivalent legal mechanisms. Clients may request additional documentation concerning such transfers.
8.6 Data Retention. XBase retains personal data in accordance with documented retention policies, regulatory timelines, and industry best practices. Retention durations are designed to:
Enable proper service provisioning and audit trail generation;
Meet the legal obligations of XBase and its regulated partners (e.g., AML rules);
Support investigations, dispute resolution, and claims management;
Satisfy data retention clauses included in applicable Schedules, Annexes, or Service Orders.
Meet the legal obligations of XBase and its regulated partners (e.g., AML rules);
Unless otherwise agreed or extended by contract, standard data retention periods for regulated financial information range from five (5) to seven (7) years following the last transaction or termination of the Client relationship.
8.7 Client Responsibilities. The Client agrees to:
Collect, process, and disclose personal data in accordance with applicable data protection and privacy laws;
Implement privacy notices, user disclosures, cookie consent banners (if applicable), and other transparency measures in a manner consistent with their obligations as a Data Controller;
Promptly inform XBase of any privacy inquiries, requests, complaints, or investigations that may impact shared data or XBase systems;
Cooperate with XBase to implement any required consents, consents withdrawals, or objection mechanisms necessary to fulfill the rights of data subjects.
8.8 Data Subject Rights. Subject to Applicable Law, data subjects may have the following rights in relation to their personal data:
Right to access their data and obtain a copy of their records;
Right to request correction or update of inaccurate or outdated data;
Right to erasure of data, subject to retention or compliance exceptions;
Right to restrict or object to processing based on specific legal grounds;
Right to receive their data in a structured, commonly used, and machine-readable format (data portability);
Right to withdraw consent, where consent has been the lawful basis for processing;
Right to file a complaint with the relevant data protection supervisory authority.
Requests to exercise these rights should be submitted to: dpo@xbase.digital. Where appropriate, XBase may refer the request to the Client (where XBase acts solely as Data Processor) or respond directly if acting as Data Controller.
8.9 Security Measures. XBase implements a comprehensive suite of technical and organizational security measures, including:
Encryption of personal data in transit and at rest using industry-standard algorithms;
Role-based access controls, logging, and real-time system monitoring;
Physical security controls at data center locations and device-level access management for staff;
Business continuity and disaster recovery procedures tested at scheduled intervals;
Internal employee privacy training, confidentiality policies, and background screening protocols;
Ongoing penetration testing, vulnerability assessments, and risk register updates.
8.10 Breach Notification. In the event of a data breach or any confirmed or suspected unauthorized access to personal data that materially impacts the Client or its Users:
XBase shall notify the Client promptly, and in any case within the timeframes required under Applicable Law;
The notification shall include the nature of the breach, categories of data affected, potential consequences, remedial actions taken, and contact details for follow-up communication;
XBase shall provide reasonable assistance to enable the Client to meet any applicable regulatory reporting or data subject notification obligations.
9. Intellectual Property and Licenses
9.1 Ownership of Intellectual Property. All intellectual property rights, including copyrights, trademarks, trade names, service marks, patents, trade secrets, designs, software, algorithms, databases, documentation, user interfaces, layouts, workflows, and technical architecture (collectively, “Intellectual Property”) associated with the XBase platform, Services, and supporting infrastructure shall remain the sole and exclusive property of XBase or its licensors. This includes all updates, customizations, enhancements, adaptations, derivative works, and modifications made thereto, whether developed independently or in collaboration with the Client.
Except as expressly granted in this Agreement or an executed Service Order, no license or rights are transferred to the Client under this Agreement, whether by implication, estoppel, or otherwise. All rights not expressly granted to the Client are reserved by XBase. The Client shall not contest or challenge the ownership of XBase Intellectual Property, nor assist any third party in doing so.
9.2 Client Content and Data. The Client retains ownership of any proprietary data, content, or documentation that it uploads, transmits, or otherwise provides to XBase (“Client Content”). The Client hereby grants XBase a non-exclusive, worldwide, royalty-free, perpetual license to host, store, copy, display, process, and use such Client Content solely for the purposes of providing the Services, fulfilling regulatory obligations, conducting internal analytics, and maintaining platform operability.
XBase may use aggregated or anonymized data derived from the use of the Services for internal analysis, benchmarking, product improvement, regulatory reporting, or market insights, provided such data cannot be used to identify the Client or any individual. Aggregated data may be shared with partners or the public in summary statistical form that excludes personal or sensitive information.
9.3 License to Use Services. Subject to payment of applicable fees and continuous compliance with this Agreement, XBase grants the Client a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Services and platform technology, solely for its internal business purposes and in accordance with the relevant Schedules and Annexes, during the term of this Agreement.
This license includes:
Access to the XBase client portal, dashboards, reporting tools, and APIs;
Integration with the Client’s ERP, compliance, payment, or finance systems;
Export of platform-generated statements, audit logs, and compliance documentation;
Deployment of sandbox/test environments for development and pre-production validation;
Limited use of developer tools and support documentation.
This license does not include:
Reverse engineering, decompiling, disassembling, or otherwise attempting to derive source code;
Use of the Services for resale, service bureau, hosting, outsourcing, or white labeling purposes (unless agreed separately);
Access to non-public or administrative areas of the platform without authorization;
Use of the Services in violation of laws or in support of prohibited activities outlined in Annex E.
9.4 Use of XBase Branding and Marks. The Client may not use XBase’s name, logo, trademarks, service marks, or other brand identifiers (collectively, the “Marks”) for promotional purposes, investor communications, public references, or inclusion in client lists or case studies without prior written approval from XBase. Such approval may be revoked at any time at XBase’s discretion.
Approved uses must conform to XBase’s then-current brand and communications guidelines, and must not misrepresent the nature of the relationship or create a false impression of endorsement, partnership, or sponsorship. Misuse of Marks may result in immediate termination of this Agreement and legal enforcement.
XBase may reference the Client’s name, logo, and business sector in marketing or pitch materials unless the Client objects in writing or a confidentiality agreement prohibits such use. XBase shall cease such references promptly upon receiving a written objection from the Client.
9.5 Third-Party Software and Integrations. The Services may include software or libraries licensed by third parties under open-source or commercial agreements (“Third-Party Software”). Such components are subject to separate licensing terms, and the Client agrees to comply with all applicable license terms when using such components. Notices and links to third-party licenses shall be made available upon request.
XBase disclaims all warranties, liabilities, or obligations with respect to third-party applications, platforms, or APIs integrated by the Client at its own discretion. It is the Client’s sole responsibility to maintain any external licenses, accounts, or consents required to enable third-party integrations.
9.6 Infringement and Misuse. The Client shall not, and shall ensure its Users and agents do not:
Copy, adapt, modify, translate, publish, or create derivative works based on the Services or any part thereof;
Attempt to discover the underlying structure, design, or source code of the platform or perform any form of unauthorized security testing;
Use the Services in violation of export control laws, intellectual property laws, or proprietary use restrictions;
Introduce harmful code, bots, crawlers, or unauthorized interfaces to interact with or manipulate the Services;
Share, lend, rent, or sublicense access credentials, tokens, or other entitlement mechanisms.
9.7 Feedback and Suggestions. The Client may voluntarily provide suggestions, enhancement requests, comments, or other feedback (“Feedback”) related to the functionality, performance, or features of the Services. XBase shall be entitled to use, implement, commercialize, disclose, or otherwise exploit such Feedback without restriction or obligation to the Client.
The Client agrees that any intellectual property rights arising out of or related to the Feedback shall vest exclusively in XBase, and hereby assigns such rights as may exist to XBase, to the maximum extent permitted by law.
9.8 Survival. The provisions of this Section 9 shall survive any termination or expiration of this Agreement and continue to apply for so long as XBase retains any proprietary interest in the Services, or for as long as any Client Content remains in XBase’s possession as permitted under this Agreement.
This includes:
Retention of archival or compliance logs;
Enforcement of proprietary rights and brand restrictions;
Rights related to the continued use of anonymized data or Feedback;
Outstanding obligations with respect to Third-Party Licenses.
9a. Ownership of Client Assets
9a.1. All Client Money and Client Virtual Assets held, safeguarded, or processed by XBase, whether directly or through third-party partners, remain the sole property of the Client at all times, unless otherwise provided under this Agreement.
9a.2. Ownership of such assets may temporarily transfer, be restricted, or otherwise affected in the following circumstances:
Where the Client has provided express instructions for the transfer, sale or exchange of such assets to a third party;
Where Client Money or Client Virtual Assets are utilized to meet settlement, margin, collateral, or payment obligations, in accordance with the applicable Service Schedule;
Where XBase exercises a right of set-off, lien, or freeze in accordance with this Agreement and applicable law;
Where assets are subject to regulatory intervention, legal process, or restrictions imposed by a competent authority.
9a.3. For the avoidance of doubt, XBase does not assert any proprietary claim or beneficial interest in Client Money or Client Virtual Assets, other than as permitted under this Agreement for operational purposes.
10. Compliance with Laws
10.1 General Legal Compliance. The Client shall comply at all times with all applicable local, national, regional, and international laws, regulations, directives, and government-imposed requirements relating to its use of the Services. This includes, without limitation, laws related to financial services, money transmission, investment advisory, securities, payment processing, electronic money, anti-money laundering (AML), combating the financing of terrorism (CFT), data protection, cybersecurity, tax reporting, export controls, consumer protection, and any industry-specific rules applicable to the Client’s operations. The Client is solely responsible for obtaining legal advice to assess the impact of such laws on its own business.
10.2 Regulatory Licensing and Authorizations. If the Client engages in activities that are subject to licensing or registration (e.g., as a payment service provider, electronic money issuer, cryptoasset firm, investment manager, remittance operator, or trust company), it shall:
Obtain and maintain all required registrations, licenses, exemptions, or regulatory clearances from relevant financial authorities, and maintain those in good standing;
Provide XBase, upon request, with official documentation evidencing current authorizations and status of compliance with applicable rules;
Inform XBase promptly in the event of suspension, revocation, modification, or the imposition of conditions on any such license or registration;
Promptly disclose any communication from regulators that may affect the Client’s eligibility to use the Services, including inquiries, enforcement actions, or notices of breach.
10.3 Anti-Money Laundering and Financial Crime Prevention. The Client must maintain internal policies and controls reasonably designed to:
Prevent the misuse of its systems and services for money laundering, terrorism financing, corruption, sanctions evasion, or predicate financial crimes;
Ensure that its end users and counterparties undergo appropriate Know Your Customer (KYC), Enhanced Due Diligence (EDD), and sanctions screening;
Retain transaction records and risk assessments for regulatory inspection in accordance with national AML legislation;
Cooperate with XBase by responding to information requests related to source of funds, transactional behavior, unusual activity, or identification documentation;
File suspicious activity reports (SARs) where legally required, and refrain from tipping off subjects of an ongoing investigation.
10.4 Sanctions and Export Control Compliance. The Client represents and warrants that:
It is not owned or controlled by, nor acting on behalf of, any individual or entity subject to restrictive measures imposed by the U.S. Treasury Department (OFAC), the European Union, the UK’s Office of Financial Sanctions Implementation (OFSI), the United Nations, Canada’s Office of the Superintendent of Financial Institutions (OSFI) or other national or international sanctioning bodies that XBase recognizes as applicable to its regulatory obligations, risk policies, or operational jurisdictions;
It shall not use the Services to transact with, on behalf of, or for the benefit of individuals or organizations located in, operating from, or incorporated in comprehensively sanctioned territories unless explicitly authorized by law and pre-approved in writing by XBase;
It shall implement appropriate screening mechanisms against applicable watchlists to ensure sanctions compliance in real-time and on an ongoing basis;
It shall not use, export, or re-export the Services or any underlying technology in violation of applicable export controls, embargoes, or trade restrictions, including the U.S. Export Administration Regulations and EU Dual Use Regulations.
10.5 Consumer Protection and Transparency. If the Client offers products or services to consumers through XBase infrastructure, the Client agrees to:
Publish and maintain a clear and legally compliant customer-facing privacy notice and terms of service outlining data use, customer rights, and refund or redress policies;
Avoid deceptive, misleading, or aggressive marketing practices and ensure all advertising is fair, accurate, and not in breach of advertising codes or financial promotions rules;
Operate a support infrastructure (e.g., customer service team, escalation paths) consistent with jurisdictional norms and sector expectations;
Monitor and investigate complaints, promptly address them in good faith, and maintain internal logs of such complaints and their resolution for audit purposes.
10.6 Fair Competition and Ethics. The Client commits to high ethical and professional standards in its use of the Services and in its business dealings. Specifically, it shall:
Comply with antitrust, competition, and consumer protection laws, and not engage in collusion, price-fixing, market allocation, or other anti-competitive behavior;
Refrain from infringing intellectual property rights, including using or distributing counterfeit, unlicensed, or pirated content or software;
Avoid exploiting any bugs, backdoors, or technical loopholes in the XBase platform to obtain an unfair commercial advantage or bypass controls;
Operate in accordance with good governance practices, corporate social responsibility standards, anti-bribery legislation (e.g., UK Bribery Act, U.S. FCPA), and whistleblower protection frameworks.
10.7 Audit Rights and Certification
XBase, its affiliates, or its designated independent auditors may, upon reasonable prior written notice, audit the Client’s operations, records, technology systems, user access logs, AML/CFT controls, or compliance procedures where necessary to verify conformity with this Agreement and applicable laws;
The Client shall provide unrestricted access to relevant personnel, records, and infrastructure, and shall not unreasonably withhold consent to an on-site inspection or digital audit;
At XBase’s request, the Client shall provide signed annual certifications of regulatory compliance, license validity, and legal standing, prepared by a senior officer or independent counsel.
10.8 Enforcement and Termination
A violation of this Section 10 constitutes a material breach, and may result in immediate account suspension, freeze of transactions, service deactivation, or termination without further notice;
XBase may report any suspected criminal, civil, or regulatory infraction arising from the Client’s use of the Services to the relevant law enforcement or regulatory agency and shall not be liable for doing so in good faith;
The Client shall indemnify, defend, and hold harmless XBase and its affiliates, employees, officers, and partners from any fines, penalties, regulatory actions, or other liabilities arising from the Client’s failure to comply with applicable legal and regulatory requirements.
11. Risk Disclosures and Limitations
11.1 General Risk Awareness. By using the Services, the Client acknowledges that certain financial, regulatory, operational, reputational, and technological risks are inherent in the delivery and use of financial infrastructure, cloud-based platforms, API-driven environments, and integrated systems. XBase makes commercially reasonable efforts to mitigate such risks through robust technical controls, redundant systems, insurance where available, and internal compliance procedures, but cannot eliminate all exposure. These risks are dynamic and may evolve over time based on factors beyond XBase’s control.
The Client accepts and assumes all such risks arising from:
Use of third-party infrastructure (e.g., banking partners, payment service providers, card schemes, settlement systems, telecommunications providers);
Delays, interruptions, or errors caused by internet connectivity, routing failures, power outages, software conflicts, DNS errors, or distributed denial-of-service (DDoS) attacks;
Regulatory, legal, political, or policy changes that may restrict, prohibit, delay, or impair access to the Services in whole or in part;
Foreign exchange volatility, limited currency availability, asset illiquidity, restricted market hours, or clearing delays in multi-jurisdictional transactions;
Errors, bugs, vulnerabilities, or compatibility issues in platform software, third-party libraries, API integrations, or backend infrastructure;
Cybersecurity events such as credential compromise, ransomware, phishing, insider threats, and exploits targeting the Client’s users or systems.
11.2 No Investment, Legal, or Tax Advice. Unless expressly agreed in writing in a separate advisory agreement, XBase does not provide legal, tax, accounting, investment, financial planning, fiduciary, or regulatory classification advice. The Services are provided on a non-advisory, execution-only, and “as-is” basis for enterprise use by institutions with adequate internal governance.
Clients are solely responsible for:
Assessing the suitability and implications of the Services within their legal, commercial, and operational frameworks;
Obtaining their own legal, financial, tax, and compliance advice from appropriately licensed professionals;
Ensuring that use of the Services aligns with applicable law, internal policy, and industry obligations.
11.3 Service Interruptions and Emergency Measures. XBase does not guarantee uninterrupted, error-free, latency-free, or always-on access to the Services. The Client acknowledges that the Services may be subject to partial or total interruptions, degradation, or inaccessibility due to:
Scheduled maintenance, feature upgrades, infrastructure migration, or platform versioning;
Failures or disruptions at upstream providers (e.g., banks, payment rails, cloud hosts, data centers);
Unexpected bugs, software defects, or configuration errors;
Emergency response to security threats, system overuse, abuse, or unauthorized activity;
Force majeure events including natural disasters, geopolitical events, civil unrest, terrorism, cyberattacks, and labor disputes.
XBase shall not be liable for any loss, damage, delay, disruption, denial of service, or operational impact caused by such interruptions, provided that XBase acts in good faith to:
Restore platform availability in a commercially reasonable time;
Notify Clients (where possible) about the nature and scope of the disruption;
Cooperate with affected Clients to implement temporary alternatives or mitigations.
11.4 No Fiduciary Relationship. Nothing in this Agreement shall be construed to establish a fiduciary, trustee, agent, principal-agent, employment, franchise, partnership, joint venture, or other special relationship between the parties. XBase operates as a commercial service provider, and its obligations are limited to those expressly set forth in this Agreement and any attached Service Order.
XBase does not:
Monitor or validate the legality or commercial merit of Client transactions;
Assume a duty of loyalty, impartiality, or best-interest representation;
Serve as a depository, escrow agent, custodian, or investment advisor to the Client or its Users.
11.5 Risk of Client Misuse or Misconfiguration. XBase shall not be responsible or liable for any loss, breach, or damage arising out of or in connection with:
Errors introduced by the Client, its Users, contractors, or service providers through manual inputs, file uploads, data formatting, or API configuration;
Financial losses resulting from insufficient internal controls, improper permission settings, lack of transaction review, weak authentication policies, or failure to implement risk-based controls;
Fraudulent, mistaken, or unauthorized use of the Services by personnel with access to platform credentials, tokens, or integration keys;
Incompatibility with third-party systems not officially supported or approved by XBase.
11.6 Regulatory Uncertainty and Jurisdictional Risk. The Client acknowledges and accepts that:
The legal, tax, and regulatory treatment of financial technology services, digital asset interfaces, cross-border payments, embedded finance, and open banking differs significantly between jurisdictions and may be ambiguous, changing, or subject to conflicting interpretations;
Local licensing obligations, data sovereignty rules, or political sanctions may impact the Client’s ability to access, resell, or integrate certain Services;
XBase may, at its sole discretion and without liability, withdraw, suspend, or modify Services in response to new or anticipated regulatory developments or guidance from supervisory authorities, with or without advance notice.
11.7 Risk Mitigation by XBase. XBase maintains a comprehensive enterprise risk management (ERM) and business continuity program that includes:
Regular monitoring and patching of known system vulnerabilities and emerging threats;
Geographic and system-level redundancy across infrastructure components, data centers, and cloud service providers;
Threat detection, incident response, and internal escalation protocols for security events;
Screening and assessment of Clients, counterparties, vendors, and service providers to minimize exposure to financial crime, sanctions, or reputational harm.
Despite these precautions, XBase disclaims liability for any risk that is unforeseeable, unpreventable by commercially reasonable means, or attributable to the negligence, inaction, or policy violations of the Client.
11.8 Client Acknowledgement and Assumption of Risk. By using the Services, the Client confirms and accepts that it:
Understands the nature, structure, and operating principles of the Services, including the limitations, third-party dependencies, and jurisdictional factors that may affect continuity and enforcement;
Has independently assessed the legal, financial, and technical implications of using the Services and has not relied on any representation outside the scope of this Agreement;
Accepts all operational and business risks associated with availability, security, regulatory impact, and data loss or delay, including risks arising from misuse by the Client’s staff, vendors, or Users;
Has implemented sufficient internal risk controls, third-party audit mechanisms, system redundancies, insurance policies, and contingency plans to manage its exposure.
12. Third-Party Providers and Affiliates
12.1 Use of Third-Party Service Providers. XBase may engage third-party service providers, contractors, licensors, payment processors, banking institutions, cloud infrastructure partners, and technical vendors (collectively, “Third-Party Providers”) in the provisioning of its Services. These providers may operate under separate regulatory authorizations and may deliver core platform functionalities, such as transaction processing, data storage, FX conversion, fraud screening, authentication services, email and messaging delivery, or operational analytics.
Third-Party Providers are carefully selected based on their technical capabilities, legal compliance status, and contractual commitments to confidentiality, data integrity, and service continuity. XBase regularly audits, monitors, or assesses these providers to ensure alignment with internal policies and external regulatory requirements.
12.2 Client Acknowledgment. The Client acknowledges and agrees that:
Some features or components of the Services may be directly or indirectly delivered, hosted, or maintained by Third-Party Providers engaged by XBase or its affiliates, and such engagement may involve subcontracted arrangements or cloud-based service layers;
XBase may be contractually or legally required to disclose Client Data, transaction records, compliance files, or onboarding documentation to such Third-Party Providers, where necessary for the provisioning, monitoring, or regulation of Services, provided such disclosures are subject to applicable data protection and confidentiality safeguards;
XBase shall not be liable for service delays, unavailability, misrouting, or errors caused solely by the failure or systemic downtime of Third-Party Provider systems, infrastructure, or personnel, provided XBase takes commercially reasonable efforts to restore core functionality, notify impacted Clients, or provide temporary alternatives;
The Client may be required to comply with additional onboarding, due diligence, or documentation requests originating from such Third-Party Providers, especially when using white-labeled financial infrastructure or when transacting in high-risk corridors, currencies, or platforms regulated separately from XBase.
12.3 No Liability for Third-Party Services Used by Client. If the Client integrates or uses, at its own discretion and without explicit approval from XBase, any third-party platform, application, plugin, software, or API not authorized, certified, or expressly supported by XBase (“External Services”), then:
XBase disclaims all responsibility and shall not be liable for the availability, security, operability, regulatory compliance, update frequency, or data accuracy of such External Services;
XBase shall not be responsible for any data loss, corruption, breach, operational degradation, or integration errors resulting from such usage, including any downstream consequences or third-party dependencies affected by such integrations;
The Client assumes all technical, operational, financial, and legal risks associated with External Services, including potential disruption of access to XBase Services, exposure to security vulnerabilities, or conflicts with supported interfaces;
XBase reserves the right, at its discretion, to restrict, suspend, or permanently disable specific Client access or API endpoints if the integration of an External Service is determined to introduce a material risk to system integrity, data privacy, or other Clients.
12.4 Affiliates and Intra-Group Sharing. The Client acknowledges that XBase operates as part of a multi-jurisdictional group and may deliver Services directly or indirectly through a network of international affiliates, subsidiaries, joint ventures, or branches (“Group Entities”). To ensure efficient and legally compliant delivery of Services, the Client consents to XBase’s ability to:
Share, transmit, or grant access to Client Data, onboarding documentation, internal compliance reports, risk profiles, transactional metadata, and support tickets across Group Entities for purposes including internal audit, security incident response, regulatory licensing, consolidated reporting, or dispute resolution;
Assign, delegate, or subcontract specific elements of the Services, including platform maintenance, data processing, billing, or technical support, to one or more Group Entities in the appropriate jurisdiction of delivery, without requiring separate Client consent, provided such assignments do not materially alter the nature or scope of the Services;
Designate a Group Entity as the contracting, invoicing, or onboarding entity for Clients located in specific jurisdictions, regions, or sectors, to ensure compliance with applicable local laws, financial regulations, or licensing conditions.
