Effective Date: 21 May 2026

1. General Provisions

This Anti-Money Laundering and Counter-Terrorist Financing Policy (the “Policy”) describes the AML/CTF framework applicable to services available through the Deffio platform. The Policy covers two independent regulated entities operating within the Deffio ecosystem:

Each entity maintains its own independent AML/CTF compliance programme in accordance with its applicable regulatory framework. The Deffio platform (operated by Betelgeuse Corporation Ltd, UK) provides the technology interface through which users access these services. Betelgeuse does not hold fiat funds and is not a reporting entity under the frameworks described herein.

2. Our Commitment

The Deffio platform and its service providers are committed to preventing the use of their services for money laundering, terrorist financing, or any other financial crime. This commitment is implemented through the independent compliance programmes of Peloton and Capitolio, which operate in accordance with their respective national and international regulatory obligations.

Key principles underlying this commitment:

•     We do not knowingly facilitate transactions that are connected to criminal activity, sanctions violations, or terrorist financing.
•     We apply a risk-based approach to customer identification and transaction monitoring.
•     We cooperate fully with competent authorities in connection with AML/CTF investigations.
•     We maintain records of customer identification and transaction data as required by law.
•     We do not disclose to customers or third parties information about suspicious activity reports or regulatory investigations (tipping-off prohibition).

3. Regulatory Framework

Peloton — VASP Services (Poland / European Union)

Peloton operates as a registered Virtual Asset Service Provider in Poland and is subject to:

•     Polish Act on Anti-Money Laundering and Combating the Financing of Terrorism.
•     EU Anti-Money Laundering Directives (AMLD5/AMLD6) as implemented in Polish law.
•     Regulations and guidelines of the General Inspector of Financial Information (GIIF).
•     FATF Recommendations as adopted in the European Union.

Capitolio Inc. — Payment Services (Canada)

Capitolio Inc. operates as a registered Money Services Business in Canada and is subject to:

•     Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
•     Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR).
•     FINTRAC guidelines and directives.
•     FATF Recommendations as applied in Canada

4. Risk-Based Approach

Both Peloton and Capitolio apply a risk-based approach to AML/CTF compliance. Risk assessments are conducted before establishing a service relationship with a customer and on an ongoing basis throughout that relationship.

Risk factors considered include, but are not limited to: customer identity and background; geographic origin; nature and purpose of the transaction; source of funds; and transaction patterns over time.

Customers are assigned a risk level (from standard to enhanced). Higher-risk customers are subject to additional verification requirements and increased monitoring. The establishment of a relationship with the highest-risk customers requires senior management approval.

5. Customer Identification and Verification

Both Peloton and Capitolio collect and verify customer identification in accordance with their respective regulatory obligations. Customers may be required to provide:

•     Full name and date of birth.
•     Residential address.
•     Government-issued identity document (passport or national ID).
•     Contact details (email address, phone number).
•     Bank account details for fiat transactions (IBAN, BIC/SWIFT).
•     Source of funds documentation where required by applicable regulations.

Identity verification is performed using designated electronic identity verification tools. Customers are required to provide accurate and up-to-date information throughout the service relationship. The Company reserves the right to decline or suspend services where satisfactory identification cannot be obtained.

By using the services, customers consent to their personal data being processed for KYC and AML/CTF compliance purposes by Peloton, Capitolio, and their regulated partners, in accordance with the Deffio Privacy Policy.

6. Transaction Monitoring

Both Peloton and Capitolio conduct ongoing monitoring of transactions to detect unusual or suspicious activity. Transactions that are inconsistent with a customer’s known profile, purpose of relationship, or source of funds may be subject to additional review.

Where a transaction is identified as suspicious, the relevant entity will:

•     Suspend the transaction pending review, where applicable.
•     Conduct an internal investigation.
•     File a report with the relevant regulatory authority if required (GIIF for Peloton; FINTRAC for Capitolio).

For off-ramp operations, cryptocurrency transactions are subject to blockchain analytics screening prior to fiat payout. Transactions associated with high-risk counterparties, sanctioned addresses, or other indicators of illicit activity may be declined.

7. Sanctions Compliance

Both Peloton and Capitolio screen customers and transactions against applicable international and national sanctions lists, including:

•     United Nations Security Council consolidated sanctions list.
•     European Union financial sanctions list (Peloton).
•     US Treasury OFAC Specially Designated Nationals (SDN) list.
•     Canadian government sanctions lists — Global Affairs Canada (Capitolio).
•     National sanctions lists of the Republic of Poland (Peloton).

Services are not available to persons or entities subject to applicable financial sanctions, or to customers located in or associated with sanctioned jurisdictions. A confirmed sanctions match results in immediate suspension of services and notification to the relevant regulatory authority.

8. Politically Exposed Persons (PEP)

Both Peloton and Capitolio screen customers against Politically Exposed Persons (PEP) databases as part of the onboarding and ongoing monitoring process. Customers identified as PEPs, or as close associates of PEPs, are subject to enhanced due diligence, including additional documentation requirements and senior management approval.

9. Prohibited Activities and Restricted Jurisdictions

Services are not available where prohibited by applicable law. Customers are prohibited from using Deffio services in connection with:

•     Money laundering, terrorist financing, or any other financial crime.
•     Transactions involving the proceeds of criminal activity.
•     Sanctions evasion or circumvention of AML/CTF controls.
•     Use of anonymisation tools or techniques to obscure the origin or destination of funds.

Services are not available to residents of or persons located in jurisdictions subject to comprehensive international sanctions or identified as non-cooperative by FATF. A full list of restricted jurisdictions is available in the Deffio Terms of Use.

10. Record-Keeping

Both Peloton and Capitolio maintain records of customer identification and transaction data for the periods required by their respective applicable laws. Records are stored securely and made available to competent authorities upon lawful request.

Requests for access to personal data held for AML/CTF purposes should be directed to the relevant data controller as identified in the Deffio Privacy Policy.

11. Reporting Obligations

Peloton reports to the General Inspector of Financial Information (GIIF) of the Republic of Poland in accordance with Polish AML law.

Capitolio Inc. reports to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) in accordance with PCMLTFA.

Neither entity discloses to customers whether a report has been filed with a regulatory authority in connection with their account or transactions.

13. Contact and Complaints

If you have a question about this Policy or about how your data is processed for AML/CTF purposes, please contact the following email: [email protected]

Your query will be routed accordingly.

14. Legal Information

Platform Operator (App Services):

BETELGEUSE CORPORATION LTD 

Company Number: 14716123 

Legal Address: 13 John Prince’s Street, 2nd Floor, London, England, W1G OJR 

VASP Services Provider:

PELOTON sp. z o.o. 

Company Number (KRS): 0001132722 | NIP: 8133922725 

VASP License: RDWW-1567

Legal Address: ul. Jana III Sobieskiego 17, 35-002 Rzeszów, Poland 

Payment Services Provider:

CAPITOLIO INC. 

Company number (NUANS): 122052732

FINTRAC MSB Registration No.: M24928320 

Legal Address: 700-602 12 Ave SW, Calgary, Alberta, T2R 1J3, Canada