XBase shall remain responsible for ensuring that such intra-group processing, delegation, and cross-border transfers occur in accordance with this Agreement, with appropriate safeguards to protect data confidentiality, integrity, and legal enforceability.
12.5 Open Banking, Network Access, and Embedded Services. Where the Client utilizes Services that include open banking access, embedded finance modules, card processing rails, payment gateways, data aggregators, or financial marketplaces (“Embedded Services”), the following terms shall apply:
The Client must comply with all applicable scheme rules, API standards, and technical certification requirements mandated by the financial institutions, payment networks, or embedded third-party participants with which XBase or its partners interface;
The Client must provide all necessary technical documentation, certifications, and legal representations required to integrate with or maintain access to these Embedded Services and shall cooperate with any audits or sandbox reviews initiated by the providers or regulators of such services;
XBase may facilitate, coordinate, or broker the Client’s access to Embedded Services through one or more regulated partners or vendor APIs but does not control their independent due diligence requirements, commercial policies, risk-based access decisions, or terms of use;
Any failure by an Embedded Service provider to onboard, maintain, or support the Client does not constitute a breach of this Agreement by XBase.
XBase shall not be liable for any losses, delays, or business interruption resulting from the Client’s exclusion from, removal from, or limited functionality within such Embedded Services unless directly caused by XBase’s willful misconduct or material breach of a written Service Order.
12.6 Right to Substitute Providers. XBase reserves the right to substitute, reassign, reconfigure, or phase out any Third-Party Provider or Group Entity used in the delivery of Services at any time, without requiring Client consent, provided that:
The substitution does not materially degrade the functionality, performance, data security, compliance status, or contractual availability of the Services;
Where the new provider operates under a different legal, regulatory, or geographic framework, the Client shall be notified in a commercially reasonable timeframe and granted the right to review any material impact on data processing, pricing, service scope, or contractual jurisdiction;
In cases of urgent provider substitution (e.g., bankruptcy, license revocation, breach of contract), XBase will use reasonable efforts to transition affected Services without downtime and shall notify affected Clients as soon as operationally feasible.
Substitutions may include cloud hosting providers, KYC platforms, embedded banks, payout aggregators, blockchain analytics firms, or network intermediaries, provided they meet XBase’s internal due diligence and risk assessment thresholds.
12.7 Cooperation with External Investigations and Legal Processes. To the extent permitted by law, regulation, or contractual obligations, XBase may be required to cooperate with investigations, regulatory inquiries, legal proceedings, or data access requests initiated by:
Financial services regulators, including central banks, electronic money supervisors, or securities commissions;
Law enforcement agencies, including anti-fraud, anti-corruption, or anti-money laundering task forces;
Tax authorities, including domestic and international cross-border cooperation requests (e.g., CRS, FATCA);
Courts, arbitral tribunals, or dispute resolution bodies acting under subpoena, injunction, or judgment enforcement orders.
In such cases:
XBase will limit disclosure to only that which is legally required, and where appropriate, will redact non-material, commercially sensitive, or non-relevant data;
XBase will make reasonable efforts to notify the Client before or promptly after such disclosure occurs, unless prohibited by law or confidentiality obligations;
The Client agrees to cooperate in good faith with any such proceedings to the extent the Client’s participation, documentation, or testimony is relevant, especially in cases where the investigation concerns misuse, fraud, or breach by the Client or its Users.
XBase reserves the right to suspend or restrict Services to a Client that is the subject of a confirmed legal or regulatory enforcement proceeding where such access may prejudice the investigation, expose XBase to liability, or breach regulatory obligations.
13. Suspension, Termination, and Closure
13.1 Right to Suspend Services. XBase may suspend the Client’s access to all or part of the Services, temporarily or permanently, with or without notice, under any of the following circumstances:
If XBase reasonably suspects the Client, its Users, or affiliates have violated this Agreement, applicable law, or regulatory requirements, including misuse of the platform, transaction abuse, or submission of misleading compliance information;
If XBase detects abnormal activity, technical errors, or security threats associated with the Client’s account or integration that could compromise the confidentiality, integrity, or availability of the Services, or that materially impact other Clients or infrastructure partners;
If the Client fails to comply with due diligence, onboarding, KYC, transaction monitoring, or documentation refresh requirements, or fails to address repeated requests for clarification, explanation, or legal disclosures;
If required by a court order, regulator, competent authority, or due to legal obligations (e.g., enforcement freeze, sanctions designation, emergency order);
In the event of scheduled or emergency maintenance, disaster recovery, infrastructure migration, or risk mitigation procedures where continuing access would present commercial, legal, or technical risk or violate limits imposed by Third-Party Providers.
Suspension does not waive the Client’s obligation to pay any outstanding fees or relieve it of compliance obligations under this Agreement. Suspension may be partial (e.g., limited to outbound transfers or FX functionality) or full, depending on severity.
13.2 Termination by Client. The Client may terminate this Agreement or specific Services at any time by providing XBase with at least thirty (30) calendar days’ written notice, unless a longer or shorter termination period is defined in the applicable Service Order.
Upon receipt of such notice:
XBase will confirm the date of termination and begin the structured wind-down process, including deactivation of access credentials, disabling automated API jobs, and withdrawal of funds from remaining balances;
The Client shall ensure that all outstanding invoices are settled in full before termination is finalized, and no new activity may be initiated during the wind-down period;
XBase shall provide a final data export (where applicable), archive termination logs, and issue an official service closure summary letter upon request.
13.3 Termination by XBase. XBase may terminate this Agreement, in whole or in part, immediately upon written notice to the Client if:
The Client materially breaches any provision of this Agreement or related documents, and such breach is incapable of remedy or remains uncured within ten (10) Business Days of receiving written notice, including violation of Acceptable Use, confidentiality, or IP provisions;
The Client becomes the subject of insolvency, bankruptcy, administration, liquidation, winding-up, dissolution, debt restructuring, or similar proceedings, whether voluntary or involuntary;
XBase is required to terminate the relationship by a regulator, law enforcement authority, or in compliance with an applicable law, subpoena, regulatory audit finding, or court ruling that materially affects its ability to lawfully or commercially support the Client;
The Client’s ongoing use of the Services poses a reputational, regulatory, commercial, or operational risk to XBase, its systems, or its banking/payment partners;
Continued service delivery becomes unlawful, commercially unviable, or technically infeasible due to policy, market conditions, or licensing shifts.
13.4 Termination for Convenience by XBase. XBase may also terminate this Agreement for convenience by providing the Client with sixty (60) calendar days’ written notice. In such cases:
XBase will cooperate in good faith with the Client to facilitate a smooth migration, ensure reconciliation of pending items, and minimize business disruption;
The Client will not be liable for termination fees or penalties unless otherwise specified in a negotiated contract or custom commercial agreement;
Any prepaid service fees covering unused billing periods shall be refunded on a pro-rata basis, unless they are subject to clawback, discounts, or offset against outstanding balances.
13.5 Consequences of Termination or Closure. Upon termination of the Agreement or any Service:
The Client’s access to the affected Services and all associated dashboards, interfaces, and technical environments shall cease on the termination date;
The Client shall immediately cease all use of the Services and delete or destroy all XBase Confidential Information, technical credentials, sandbox keys, downloaded data, reports, and internal documentation in its possession or under its control;
All Client balances, open transactions, or service obligations in progress shall be resolved in accordance with this Agreement and any applicable Annexes (e.g., Annex A, Annex F), including reconciliation with banking partners or remitters;
XBase shall retain transaction records, audit logs, IP mapping records, error logs, KYC data, complaints history, and other regulated documents in accordance with applicable financial and data protection laws for a minimum period of five (5) to seven (7) years, or longer where required.
13.6 Data Portability and Export. At the Client’s written request submitted before the effective termination date, XBase shall provide a machine-readable export of available Client Data or transaction records, subject to the following conditions:
Data export requests must be submitted via the official Client support portal, comply with XBase’s offboarding procedures, and specify the data scope and export format required;
Exports shall not include proprietary system metadata, internal audit flags, user access heuristics, or configuration parameters deemed confidential or commercially sensitive by XBase;
Data will be provided in a standard format (e.g., CSV, JSON, XML), and delivery will occur through a secure authenticated file transfer method within ten (10) business days of acceptance of the request;
XBase may charge a reasonable fee, subject to the complexity, formatting, extraction method, and labor involved in the compilation or anonymization of records.
13.7 Survival of Terms. Upon termination or expiry of this Agreement, any provisions which by their nature, regulatory basis, or commercial purpose are intended to survive shall remain in full force and effect. This includes, but is not limited to:
Confidentiality (Section 7);
Data Protection and Privacy (Section 8);
Intellectual Property and Licenses (Section 9);
Compliance with Laws (Section 10);
Risk Disclosures and Limitations (Section 11);
Third-Party Providers and Affiliates (Section 12);
Indemnities, liability clauses, governing law provisions, dispute resolution mechanisms, and all incorporated Annexes (e.g., Annex B – FX Margin Policy, Annex E – Acceptable Use).
14. Dispute Resolution and Governing Law
14.1 Good Faith Resolution. The Parties agree to use commercially reasonable efforts to resolve any disputes, controversies, or claims arising out of or relating to this Agreement (collectively, “Disputes”) in a timely, constructive, and good faith manner before initiating any formal proceedings.
Disputes involving service-level dissatisfaction, technical support issues, or other matters defined as “Complaints” under XBase’s Complaints Handling Policy (Annex H) shall be addressed in accordance with that Policy first, before escalation under this Section.
In the event of a Dispute:
The Parties shall escalate the matter internally to their respective senior management within five (5) business days of written notice of the Dispute;
Management-level discussions must occur within fifteen (15) business days of escalation, unless extended by mutual agreement;
Each Party shall prepare a position statement, outlining its claims, rationale, and any proposed compromise, to be exchanged in advance of the management meeting to support meaningful dialogue;
If the Dispute remains unresolved after management escalation, either party may proceed with the formal procedures set out in this Section.
14.2 Mediation (Optional). Before commencing arbitration or litigation, the Parties may mutually agree to attempt to resolve the Dispute through non-binding mediation:
Mediation shall be conducted by a neutral mediator appointed by mutual agreement or, failing that, by a recognized ADR institution with relevant experience in commercial, financial, or technology-related disputes;
The costs of mediation shall be shared equally, and sessions shall take place in a mutually agreed location or via virtual means, using secure communications technology;
Mediation shall be confidential and without prejudice to either Party’s rights, and any proposed settlement terms shall not be admissible in any later proceedings.
14.3 Arbitration or Court Proceedings. Unless otherwise required by Applicable Law or Regulatory Directive:
All Disputes not resolved through negotiation or optional mediation shall be referred to final and binding arbitration, administered by the the London Court of International Arbitration (LCIA), in accordance with its rules in effect at the time of commencement unless otherwise required by Applicable Law or Regulatory Directive (e.g., UAE or VARA requirements), in which case the arbitration seat or forum shall be revised accordingly;
The arbitral tribunal shall consist of one arbitrator, unless the Parties agree otherwise. The language of arbitration shall be English;
The seat of arbitration shall be in London, and the award shall be final and enforceable in any competent jurisdiction. The award may include costs, interest, and other relief as the tribunal deems appropriate.
As an alternative, and where arbitration is not mandatory, XBase may elect to pursue enforcement, injunctive relief, or specific performance in the courts of London, UK, and the Client irrevocably submits to the exclusive jurisdiction of those courts for such purposes.
14.4 Interim and Injunctive Relief. Notwithstanding anything to the contrary in this Agreement:
Either Party shall be entitled to seek immediate interim, injunctive, or equitable relief (including preservation orders or enforcement of intellectual property rights) in any competent court or tribunal, without the requirement to post bond or prove irreparable harm. This right applies irrespective of the forum agreed for general Dispute resolution.
14.5 Costs of Dispute Resolution. Unless otherwise ordered by the arbitrator or court:
Each Party shall bear its own legal, expert, and administrative costs associated with any Dispute, including preparation, negotiation, and procedural filings;
The costs of the arbitrator(s), tribunal secretariat, or mediation body shall be shared equally unless the outcome dictates otherwise based on the prevailing Party, in which case cost-shifting principles may apply.
14.6 Continued Performance. Unless expressly agreed otherwise or ordered by a competent authority:
The Parties shall continue to perform their respective obligations under this Agreement during the pendency of any Dispute, to the extent commercially reasonable and technically feasible;
XBase may, at its discretion, suspend specific non-critical Services or features that are the subject of the Dispute without breaching its obligations under this clause.
14.7 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the United Arab Emirates, without giving effect to any conflict of laws principles that would require the application of the laws of another jurisdiction. Any statutory obligations required under applicable law (e.g., financial consumer protection or data localization) shall be incorporated into this Agreement by reference. Notwithstanding the foregoing, mandatory consumer protection laws in the Client’s jurisdiction may apply if the Client qualified as a consumer under such laws. Where required by local law or mandatory public policy, the governing law for specific clients or services may be adjusted to reflect the jurisdiction in which the Client is established (e.g., Canada or Lithuania). This will be specified in the relevant Order Form or Annex J (Jurisdiction-Specific Terms).
14.8 Waiver of Jury Trial and Class Action. To the extent permitted by Applicable Law:
Each Party waives its right to a jury trial in connection with any Dispute arising out of or relating to this Agreement;
All Disputes shall be resolved on an individual basis, and the Parties waive any right to bring or participate in a class, collective, or representative action. Any claim aggregation, joinder, or mass action shall be expressly excluded unless mandated by statute.
15. Notices, Language, and Communications
15.1 Notices. All notices, requests, consents, approvals, waivers, and other communications required or permitted under this Agreement (“Notices”) shall be in writing and delivered by one or more of the following methods:
Email (with confirmation of delivery receipt or successful delivery log);
Registered or certified mail with return receipt requested and proper postage prepaid;
Commercial courier with tracking number and delivery confirmation;
Platform-based notification system, provided the message is acknowledged by the receiving Party or recorded by the platform audit trail.
Notices shall be deemed received:
On the date of transmission for email or platform messages sent during the receiving Party’s business hours;
On the next business day for electronic notices sent outside business hours or over weekends/public holidays;
Three (3) business days after the date of posting if sent by registered or certified mail;
One (1) business day after delivery confirmation if sent via courier.
Each Party shall maintain accurate and up-to-date contact information for the purpose of Notices and shall notify the other Party promptly, and in no event later than ten (10) business days, following any change of notice address or contact person. Failure to update such contact details shall not affect the validity or deemed receipt of Notices properly sent to the last known address.
15.2 Designated Contacts. Unless otherwise agreed in writing:
All legal, contractual, or regulatory Notices to XBase shall be addressed to: legal@xbase.digital;
All operational, commercial, or technical communications shall be directed to the designated account manager, client support officer, or platform contact point specified in the Client’s onboarding documentation or most recent Service Order.
Each Client must appoint and maintain current records of its primary legal contact and technical representative. If no response is received from such designated representatives within a commercially reasonable period (e.g., seventy-two (72) hours for urgent operational Notices), XBase reserves the right to escalate Notices to executive contacts or legal representatives identified in public corporate filings, onboarding records, or compliance disclosures.
15.3 Language. This Agreement, including all Schedules, Annexes, Orders, communications, and supporting documentation, shall be executed, interpreted, and enforced in the English language.
Where translated versions are provided for convenience or jurisdictional compliance:
The English version shall prevail in the event of any discrepancy, ambiguity, or inconsistency;
Translations are considered non-binding summaries unless expressly agreed in writing by both Parties as legally authoritative.
All oral and written communications, including those with regulators, auditors, or enforcement bodies, shall be conducted in English unless a specific Service Order or jurisdictional Annex provides otherwise.
15.4 Electronic Signatures and Communications. To the fullest extent permitted by applicable law:
The Parties agree that electronic signatures (including click-through acceptances), scanned copies, and digital execution platforms (e.g., DocuSign, AdobeSign, PandaDoc) shall have the same legal validity and enforceability as original handwritten signatures for purposes of executing, modifying, or terminating this Agreement, a Service Order, or any supporting document;
The Parties further agree to the receipt and delivery of all contractual communications, Notices, invoices, regulatory disclosures, certifications, and audit records through electronic means, including secure email, encrypted cloud storage links, or secure client portals;
Each Party waives any requirement under local or international law to receive physical copies of documents except where mandatory by regulation.
15.5 Platform Communications and Notifications. XBase may provide certain operational communications, alerts, platform updates, status notices, or compliance-related messages through its online client portal or platform dashboard. These may include but are not limited to:
Scheduled or unscheduled maintenance updates;
API versioning announcements, deprecation notices, or feature rollouts;
Transaction or KYC task alerts requiring Client action;
Updates to terms, policies, or risk matrices relevant to the Services.
The Client agrees to:
Actively monitor the designated email inboxes and secure platform dashboard for such communications;
Assign responsibility to authorized Users or departments to regularly review such platform notices;
Treat in-platform communications as effective legal Notices unless otherwise required to be separately delivered.
Failure by the Client to access or respond to these notifications shall not invalidate the Notice or limit XBase’s right to enforce deadlines or policy changes.
16. Force Majeure
16.1 Definition and Scope. Neither Party shall be liable for any delay, failure to perform, or interruption in performance of its obligations under this Agreement (excluding payment obligations) if and to the extent such delay, failure, or interruption arises from a Force Majeure Event.
A “Force Majeure Event” means any act, event, or circumstance beyond the reasonable control of the affected Party, including but not limited to:
Natural disasters (e.g., earthquakes, floods, hurricanes, fires);
Public health emergencies (e.g., pandemics, epidemics, government-imposed quarantines);
Acts of war, armed conflict, civil unrest, terrorism, or sabotage;
Governmental actions, embargoes, sanctions, or regulatory restrictions;
Labor disputes, strikes, or industrial actions (not involving the Party’s own personnel);
Power outages, internet failures, telecommunications disruptions, or breakdown of third-party systems essential to service delivery;
Disruption in supply chains, banking systems, financial infrastructure, blockchain malfunctions or hosting/data centers;
Cyberattacks, ransomware, or distributed denial-of-service (DDoS) incidents that materially impair either Party’s ability to operate.
16.2 Notification and Mitigation. The affected Party shall:
Notify the other Party as soon as reasonably practicable upon becoming aware of the Force Majeure Event, describing in reasonable detail the nature, cause, and expected duration of the event;
Take all commercially reasonable steps, including activating any relevant business continuity or disaster recovery plans, to mitigate the impact of the Force Majeure Event and resume full performance as quickly as practicable;
Provide regular, good faith updates on the status of the Force Majeure Event and changes in its anticipated resolution timeline, and respond promptly to reasonable information requests from the non-affected Party.
16.3 Effect of Force Majeure. During the duration of the Force Majeure Event:
The affected Party’s performance obligations shall be suspended to the extent and for the duration they are rendered impracticable or impossible by the Force Majeure Event;
The non-affected Party shall not terminate the Agreement or seek damages solely due to such non-performance, provided the affected Party complies with its obligations under Section 16.2;
Any deadlines for performance, delivery, acceptance, or notice shall be reasonably extended for a period equal to the duration of the Force Majeure Event plus any necessary recovery time.
16.4 Extended Force Majeure. If a Force Majeure Event continues for more than sixty (60) consecutive calendar days, either Party may terminate the affected portion of the Services or the Agreement in its entirety by providing no less than ten (10) business days’ written notice to the other Party. In such cases:
The Parties shall use commercially reasonable efforts to cooperate in winding down the affected Services in an orderly manner;
Any prepaid but unused fees shall be refunded on a prorated basis for the terminated Services;
Neither Party shall be liable for termination fees, indirect losses, or consequential damages resulting from such termination, provided that Force Majeure was the principal cause.
16.5 Exclusions. Force Majeure shall not apply to:
Delays or failures resulting from a Party’s internal financial problems, lack of liquidity, mismanagement, employee strikes, or bankruptcy;
Events that were reasonably foreseeable and could have been prevented or mitigated through commercially reasonable contingency planning;
Any obligation to pay amounts owed under this Agreement (e.g., service fees, reimbursements, damages, or indemnities).
17. Entire Agreement and Variations
17.1 Entire Agreement. This Agreement, including all Schedules, Annexes, Service Orders, attachments, and incorporated documents, constitutes the entire agreement between the Parties with respect to the subject matter hereof. It supersedes and replaces all prior or contemporaneous understandings, agreements, representations, negotiations, or communications, whether written or oral, regarding the Services, including any term sheets, pre-contractual letters, emails, or presentations exchanged between the Parties.
The Parties acknowledge and agree that:
No statement, promise, term sheet, representation, or other purported commitment not expressly set forth in this Agreement or its incorporated documents shall be legally binding or relied upon in the construction or interpretation of this Agreement;
Each Party has had the opportunity to consult with independent legal counsel, tax advisors, and compliance officers before entering into this Agreement and affirms that it does not rely on any warranty or representation except as expressly stated herein;
Any industry practice, trade usage, past negotiations, or previous course of dealing not expressly incorporated herein shall not be deemed to alter, expand, or supplement the rights or duties created by this Agreement unless explicitly referenced and incorporated by amendment.
17.2 Amendments and Variations. No amendment, modification, or variation of this Agreement shall be effective unless it is:
In writing and signed by authorized representatives of both Parties; or
Electronically agreed to through a secure, mutually accepted digital execution platform (e.g., DocuSign, AdobeSign), accompanied by confirmation via registered email or other agreed communication channel.
XBase may update or amend the terms of any referenced Schedules, Annexes, or Policies that form part of this Agreement by providing the Client with at least thirty (30) calendar days’ advance written notice. However:
If compliance, legal obligations, regulatory changes, or critical security requirements necessitate a more immediate update, XBase may implement such amendments with a shorter notice period;
Non-material, clerical, typographical, or explanatory clarifications that do not substantively alter the Parties’ obligations may be implemented without advance notice, provided they are clearly marked in the updated document.
If the Client continues to use the Services after the effective date of such an amendment, it shall be deemed to have accepted the new terms. The Client may terminate the Agreement before the effective date of any materially adverse amendment without penalty, provided such termination complies with the wind-down and closure requirements of Section 13.
17.3 Order of Precedence. In the event of a conflict or inconsistency between the provisions of the main body of this Agreement and any Service Order, Schedule, Annex, or incorporated document:
The provisions of a duly executed Service Order shall prevail over any conflicting terms in the body of the Agreement or incorporated documents, but only with respect to the Services addressed in that Order;
The main body of the Agreement shall take precedence over any Schedule or Annex unless a specific provision in the Schedule expressly provides otherwise and references a deliberate intention to override;
Where conflicts arise between a Schedule and an Annex, the Schedule shall prevail as it governs the substantive use of Services, whereas Annexes are considered supporting documentation.
17.4 Severability. If any provision of this Agreement is held by a court or arbitral tribunal of competent jurisdiction to be invalid, unlawful, or unenforceable for any reason:
The remaining provisions shall remain valid and enforceable to the fullest extent permitted by law;
The Parties shall, within a reasonable timeframe, negotiate in good faith to replace the invalidated provision with a new provision that replicates the intended economic and legal purpose as closely as possible without contravening the applicable law.
17.5 No Waiver. No failure, delay, or partial exercise by either Party in exercising any right, remedy, power, or privilege under this Agreement shall operate as a waiver thereof or prevent further enforcement of that or any other right.
Any waiver must:
Be in writing, clearly specify the right or breach being waived, and be signed by a duly authorized representative of the waiving Party;
Apply only to the specific instance or breach identified and shall not constitute a continuing waiver or affect any future rights unless expressly stated.
18. Regulatory Disclosures and Third-Party Notices
18.1 Client and VASP Identity. Client agreements shall clearly identify the Parties. For the purposes of this Agreement:
The VASP is XBase Digital Ltd, a regulated virtual asset service provider operating through different legal entities depending on jurisdiction. A full list of legal names, license numbers, and registered addresses is set out in Annex L – XBase Group Entities and Licensed Partners, which forms part of this Agreement.
All communications and operations under this Agreement are subject to the applicable laws governing VASPs in the relevant jurisdictions as defined in Section 14.
18.2 Group Description. XBase operates as part of the XBase Group, a collection of affiliated entities delivering services across digital asset operations, payment solutions, compliance technology, and infrastructure design. Descriptions of the Group and its subsidiaries are available upon onboarding and may be requested at any time. This Group structure allows Clients to benefit from a diverse ecosystem of specialized capabilities and regulatory presence in multiple jurisdictions.
18.3 Service Scope and Communication Channels
The nature and scope of the Services covered by this Agreement are detailed in Part B (Service-Specific Schedules), including but not limited to custody, payments, trading facilitation, and compliance integrations.
The Parties will communicate via secure email, platform dashboards, encrypted client portals, and any other authenticated channels listed in Section 15 of this Agreement. These constitute the primary methods for operational updates, account information, compliance tasks, and legal notices, and are deemed legally binding communication mechanisms.
18.4 Fees and Charges
Fees charged by XBase are described in applicable Schedules, Order Forms, and annexed policies, and are disclosed with full transparency prior to service activation;
All fees are presented clearly via the platform or in client communications and itemized per Service to ensure clarity and auditability;
XBase does not permit any retroactive charging, concealed markups, or unitemized bundled fees;
Fee updates are governed by Section 17.2, and shall be communicated with advance notice and client rights to terminate if materially adverse.
18.5 Use of Third-Party Providers
XBase utilizes third-party providers and affiliates to deliver services, including but not limited to banking infrastructure, payment processing, KYC/AML services, safeguarding of client funds, API layers, and onboarding automation tools;
Third-party engagements are governed by Section 12 and described in Service-Specific Schedules, with proper contractual safeguards in place to protect Client data and funds;
In the context of fiat payment services where Equals Money is used as a third-party institution:
⚬ The Client must review and accept Equals Money’s separate Terms and Conditions during onboarding;
⚬ XBase provides clear disclosures of Equals Money’s safeguarding framework and ensures Clients are informed where and how their fiat balances are held;
⚬ Clients are notified that such balances are safeguarded under regulatory requirements but not insured by deposit guarantee schemes, and that Equals operates under its own regulatory license and supervision;
⚬ Client balances are presented on an individual basis and not pooled, approximated, or batch- processed for transparency and compliance purposes;
⚬ XBase shall not be liable for failures of Equals or other third-party platforms, but will provide commercially reasonable support and coordination to assist Clients in dispute resolution, claim handling, or service recovery.
18.6 Custody and VA Control. Where applicable, XBase shall clearly disclose:
When and how Virtual Assets (VA) are no longer under the control of XBase (e.g., transferred to user wallets, external custodians, or smart contracts);
The identity and licensing status of any sub-custodians or infrastructure providers responsible for VA custody at any given time;
The jurisdiction in which such entities are located and the implications of such jurisdiction on legal recourse and asset segregation;
That the Client retains full legal and beneficial ownership of Virtual Assets held in custody, subject to applicable lien or collateral clauses;
That XBase may use commingled storage (e.g., omnibus wallets), provided that internal systems maintain accurate Client-specific allocations and audit trails;
Clients may request audit logs or evidence of segregation and custody events upon reasonable notice and subject to operational capacity.
18.7 No Deposit Protection. Clients are hereby informed and acknowledge that:
Neither Client Virtual Assets nor fiat Client Money benefit from deposit protection schemes or insurance (e.g., FSCS in the UK, FDIC in the US, or any equivalent EU directive);
Although XBase and its regulated partners implement safeguarding, segregation, and operational controls designed to mitigate loss, such measures do not constitute financial guarantees or consumer deposit protection;
In the event of insolvency of a third-party provider, custodian, or bank, Clients may be exposed to recovery risk, delay, or loss based on insolvency laws and local jurisdictional priority rules;
Clients are encouraged to perform independent due diligence and consider appropriate legal, financial, and insurance protections to manage their own risk exposure.
19. Miscellaneous Provisions
19.1 Relationship of the Parties. Nothing in this Agreement shall be construed as creating a partnership, joint venture, agency, fiduciary, or employment relationship between the Parties. Each Party is acting as an independent contractor and does not have authority to bind the other Party or represent itself as having such authority unless explicitly stated in this Agreement.
19.2 Assignment. Neither Party may assign, delegate, or otherwise transfer this Agreement or any of its rights or obligations hereunder without the prior written consent of the other Party, except that:
XBase may assign or transfer this Agreement without consent to any affiliate or successor-in-interest in connection with a merger, reorganization, sale of assets, or similar corporate transaction;
Any attempt to assign or transfer in violation of this provision shall be null and void.
This Agreement shall be binding upon and inure to the benefit of the Parties and their permitted successors and assigns.
19.3 Third-Party Rights. Except as expressly stated, this Agreement does not confer any rights or remedies on any third party, including under applicable third-party beneficiary statutes, and is intended solely for the benefit of the Parties and their permitted successors.
19.4 Cumulative Remedies. Except where this Agreement expressly provides for an exclusive remedy:
The rights and remedies provided in this Agreement are cumulative and do not exclude other rights or remedies available under law, equity, or otherwise.
19.5 Counterparts. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original and all of which taken together shall constitute one and the same instrument. A signed copy delivered by electronic transmission (e.g., PDF or DocuSign) shall be deemed to have the same legal effect as delivery of an original signed copy.
19.6 Headings and Interpretation. Clause headings are for reference only and shall not affect the interpretation of this Agreement. References to sections, schedules, and annexes are to those of this Agreement unless otherwise indicated.
The singular includes the plural and vice versa;
“Including” means “including without limitation”; and
Any reference to a statute or regulation includes references to any modification, re-enactment, or extension thereof.
19.7 Publicity and Reference Use. Unless otherwise agreed in writing:
XBase may identify the Client as a user of the Services in its marketing materials, website, and investor presentations using the Client’s name and logo, provided such references are factually accurate and not misleading;
The Client may not use XBase’s name, marks, or branding in any external communications, proposals, or promotional materials without prior written approval from XBase.
Part B – Service-Specific Schedules
Schedule 1: Banking and Payment Services
Important Notice:
This Schedule governs Banking and Payment Services offered by XBase. For general provisions concerning ownership of Client Money and Client Virtual Assets, including when such ownership may be affected by settlement, collateral, or other processes, please refer to Section 9A of the General Terms.
1. Introduction and Applicability. This Schedule applies to the provision of banking, account, and fiat payment services provided by XBase to the Client through regulated third-party institutions, such as electronic money institutions (EMIs), payment service providers (PSPs), and other infrastructure partners. These services are designed to enable the Client to send, receive, hold, and reconcile fiat currency transactions in a secure and compliant manner. XBase does not itself hold regulatory permission to safeguard client funds but acts as a facilitator, program manager, or interface integrator. These Services are intended for professional, institutional, and corporate users only and are not made available to individual consumers.
This Schedule supplements and forms part of the Unified Terms & Conditions (the “Agreement”), and shall prevail over the General Terms in the event of any inconsistency regarding the Services described herein. The provisions in this Schedule shall be interpreted in light of the specific operational, regulatory, and contractual arrangements governing XBase’s banking infrastructure partnerships.
2. Nature of Services and Role of XBase. XBase facilitates access to banking and payment infrastructure by:
Integrating with EMIs and PSPs for account issuance, safeguarding, and transaction processing;
Providing Clients with a digital interface, IBANs, transaction status updates, reconciliation files, and reporting;
Acting as a technical intermediary, not a licensed credit institution, custodian, or funds holder;
Managing the onboarding workflow and communication flow between the Client and the EMI/PSP;
Assisting with API integrations, sandbox testing, and technical incident handling.
The Client agrees that any Client Money is safeguarded in accordance with the applicable regulations governing the EMI or PSP (e.g., Electronic Money Regulations 2011, Payment Services Regulations 2017). XBase does not accept any fiduciary responsibility or liability for such funds beyond the obligations explicitly stated in this Agreement.
3. Client Onboarding and KYC Requirements. Prior to receiving Services under this Schedule, the Client must:
Complete XBase’s onboarding and due diligence process, including identification of UBOs, authorized users, business registration details, source of funds, and submission of supporting documentation;
Successfully pass the onboarding requirements of the designated EMI or PSP, including additional due diligence that may be applied independently by the institution based on its risk appetite and regulatory obligations;
Update its information upon any material change and periodically reconfirm its KYC/KYB profile as required by XBase, the EMI, or applicable laws;
Immediately notify XBase of any change in ownership, legal status, regulatory registration, senior management, or commercial activities that could affect its risk classification.
XBase reserves the right to suspend or terminate access if onboarding conditions are not met or maintained.
4. Accounts, Access, and Platform Use
The Client may receive access to one or more virtual or named IBANs, account references, or client-specific ledger balances, as issued by the relevant EMI/PSP;
XBase shall provide the Client with a user interface or API access for viewing balances, initiating transactions, downloading reports, exporting transaction history, and configuring settings;
The Client is solely responsible for managing its user roles, access credentials, permissions, and ensuring secure system usage;
Internal controls such as segregation of duties, dual approval workflows, and IP whitelisting are recommended and may be enforced by platform design;
XBase is not liable for unauthorized activity resulting from credential compromise, negligent access management, or failure to apply security best practices, unless caused solely by XBase’s gross negligence.
5. Transaction Execution
The Client may initiate payment instructions via the platform, API, or approved upload mechanisms, subject to cut-off times and operational constraints;
XBase and its partners support payment rails including SEPA, SWIFT, Faster Payments, and others as agreed. Execution timelines are best-effort and not guaranteed, particularly for cross-border payments or those routed through correspondent networks;
The Client shall ensure all payment data is accurate and compliant with scheme requirements. Incomplete or malformed instructions may be rejected or delayed;
Once a payment is marked as submitted or irrevocable, it may not be reversed, except where legally required or permitted under the EMI/PSP’s applicable terms;
The Client is responsible for the accuracy of beneficiary details, payment references, and transaction metadata.
6. Safeguarding of Client Money
All Client Money is safeguarded by the EMI or PSP in a segregated account separate from operational funds and subject to applicable regulatory requirements;
Such safeguarding ensures that, in the event of the EMI/PSP’s insolvency, funds are protected from creditor claims but do not benefit from deposit protection or insurance;
XBase provides real-time visibility into balances via its client portal but does not itself hold or safeguard any fiat currency;
The safeguarding institution may be based in the United Kingdom, the EEA, or another equivalent jurisdiction, and shall be identified to the Client on request;
Clients are encouraged to consult legal and financial advisors to fully understand the insolvency implications and differences between safeguarding and deposit insurance.
7. Fees and Billing
Fees applicable to these Services are set out in the Order Form, client portal, or as notified by XBase from time to time;
The Client authorizes XBase and/or the EMI/PSP to deduct fees from Client balances or invoice the Client accordingly;
Fees may include transaction costs, monthly account charges, FX margins, rejection/return fees, account inactivity charges, and minimum usage fees;
In the event of non-payment or breach, XBase may suspend access to the Services or withhold processing until the matter is resolved;
Any queries regarding fees must be raised within ten (10) business days of the date of invoice or fee application.
8. Acceptable Use and Limitations
The Client shall not use the banking Services to engage in unlawful activity, circumvent sanctions, process high-risk transactions without disclosure, or act as an unauthorized PSP, money service business, or custodian;
XBase reserves the right to review, block, or reject any payment instruction or account setup that it reasonably suspects to breach law, policy, or the terms of its partner institutions;
Prohibited categories may include, but are not limited to, cash remittance, unlicensed crypto-to-fiat conversion, adult content, gambling, controlled substances, high-risk jurisdictions, and shell company structures;
The Client must maintain appropriate internal AML/CTF procedures and cooperate with any investigations or enhanced due diligence requests.
9. Transaction Errors and Client Notifications
The Client must notify XBase in writing within five (5) business days of discovering any suspected transaction error, unauthorized transaction, or discrepancy;
XBase will use reasonable efforts to investigate and assist, but final resolution is subject to EMI/PSP rules, applicable laws, and the cooperation of third parties involved in the transaction;
The Client is responsible for providing timely documentation, cooperation, and accurate audit trails when raising claims, and acknowledges that processing or reimbursement may be delayed due to third-party dependencies or regulatory review;
If unresolved, the Client may escalate the matter under the dispute resolution mechanism described in Section 14 of the General Terms.
10. Termination and Suspension
XBase or its partners may suspend or terminate banking access immediately upon suspected fraud, AML breach, regulatory directive, risk-based internal assessment, or operational incident that presents a material risk to the platform, partners, or ecosystem;
The Client may terminate Services under this Schedule with thirty (30) days’ written notice, subject to reconciliation and final invoicing;
Upon termination, Client funds may be withdrawn subject to compliance clearance. XBase may require updated bank details, KYC/KYB reconfirmation, or supporting documentation prior to processing the final withdrawal;
Post-termination records and transactional logs shall be retained for the statutory minimum period required by law and may be audited or disclosed in accordance with regulatory obligations.
11. Liability and Indemnities
XBase shall not be liable for any loss of funds caused by EMI/PSP insolvency, misexecution by correspondent banks, force majeure events, payment rail outages, intermediary institution errors, or Client error;
XBase does not provide recovery guarantees or act as an insurer for failed, delayed, or rejected payments where such outcome was caused by third-party institutions beyond its direct control;
The Client agrees to indemnify XBase for losses, fines, penalties, or third-party claims arising from its use of the Services in breach of this Agreement, applicable law, or the terms of the relevant EMI/PSP.
12. Service Availability and Deployment Conditions. The provision of the Services referenced in this Schedule is subject to XBase’s service deployment timeline and applicable regulatory readiness. Availability may vary based on jurisdiction, licensing and infrastructure readiness.
Schedule 2: OTC Trading Services
Important Notice:
This Schedule governs OTC Trading Services offered by XBase. For general provisions concerning ownership of Client Money and Client Virtual Assets, including when such ownership may be affected by settlement, collateral, or other processes, please refer to Section 9A of the General Terms.
1. Introduction and Applicability. This Schedule applies to the provision of over-the-counter (“OTC”) trading services offered by XBase in relation to eligible digital and virtual assets (“Virtual Assets” or “VAs”). OTC trading involves the bilateral execution of spot trades between the Client and XBase (or its liquidity providers) in Virtual Assets, either directly or through matched third-party counterparties.
The Services include transaction structuring, price negotiation, execution, and, where applicable, settlement via XBase wallets or designated banking and custody partners. These Services are offered as part of XBase’s institutional-grade infrastructure and may involve hybrid settlement workflows, including atomic swaps, escrowed transfers, or delayed settlement with margin components.
This Schedule forms part of the Unified Terms & Conditions (the “Agreement”). It applies solely to OTC Services and shall prevail in case of inconsistency with the General Terms or any other Schedule as regards the provision of such Services. These Services are strictly limited to institutional or professional clients and are not intended for retail or consumer use.
2. Role of XBase and Regulatory Status
2.1 XBase is registered as a Virtual Asset Service Provider (“VASP”) in accordance with applicable regulatory regimes, including but not limited to Lithuanian, UAE and Canadian laws. It may rely on third-party regulated entities for execution and settlement where required. It acts as a program manager and transactional intermediary, leveraging licensed counterparties and liquidity providers as appropriate.
2.2 The Client acknowledges that:
XBase is not a bank, investment firm, custodian, or financial institution and is not subject to financial conduct authority licensing requirements in any jurisdiction where such licensing pertains to securities or regulated investment services;
OTC Services are not regulated investment services, and XBase does not provide investment advice, portfolio management, financial intermediation, or regulated brokerage or custodial services;
XBase executes OTC transactions as principal or matched counterparty and not as agent or fiduciary. It does not operate an exchange or multilateral trading facility and does not perform order routing across counterparties unless explicitly structured as a dual-agency flow;
Trades may be aggregated or routed through omnibus structures, cross-matched internally or executed externally via white-labeled liquidity venues, subject to operational best execution protocols.
2.3 The Client trades at its own discretion and risk, and XBase does not guarantee liquidity, market availability, pricing efficiency, or future tradability of any specific Virtual Asset. All trading decisions are made solely by the Client, who accepts full responsibility for any outcomes resulting from such transactions.
3. Client Onboarding and Eligibility
3.1 In order to access the OTC Services, the Client must be onboarded and approved by XBase under its compliance and risk management framework. This includes a multi-phase process incorporating risk-based due diligence, review by relevant internal stakeholders, and verification of submitted information. The onboarding process includes, but is not limited to, the submission of documentation required under applicable AML/CFT regulations, sanctions compliance programs, and internal policies, such as:
Valid corporate formation documents, proof of registration, and organizational documents (e.g., Articles of Association, Certificate of Incorporation);
Identification of Ultimate Beneficial Owners (UBOs), directors, controlling persons, and authorized signatories, including notarized identification where required;
Completion of a KYC/KYB questionnaire and submission of details concerning the nature and expected scale of the Client’s OTC trading activities;
Disclosure of anticipated counterparties, trading jurisdictions, and whether any part of the service involves acting on behalf of third parties;
Sanctions and adverse media screening, geographic risk classification, and screening against Politically Exposed Persons (PEP) lists;
Declaration of source of funds and source of wealth, which may be supported by bank statements, tax documentation, or contractual records.
3.2 Based on its internal risk rating model, XBase may classify Clients into risk tiers (e.g., low, medium, high risk) and impose enhanced due diligence measures as necessary. Clients located in jurisdictions identified as high-risk, non-cooperative, or subject to sanctions will be evaluated in accordance with XBase’s Eligibility Criteria (see Section 3.1 to the General Terms). Where onboarding is not automatically disqualified, such Clients may be subject to additional scrutiny, escalation to senior managers (including compliance officers, where applicable), or enhanced documentation requirements.
3.3 The Client represents and warrants, on a continuous basis, that:
It is duly incorporated and validly existing under the laws of its jurisdiction of incorporation, and has maintained compliance with all filing, licensing, and regulatory obligations applicable to its business;
It has the legal capacity, authority, and corporate approvals necessary to enter into this Agreement and undertake OTC transactions;
It is not located in, organized under the laws of, or subject to the control of any country or person designated under applicable sanctions regimes;
It is not engaging in trading activity on behalf of another person or entity unless it has received explicit authorization from XBase and has submitted all necessary documents relating to its underlying principals or customers;
It will promptly notify XBase of any material change in its ownership, management, operations, or jurisdiction that may impact its risk profile or regulatory status.
3.4 XBase reserves the right to:
Reject onboarding applications for any reason or no reason, including where concerns are raised regarding regulatory interpretation, incomplete documentation, or reputational risk;
Suspend onboarding if there are delays in providing documentation, doubts about the authenticity or completeness of disclosures, or pending investigations or legal proceedings involving the Client;
Immediately suspend or revoke onboarding approval if, post-approval, the Client is found to have submitted misleading or inaccurate information or fails to cooperate with periodic reviews or compliance updates.
3.5 Onboarding approval entitles the Client solely to access the OTC Services as defined in this Schedule and does not entitle it to access other XBase services unless separately agreed. XBase may conduct trigger-based reviews of the Client’s eligibility and risk classification at any time, including upon:
A material change in the Client’s ownership, control, or structure;
Notification of legal or regulatory action against the Client;
Receipt of a report, whistleblower submission, or inquiry from a regulator or third party;
Unusual trading activity or behavior inconsistent with the originally declared trading profile.
4. Supported Virtual Assets and Pairs
4.1 XBase supports a range of Virtual Assets and trading pairs across various networks and standards, including layer 1 and layer 2 blockchains. Supported assets are subject to change and may be added, suspended, or removed based on market conditions, compliance requirements, network reliability, token liquidity, or strategic business decisions. A list of currently supported assets and trading pairs shall be provided to the Client upon onboarding, and maintained through periodic updates published via secure platform notifications, email circulars, or designated client-facing channels.
4.2 Virtual Assets eligible for OTC trading may include, but are not limited to, Bitcoin (BTC), Ethereum (ETH), stablecoins such as USDT, USDC, and other widely accepted tokens that meet liquidity, legal, and technical criteria as determined by XBase. Inclusion of a Virtual Asset shall be subject to ongoing review of its market structure, trading behavior, smart contract security, custodial compatibility, and regulatory status. XBase reserves sole discretion in determining asset eligibility, and may prioritize or exclude assets on the basis of risk, technological complexity, or counterparty demand.
4.3 The Client acknowledges and agrees that XBase may:
Suspend, restrict, or permanently de-list any Virtual Asset or pair at any time, without prior notice, in order to comply with updated internal controls, regulatory directives, technical constraints, or market abuse considerations;
Impose additional conditions on trading certain assets or pairs, including minimum trade size, disclosure of origin of funds, real-time video verification, or dual approval workflows, as part of XBase's anti-abuse framework;
Decline execution where an asset’s pricing source is unavailable or where market integrity cannot be assured due to spoofing, wash trading, or off-market spreads;
Require that trades in tokens subject to hard forks, airdrops, or smart contract migrations be subject to special terms and handled through manual settlement instructions.
4.4 Certain trading pairs may be:
Supported only in a specific direction (buy or sell);
Available in limited time windows;
Subject to block confirmations or smart contract dependencies;
Executed in split lots where liquidity conditions or execution venue capacity do not permit a single fill;
Flagged for internal review where trades exceed volatility or exposure thresholds set by XBase's risk engine.
4.5 XBase does not guarantee continued support for any asset. If an asset is delisted, suspended, or made non-tradeable, Clients shall have a reasonable opportunity, typically not less than five (5) business days, to withdraw or convert their positions unless law or regulation prevents such action. Where feasible, XBase will communicate delisting events through written notice, platform alerts, or recorded client communications. XBase may also freeze assets where their legal status is ambiguous, pending regulatory clarification or asset issuer communication.
4.6 The Client must not send unsupported assets or unsupported versions (e.g., from incorrect chains) to XBase wallets. In such cases:
The assets may be permanently lost;
Recovery may be attempted only where economically feasible and subject to a manual retrieval fee;
No liability is assumed by XBase for failed recovery, regardless of whether the client acted with or without knowledge of the unsupported asset status.
4.7 To ensure technical and security compatibility, XBase may impose specific token or wallet format requirements including:
Use of only designated blockchain networks and token standards (e.g., ERC-20 on Ethereum Mainnet, BEP-20 on BNB Chain);
Exclusion of tokens that include rebasing, automatic liquidity provision, or blacklisting mechanics;
Application of withdrawal or gas fees specific to each protocol;
Requirement to verify the final receiving wallet address format, checksum, and known-bug status prior to transmission.
Clients are responsible for validating such requirements in advance of trade execution or settlement and assume all liability for misrouted, rejected, or forfeited Virtual Assets due to incompatibility or misconfiguration.
5. Order Workflow and Execution Model
5.1 OTC orders may be initiated through various channels approved by XBase, including secure email correspondence, encrypted instant messaging services (e.g., Signal, Telegram with compliance archiving), or through the XBase trading portal or API interface where available. All Client order placement methods must be pre-authorized and tied to identifiable authorized personnel or systems. Each trade instruction must be verifiable and attributable to a specific authorized user under the Client’s access list. XBase may require dual-authentication protocols or implementation of trade-specific tokens for verification. Trade instructions submitted through any unapproved channel will be considered invalid unless retroactively confirmed by both Parties.
5.2 The OTC order lifecycle generally includes the following stages:
Request for Quote (RFQ): The Client submits a buy or sell interest in a specific Virtual Asset or pair, along with size, direction, desired execution method, and target timing. Clients may also specify whether they wish to pre-fund or post-fund the transaction based on margin availability and settlement workflow;
Price Quotation: XBase returns a live or indicative quote, inclusive or exclusive of spread as disclosed, which may include terms such as quote expiry window, minimum fill thresholds, settlement conditions, supported wallet address types, and applicable fees or gas costs;
Client Acceptance: Upon acceptance, whether verbal (recorded), written, or platform-confirmed, the quote becomes legally binding and constitutes a bilateral agreement to trade at the quoted terms, subject to final settlement, anti-fraud verifications, and legal or compliance hold flags. Any materially altered or expired quote shall not constitute a binding order unless reissued and confirmed;
Trade Confirmation: XBase generates a trade confirmation or post-trade message detailing the trade reference number, transaction hash (if applicable), timestamps, gross and net amounts, execution counterparties (if non-XBase), pricing components, and settlement obligations;
Settlement Instruction: The Client or XBase initiates fund or asset transfers in accordance with the agreed workflow, which may include cold wallet routing, bank transfer, multi-signature signing, or escrow-mediated delivery. Timing of settlement may differ depending on asset type and required network confirmations.
5.3 Trades may be executed using one of the following models, based on XBase’s internal risk controls and market access at the time:
Principal Model: XBase fulfills the trade from its own inventory or balance sheet and assumes pricing and market risk until full settlement;
Matched Principal: XBase simultaneously enters an offsetting transaction with a third-party liquidity provider or institutional venue and assumes no market exposure but coordinates trade settlement on both sides;
Agency Model: XBase arranges for third-party execution on behalf of the Client but discloses this structure in advance and does not act as counterparty. In this model, execution quality depends directly on third-party venue performance.
5.4 Depending on market conditions and liquidity fragmentation, execution may be completed as:
A single trade match with one counterparty;
A split execution across multiple venues, OTC desks, or DEX aggregators;
An order that is filled in multiple tranches across time (e.g., time-weighted or volume-weighted execution);
A dynamically priced fill across AMMs or hybrid book-based pools if the trade involves decentralized liquidity sources.
5.5 Execution times may vary and are dependent on:
Blockchain network congestion, gas fee volatility, or validator delay;
Counterparty funding or transfer constraints and jurisdictional compliance bottlenecks;
Liquidity availability and market spreads at the time of quote issuance;
Completion of mandatory AML/CTF checks, internal trade surveillance analysis, or external approval chains in the case of large or sensitive trades.
5.6 Where an order cannot be executed in full:
The partial fill may be completed and confirmed with the remainder cancelled or re-quoted with updated terms;
A backstop mechanism may be used to lock partial liquidity or bridge quotes while XBase attempts to complete execution within a defined time horizon;
The order may be deemed “cancel and replace” where client instructions or smart routing algorithms so specify. Where price changes during fill exceed agreed slippage bands, XBase may pause the execution or re-engage the Client for reconfirmation.
5.7 Clients may submit trade instructions with special terms (e.g., all-or-none, minimum notional fill, iceberg orders, time-bound fills, or specific settlement venue routing). Such instructions will be honored on a best-effort basis but are not guaranteed unless expressly confirmed by XBase. XBase may require collateral or operational documentation before processing conditional logic instructions.
5.8 In case of error, trade disputes, or mismatched settlement, both Parties agree to cooperate in good faith to resolve the issue promptly. This includes sharing trade logs, message timestamps, audit trails, and execution snapshots. If pricing discrepancies occur due to systems latency, typographical error, manual override, or stale quote acceptance, XBase may, at its discretion, void, amend, or re-price the trade in consultation with the Client. Any trade suspected of manipulation, abuse of indicative pricing, or insider coordination will be escalated to XBase’s compliance department for investigation and potential suspension of services.
6. Settlement Process and Timing
6.1 Upon trade confirmation, XBase and the Client shall initiate settlement in accordance with the terms agreed at execution. Settlement may involve fiat or Virtual Assets and shall occur via the relevant transfer method (e.g., on-chain wallet, off-chain ledger transfer, SWIFT/SEPA bank transfer, or internal book transfer) as prearranged. XBase may require pre-funding of Client wallets or bank accounts prior to trade confirmation or establish a bilateral margin or collateral framework for delayed settlement.
6.2 Standard settlement windows are:
T+0 for same-day trades in highly liquid pairs;
T+1 or T+2 for fiat-settled trades requiring cross-border bank payments;
Custom settlement timelines where agreed in advance for structured transactions, high notional orders, or trades involving escrow mechanics.
6.3 Settlement obligations include:
Delivery of Virtual Assets to a designated wallet controlled by XBase or the Client, using the exact format, network, and protocol agreed at execution;
Delivery of fiat currency to a bank account held in the Client’s or XBase’s name, as appropriate;
Completion of internal ledger entries to update balances where XBase acts as record-keeper.
6.4 Blockchain-based settlements may require:
A minimum number of confirmations before the transfer is considered final;
Use of whitelisted addresses, multi-signature procedures, or cold wallet transfers requiring approval;
Deduction of blockchain gas fees or miner incentives directly from the settlement amount or applied separately as a fee.
6.5 Fiat settlement may be subject to:
Bank cut-off times, public holidays, or SWIFT/FPS delays;
Correspondent bank routing or rejection due to sanctions screening or incomplete reference fields;
Requirement for additional KYC or beneficiary confirmation in case of discrepancy or regulatory hold.
6.6 If either Party fails to meet its settlement obligations within the agreed window:
The non-defaulting party may demand remedy, cancel the trade, or offset exposure through close-out or netting arrangements where applicable;
XBase may, in its sole discretion, freeze access to pending trade balances or require compensatory fees, penalties, or coverage for price movement resulting from delay;
XBase reserves the right to initiate dispute escalation, claim partial or full margin held, or report non-performance to compliance or risk committees.
6.7 The Client acknowledges that:
Settlement of VA transactions is final and irreversible upon completion on the relevant blockchain;
XBase does not provide recovery services in case of Client-side settlement errors (e.g., wrong address, unsupported network);
In case of delay due to factors outside either Party’s control (e.g., force majeure, network outages), both Parties will act reasonably and in good faith to reach an equitable solution or reschedule settlement based on prevailing market conditions.
6.8 XBase may aggregate or batch trades for operational efficiency or risk controls and shall provide the Client with a consolidated statement of settlement once completed. Clients may request a breakdown of settlement instructions, gas usage, timestamps, and final delivery receipts for reconciliation and audit purposes.
6.9 Settlement terms may be subject to updates, and XBase may impose new policies from time to time to comply with evolving regulations, counterparty controls, or technical upgrades. Any such changes will be notified to Clients in advance unless immediate implementation is required by law or risk mitigation.
7. Trade Confirmations and Records
7.1 Trade Confirmations. Upon successful execution of any OTC transaction, XBase shall issue a formal trade confirmation to the Client, which may include the following elements:
Trade reference number or unique transaction identifier;
Date and time of execution and confirmation issuance;
Description of the traded asset(s), including trading pair (e.g., BTC/USDT);
Buy/sell direction, trade size, and price per unit;
Total gross amount and applicable fees, including any spread or commission breakdown;
Settlement terms, including the agreed method, counterparty, and delivery timeframe;
Regulatory or risk classification tags, if applicable.
7.2 Format and Delivery. Confirmations shall be issued electronically via one of the following means:
Secure client portal;
Authenticated email channel;
Encrypted instant messaging service used for order placement, with full archival logging.
7.3 Legal Effect. Each confirmation constitutes a legally binding record of the transaction as executed and supersedes any prior negotiation or indicative pricing associated with that order. The Client shall review confirmations promptly and notify XBase of any errors or discrepancies within twenty-four (24) hours of receipt.
7.4 Transaction Records. XBase shall maintain a full audit trail and digital log of all transactions executed under this Schedule, including:
Timestamped RFQ history and quote responses;
Quote expiry and acceptance status logs;
All pre-trade and post-trade communications (via approved channels);
KYC and compliance clearance timestamps associated with trade approvals;
Internal decision logs related to price formation or execution conditions;
Post-settlement delivery confirmations, hash references, and bank proof-of-transfer records.
7.5 Client Access and Archiving. Clients may access transaction history and download trade confirmations through their XBase portal or request full exports through the support desk. All records shall be retained for a minimum of eight (8) years from the date of trade or longer where required under regulatory obligations (e.g., AML laws in jurisdictions such as the UAE).
7.6 Reconciliation and Dispute Resolution. Trade records may be used by either Party for:
Internal reconciliation of positions, cash flow, or margin exposure;
Resolution of trade disputes, pricing discrepancies, or failed settlement claims;
Submission to regulators, auditors, or tax authorities upon lawful request.
In case of mismatch or conflicting evidence, the Parties shall engage in good faith reconciliation and agree to cooperate by exchanging relevant logs, confirmation receipts, and communication transcripts to establish intent and correct execution.
7.7 Corrections and Amendments. If either Party identifies a material error in a trade confirmation (e.g., price, size, asset, or direction), it shall notify the other Party within a commercially reasonable timeframe. Corrections may be made via:
Void and reissue of the confirmation, reflecting amended terms;
Offsetting trade to neutralize the economic impact;
Formal written amendment signed by both Parties and linked to the original transaction ID.
XBase reserves the right to amend confirmations retroactively in the case of clear administrative or typographical errors, provided such corrections are made in good faith and accompanied by reasonable supporting evidence. The Client may dispute such amendments within seventy-two (72) hours of notification.
8. Risk Management and Trading Limits
8.1 Counterparty Risk Review. Prior to enabling OTC trading access, XBase will conduct a risk-based counterparty review of each Client, taking into account jurisdictional exposure, trade volume expectations, business model, ownership structure, and external reputation. Based on this review, XBase may assign trading limits, require initial or ongoing margin, or impose specific restrictions on asset classes or settlement methods.
8.2 Trading Limits. XBase may implement one or more of the following risk management controls:
Maximum notional limits per trade, day, or rolling time period;
Position size limits for specific asset pairs or categories of Virtual Assets;
Daily or monthly trade frequency caps;
Exposure ceilings relative to total trading volume or net open positions;
Limits based on market volatility, liquidity, or stress-testing parameters.
Limits may be adjusted dynamically or on a discretionary basis without prior notice, particularly during periods of extreme market movement, systemic disruption, or counterparty performance concern.
8.3 Margin and Pre-Funding. Depending on the Client’s creditworthiness, historical trading behavior, and settlement method, XBase may require:
Full pre-funding of Client trades in fiat or Virtual Assets before quote acceptance;
Partial or full posting of margin, either in cash or Virtual Assets, held by XBase or a designated custodian;
Collateral arrangements linked to trading tiers or time of execution (e.g., 20% margin required for trades executed outside normal hours);
Post-trade margin calls in the event of settlement delay or market dislocation.
8.4 Suspension and Auto-Lock. XBase reserves the right to:
Suspend or auto-lock Client trading activity where breach of limits occurs;
Delay or cancel execution of trades where exposure exceeds predefined thresholds;
Require Client re-verification or compliance reassessment before restoring access.
8.5 Monitoring and Surveillance. XBase performs real-time monitoring of OTC activity to detect:
Layering, spoofing, or pre-arranged trading patterns;
Wash trading or circular volume generation;
Quote manipulation, latency arbitrage, or stale feed abuse;
Trading behavior inconsistent with declared Client profile or declared use of funds.
Suspicious behavior will be escalated to internal risk and compliance teams for review and may result in trade cancellation, account suspension, regulatory reporting, or permanent termination of access.
8.6 Client Cooperation. The Client shall:
Act in good faith and transparently with respect to risk exposure, trade intent, and trade counterparty awareness;
Respond promptly to XBase queries regarding abnormal trading patterns or system anomalies;
Disclose the identity of any authorized traders and notify XBase of any changes to internal policies affecting trade execution or settlement behavior.
Failure to cooperate may lead to reassignment of risk status, limit reduction, or immediate service suspension.
8.7 No Obligation to Extend Credit. Nothing in this Agreement shall be construed as obligating XBase to offer credit, margin financing, or settlement grace periods to the Client. All risk limits and trade conditions are discretionary and non-binding in nature and may be revoked or amended at any time in XBase’s sole judgment.
9. Liability and Indemnification
9.1 General Limitation of Liability. To the maximum extent permitted by applicable law, XBase shall not be liable for any indirect, incidental, special, punitive, or consequential damages, including without limitation loss of revenue, profits, business opportunity, data, or reputation, even if advised of the possibility of such damages and regardless of the cause of action. This applies whether the alleged liability arises in contract, tort (including negligence), strict liability, or any other legal theory. Furthermore, XBase shall not be liable for any losses arising from market fluctuations, volatility, or reliance on third-party infrastructure.
9.2 Specific Exclusions. Without limiting the foregoing, XBase shall not be liable for:
Price slippage, market volatility, or unavailability of liquidity during the quote or execution process;
Delay, failure, or error in settlement resulting from network congestion, smart contract bugs, exchange or wallet outages, or correspondent banking failures;
Loss of Virtual Assets due to transmission to incorrect addresses, unsupported tokens, or incompatible protocols;
Delay or denial of service resulting from fraud detection, regulatory investigation, legal freeze, or counterparty failure;
Client’s failure to implement security protocols (e.g., private key security, whitelisting) or internal process safeguards;
Trade errors, omissions, or duplications resulting from instructions received outside authorized channels.
9.3 Force Majeure. XBase shall not be liable for failure to perform its obligations under this Schedule if such failure is caused by events beyond its reasonable control, including but not limited to acts of God, natural disasters, pandemics, cyberattacks, war, riots, labor disputes, actions of governmental authorities, technical disruptions of communication systems, and systemic market failures.
9.4 Maximum Aggregate Liability. In any case where XBase is found liable notwithstanding the above limitations, its maximum aggregate liability for all claims related to OTC Services, whether arising in contract, tort, or otherwise, shall not exceed the total net fees received by XBase from the Client under this Schedule in the twelve (12) months preceding the event giving rise to the claim.
9.5 Indemnity by Client. The Client agrees to indemnify, defend, and hold harmless XBase, its affiliates, officers, directors, employees, agents, and partners from and against any and all third-party claims, liabilities, losses, damages, penalties, judgments, settlements, costs, and expenses (including reasonable legal fees) arising out of or in connection with:
The Client’s use of the OTC Services in violation of applicable law or regulation;
Any misrepresentation, breach of warranty, or material breach of this Schedule by the Client;
Any claim by a third party (including regulators or counterparties) resulting from the Client’s instructions, trade activity, or misuse of the Services;
Any action brought by a third party based on the Client’s unauthorized use or access of XBase systems, whether by internal personnel or third parties acting on behalf of the Client.
9.6 Notice and Cooperation. In the event of any claim subject to indemnification, XBase shall promptly notify the Client and cooperate with all reasonable requests for documentation, witness availability, and access to transaction records to support the Client’s defense. The Client shall not settle any such claim without the prior written consent of XBase unless it includes a full release of liability without any admission of wrongdoing or financial obligation.
9.7 Survival. The provisions of this Section 9 shall survive the termination or expiration of the Agreement and shall remain binding on the Client with respect to any trade, dispute, or claim arising from activity occurring prior to termination.
10. Termination and Suspension
10.1 Termination by Either Party. Either XBase or the Client may terminate the OTC Services provided under this Schedule at any time by giving thirty (30) calendar days’ written notice to the other Party. During the notice period, both Parties shall cooperate to wind down open trades, resolve outstanding obligations, and complete pending settlements in a commercially reasonable manner.
10.2 Immediate Termination by XBase. Notwithstanding Section 10.1, XBase may terminate or suspend the Client’s access to the OTC Services immediately and without prior notice if:
The Client is in material breach of this Schedule or the General Terms, including failure to meet settlement obligations or breach of representations;
There is reasonable suspicion of fraud, money laundering, terrorist financing, sanctions evasion, or other criminal conduct by the Client or related parties;
Regulatory action, court order, or legal mandate compels suspension or closure of the Client relationship;
XBase’s banking, custody, or liquidity partners withdraw access to necessary infrastructure based on the Client’s activity or risk classification;
The Client undergoes insolvency, liquidation, restructuring, or becomes subject to a winding-up petition or administrator appointment.
10.3 Suspension of Services. XBase may temporarily suspend access to OTC Services for reasons including but not limited to:
System upgrades, maintenance, or unanticipated service interruptions;
Breach of Client limits or margin thresholds pending review or reclassification;
Investigation into suspicious activity, regulatory inquiry, or compliance enforcement measures;
Emergency risk management events such as flash crashes, extreme market dislocation, or mass liquidation across multiple venues.
10.4 Effect of Suspension or Termination. Upon suspension or termination:
All pending and unsettled trades may be canceled, accelerated, or subject to forced close-out at prevailing market prices as determined by XBase in good faith;
All Client funds and assets held by XBase shall be returned to a verified withdrawal account or wallet, less any amounts owed to XBase, subject to applicable legal, regulatory, or operational hold periods;
XBase shall provide a final reconciliation report including outstanding balances, fees, and unresolved disputes, and coordinate closure with relevant third-party custodians, banks, and service providers.
10.5 Post-Termination Obligations. Termination shall not relieve either Party of liability for:
Breaches that occurred prior to the termination date;
Settlement of trades executed prior to termination;
Fees, indemnification, or damages incurred in connection with pre-termination activity;
Retention of transaction records and cooperation in post-termination audits, regulatory inquiries, or litigation support.
10.6 No Obligation to Re-Onboard. XBase is under no obligation to re-activate, re-onboard, or re-instate any Client who has been previously terminated. Re-application shall be subject to full due diligence and may be denied for any reason, including reputational risk or strategic business decision.
10.7 Survival. Provisions of this Schedule that by their nature are intended to survive termination shall remain in effect, including but not limited to Sections on indemnification, liability, recordkeeping, dispute resolution, and governing law.
11. Governing Law and Dispute Resolution
11.1 Governing Law. This Schedule, together with the Unified Terms & Conditions and any dispute arising out of or in connection with the OTC Services, shall be governed by and construed in accordance with the laws of the United Arab Emirates, specifically the laws applicable within the Abu Dhabi Global Market (ADGM), unless otherwise specified in an applicable Order Form or Annex J (Jurisdiction-Specific Terms), in which case the laws of another relevant jurisdiction (e.g., Lithuania for UAB entities or Canada) may apply.
11.2 Dispute Resolution Procedure. In the event of a dispute, controversy, or claim arising between the Parties in connection with this Schedule, the Parties shall first attempt to resolve the matter amicably through informal negotiation and good faith discussions. If the dispute remains unresolved for more than ten (10) business days from the date of notice, either Party may initiate formal dispute resolution in accordance with this Section.
11.3 Arbitration. Any unresolved dispute shall be referred to and finally resolved by arbitration administered by the Abu Dhabi Global Market Arbitration Centre (ADGMAC) in accordance with the ADGM Arbitration Regulations in force at the time of the dispute, which rules are deemed to be incorporated by reference into this clause. Where ADGMAC arbitration is not enforceable or suitable due to the Client’s jurisdiction, or the jurisdiction of the applicable Affiliate providing the Services, the parties may agree to submit disputes to a mutually acceptable arbitration venue and governing rules, as outlined in Annex J.
11.4 Arbitration Details. The arbitration shall be conducted:
By a sole arbitrator appointed in accordance with the ADGM Arbitration Regulations;
In the English language;
In Abu Dhabi, United Arab Emirates, unless the Parties agree otherwise in writing;
With judgment on the arbitration award to be final and binding on both Parties and enforceable in any competent jurisdiction.
11.5 Interim Relief. Nothing in this clause shall prevent either Party from seeking interim or injunctive relief in any court of competent jurisdiction where such relief is necessary to prevent irreparable harm, protect intellectual property, preserve confidentiality, or prevent a breach of applicable law.
11.6 Confidentiality. All arbitration proceedings, correspondence, and evidence disclosed in connection with any such proceeding shall be kept strictly confidential and may not be disclosed to any third party without the prior written consent of both Parties, unless such disclosure is required by law, regulation, or order of a competent court.
11.7 Continued Performance. Except where clearly prevented by the nature of the dispute, the Parties shall continue to perform their respective obligations under this Schedule during the course of the dispute resolution process, including the timely settlement of undisputed transactions and fees.
12. Service Availability and Deployment Conditions. The provision of the Services referenced in this Schedule is subject to XBase’s service deployment timeline and applicable regulatory readiness. Availability may vary based on jurisdiction, licensing and infrastructure readiness.
Schedule 3: Custody and Wallet Services
Important Notice:
This Schedule governs Custody and Wallet Services offered by XBase. For general provisions concerning ownership of Client Money and Client Virtual Assets, including when such ownership may be affected by settlement, collateral, or other processes, please refer to Section 9A of the General Terms.
1. Introduction and Scope. This Schedule governs the provision of custodial and wallet management services (the “Custody Services”) by XBase or its designated third-party partners to the Client for purposes of safeguarding Virtual Assets and facilitating settlement and transactional use. The Custody Services are primarily designed for institutional and professional clients. Retail users may be eligible to receive Custody Services where permitted under applicable law, including but not limited to clients in Lithuania and Canada, subject to local licensing, registration, or onboarding requirements.
These Services may include:
Provision of segregated or omnibus wallets for the receipt, storage, and withdrawal of supported Virtual Assets;
Secure holding and safekeeping of Virtual Assets through hot, warm, and cold wallet infrastructure;
Internal ledgering and balance reporting aligned with industry-grade reconciliation standards;
Transaction monitoring, withdrawal controls, and address whitelisting.
This Schedule forms part of the Unified Terms & Conditions and applies specifically to Virtual Assets held by XBase or its affiliates for or on behalf of the Client, whether in connection with OTC Trading, treasury management, or standalone custodial agreements.
2. Custody Structure and Wallet Configuration
2.1 Custodial wallets may be provisioned as:
Segregated wallets, designated specifically for the Client and capable of traceable on-chain validation;
Omnibus wallets, holding pooled balances for multiple clients but with Client-specific allocations recorded on an internal ledger maintained by XBase;
Hybrid configurations, wherein settlement efficiency is optimized through batching, but individual entitlements remain transparent.
2.2 The type of wallet offered to a Client shall be determined by risk classification, asset type, transaction volume, and contractual preference. The Client acknowledges that full segregation may incur additional fees or operational latency.
2.3 Wallets may be configured using:
Multisignature smart contracts, hardware-secured keys, or HSM infrastructure;
Policy-based access, timed lockouts, and approval hierarchies for withdrawal requests;
Network-specific limitations (e.g., non-custodial settlement for non-EVM-compatible chains).
2.4 For the duration of the Custody Services, Virtual Assets are deemed to be under the control of XBase once received into wallets maintained on the Client’s behalf. Virtual Assets are no longer under the control of XBase when:
They have been transferred to a whitelisted external wallet upon the Client’s instruction.
The entity responsible for safeguarding the Client’s Virtual Assets at any given time will be identified in the Client onboarding documentation or relevant annex, in accordance with jurisdictional and regulatory requirements.
2.5 Custody infrastructure is maintained using secure, institutional-grade solutions provided by third-party vendors. In particular:
Fireblocks is currently used as XBase’s primary wallet and key management platform, offering multi-party computation (MPC), role-based access controls, and automated policy enforcement;
Other regulated custodians or sub-custodians may be used depending on jurisdictional requirements and will be disclosed to Clients as part of the onboarding documentation or relevant Annex.
3. Supported Virtual Assets and Network Constraints
3.1 Custody is only available for a subset of Virtual Assets supported by XBase. The current list shall be maintained in the Client onboarding documentation and updated through platform notifications.
3.2 XBase reserves the right to suspend custody for any asset that becomes technically unsupported, delisted, or incompatible with existing wallet infrastructure. Assets may also be frozen where legal or regulatory guidance requires restriction.
3.3 The Client shall not deposit unsupported tokens, non-fungible tokens (NFTs), airdrops, or forked assets without prior approval. XBase is not liable for the recovery of such assets and may impose retrieval fees if recovery is possible.
4. Access, Withdrawals, and Controls
4.1 Withdrawal rights are subject to:
Whitelisting of destination addresses;
Two-factor authentication and authorized signatory approvals;
Real-time transaction monitoring for fraud or sanctions alerts;
Pre-defined transaction limits per Client profile.
4.2 Withdrawal requests may be rejected, delayed, or escalated to compliance where:
Source or destination address is suspicious or unverified;
AML/CTF thresholds are triggered;
Custody partner enforces delay due to volume, market conditions, or jurisdictional hold.
4.3 Withdrawal windows and SLAs shall be defined in the onboarding package or operating appendix and may vary by asset class and security tier.
5. Fees, Audit, and Reporting
5.1 Custody fees may include:
Monthly safekeeping fees calculated on average balance;
Withdrawal processing fees and gas reimbursement;
Charges for additional services such as insurance, audit exports, or segregation upgrades.
5.2 XBase shall provide the Client with:
Periodic custody statements showing balance, activity, and any fees accrued;
On-demand audit snapshots upon written request;
Blockchain transaction hashes for received or transmitted assets.
5.3 Clients are responsible for reconciling wallet balances with internal records and reporting any discrepancies within five (5) business days.
6. Risk Disclaimers and Limitations
6.1 XBase uses commercially reasonable measures to secure Client assets but does not guarantee against all forms of loss, including:
Cyberattack, third-party breach, or software vulnerability;
Blockchain failure, protocol error, or hard fork incompatibility;
Regulator-imposed freeze, legal seizure, or jurisdictional restrictions.
6.2 Insurance, if applicable, shall be disclosed in the onboarding materials and may be subject to exclusions. Clients should not assume blanket coverage unless expressly confirmed in writing.
6.3 XBase shall not be liable for losses resulting from:
Force majeure events;
Delays caused by network outages or congestion;
Client errors in providing wallet credentials or destination addresses.
7. Termination of Custody Services
7.1 Either Party may terminate the Custody Services upon thirty (30) days’ written notice, subject to reconciliation and return of Client assets.
7.2 Upon termination:
The Client shall designate a verified wallet address for return of all supported assets;
Fees and charges due until the termination date shall be paid in full;
XBase shall cooperate in the orderly withdrawal and provide a closing custody report.
8. Governing Law and Dispute Resolution. This Schedule shall be governed by the same governing law and dispute resolution provisions outlined in Section 11 of Schedule 2, unless otherwise agreed in writing by the Parties.
9. Service Availability and Deployment Conditions. The provision of the Services referenced in this Schedule is subject to XBase’s service deployment timeline and applicable regulatory readiness. Availability may vary based on jurisdiction, licensing and infrastructure readiness.
Schedule 4: Payment Processing and Merchant Services (POS)
Important Notice:
This Schedule governs Payment Processing and Merchant Services offered by XBase. For general provisions concerning ownership of Client Money and Client Virtual Assets, including when such ownership may be affected by settlement, collateral, or other processes, please refer to Section 9A of the General Terms.
1. Scope and Applicability. This Schedule governs the provision of payment processing and merchant settlement services (the “POS Services”) offered by XBase to business clients (the “Merchant”) seeking to accept payments for goods or services using Virtual Assets and/or fiat currencies. The POS Services enable Merchants to offer customers flexible and modern methods of payment and may include:
Provision and configuration of POS terminal devices or software payment modules;
Real-time or delayed payment collection via QR code, payment links, terminal scan, or API calls;
Transaction history, daily reporting, and automated settlement summaries;
Conversion of Virtual Assets to stablecoins or fiat currency at the Merchant’s request;
Reconciliation dashboards, refund handling tools, and customer payment validation.
The POS Services are strictly limited to use in the course of lawful commercial activity and are subject to eligibility, approval, and regulatory compliance. This Schedule forms part of the Unified Terms & Conditions and applies only to Merchants duly onboarded by XBase.
2. Merchant Eligibility and Onboarding
2.1 The POS Services are made available solely to legal entities approved by XBase under its compliance framework. Onboarding requires the submission of:
Corporate documentation, shareholder and UBO identification, and business license;
Verification of the business model, website and customer terms, refund and delivery policy;
Designation of authorized contacts and consent to these Unified Terms & Conditions.
2.2 XBase may deny, suspend, or terminate POS access if:
The Merchant offers prohibited goods/services or operates in a restricted jurisdiction;
The Merchant fails to update documentation, undergo re-verification, or respond to compliance queries;
XBase identifies abnormal transaction patterns, suspicious conduct, or receives credible regulatory notice.
3. POS Device and Software Use
3.1 Where hardware is issued:
XBase remains the legal owner of each POS terminal and assigns it for Merchant use against a refundable deposit (e.g., GBP 299 per device);
Devices must be returned in operable condition within thirty (30) days of termination or deactivation;
Devices lost, stolen, or damaged beyond repair may be subject to a replacement fee or forfeiture of the deposit.
3.2 POS software may be provided as:
A browser interface compatible with Android/iOS devices;
A dedicated app with integrated wallet and settlement functions;
An API-based integration for high-volume merchants operating e-commerce or retail platforms.
4. Payment Acceptance and Processing
4.1 Payments may be accepted from end-customers using fiat payment methods (e.g., debit/credit cards, SEPA bank transfers) or supported Virtual Assets (e.g., USDT, BTC, ETH, USDC). XBase may apply volume caps or restrict availability based on jurisdiction, asset volatility, or third-party risk constraints.
4.2 Each transaction is deemed completed only after:
Full receipt of funds by XBase’s accounts or wallets;
Confirmation of blockchain settlement (typically one or more confirmations);
Clearance of fraud, compliance, and sanctions checks.
4.3 Where applicable:
End-customers may be charged a Virtual Asset network fee, gas fee, or FX margin;
XBase shall disclose pricing breakdowns on the Merchant’s dashboard, or at the time of quote generation;
Merchants may enable customer-facing receipts including blockchain reference or transaction hash.
5. Conversion, Settlement, and Reconciliation
5.1 Merchants may elect to receive settlement in fiat, stablecoins, or supported Virtual Assets. Settlement frequency (e.g., daily, weekly) and thresholds (e.g., minimum payout amounts) shall be determined during onboarding or updated via written agreement.
5.2 XBase shall deduct:
Transaction processing fees (fixed or percentage-based);
Network fees, miner tips, and applicable exchange fees for conversion;
Reserve holdbacks (e.g., rolling reserve for refunds or compliance risk).
5.3 Settlement may be suspended or delayed due to:
AML/CTF verification pending final confirmation;
Legal or court orders, bank holidays, or network-wide outages;
Refund or chargeback volume spikes exceeding tolerance bands.
5.4 Reconciliation reports shall be issued via the Merchant portal and include:
Gross transaction values, fees, and net payouts;
Refunds, rejections, and chargebacks processed during the period;
Any unusual account activity flagged by XBase’s systems or providers.
6. Refunds, Disputes, and Chargebacks
6.1 Refunds to end-customers must:
Be initiated by the Merchant via the XBase portal or API;
Be made only to the original payment source, unless otherwise documented;
Reflect full or partial amounts and include gas/network costs where applicable.
6.2 XBase reserves the right to:
Offset refund amounts against future settlements;
Charge administrative fees for processing returns or customer disputes;
Hold amounts in reserve based on risk analysis or account performance.
6.3 Chargebacks and regulatory complaints may:
Be deducted from Merchant settlement without prior notice;
Trigger account suspension or transaction review;
Be disputed by the Merchant with XBase assistance, subject to documentation timelines.
7. Intellectual Property, Branding, and Compliance
7.1 XBase retains all intellectual property rights in its platform, brand assets, documentation, and device interface. Merchants may not modify, sublicense, or reverse engineer the POS tools or systems.
7.2 Merchants may display XBase’s name and logo solely in compliance with provided branding guidelines and shall not:
Misrepresent the nature of XBase’s involvement in product fulfillment;
Make exaggerated claims about transaction finality, security, or refund rights;
Suggest endorsement, licensing, or partnership beyond payment facilitation.
7.3 The Merchant agrees to:
Maintain AML/CTF controls aligned with local legal obligations;
Cooperate with periodic audits, compliance inquiries, and transaction tracebacks;
Retain records of customer orders, delivery evidence, and refund confirmations for a minimum of five (5) years.
8. Fees, Taxes, and Regulatory Matters
8.1 Fees are disclosed in the Order Form and may include:
Setup and onboarding costs (if applicable);
POS device deposits or replacement charges;
Transaction processing fees and payout charges.
8.2 XBase may withhold taxes as required by law. Merchants shall:
Ensure their tax affairs comply with applicable jurisdictional rules;
Provide tax identification or exemption certificates where applicable;
Indemnify XBase for tax liabilities arising from false or incomplete information.
9. Termination and Suspension
9.1 XBase may terminate or suspend the POS Services immediately if:
The Merchant breaches this Schedule or any applicable law;
A regulatory authority directs service suspension or enforcement;
XBase identifies fraud, reputational damage, or technical misuse.
9.2 The Merchant may terminate with fifteen (15) days’ notice. Upon termination:
Devices must be returned and accounts closed out;
Final settlements and withheld reserves shall be paid subject to applicable freeze or fraud periods;
Portal access for transaction review remains available for thirty (30) days.
10. Governing Law and Dispute Resolution. This Schedule shall be governed by the laws and dispute resolution mechanisms defined in Section 11 of Schedule 2.
11. Service Availability and Deployment Conditions. The provision of the Services referenced in this Schedule is subject to XBase’s service deployment timeline and applicable regulatory readiness. Availability may vary based on jurisdiction, licensing and infrastructure readiness.
Schedule 5: API and Data Access Services
1. Scope and Applicability. This Schedule governs the provision of application programming interface (API) and data access services (collectively, “API Services”) by XBase to approved Clients. These Services enable Clients to programmatically access XBase’s infrastructure, including trading, settlement, transaction data, account information, and operational tools. This Schedule forms part of the Unified Terms & Conditions and applies in addition to the General Terms.
2. Types of Access and Use Cases. API Services may include:
Market data feeds, pricing endpoints, and quote retrieval tools;
Order submission, trade confirmation, and balance reporting functions;
Automated settlement processing and treasury rebalancing interfaces;
Webhook-based notifications for transaction status, event alerts, or risk triggers;
Access to historical trade logs and downloadable audit records.
Use cases include: integration into Client front-end or back-office systems, automated treasury operations, third-party reporting tools, partner platforms, or internal risk dashboards.
3. Credentials, Security, and Authentication
3.1 Access to API Services requires authenticated credentials (API keys, tokens, or certificates) issued by XBase. Clients are responsible for:
Keeping credentials confidential and restricting usage to authorized systems;
Rotating credentials in accordance with XBase’s security policy;
Immediately notifying XBase in case of compromise, abuse, or key leakage.
3.2 Authentication mechanisms may include:
HMAC signatures, OAuth 2.0 tokens, or IP address allowlisting;
Use of TLS encryption for all communications;
Timestamp and nonce verification for replay protection.
4. Rate Limits and Usage Restrictions
4.1 XBase may enforce rate limits or throughput thresholds to ensure service integrity and prevent abuse. Limits may vary by:
Endpoint category (e.g., market data vs. transaction submission);
Plan tier or service level agreement (SLA);
Network stability or system load.
4.2 Clients shall not:
Circumvent rate limits or use proxy relays to mask traffic origin;
Reverse engineer or attempt to extract undocumented functionality;
Modify, resell, or license API Services to third parties without written permission.
5. Sandbox and Developer Environments
5.1 XBase may provide a sandbox or testnet environment for integration testing. Sandbox environments:
Use simulated data and are subject to lower availability and uptime commitments;
May have rate limits, delayed data feeds, and periodic resets;
Are for non-production use only.
5.2 Clients must not:
Process live transactions through sandbox endpoints;
Use production credentials in test environments or vice versa;
Conduct performance testing on production without written consent.
6. Uptime, Support, and Change Management
6.1 XBase will maintain availability of API Services in accordance with any agreed SLA. In absence of a signed SLA, the target availability is 99.9% uptime excluding scheduled maintenance.
6.2 XBase will notify Clients of any breaking changes to API versions with a minimum of 30 days’ notice, except in case of security patches or regulatory mandates.
6.3 Clients may raise support tickets via the developer portal. Urgent issues (e.g., trade blocking) shall be triaged with priority.
7. Data Ownership and Use
7.1 The Client retains ownership of its transactional and operational data accessed through the API.
7.2 XBase retains ownership of:
The structure, schema, and methodology of the API;
Aggregated, anonymized analytics derived from Client usage;
Historical performance and usage metadata.
7.3 Client data retrieved via API must:
Be stored securely and only used for lawful purposes;
Not be shared with third parties except as required for internal use, legal compliance, or by explicit consent;
Be deleted upon termination if not required for regulatory retention.
8. Suspension, Revocation, and Termination
8.1 XBase may suspend or revoke API access:
Upon breach of this Schedule or abuse of service;
To comply with security updates, regulatory demands, or audit findings;
If integration causes disruption to other users or services.
8.2 Upon termination:
All keys and credentials must be destroyed;
The Client must cease all access and delete all cached or stored API data;
Access to the developer portal and related tools will be removed.
9. Governing Law and Dispute Resolution. This Schedule shall be governed by the legal and dispute resolution provisions set forth in Section 11 of Schedule 2.
10. Service Availability and Deployment Conditions. The provision of the Services referenced in this Schedule is subject to XBase’s service deployment timeline and applicable regulatory readiness. Availability may vary based on jurisdiction, licensing and infrastructure readiness.
Schedule 6: Payment Acceptance Services (Checkout & Gateway)
Important Notice:
This Schedule governs Payment Acceptance Services offered by XBase. For general provisions concerning ownership of Client Money and Client Virtual Assets, including when such ownership may be affected by settlement, collateral, or other processes, please refer to Section 9A of the General Terms.
1. Scope and Applicability. This Schedule governs the provision of hosted checkout, e-commerce gateway, and payment acceptance solutions (collectively, the “Checkout Services”) offered by XBase to approved Merchants for the purpose of enabling end-customers to pay for goods and services using Virtual Assets and fiat currencies.
These services are distinct from Point-of-Sale (POS) functionality and are intended for integration with online storefronts, mobile applications, and third-party platforms via hosted payment pages (HPP), embedded widgets, or API endpoints.
2. Checkout Features and Use Cases. The Checkout Services may include:
Branded or white-labeled hosted payment pages with QR codes, asset selector, and invoice tracking;
Embedded UI components or SDKs for accepting crypto payments natively on merchant websites or mobile apps;
Dynamic payment links for one-time or subscription billing;
Real-time price quoting in fiat or crypto based on live exchange rates;
Auto-conversion of received funds into stablecoins or supported fiat currencies, where selected by the Merchant;
Intelligent payment routing and retry fallback mechanisms in case of underpayment, session expiry, or gas fee spikes.
3. Merchant Integration and Configuration
3.1 Merchants may integrate Checkout Services by:
Embedding XBase widget code into their e-commerce frontend;
Redirecting users to hosted checkout sessions via secure URLs;
Using backend APIs to create, cancel, and track invoices and payment attempts;
Customizing look and feel to align with brand guidelines (where permitted).
3.2 XBase will provide API documentation, sandbox access, and merchant-specific configuration keys. Merchants must:
Keep all access credentials secure and confidential;
Use only approved environments (sandbox, staging, production);
Comply with deployment certification checks before go-live.
3.3 XBase reserves the right to:
Suspend or revoke integration for abuse of the sandbox or test-to-live violations;
Implement HMAC signature requirements or IP whitelisting for webhook callbacks;
Monitor integration uptime, latency, and error ratios for quality assurance.
4. Payment Processing and Confirmation
4.1 A payment transaction shall be deemed successful only after:
A supported Virtual Asset or fiat payment is received by XBase or its designated account;
The invoice has not expired or been underpaid;
The underlying blockchain has reached the minimum number of confirmations;
Fraud and sanctions checks have cleared.
4.2 If a payment:
Exceeds the invoice amount, the excess will be refunded per Merchant’s refund policy or retained as credit upon agreement;
Falls short, the invoice will be marked incomplete or failed. The customer may retry with a new invoice or top-up link.
4.3 If an invoice expires before successful receipt:
The customer must initiate a new session;
Any funds received after expiry may be refunded manually and may incur gas or processing fees;
Fallback may be provided to direct address mode for one-time display if retry not supported.
5. Settlement and Conversion
5.1 Funds received through Checkout Services will be settled to the Merchant:
In the original currency (e.g., USDT, ETH) or converted into fiat/stablecoin as agreed;
On a defined schedule (e.g., T+1, weekly) with thresholds and minimum payout amounts applied;
Less any processing, conversion, or dispute resolution fees.
5.2 Exchange rates used for quoting may include spread margins and are not guaranteed outside the confirmation window.
5.3 The Merchant acknowledges that:
XBase does not provide price guarantees beyond the confirmed quote time window;
Market volatility or blockchain congestion may delay conversion or settlement;
Settlement delays caused by regulatory hold, fraud review, or incomplete KYC shall not be attributable to XBase.
6. Refunds and Customer Communication
6.1 XBase may provide tools for:
Initiating refunds in full or in part from the Merchant dashboard;
Tracking refund status and uploading proof of refund completion;
Generating customer-facing messages or emails with refund transaction hash or reference number.
6.2 The Merchant is solely responsible for:
Honoring refund obligations under applicable consumer law;
Communicating refund eligibility, terms, and timelines to customers;
Responding to customer inquiries, complaints, or disputes.
6.3 XBase is not a party to the commercial transaction between the Merchant and its customers and provides no escrow, mediation, or warranty regarding the underlying product or service purchased.
7. Branding, Compliance, and Acceptable Use
7.1 Merchants may use XBase’s checkout components and branding in accordance with platform branding guidelines and only for authorized activities.
7.2 XBase reserves the right to:
Audit Merchant checkout implementations for misuse or misrepresentation;
Suspend access to integration if misleading marketing or unauthorized claims are made (e.g., “FDIC-insured” or “zero-risk” payments);
Require removal of checkout elements where end-user harm, abuse, or confusion may occur.
7.3 The Merchant shall:
Display accurate pricing, product descriptions, refund terms, and jurisdictional disclosures;
Comply with applicable anti-fraud, data privacy, and consumer protection laws;
Cooperate with compliance investigations or content takedown requests.
8. Fees and Billing
8.1 XBase may charge:
Transaction processing fees per completed payment or fixed monthly fee;
Conversion fees where auto-exchange is enabled;
Refund processing fees and gas network reimbursement for manual refund handling.
8.2 Fees will be deducted from settlement or invoiced as specified in the Order Form.
9. Risk Management and Abuse Controls
9.1 XBase continuously monitors merchant usage patterns to detect fraud, misuse, or technical anomalies. 9.2 Checkout services may be suspended if:
Refund rate exceeds risk thresholds;
Complaints or chargebacks exceed platform norms;
Use of unsupported checkout modifications or API calls are detected. 9.3 Merchants must notify XBase of any unauthorized access, suspected compromise, or system misbehavior impacting customer experience or payment flows.
10. Termination and Suspension
10.1 XBase may suspend Checkout Services immediately in the event of:
Breach of this Schedule or applicable law by the Merchant;
Receipt of credible customer fraud reports or payment disputes;
Platform abuse, manipulation, or integration testing against live endpoints.
10.2 Upon termination:
All pending invoices shall expire automatically;
Remaining funds shall be settled after final reconciliation;
Merchant shall remove all XBase checkout integrations from its sites/apps.
11. Governing Law and Dispute Resolution This Schedule shall be governed by the legal and dispute resolution provisions of Section 11 of Schedule 2.
12. Service Availability and Deployment Conditions. The provision of the Services referenced in this Schedule is subject to XBase’s service deployment timeline and applicable regulatory readiness. Availability may vary based on jurisdiction, licensing and infrastructure readiness.
Schedule 7: FX and Treasury Services
Important Notice:
This Schedule governs FX and Treasure Services offered by XBase. For general provisions concerning ownership of Client Money and Client Virtual Assets, including when such ownership may be affected by settlement, collateral, or other processes, please refer to Section 9A of the General Terms.
1. Scope and Applicability. This Schedule governs the provision of foreign exchange (FX) and treasury management services by XBase to institutional and corporate Clients (the “FX Services”). These services are designed to support cross-currency transactions, liquidity optimization, balance rebalancing, and settlement preparation across fiat and Virtual Asset denominations.
Services under this Schedule may include:
Spot and same-day FX conversions between supported fiat currencies (e.g., USD, EUR, GBP);
Cross-pair Virtual Asset conversions or routing through stablecoins (e.g., BTC to ETH via USDT);
Treasury operations such as rebalancing, consolidated settlements, or margin transfers;
Strategic balance allocation and liquidity planning tools.
2. Execution and Settlement Process
2.1 FX Services may be executed:
On a request-for-quote (RFQ) basis via the Client portal, API, or secure messaging;
Through scheduled conversion plans or threshold-triggered automation (e.g., rebalancing when exposure exceeds 10% deviation);
By Client instruction to XBase’s treasury desk.
2.2 Upon confirmation:
Fiat-to-fiat transactions will be processed using XBase’s banking partners or payment rails (SEPA, SWIFT);
Fiat-to-crypto or crypto-to-crypto transactions will settle via the relevant wallet infrastructure with expected confirmation times and applicable network fees.
2.3 All conversions are subject to pre-funding or adequate collateral availability unless agreed otherwise in writing.
3. Pricing, Spreads, and Market Sources
3.1 FX pricing is derived from:
Aggregated institutional liquidity providers (LPs);
Stablecoin market rates from regulated OTC desks or centralized exchanges;
Real-time market depth, volatility measures, and internal risk thresholds.
3.2 Pricing may include:
Transparent spreads disclosed in the Order Form or online quote;
Tiered markup based on volume tiers or currency risk profile;
Minimum trade sizes or notional limits for illiquid or exotic pairs.
3.3 The Client acknowledges:
Quotes are time-sensitive and may be canceled or re-issued if not confirmed within the validity window;
Off-market executions will not be honored unless explicitly approved and captured with supporting documentation;
Conversions executed on weekends or during market outages may incur additional spread.
4. Treasury and Liquidity Management Tools
4.1 Clients may utilize:
Balance sweeping tools to consolidate assets to a treasury wallet;
Auto-conversion settings to convert inbound payments into a target denomination;
Internal transfer requests for moving liquidity across accounts, affiliates, or sub-wallets.
4.2 XBase may offer visibility tools including:
Liquidity dashboards with real-time balances across fiat/crypto holdings;
Forecasting analytics to assist with anticipated settlement needs;
Notifications on market risk, reserve thresholds, or volatility triggers.
5. Risk Disclosures and Limitations
5.1 Treasury and FX Services are non-advisory. XBase does not:
Guarantee market rate availability, future price performance, or liquidity continuity;
Act as a fiduciary or investment advisor;
Provide hedging advice, derivatives structuring, or interest-bearing accounts.
5.2 FX Services are not available in all jurisdictions and may be restricted for Clients subject to certain regulatory or banking limitations.
5.3 The Client remains responsible for ensuring:
Use of Services does not violate applicable exchange control laws or remittance restrictions;
Its treasury and FX activity is appropriately reflected in its tax and accounting records;
Notifications are sent to XBase promptly upon detecting reconciliation errors or operational anomalies.
6. Settlement Risk and Delay Handling
6.1 XBase is not responsible for delays caused by:
Bank cut-offs, correspondent bank freezes, or holiday closures;
Blockchain congestion or smart contract issues;
Sanctions hits or documentation-based rejections from compliance screens.
6.2 In such cases, both Parties will act in good faith to:
Determine the appropriate remedy or alternative settlement route;
Cooperate with third-party providers to obtain necessary resolution;
Hold converted funds until final delivery becomes possible.
7. Fees and Invoicing
7.1 FX Services may be priced:
Per transaction with embedded spread markup;
Monthly based on service usage and notional volume tiers;
By standalone invoice issued for treasury event handling, manual processing, or liquidity priority access.
7.2 XBase reserves the right to:
1
2
3
8. Governing Law and Dispute Resolution. This Schedule shall be governed by and subject to the same dispute resolution procedures defined in Section 11 of Schedule 2.
9. Service Availability and Deployment Conditions. The provision of the Services referenced in this Schedule is subject to XBase’s service deployment timeline and applicable regulatory readiness. Availability may vary based on jurisdiction, licensing and infrastructure readiness.
Schedule 8: Embedded Finance and White Label Solutions
Important Notice:
This Schedule governs Embedded Finance and White Label Solutions offered by XBase. For general provisions concerning ownership of Client Money and Client Virtual Assets, including when such ownership may be affected by settlement, collateral, or other processes, please refer to Section 9A of the General Terms.
1. Scope and Applicability. This Schedule governs the provision of embedded finance and white label services (the “White Label Services”) by XBase to approved partners, distributors, or resellers (the “Partner”). These Services enable the Partner to offer branded financial products and infrastructure to end-customers using XBase’s technology stack, backend systems, APIs, and regulatory or banking rails, where applicable.
This Schedule applies where the Partner integrates any of XBase’s functional modules, user experiences, or transactional endpoints under its own branding or in a hybrid co-branded environment. Such integrations may span web applications, mobile apps, enterprise platforms, or embedded commerce use cases.
Services under this arrangement may include, but are not limited to:
Hosted or embedded checkout/payment flows, QR-based invoicing, and settlement modules white-labeled for the Partner;
Wallet issuance (custodial or non-custodial), address generation, and asset transfers wrapped under Partner controls;
FX, on/off ramp, OTC liquidity access, and swap routing made available within Partner workflows;
Web dashboards, API-based reporting, business analytics, and operational back-office modules built under Partner themes;
Use of third-party infrastructure or regulated service providers coordinated by XBase and exposed through the Partner experience.
These Services are tailored for scale, allowing the Partner to deploy its own client base while maintaining full operational visibility and ensuring that the final product remains compliant with legal, technical, and risk oversight protocols.
2. Partnership and Use Cases
2.1 The White Label Services are available only to approved Partners who:
Have completed the XBase partner onboarding process;
Have executed a Reseller or Distribution Agreement or equivalent Order Form;
Have provided a clear use case, supported by technical and compliance capacity.
2.2 Example use cases include:
Financial apps integrating crypto wallets and payment rails;
Marketplaces offering crypto-native checkout flows;
Fintech companies embedding FX or treasury tools in customer accounts;
Business platforms enabling white-labeled trading for sub-users.
3. Responsibilities and Restrictions
3.1 The Partner is solely responsible for:
End-user onboarding, including KYC/KYB if operating in a regulated context;
Customer support, dispute resolution, and refund handling for its branded interface;
Ensuring compliance with all applicable legal, tax, and data protection laws in its jurisdiction.
3.2 The Partner shall not:
Market itself as XBase, or misrepresent its regulatory status;
Use XBase infrastructure for unauthorized, fraudulent, or illegal activities;
Allow third-party resale or sublicensing of the Services without written approval.
4. Branding, UI, and IP Licensing
4.1 XBase grants the Partner a non-exclusive, revocable license to:
Integrate XBase platform components into its user-facing frontend;
Brand such components using Partner’s trademarks, provided the source and disclaimers remain clear to end-users;
Access administrative dashboards and embed reporting widgets in external environments.
4.2 The Partner must not:
Remove or obscure legal disclaimers, attribution tags, or compliance labels embedded by XBase;
Copy, clone, or otherwise reverse engineer XBase’s platform or UI components;
Register domains, social media handles, or digital assets in the name of XBase or derivatives thereof.
5. Commercial Terms and Revenue Sharing
5.1 Commercial terms including fee splits, service tiers, onboarding costs, and revenue share percentages shall be set out in the Partner’s Order Form or Reseller Agreement.
5.2 XBase may:
Adjust wholesale pricing upon thirty (30) days’ written notice;
Require a minimum monthly transaction or fee commitment;
Withhold Partner payouts if material disputes, fraud, or reconciliation failures occur.
5.3 The Partner shall:
Accurately report activity, sub-user metrics, and fraud incidents;
Reconcile monthly statements and notify XBase of any discrepancies within ten (10) business days;
Maintain records of end-customer agreements and provide summaries upon request.
6. Platform Access, Audit, and Security
6.1 XBase may provide administrative portal access to manage sub-accounts, set transaction limits, and generate reports.
6.2 XBase may:
Audit Partner integrations periodically for brand, technical, and legal compliance;
Require API key rotation, IP updates, or rollback of unauthorized UI changes;
Monitor end-user behavior for abuse, velocity spikes, or AML/CTF anomalies.
6.3 The Partner must:
Use multi-factor authentication, secure hosting, and best practices for application security;
Notify XBase immediately in case of breach or compromise;
Cooperate with forensic reviews and provide logs when requested.
7. Termination and Transition
7.1 Either Party may terminate this Schedule with sixty (60) days’ notice, or immediately upon:
Regulatory enforcement action or platform-level risk escalation;
Breach of material provisions, including IP use, sub-resale, or KYC failures;
Insolvency, fraud, or reputational damage impacting either Party.
7.2 Upon termination:
The Partner shall remove all XBase-powered interfaces, UIs, and references;
End-user accounts may be transferred, closed, or migrated as directed by XBase;
XBase may provide transition support on a fee basis, if mutually agreed.
8. Governing Law and Dispute Resolution. This Schedule shall be governed by the legal and dispute resolution procedures set out in Section 11 of Schedule 2.
9. Service Availability and Deployment Conditions. The provision of the Services referenced in this Schedule is subject to XBase’s service deployment timeline and applicable regulatory readiness. Availability may vary based on jurisdiction, licensing and infrastructure readiness.
Part C – Annexes
Annex A – Fee Schedule
This Annex sets out the applicable fees, charges, and cost components for the Services provided by XBase. This Fee Schedule forms an integral part of the Unified Terms and Conditions and applies to all Clients unless superseded by a Service Order or bespoke commercial agreement.
1. General Principles
1.1 All fees are exclusive of applicable taxes (VAT, GST, sales tax, etc.) unless expressly stated otherwise.
1.2 Fees may be charged in fiat or digital currency, depending on the Service and Client configuration.
1.3 Fees may be updated by XBase upon thirty (30) days’ prior notice unless otherwise specified.
1.4 If fees are invoiced, payment is due within seven (7) calendar days. XBase reserves the right to suspend services for overdue invoices.
2. Banking and Payment Services (Schedule 1)
Account setup fee: GBP - 1000 (one-time, per legal entity)
Inbound SEPA/SWIFT transfer: GBP - 0.1% - 2.0% per transaction (dependent on volume)
Outbound SEPA transfer: EUR 2
Outbound SWIFT transfer: USD 26
Third party inbound/outbound transaction: 0.5%
Reconciliation API: Included
Manual intervention / payment trace: EUR 75 per incident
3. OTC Trading Services (Schedule 2)
Spread-based pricing: Dynamic; displayed on RFQ
Minimum trade size: USD 25,000 or equivalent
Settlement fee (manual/escrowed): 0.05% of notional trade amount
Trade amendment or cancellation: EUR 100 per trade (if permitted)
Post-trade reconciliation report: Free
4. Custody and Wallet Services (Schedule 3)
Safekeeping fee:
⚬ 1.2% per annum (hot wallet)
⚬ 2.4% per annum (cold wallet)Withdrawal fee: Subject to network gas + EUR 5 handling fee
Wallet creation (segregated): EUR 200 per wallet (one-time)
Custom audit snapshot: EUR 150 per request
5. POS Services (Schedule 4)
POS terminal (hardware): GBP 300 deposit per device
POS software license: GBP 100/month per terminal
Processing fee:
⚬ 1.5% of transaction value (VA)
⚬ 3.5% of transaction value (fiat)Settlement (T+1 or weekly): Included
6. API and Data Access (Schedule 5)
API access fee: Included in platform subscription
Webhook alerts: Included
Sandbox access: Free
7. Checkout and Gateway Services (Schedule 6)
Hosted checkout integration: Free
Transaction processing fee:
⚬ 3.5% of gross amount (crypto)
⚬ 3.5% (with auto-conversion to fiat)Currency conversion (auto-exchange): FX spread + 0.5% service fee
Refund handling: EUR 15 per refund + gas/network cost
Custom branded HPP: EUR 250/month
8. FX and Treasury Services (Schedule 7)
Spot conversion fee: Spread-based (0.10% – 0.50% typical)
Treasury dashboard access: Included
9. Embedded Finance / White Label Services (Schedule 8)
Setup fee: GBP 15,000 (one-time)
Monthly platform fee: GBP 10,000/month
Revenue share: Defined in Reseller Agreement
Custom branded UI/API wrappers: GBP 1,000/month
Annex B – FX Margin Policy
This Annex outlines the margining methodology and pricing mechanics applied by XBase when offering foreign exchange (FX) and conversion-related Services to Clients. It applies to all transactions involving fiat-to-fiat, fiat-to-VA, or VA-to-VA conversions executed by XBase on behalf of a Client. These policies aim to promote transparency, fairness, and competitive pricing in the delivery of FX-related Services and are designed to accommodate both automated and manually managed treasury operations.
1. Margin Structure
1.1 FX pricing is provided on a spread basis, representing the difference between the mid-market reference rate (derived from institutional market data feeds) and the rate quoted to the Client at the time of execution.
1.2 Margins are influenced by:
Currency pair volatility and liquidity
Trade size and notional value
Market depth and available liquidity provider quotes
Regulatory restrictions or settlement complexity
Client relationship tier and negotiated commercial terms
Time of execution (e.g., weekends, public holidays)
Order flow characteristics and historical usage trends
1.3 FX margins are applied symmetrically on both sides of the quote unless otherwise disclosed. In certain cases, one-sided adjustments may be applied to manage liquidity imbalance or counterparty exposure.
1.4 XBase may periodically adjust the pricing model based on macroeconomic factors, institutional liquidity shifts, or global monetary policy announcements.
2. Tiered Spread Ranges
XBase applies indicative spread ranges based on transaction size and currency type. These ranges are indicative only and subject to modification depending on prevailing market conditions:
Notional Size (USD or equivalent)
Major Pairs (e.g., G7)
Minor/Exotic Pairs
Up to 50,000
0.15% – 0.20%
1.00% – 1.50%
50,001 – 250,000
0.13% – 0.18%
0.80% – 0.90%
250,001 – 1,000,000
0.11% – 0.16%
0.50% – 0.75%
Over 1,000,000
Custom (as low as 0.10%)
Negotiated
Note: For stablecoin pairs or high-liquidity digital assets (e.g., USDT/USDC), spreads may be as low as 0.50% depending on volume, latency sensitivity, and risk posture.
3. Execution Channels
3.1 FX transactions may be executed via:
Request-for-quote (RFQ) workflows initiated through the XBase platform
Auto-execution via client-configured platform settings (e.g., auto-conversion of settlements)
Manual execution by XBase’s treasury desk based on written or API-integrated Client instructions
3.2 Where Client approval is required, the FX quote will include:
Currency pair and side of trade (buy/sell)
Quoted rate and spread applied
Expiration timestamp or validity window (usually 15–60 seconds)
Notional amount and target currency
Settlement method (e.g., T+0, T+1) and custody destination
3.3 Execution timestamps and quote IDs will be logged for audit trail integrity and post-trade review.
4. Transparency and Reporting
4.1 Clients can view and download:
Quoted rate vs. mid-market reference rate comparison
Applied spread margin per transaction
Historical FX usage reports (per asset pair, timeframe, or volume)
On-demand or scheduled transaction audit logs for internal reconciliation
4.2 Monthly summary reports include:
Total converted volume by asset and fiat currency
Average margin applied per pair and tier band
Variance analysis, if applicable
Any rebates, negotiated tiering benefits, or exceptions granted
5. Margin Adjustments
XBase reserves the right to adjust spreads dynamically or permanently:
During periods of extreme market volatility or slippage risk
If liquidity conditions worsen for specific asset pairs
In response to emerging regulatory constraints or settlement bottlenecks
When servicing Clients located in high-risk or low-transparency jurisdictions
Based on the Client’s overall risk score, counterparty exposure, or payment behavior
Clients may negotiate bespoke spreads or pricing logic through an executed commercial agreement or Reseller Agreement. Such bespoke terms shall override this Annex where expressly stated and documented.
Annex C – Privacy Notice
This Annex sets out the privacy practices and data handling principles adopted by XBase in connection with the provision of Services. It forms part of the Unified Terms and Conditions and applies to all Clients and their authorized users interacting with the XBase Platform, visiting XBase-controlled websites, using its mobile applications, or submitting personal data through any communication channel.
1. Scope and Application
1.1 This Privacy Notice applies to all Personal Data processed by XBase in its role as a data controller or data processor (as defined under applicable data protection laws), including but not limited to:
Client representatives and authorized signatories
End-customers of Merchants or White Label Partners (if applicable)
Prospective Clients during onboarding and KYC/KYB verification
Platform users with registered login credentials
Users engaging with our marketing communications, sales teams, or partner platforms
1.2 This Annex supplements jurisdiction-specific data rights where applicable and should be interpreted in accordance with applicable privacy laws such as the GDPR, UAE Data Protection Law, or UK Data Protection Act.
2. Types of Data Collected
2.1 XBase may collect and process the following categories of data:
Identity data: name, date of birth, national ID/passport number, tax ID, nationality
Contact data: email address, phone number, billing address, social media handle (if provided)
KYC/KYB documentation: incorporation certificates, ownership structures, control person details, utility bills, proof of source of funds
Technical data: IP address, browser type and version, time zone setting, language, device identifiers, cookies and session analytics
Transaction data: wallet addresses, transaction IDs, trade amounts, balances, timestamps, fee rates applied
Usage data: activity logs, login history, feature interaction, error diagnostics, and security incidents
3. Legal Basis for Processing
XBase relies on the following lawful bases to process Personal Data:
Performance of a contract: to fulfill obligations under the Terms and provide the Services
Compliance with legal obligations: including anti-money laundering, tax, and financial services regulations, as well as regulatory reporting obligations
Legitimate interests: such as maintaining platform integrity, optimizing user experience, fraud prevention, or analyzing product usage for improvement
Consent: where explicitly required for optional features, marketing communications, or third-party service integrations
3.2 Where required, XBase will document the Client’s consent and provide mechanisms to withdraw consent without prejudice to lawful processing before withdrawal.
4. Data Sharing and Transfers
4.1 XBase may share Personal Data with:
Regulated Banking Partners and EMIs for settlement and account provisioning
Identity verification and sanctions screening vendors
Hosting and infrastructure providers (e.g., AWS, Azure)
Legal, tax, or compliance advisors
Regulatory or law enforcement authorities, courts, or dispute resolution providers (where legally required)
Affiliates within the XBase Group, subject to confidentiality obligations and appropriate data safeguards
4.2 Cross-border transfers of Personal Data may occur, subject to appropriate safeguards such as:
Standard contractual clauses (SCCs) approved by the European Commission
Adequacy decisions issued by relevant authorities
Binding corporate rules and industry-standard encryption controls
5. Data Retention
XBase retains Personal Data only as long as necessary for the purposes outlined in this Annex or as required by law. Retention periods are determined based on:
Statutory and contractual obligations
Regulatory retention rules (e.g., 5–10 years for KYC, financial records, or trade history)
The nature and duration of the Client relationship
Client-initiated requests for deletion or portability (where applicable and permissible)
6. Data Security
XBase implements industry-standard technical and organizational measures to protect Personal Data, including:
End-to-end encryption of sensitive data in transit and at rest
Role-based access controls (RBAC) and least privilege enforcement
Firewalls, anomaly detection systems, and endpoint monitoring
Two-factor authentication and biometric access controls for internal systems
Regular code reviews, penetration testing, vulnerability scans, and third-party audits
7. Data Subject Rights
Subject to applicable law, individuals may exercise the following rights:
Right to access and request a copy of Personal Data held by XBase
Right to rectification of inaccurate or incomplete data
Right to erasure (“right to be forgotten”) where legally permissible and subject to retention requirements
Right to restrict processing in specific circumstances
Right to object to processing based on legitimate interest, including profiling
Right to data portability in a commonly used, machine-readable format
Right to withdraw consent at any time (where consent was the lawful basis)
Right to lodge a complaint with a data protection authority
XBase will endeavor to respond to rights requests within one calendar month, subject to verification of identity and applicable exceptions.
8. Contact
Clients or data subjects may contact XBase for privacy inquiries, data access requests, or complaints at:
Email: privacy@xbase.digital
Postal: XBase Data Protection Officer, DD-14-122-023, 14th Floor, Al Khatem Tower, Wework Hub 71, Adgm Square, Al Maryah Island, Abu Dhabi, United Arab Emirates
Annex D – Complaints Handling Framework
This Annex provides a centralized reference to XBase’s jurisdiction-sensitive complaints handling model. It serves as a comprehensive procedural compass for ensuring that clients and stakeholders understand the standards, methods, and expectations associated with grievance submission, processing, escalation, and closure across all markets in which XBase operates.
By clearly articulating the jurisdictional nuance and organizational processes embedded in XBase’s approach, this framework ensures procedural fairness, regulatory alignment, and responsiveness across the client lifecycle—from prospective onboarding to post-service review. It is intended not only as a functional tool for complaint resolution but also as a commitment to institutional accountability, user protection, and continuous service improvement.
The framework outlined herein reflects XBase’s commitment to transparency, responsiveness, and compliance with applicable consumer protection standards and dispute resolution mechanisms. It functions in conjunction with Annex J, which contains jurisdiction-specific complaint-handling requirements and escalation pathways. Together, these annexes ensure comprehensive and adaptive grievance redressal standards.
This framework applies to all complaints received from Clients, platform users, prospective clients, and end-consumers using XBase Services directly or indirectly through partner integrations. Complaints may arise at any stage of the client relationship and may pertain to service delivery, communication, regulatory interpretation, data management, or platform functionality.
1. Jurisdictional Routing
XBase’s approach to complaint management is governed by the Client’s regulatory context, primary jurisdiction of registration, operational footprint, or the legal entity through which services are contracted. Complaint-handling timelines, escalation rights, and competent oversight bodies may differ based on these factors.
Clients are required to consult Annex J – Jurisdiction-Specific Terms, which forms an integral part of this Agreement, to determine:
The correct timeline for complaint submission and resolution,
Whether their jurisdiction provides statutory rights to escalate complaints (e.g., to the Financial Ombudsman Service, FCIS, or OBSI),
Which governing law and forum apply in case of unresolved disputes.
Where applicable, Annex J may also define the procedural form, language requirements, or documentation standards required for valid complaint intake. Clients operating across multiple jurisdictions may be subject to concurrent or tiered complaint processes under different regulatory regimes.
2. UAE-Regulated Services
For services provided through entities regulated in the United Arab Emirates, such as XBase Virtual Assets Broker & Dealer Services LLC, complaints are handled in accordance with the Complaints Handling Policy v1.0 (March 2025). This internal policy aligns with the regulatory mandates of the Virtual Assets Regulatory Authority (VARA), the UAE Central Bank’s AML framework, and the UAE Personal Data Protection Law (PDPL).
Key procedural elements include:
Formal acknowledgment of the complaint within 7 calendar days,
Resolution within a maximum of 8 weeks, with status updates provided after 4 weeks if delays arise,
Oversight by an independent Compliance Officer,
Retention of complaint records for no less than 8 years.
Clients with services governed by UAE law or licensed UAE entities may contact the designated address below:
Email: complaints@xbase.digital
3. Global Minimum Standards
Unless superseded by stricter local regulation or mandated supervisory frameworks, the following general standards apply to XBase Clients:
Complaints may be submitted in writing via email or postal mail,
Complaints will be acknowledged within 7 calendar days of receipt,
XBase strives to resolve all complaints within 30 calendar days, subject to complexity and availability of supporting documentation,
Additional correspondence may be required if a complaint is incomplete, and deadlines may be paused until clarification is received.
Additional submission channels (e.g., client portal forms, chat escalations, or postal mail) may be used depending on the Client's jurisdiction or onboarding profile, as described in Annex J.
These standards represent XBase’s baseline for accessibility, responsiveness, and fairness in complaint resolution worldwide. These provisions aim to accommodate a diverse client base, facilitate issue resolution efficiently, and allow for early identification of systemic issues that may warrant broader organizational response.
4. Escalation and Regulatory Access
In cases where a complaint cannot be resolved internally or within applicable timeframes, the Client may pursue escalation via:
Regulatory ombudsmen or mediation services (e.g., OBSI in Canada, FOS in the UK),
The competent supervisory authority referenced in Annex J for the relevant jurisdiction,
Contractually agreed arbitration or dispute resolution mechanisms.
Outcomes will include a clear statement of findings (e.g., substantiated, partially substantiated, or unfounded) along with any corrective action taken. If dissatisfied, Clients may request an internal review or escalate the matter to the relevant oversight body outlined in Annex J.
To improve transparency, Clients may request written documentation outlining the rationale for XBase’s resolution decision, including evidence considered, legal interpretations applied, and discretionary decisions taken in good faith.
For clarity or jurisdiction-specific guidance, Clients may contact XBase’s Compliance Team or refer to the information provided in Annex J.
5. Recordkeeping and Review
XBase will retain complaint records, supporting documentation, and internal review materials for a minimum of five (5) years, or longer where required under applicable law. The Compliance function will periodically review complaint data for emerging patterns or control enhancement opportunities. Trend analysis, thematic reviews, and quality assurance checks will be conducted at least annually to ensure early detection of recurring issues or service gaps.
Records are stored in a secure environment, with access limited to authorized personnel only. Where complaints involve sensitive personal data, XBase ensures strict adherence to applicable data protection laws and data minimization principles.
Note: This Annex is subject to periodic legal and operational review. Clients are encouraged to refer to Annex J and XBase's published policy updates to ensure their understanding remains current and jurisdictionally accurate.
Annex E – Acceptable Use and Prohibited Activities Policy
This Acceptable Use and Prohibited Activities Policy ("Policy") forms a binding part of the XBase Banking Services Terms and Conditions. It establishes clear rules and expectations regarding the use of XBase's financial infrastructure, platforms, and services. All clients, users, and affiliated entities are expected to comply fully with this Policy throughout the course of their relationship with XBase.
1. General Principles
1.1 XBase’s services are offered exclusively for lawful, transparent, and commercially reasonable purposes. They must be used in accordance with applicable local and international laws, financial regulations, and ethical standards.
1.2 Clients must not use, or allow others to use, any XBase product or service to commit or facilitate fraud, deception, abuse of financial systems, or any other action that violates public trust or market integrity.
1.3 XBase monitors activity on its infrastructure and reserves the right to restrict, suspend, or permanently terminate services if it detects a breach or reasonable suspicion of breach of this Policy, including pre-emptive action to mitigate regulatory, legal, or reputational risk.
1.4 Clients are responsible for ensuring that all individuals with access to their XBase account (e.g., employees, authorized agents, API users) are informed of and adhere to this Policy.
2. Prohibited Industries and Use Cases
2.1 XBase prohibits use of its services in connection with the following industries, business models, or activities:
Unlicensed or unregulated cryptocurrency exchanges, initial coin offerings (ICOs), decentralized finance (DeFi) applications
High-yield investment programs (HYIPs), Ponzi schemes, or multi-level marketing structures designed to defraud investors
Production, marketing, or distribution of pornography, adult services, or sexually explicit material
Online betting, lotteries, or gambling without a valid Tier 1 jurisdiction license (e.g., UKGC, MGA, Isle of Man)
Trade or brokerage of firearms, military-grade equipment, or ammunition
Sale or facilitation of narcotics, synthetic drugs, or other controlled substances
Businesses involved in human trafficking, labor exploitation, or modern slavery
Transactions with countries, entities, or individuals sanctioned by OFAC, the United Nations, EU, or other recognized authorities
Malware development, spyware, ransomware deployment, or platforms used to facilitate cybercrime
Transactions involving conflict minerals, environmental crimes, or illegal wildlife trade
2.2 XBase maintains an internal watchlist of sensitive and prohibited business categories and reserves the right to update this list without notice in response to regulatory, legal, or reputational developments.
2.3 The presence of an otherwise legitimate business in a high-risk industry may still be grounds for rejection or termination if the compliance burden or exposure is deemed excessive.
3. Misuse of Service Infrastructure
3.1 Clients must not misuse the services or infrastructure provided by XBase. Prohibited misuse includes but is not limited to:
Structuring or "smurfing" transactions to avoid regulatory thresholds or reporting obligations
Submitting forged, falsified, or misleading documents during onboarding, audits, or due diligence
Using shell entities, straw persons, or nominee directors to obscure beneficial ownership
Attempting to manipulate XBase’s transaction monitoring, sanction screening, or fraud detection mechanisms
Operating accounts in excess of approved limits without prior authorization
Registering multiple accounts to bypass transaction caps, KYC procedures, or to simulate false volume
Using XBase to conceal the origin or destination of illicit funds, or as a pass-through for unauthorized remittance activity
4. Geographic Restrictions
4.1 XBase does not provide services to clients domiciled in or transacting with the following types of jurisdictions:
Countries or regions under comprehensive international sanctions (e.g., North Korea, Iran, Syria, Crimea, Donetsk, Luhansk)
Jurisdictions listed by the Financial Action Task Force (FATF) as high-risk or non-cooperative
Territories recognized as tax havens or flagged for systemic money laundering risk, unless enhanced due diligence is completed
4.2 Clients must not route funds through third-party intermediaries or correspondent banks that mask involvement with prohibited jurisdictions.
4.3 XBase may also block specific country pairs or currency corridors based on internal risk assessments or compliance updates from our banking partners.
5. Security and Integrity
5.1 Clients are strictly prohibited from any actions that compromise the availability, integrity, or security of XBase's systems. Such actions include:
Attempting to probe, scan, or test the vulnerability of the network or circumvent security features
Introducing viruses, malware, or malicious code into any XBase system
Launching denial-of-service attacks (DoS/DDoS), brute force login attempts, or exploiting platform vulnerabilities
Using automated scripts or bots to interact with the platform in a way that disrupts service for others
Overloading API endpoints or exceeding licensed usage caps without prior agreement
5.2 XBase reserves the right to suspend access, notify clients, and remediate systems in the event of suspected or confirmed security abuse.
6. Reporting Violations
6.1 If a Client becomes aware of any actual or suspected violation of this Policy, they are required to report it without delay to: legal@xbase.digital
6.2 Reports will be treated confidentially. XBase will conduct an internal investigation and may contact the Client for clarification or remediation.
6.3 Reporting in good faith does not subject the reporting party to liability, but false reports made in bad faith may result in penalties.
7. Enforcement and Consequences
7.1 XBase may take any combination of the following actions in response to a Policy breach:
Issue warnings or request corrective action
Temporarily or permanently suspend accounts
Block transactions or freeze balances
Terminate services and cancel contracts with cause
Report to law enforcement or regulatory authorities
Seek indemnification or damages through civil action
7.2 XBase may, in its sole discretion, determine the severity of a breach and the appropriate remediation or penalty.
7.3 Consequences may be extended to affiliated entities, counterparties, or beneficiaries if their conduct contributes to or facilitates the breach.
8. Review and Amendments
8.1 This Policy is subject to periodic review by XBase’s Compliance and Legal departments.
8.2 Clients will be notified of material amendments at least thirty (30) days in advance, unless changes are required by law or imposed by regulatory authorities with immediate effect.
8.3 Continued use of the XBase services after the effective date of an amended Policy constitutes acceptance by the Client.
For any inquiries or clarifications about this Policy, please contact: compliance@xbase.digital
Annex F – Service Level Commitments (SLCs)
This Annex outlines XBase’s Service Level Commitments (SLCs), which establish expected levels of performance, uptime, and support availability for Clients utilizing the Platform and its Services. These commitments aim to ensure consistent availability, operational resilience, and timely response to support requests. While XBase endeavors to meet or exceed the stated service levels, these SLCs do not constitute a contractual SLA unless expressly referenced in an Order Form.
1. Platform Availability
1.1 XBase targets the following minimum uptime guarantees, calculated on a monthly basis:
Service Component
Availability Target
Web Platform (Client Portal)
99.9%
API Gateway
99.5%
Wallet Infrastructure
99.9%
Hosted Checkout Pages
99.9%
1.2 Scheduled maintenance will be excluded from availability calculations, provided that:
At least 24 hours' advance notice is given, and
Maintenance is scheduled during low-traffic windows.
1.3 Emergency maintenance may occur with reduced notice in cases of critical security patches or performance degradations.
2. Incident Response and Resolution
2.1 Incidents are categorized by severity as follows:
Severity Level
Description
Target Initial Response
Target Resolution Time
Critical (P1)
Total outage, transaction blockage, or security breach
15 minutes
4 hours
High (P2)
Degraded performance, partial API disruption
1 hour
1 business day
Medium (P3)
Minor bug, UI issue, non-blocking error
4 hours
3 business days
Low (P4)
General query, documentation clarification
1 business day
5 business days
2.2 Clients may report incidents via:
The Support Portal (preferred method)
Email: support@xbase.digital
Slack or other real-time channels (where available to enterprise clients)
2.3 Response times are measured from the timestamp of acknowledgment by XBase support.
3. Client Support Commitments
3.1 XBase provides multi-channel support during standard business hours (9:00–18:00 local time, Monday–Friday).
3.2 Enterprise Clients with premium support agreements may receive:
24/7 priority incident handling
Dedicated account manager or customer success representative
Custom escalation workflows
3.3 The Support Portal offers:
Ticket submission and status tracking
Access to product documentation and FAQs
Audit trail of all support interactions
4. Data Backup and Disaster Recovery
4.1 XBase maintains redundant data storage systems and conducts:
Real-time backup replication for transaction and wallet data
Daily encrypted offsite backups
Monthly disaster recovery drills and failover testing
4.2 The Recovery Time Objective (RTO) is four (4) hours for core services. The Recovery Point Objective (RPO) is fifteen (15) minutes.
5. Limitations and Force Majeure
5.1 These commitments do not apply to service interruptions caused by:
Force Majeure events (as defined in Section 16)
Internet backbone failures or upstream carrier disruptions
Acts or omissions of the Client or its users
Unauthorized use or security breach resulting from Client-side negligence
6. Service Level Reports
6.1 Clients may request a monthly or quarterly SLC report including:
Uptime statistics by service module
Incident summaries and resolution timeframes
SLA breach analysis and root cause reports (for enterprise clients)
6.2 Repeated deviations from SLCs may entitle eligible Clients to service credits as specified in a signed commercial agreement.
This Annex will be periodically reviewed and may be updated to reflect platform changes, regulatory guidance, or Client requirements.
Annex G – Safeguarding Policy Summary
This Annex provides a high-level overview of the safeguarding arrangements implemented by XBase and its regulated partners to protect Client Money and ensure segregation from operational funds. It is designed to give transparency on how customer funds are treated and safeguarded in compliance with applicable regulatory requirements, including but not limited to the UK Payment Services Regulations 2017 (as amended), the EU Electronic Money Directive (EMD2), and comparable frameworks in other jurisdictions. It also outlines the operational discipline, third-party oversight, and fund recovery protocols associated with safeguarding structures used within the XBase ecosystem.
1. Purpose and Scope
1.1 This Policy applies to all fiat funds received by or held on behalf of Clients for the purpose of executing payment or trading transactions via the XBase Platform, regardless of whether the Client accesses Services directly, through embedded finance models, or via API-integrated front ends. Exceptions apply only where local laws provide a lawful exemption or where a Client’s use case is explicitly carved out under the Terms.
1.2 For the purposes of this Policy, "Client Money" refers to fiat funds held for the benefit of Clients and their end-users, distinct from XBase’s own operational or treasury balances. This definition does not extend to digital assets unless explicitly stated under a local regulatory obligation.
1.3 All Client Money and Client Virtual Assets held, safeguarded, or processes by XBase remain the sole property of the Client at all times, unless ownership transfer or restrictions apply in accordance with the terms of this Agreement (see Section 9a of the General Terms). XBase operates safeguarding arrangements consistent with applicable laws and regulatory guidance to ensure the protection and separation of Client assets.
2. Safeguarding Structure
2.1 XBase does not itself hold Client Money under a banking or EMI license. Instead, safeguarding is implemented through institutional-grade infrastructure maintained by licensed third-party partners:
Electronic Money Institutions (EMIs): Institutions authorized under applicable electronic money laws
Payment Institutions (PIs) and account issuers
Licensed custodians, settlement agents, and correspondent banks with oversight from competent financial authorities
2.2 Client Money is safeguarded using one or more of the following legally recognized mechanisms:
Segregated Client Accounts: Protected, ring-fenced bank accounts maintained solely for the purpose of safeguarding third-party funds
Insurance or Guarantee Mechanisms: Third-party sureties, bank guarantees, or fidelity bond arrangements in jurisdictions where applicable
2.3 These institutions are subject to recurring financial, operational, and compliance audits. Partner obligations include adherence to strict capital adequacy thresholds, daily reconciliation processes, and full transparency with supervisory bodies.
3. Operational Handling of Client Money
3.1 Upon receipt of eligible funds, XBase or its regulated partners will:
Deposit the funds into an appropriate safeguarding account on the same business day
Or, where legally permitted, no later than the following business day
3.2 Internally, XBase maintains ledger-level tracking of each Client’s entitlements, supported by:
Per-client sub-ledger allocation even in omnibus structures
Daily automated reconciliation of balances
Dual-control procedures for release of funds
3.3 Client Money:
Is not used for proprietary trading, hedging, or margin provision
Cannot be pledged, hypothecated, or otherwise encumbered by XBase
May not accrue interest unless explicitly structured through a separate yield-bearing agreement
4. Access and Withdrawal
4.1 Withdrawals from safeguarded accounts are limited to the following lawful purposes:
Execution of Client-authorized transactions (e.g., payment, FX conversion)
Return of funds to the remitter or designated beneficiary
Compliance with binding legal or regulatory instructions from competent authorities
4.2 Administrative or transactional deductions may be applied solely in accordance with:
The Fee Schedule (Annex A)
Executed Order Forms
Statutory deductions for compliance reporting, if applicable
5. Insolvency and Resolution Planning
5.1 Client Money held in safeguarding accounts does not form part of XBase’s corporate estate and shall not be available for distribution to creditors in the event of liquidation or bankruptcy.
5.2 Regulated partners providing safeguarding services are contractually obligated to:
Maintain updated wind-down and Client return procedures
Cooperate with appointed insolvency administrators or receivers
Facilitate timely access to Client Money, with minimal disruption
6. Disclosure and Reporting
6.1 Clients are entitled to request:
Confirmation of the safeguarding institution(s) involved in holding their funds
Periodic assurance letters confirming that funds are held in accordance with regulatory expectations
Redacted third-party audit summaries or partner attestations
6.2 XBase monitors safeguarding partners through:
Periodic site visits and operational reviews
Legal counsel oversight of account structures
External audit firms conducting safeguarding audits under ISAE or equivalent standards
Annex H – Regulatory Risk Statement
This Annex furnishes Clients with a nuanced and comprehensive exposition of the regulatory risks intrinsic to the utilization of XBase’s Services, particularly those intersecting with Virtual Assets, cross-border financial infrastructure, embedded financial frameworks, and branded white-label deployments. It is conceived as an instrument for enhancing regulatory literacy, fortifying legal risk posture, and advancing strategic compliance foresight. The document articulates potential jurisdictional divergences, extraterritorial enforcement exposures, interpretive volatility across supervisory regimes, and structural limitations that may constrain or condition the operability and continuity of certain Services. Clients are advised to treat this Annex as a substantive reference for regulatory risk assessment, governance alignment, and cross-border compliance calibration. This Annex constitutes a binding component of the Unified Terms and Conditions.
1. No Regulatory Advice or Endorsement
1.1 XBase does not function as a law firm, regulatory consultancy, or fiduciary entity and expressly disclaims any provision of legal, tax, financial, or investment advice. Communications, operational templates, onboarding protocols, or compliance references furnished by XBase are informational and should not be construed as substitutes for formal legal counsel. Clients are strongly encouraged to consult licensed advisors in the relevant jurisdictions prior to relying on or operationalizing such material.
1.2 The engagement of Services by XBase shall not be interpreted as regulatory endorsement, de facto authorization, or implicit approval of the Client’s business architecture, asset issuance frameworks, transactional designs, or user-facing deployments. XBase makes no representations regarding the legality or regulatory standing of any Client’s activities.
2. Licensing and Jurisdictional Limitations
2.1 XBase employs a federated model of service delivery through a combination of in-house capabilities and licensed affiliates or partners. Services may be rendered directly by XBase or by one of its partners operating under applicable Electronic Money Institution (EMI), Payment Institution (PI), Digital Asset Service Provider (DASP), or Virtual Asset Service Provider (VASP) licenses. This distribution model is adaptive to evolving jurisdictional demands but does not imply universal availability or licensure.
2.2 Regulatory availability of Services is contingent upon ongoing analysis of local legal regimes, supervisory interpretations, and operational risk tolerances. XBase retains sole discretion to modify, restrict, or discontinue Services in response to sanctions developments, financial conduct inquiries, partner constraints, or other jurisdiction-specific prohibitions.
2.3 It is the Client’s exclusive responsibility to determine whether its use of XBase Services is compliant with the legal, regulatory, and licensing regimes applicable to its incorporation, operational geographies, or user base. XBase shall not be relied upon to deliver cross-border regulatory clearance or licensing strategy.
3. Evolving Legal and Regulatory Environment
3.1 The digital finance and virtual asset landscape is characterized by regulatory flux and jurisdictional heterogeneity. Legislative and supervisory positions are rapidly evolving with respect to the legal status, tax treatment, and permissible use cases of tokens, digital currencies, and associated financial infrastructures.
3.2 Uncertainties in statutory interpretation and legislative transition periods may impact:
The definitional classification of Client activities as payment services, financial instruments, custody, or e-money
Obligations related to prudential safeguards, liquidity thresholds, or capital buffers
Disclosure, reporting, and audit compliance burdens
Recognition of client assets for insolvency or consumer protection regimes
3.3 XBase may be obligated, in response to these developments, to:
Reconfigure platform functionality, access rights, or jurisdictional routing
Implement Client re-verification and suitability reviews
Impose transactional or geographic constraints
Comply with regulatory injunctions, cease-and-desist directives, or operational moratoria
4. Regulatory Disclosures and Cooperation
4.1 XBase is subject to mandatory regulatory disclosures, including the transmission of Client, transaction, and counterpart data to supervisory authorities, tax compliance bodies, and law enforcement agencies in accordance with legal or intergovernmental information-sharing protocols.
4.2 Clients may be required to undergo enhanced due diligence, reporting, or operational segmentation if their activities intersect with highly regulated domains such as:
Token issuance platforms, stablecoin governance, or algorithmic monetization models
Retail distribution to non-qualified investors or end-users
Use cases involving securities, derivatives, or interest-bearing instruments
5. Risks of Regulatory Enforcement or Disruption
5.1 Clients acknowledge and assume the inherent possibility that:
Services or feature sets may be reclassified, suspended, or rendered non-compliant
Payment infrastructure or financial intermediation partners may sever access with limited notice
Retroactive legislative or interpretive shifts may trigger liability for previously lawful conduct
XBase may be required to take immediate preemptive or reactive measures without advance Client notice
5.2 While XBase endeavors to provide commercially reasonable notice of material changes, such notice may be infeasible in exigent circumstances or where legally restricted.
6. Client Acknowledgment and Indemnity
6.1 By accessing or engaging with the Services, the Client certifies that it has read, understood, and internalized the material risks outlined in this Annex and accepts responsibility for its own regulatory posture, licensing status, and transactional legality across all jurisdictions of operation.
6.2 The Client agrees to fully indemnify, defend, and hold harmless XBase, its affiliates, officers, directors, and service partners against any liabilities, fines, enforcement actions, penalties, or losses incurred as a result of the Client’s breach of applicable law, regulatory misstatement, or unauthorized activity.
Annex I – Client Communication and Support Matrix
This Annex outlines the standard modes of communication, support availability, escalation tiers, and response expectations applicable to Clients engaging with XBase Services. The matrix is designed to ensure clarity, predictability, and operational responsiveness across varying levels of service complexity and contractual engagement. It forms an integral part of the Unified Terms and Conditions.
1. Channels of Communication
1.1 XBase provides support and communication via the following primary channels:
Channel
Description
Availability
Support Portal
Ticket submission, status tracking, FAQs
24/7
Email Support
General inquiries, incident escalation
Live Chat (Tiered)
Instant messaging during business hours
09:00–18:00 local time
Dedicated Slack (Tier 1+)
Real-time support for enterprise clients
Contractual (24/7 optional)
Scheduled Calls
Client success, onboarding, or complex resolution meetings
By appointment
2. Support Tiers
2.1 Clients are classified into support tiers based on their contractual framework and product usage:
Tier
Description
Access Features
Standard
Default for all Clients
Email + Portal Support; 48h ticket turnaround
Tier 1
Advanced SaaS/API Clients
Slack Channel; Dedicated CSM; 24h target resolution
Tier 2
Enterprise/Regulated Institutional Users
Escalation protocols; SLC dashboard; 24/7 emergency response
3. Response and Resolution Targets
3.1 Response timeframes vary by severity classification:
Severity
Example
First Response Time
Resolution Target
Critical
Platform outage, transaction blocking
15 minutes (Tier 1+)
4 hours
High
API down, security alert
1 hour
1 business day
Medium
UI bug, configuration query
4 hours
2–3 business days
Low
General inquiry, documentation
1 business day
5 business days
4. Account Management and Escalation
4.1 For Tier 1 and Tier 2 Clients, XBase assigns a named point of contact for ongoing support and relationship management.
4.2 Clients may escalate concerns through the following pathway:
First Line: Support Portal Ticket or Chat Agent
Second Line: CSM or Account Manager
Third Line: Head of Support / Incident Response Lead
Final Line: Executive Sponsor (Enterprise Tier Only)
5. Scheduled Maintenance and Change Notifications
5.1 XBase will endeavor to provide:
Minimum 24 hours' notice for scheduled platform maintenance
Change logs or update summaries following product releases
Critical communications regarding deprecations or feature sunset timelines
5.2 Notifications may be sent via email, Portal announcements, or direct Slack updates (where applicable).
6. Communication Recordkeeping
6.1 All support tickets, incident reports, and escalation threads are logged and retained for a minimum of three (3) years for quality assurance, compliance review, and operational benchmarking.
This Annex may be supplemented by additional terms in the Order Form, especially for Clients with enhanced support packages or premium availability obligations.
Annex J – Jurisdiction - Specific Terms
This Annex outlines terms that apply to the use of XBase Services based on the Client’s jurisdiction of incorporation, regulatory nexus, or primary operational footprint. These jurisdiction-specific provisions are in addition to the Unified Terms and Conditions and shall prevail in the event of any inconsistency, conflict, or legal override required by applicable law or local regulatory guidance.
XBase reserves the right to amend this Annex in line with updates to legislation, supervisory guidance, or enforcement practices. Where country-specific rules impose heightened obligations or restrict certain Services, those conditions shall apply solely to Clients subject to the relevant legal regime. Complaints shall be handled in accordance with Annex D, unless specifically overridden by the complaint-handling rules stated in this Annex.
1. United Kingdom (UK)
1.1 XBase’s regulated partners operating in the UK are authorized and supervised under the Financial Services and Markets Act 2000 and the Payment Services Regulations 2017 (SI 2017/752) as amended by post-Brexit statutory instruments.
1.2 Clients subject to UK law should note:
Safeguarding requirements under PSRs apply to fiat account services
Marketing cryptoassets to retail users is restricted by FCA rules, including rules under PS22/10
The Financial Promotions Regime applies to authorized communications related to digital asset services
Stablecoins intended for payment use may be regulated under future legislation such as the Financial Services and Markets Bill
1.3 No client relationship with XBase should be interpreted as constituting a financial promotion within the meaning of section 21 FSMA unless explicitly authorized.
1.4 Complaints Handling. Clients located in the UK may escalate unresolved complaints to the Financial Ombudsman Service (FOS) if applicable. Acknowledgment must be provided within 3 business days and resolution issued within 8 weeks.
2. European Union (EU)
2.1 EU-based Clients must assess their activities under:
The Markets in Crypto-Assets Regulation (MiCA – Regulation (EU) 2023/1114)
The Second Electronic Money Directive (EMD2)
The Payment Services Directive 2 (PSD2 – Directive (EU) 2015/2366)
The General Data Protection Regulation (GDPR – Regulation (EU) 2016/679)
2.2 XBase and its partners may provide services from Lithuania, Ireland, or other EU member states under passporting regimes (prior to MiCA implementation) which may no longer apply once MiCA enters into full effect.
2.3 MiCA introduces licensing requirements for Crypto-Asset Service Providers (CASPs), stablecoin issuers, and white-label wallet providers, including:
Custodial segregation and safeguarding standards
Disclosure obligations for asset reference tokens (ARTs) and EMTs
Marketing, governance, and complaints-handling mandates
2.4 Clients interacting with EU residents are expected to adopt appropriate licensing strategies, consumer protection mechanisms, and MiCA-aligned disclosures as applicable.
2.5 Complaints Handling. EU-based Clients have the right to file complaints in accordance with MiCA and applicable consumer redress mechanisms. Firms must respond within 15 business days, and records must be retained for 5 years, unless local law requires longer.
2.6 Lithuania (UAB and VASP Entities)
2.5.1 Where XBase or its affiliates are incorporated as UAB (private limited liability company) entities under Lithuanian law, or provide services to Lithuanian clients, applicable obligations may include:
VASP registration under the Law on the Prevention of Money Laundering and Terrorist Financing (as amended);
Corporate reporting to the Lithuanian Centre of Registers and State Tax Inspectorate (VMI);
Retention of client data and trade records for at least 8 years as required by Lithuanian AML law;
Reporting of suspicious transactions to the FCIS.
2.5.2 Governing law and dispute resolution for Lithuanian Clients may be subject to Lithuanian law and arbitration under the Vilnius Court of Commercial Arbitration, if explicitly stated in the applicable Service Order or Annex.
2.5.3 Complaints Handling. Complaints must be acknowledged within 5 business days and resolved within 30 calendar days. FCIS may be contacted for unresolved issues. Records must be retained for 8 years.
3. United Arab Emirates (UAE)
3.1 XBase Services made available to Clients in the UAE may be governed by one of the following regulatory environments, depending on where the Client is licensed, incorporated, or receives services:
The Virtual Assets Regulatory Authority (VARA) of Dubai
The Abu Dhabi Global Market (ADGM) under FSRA supervision
UAE Central Bank regulations on stored value facilities and payments
3.2 Clients engaging with the UAE market should be aware of:
VARA Rulebooks on Custody, Exchange, Lending, and Broker-Dealer services (2023 edition)
ADGM’s DLT Foundations Framework and MTF/CASP licensing schemes
Emirate-specific and federal AML/CFT laws requiring UBO declarations and suspicious transaction reporting
3.3 XBase may restrict certain activities (e.g., token sales, lending, staking) unless the Client obtains relevant VARA or FSRA approvals.
3.4 Complaints Handling. The official Complaints Handling Policy (v1.0, March 2025) governs complaints involving UAE-regulated services. Acknowledgment must be provided within 7 days and resolution within 4-8 weeks. Records must be maintained for 8 years.
4. United States (US)
4.1 XBase does not currently offer Services to US residents, persons, or entities unless an explicit regulatory or contractual exception is granted. This includes:
Persons subject to the jurisdiction of the Securities and Exchange Commission (SEC) or the Commodity Futures Trading Commission (CFTC)
Money Services Businesses (MSBs) requiring FinCEN registration
State-by-state money transmitter licensure obligations
4.2 Clients must ensure:
Their use of XBase does not breach OFAC sanctions
They do not market, promote, or white-label the Services to US-based individuals or institutions
No data hosting, exchange, or flow includes personally identifiable information of US residents without appropriate safeguards under US privacy laws (e.g., CCPA, GLBA)
4.3 Complaints Handling. US-based services are restricted. Where permitted, complaints must comply with federal privacy laws and consumer redress procedures if applicable.
5. Canada
5.1 Canadian clients may be subject to:
FINTRAC registration for MSBs
Securities laws under Canadian Securities Administrators (CSA) for crypto asset trading platforms
Provincial requirements, including Québec AMF and Ontario OSC guidance
5.2 Activities that may trigger regulation include:
Custody of client funds
Operating a marketplace for digital assets
Offering derivatives, leverage, or lending instruments involving cryptoassets
5.3 Where Canadian law applies, the parties may agree to select Ontario law as governing law, and refer disputes to arbitration administered by the ADR Institute of Canada (ADRIC) under its Arbitration Rules. This must be confirmed in the applicable Order Form or referenced in the Dispute Resolution section of the relevant Schedule.
5.4 Complaints Handling. Acknowledgment must be provided within 5 business days and resolution within 30 calendar days. Clients in Ontario may escalate unresolved complaints to the OBSI. Records should be retained for 7 years.
6. Switzerland
6.1 Clients in or interacting with Switzerland must assess obligations under:
FINMA guidance on blockchain and DLT applications
The Swiss Financial Services Act (FinSA)
The Anti-Money Laundering Act (AMLA)
6.2 Non-custodial activities may be exempt, but Clients offering exchange, payment, or wallet services must consider SRO registration or licensing under Swiss law.
6.3 Complaints Handling. Clients should follow Annex D, unless specific local regulatory timelines or ombudsman processes apply. Escalation details can be provided upon request.
7. Other Jurisdictions
7.1 XBase continues to monitor legal developments in Singapore (MAS PS Act), Hong Kong (SFC licensing), Australia (ASIC and AUSTRAC rules), and other G20 and FATF-aligned markets.
7.2 Clients should assess whether local crypto-specific legislation or traditional finance regulations (e.g., e-money, remittance, crowdfunding, capital markets) impact their deployment of XBase Services.
7.3 XBase may issue supplemental addenda for new jurisdictions as Services are expanded or new guidance is issued.
7.4 Where governing law or arbitration venue differs from the UAE (e.g., due to Client incorporation in Canada or Lithuania), this must be reflected in the Service Order or referenced explicitly in Annex J or the applicable Schedule. The Parties may designate an alternative governing law or dispute resolution forum to ensure enforceability.
Data Retention Note: Clients should note that minimum recordkeeping periods may vary by jurisdiction (e.g., 8 years in UAE). XBase will comply with the longest applicable retention period for each Client relationship unless otherwise required by law.
This Annex is subject to periodic review and legal update. Clients are expected to independently monitor legal developments and update their risk framework and compliance architecture accordingly.
Annex K – Definitions
The following definitions apply to these Unified Terms and Conditions and each of the accompanying Schedules and Annexes. Capitalized terms used throughout this Agreement shall have the meanings set out below unless otherwise stated or required by the context.
“Account” means the Client’s registered profile and technical configuration maintained by XBase to access the Services, including associated wallet addresses, credentials, and permissions. The term may also refer to sub-accounts and joint-accounts, as such may be offered as part of the Services from time to time.
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party.
“Annex” means any supplementary document attached to or incorporated by reference into these Terms, including but not limited to Fee Schedules, Risk Statements, and Jurisdiction-Specific Terms.
“API” means any application programming interface provided by XBase to enable machine-to-machine access to platform services, data, transaction submission, and event monitoring.
“Applicable Law” means all laws, regulations, directives, decisions, circulars, ordinances, judgments, or official guidance applicable to the provision or use of Services, including those issued by financial regulators, central banks, or supervisory authorities in any relevant jurisdiction.
“Atomic Swap” means a cryptographic mechanism that allows two parties to exchange assets across different blockchains without intermediaries, ensuring that either both transfers occur or neither does.
“Auto-Conversion” means a feature that allows incoming payments in a specific currency or Virtual Asset to be automatically exchanged into a target currency or asset based on pre-set Client preferences.
“Balance Sweeping” means the automatic transfer of funds or assets from various sub-accounts or wallets into a centralized treasury account to optimize liquidity and operational efficiency.
“Banking Partner” means any licensed credit institution, EMI, or PSP used by XBase to facilitate fiat account services, settlements, or safeguarding in accordance with applicable law.
“Bilateral Execution” means a direct transaction structure where the Client trades with a counterparty (e.g., XBase or its liquidity partner) without order book aggregation or multilateral matching.
“Business Day” means any day other than a Saturday, Sunday, or public holiday in the location of XBase’s primary operations, on which commercial banks are open for business in the applicable jurisdiction in which the respective entity providing the Service is registered.
“Checkout Services” means hosted or embedded interfaces provided by XBase that enable Merchants to accept Virtual Asset or fiat payments from end-customers through online storefronts, QR codes, payment links, or widgets.
“Client” means any legal entity or person that has executed an Order Form or has been onboarded by XBase to receive the Services.
“Client Data” means all data, records, documents, or other information related to the Client and its end-users that is processed, stored, or transmitted in connection with the Services.
“Client Money” means funds in fiat currency received from or on behalf of a Client for the execution of payment or trading transactions, held by XBase or a regulated third party, on behalf of the Client.
“Client Virtual Assets” means any digital assets, cryptocurrencies, tokens, or other virtual assets received or held by XBase or a regulated third party, on behalf of the Client.
“Co-Branded Environment” means a user experience or interface where both XBase and Partner branding are present, with mutual attribution and disclaimers made visible to end-customers.
“Cold Wallet” means a storage method for Virtual Assets using devices or environments that are completely offline, designed to maximize security by eliminating exposure to external networks.
“Confidential Information” means any non-public information disclosed by one Party to the other, whether in writing, orally, or by any other means, that is marked confidential or would reasonably be understood as confidential by its nature.
“Chargeback” means a reversal of a payment transaction initiated by the issuing bank, card network, or payment processor, typically in response to a customer dispute, unauthorized transaction, or regulatory request.
“Currency Conversion” means the process of exchanging one fiat currency or Virtual Asset into another, whether manually executed or automatically processed via the Platform.
“Custodial Wallet” means a digital wallet managed and controlled by XBase or its third-party providers on behalf of a Client, allowing for the storage, transfer, and settlement of Virtual Assets.
“Custody Services” means any wallet, safekeeping, or asset-holding service provided by XBase as described in Schedule 3, whether through segregated or omnibus infrastructure.
“Developer Portal” means the web-based interface provided by XBase through which Clients may access technical documentation, manage API credentials, view usage analytics, and submit support requests.
“Digital Asset” or “Virtual Asset” (VA) means a cryptographically secured representation of value or contractual rights that uses distributed ledger technology and may be transferred, stored, or traded electronically.
“Dispute” means any disagreement, controversy, or claim arising out of or in connection with these Terms or the Services, including any question regarding their existence, validity, interpretation, or termination.
“Embedded Finance” means the integration of financial services or capabilities directly into the digital products, workflows, or platforms of a non-financial Partner, using XBase’s APIs or modules.
“EMI” means an Electronic Money Institution, authorized under applicable financial services law to issue e-money and provide regulated payment services.
“Endpoint” means a specific URL or interface component of the API through which a Client can submit or retrieve data, trigger actions, or receive responses from the XBase Platform.
“Escrowed Transfer” means a transaction that involves temporarily locking assets in a third-party-controlled or smart contract-based mechanism until specific conditions are met.
“Fee Schedule” means the pricing model applicable to the Services, as set out in Annex A or as otherwise agreed in an Order Form.
“FIAT” means government-issued legal tender such as USD, EUR, or GBP, as opposed to digital or Virtual Assets.
“Force Majeure” means an event beyond the reasonable control of a Party, including acts of God, terrorism, war, civil unrest, power outages, internet disruptions, bank failures, blockchain malfunctions, or regulatory action.
“FX Spread” means the difference between the rate quoted to the Client for a currency conversion and the prevailing mid-market or reference rate for that currency pair.
“Group” means, with respect to any entity, that entity and its Affiliates.
“Hosted Payment Page (HPP)” means a payment interface hosted by XBase that allows end-customers to complete transactions in a secure and branded environment on behalf of a Merchant.
“Hot Wallet” means a wallet connected to the internet and used for real-time transactions or active trading of Virtual Assets, offering greater liquidity but higher exposure to risk.
“HSM (Hardware Security Module)” means a dedicated hardware device used to securely manage, generate, and store cryptographic keys in wallet configurations.
“Hybrid Settlement” means a multi-stage or multi-channel asset delivery mechanism involving combinations of custody, wallet transfers, margin components, or manual reconciliation.
“IBAN” means International Bank Account Number, a globally recognized identifier used for international bank transfers, as applicable to fiat settlement accounts.
“Intellectual Property” means all patents, trademarks, trade secrets, copyrights, software, databases, designs, know-how, and other proprietary or intellectual property rights belonging to or licensed by XBase.
“Invoice” means a payment request generated by the XBase Platform or via API, specifying the transaction amount, currency, reference ID, and expiration parameters to guide settlement by the end-customer.
“KYC/KYB” means Know-Your-Customer or Know-Your-Business procedures, conducted to confirm the identity, legal existence, and regulatory eligibility of Clients and their beneficial owners.
“Liquidity Dashboard” means a tool provided by XBase displaying real-time views of a Client’s treasury balances, currency exposures, conversion history, and actionable insights across wallets or sub-accounts.
“Liquidity Provider (LP)” means a regulated or institutional counterparty that offers executable quotes or fills orders submitted by XBase on behalf of the Client.
“Matched Counterparty” means a third party introduced or coordinated by XBase to complete a specific OTC transaction through a bilateral structure.
“Merchant” means a Client that receives payments from end-customers through the POS or Checkout Services.
“Merchant Portal” means the web-based dashboard or interface provided by XBase that allows Merchants to manage their payment activity, monitor settlements, configure POS Devices, and view reports.
“Multisignature Wallet (Multisig)” means a wallet that requires multiple private keys to authorize a transaction, used to improve security and enforce policy-based controls.
“Omnibus Structure” means a wallet or account setup in which multiple Clients’ assets are pooled together, while XBase maintains off-chain records of individual entitlements.
“Omnibus Wallet” means a shared wallet infrastructure where Virtual Assets of multiple Clients are pooled together, with internal ledgering by XBase to track Client entitlements.
“Onboarding” means the process by which a prospective Client is reviewed, verified, and approved to access XBase Services, including the submission of documentation, due diligence, and acceptance of terms.
“Order Form” or “Service Order” means a written agreement, contract, or electronic record executed by the Client and accepted by XBase specifying the particular Services, pricing, terms, or custom conditions.
“Partner” means a Client or counterparty that integrates or distributes XBase services on a white-label, embedded finance, or reseller basis under Schedule 8.
“Partner Dashboard” means a secured administrative interface provided by XBase that allows White Label Partners to monitor performance, access sub-user data, configure services, and manage operational settings.
“Payout” means the disbursement of net settlement funds from XBase to a Merchant’s designated bank account or digital wallet, following the deduction of applicable fees, reserves, refunds, or chargebacks.
“Payment Instruction” or “Transaction Instruction” means a request from the Client to initiate a transfer, deposit, withdrawal, or conversion, submitted via the Platform or API.
“Personal Data” means any information that relates to an identified or identifiable natural person, as defined by applicable data protection law.
“Platform” means the underlying systems, infrastructure, APIs, and user interfaces developed and operated by XBase to deliver the Services.
"POS" or "Point-of-Sale" refers to terminal and software solutions that enable merchants to accept in-person or online payments.
“POS Device” means a physical terminal or mobile-enabled application used by Merchants to accept payments from end-customers at the point of sale, whether through QR codes, card readers, or other interfaces.
“POS Services” means point-of-sale payment acceptance services provided by XBase, as described in Schedule 4, including any associated devices, terminals, or merchant portals.
"Privacy Laws" means all applicable data protection laws and regulations including GDPR, UK DPA 2018, and any equivalent legislation.
“Privacy Policy” means the XBase policy governing the collection, use, and protection of personal data, as referenced in Annex C.
“Program Manager” means a technical and contractual intermediary coordinating between the Client and one or more regulated institutions to facilitate access to Services without holding regulatory permissions directly.
“PSP” means a Payment Service Provider, including institutions authorized to provide account issuance, transfer, and settlement services under relevant laws.
“Principal Capacity” means the execution of a trade where XBase acts as the buyer or seller on its own behalf, rather than as agent for the Client.
“Quote” means a price or rate provided by XBase to the Client for a transaction or service, which may be indicative or executable within a specified validity window.
“Quote Validity Window” means a specific period during which a quoted price or rate remains binding and executable for a Client transaction.
“Rate Limit” means a threshold applied by XBase to restrict the number of API requests a Client may make within a defined time period, designed to maintain platform stability and prevent abuse.
“Rebalancing” means the act of shifting funds or asset allocations across different currencies or wallets to maintain a target risk profile, reserve ratio, or operational threshold.
“Reseller Agreement” means a commercial agreement between XBase and the Partner that governs the terms, obligations, revenue share, and operational rights associated with distributing or integrating XBase Services under a white-labeled model.
“Reserve” means a portion of Merchant proceeds temporarily withheld by XBase to cover potential liabilities, including chargebacks, refund claims, or regulatory exposure, and released subject to predefined conditions.
“Retry Mechanism” means the automated logic that allows a transaction to be retried or completed after an initial failure due to underpayment, timeout, or system disruption, using fallback or top-up flows.
“RFQ (Request for Quote)” means a method of trade initiation in which the Client requests a price from XBase or its liquidity partners and decides whether to execute based on the received quote.
“Safeguarding Institution” means a third-party EMI, PSP, or bank engaged by XBase to hold Client Money in accordance with applicable safeguarding or segregation regulations.
"Sanctions List" means any list of prohibited or restricted persons or entities issued by the United Nations, OFAC (U.S.), EU, UK, or other competent sanctions authorities.
“Sandbox Environment” means a simulated version of the XBase Platform provided for development and testing purposes, which does not involve real funds or live transactions and may include artificial data or throttled functionality.
“Schedule” means any of the modular service-specific sections of the Unified Terms and Conditions, numbered 1 through 8.
“Segregated Wallet” means a wallet that is assigned exclusively to a specific Client, with on-chain traceability and separation from other Clients’ holdings.
“Services” means all products, solutions, and functionality made available to the Client by XBase under these Terms, including but not limited to Banking, OTC Trading, Custody, POS, Checkout, FX, API, and Embedded Finance.
“Session Expiry” means the configured time period after which an unpaid Checkout invoice becomes invalid, and payment is no longer accepted unless regenerated or extended.
“Settlement” means the completion of a financial or virtual asset transaction, including the final transfer of funds, assets, or balances from one Party to another.
“Sub-User” means an end-customer, business, or account holder managed by the Partner under a White Label or Embedded Finance arrangement, to whom certain Services are indirectly extended.
“Testnet” means a dedicated blockchain environment used for testing Virtual Asset transactions without real-world value, enabling Clients to validate integration logic and simulate transaction flows.
“Top-Up Link” means a supplementary payment request sent to the end-customer when the original Invoice was underpaid, allowing them to complete the required amount within a defined period.
"Transaction" means any credit, debit, currency conversion, deposit, or payment processed through the Services.
“Transaction History” means the chronological record of payments processed through XBase Services, accessible to Merchants via the Merchant Portal, and including timestamps, amounts, transaction status, and reference identifiers.
“Treasury Services” means operational and financial tools provided by XBase to support Clients’ liquidity management, FX execution, asset allocation, and settlement planning across fiat and digital currencies.
"User" means any individual authorized by the Client to access or use the Services on its behalf.
“Wallet” means a digital address, software, or custodial infrastructure provided or supported by XBase for the storage and transfer of Virtual Assets on behalf of a Client.
“Webhook” means a server-side notification mechanism that enables XBase to automatically send event updates or transaction alerts to a Client-defined URL in real time, based on predefined triggers.
“White Label Partner” means a Client or third-party authorized by XBase to deploy its Services under a fully branded or co-branded model, maintaining control over customer experience, onboarding, and primary communications.
“White Label Services” means co-branded or private-labeled versions of the Services, including customized UI, platform access, and API wrappers, provided to Partners under Schedule 8.
“Whitelisting” means a security process allowing only pre-approved wallet addresses to receive withdrawals or transfers from a Custody Wallet.
This Annex may be updated from time to time to reflect new terminology or structural revisions across the Terms and Conditions. In case of inconsistency, the definitions in this Annex shall prevail unless explicitly overridden in a Schedule or Order Form.
Annex L – XBase Group – Entities and Licensed Partners
XBase Virtual Assets Broker & Dealer Services LLC (“XBase Digital DED”) is authorised and regulated by the Dubai Virtual Assets Regulatory Authority (“VARA”) with registered number [TBC]. XBase Digital DED is registered in Dubai and only deals with or for Qualified Investors and Institutional Investors as defined by VARA. XBase Digital DED’s registered office is located at Office Suite # 1804, The Exchange Tower, Al Mustaqbal Street, Business Bay, Dubai, U.A.E.
XBase Digital UAB is a registered entity in Lithuania under company number 305943164. It operates in compliance with applicable Lithuanian regulations for virtual asset service providers. XBase Digital UAB’s registered office is located at Naugarduko str. 3-401, Vilnius, Lithuania.
XBase Digital Inc is a registered entity in Canada under company number BC1439482 and is licensed under Money Services Business (MSB), registration number M21658614. It operates in accordance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and is regulated by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). XBase Digital Inc.’s registered office is located at 22420 Dewdney Trunkroad, Suite 300, Maple Ridge, BC, V2X3J5, Canada.
XBase Digital UK Limited is registered in the United Kingdom under company number 15031056. XBase Digital UK Limited’s registered office is located at 20 Eastbourne Terrace Paddington, London, Westminster, United Kingdom, W2 6LA.
XBD Holdings Limited is registered in Abu Dhabi under company number 00009488. XBD Holdings Limited’s registered office is located at Al Maryah Tower, Unit 8, Level 3, Abu Dhabi Global Market Square Al Maryah Island, Abu Dhabi, United Arab Emirates.