Legal Hub

Last Updated: 5/11/2026 | Version 1.4

These Terms of Service ("Terms") constitute a binding legal agreement between you (referred to herein as "you," "your," "User," or "Customer") and Kashu, Inc ("Kashu," "we," "us," or "our"), a Wyoming corporation. By accessing, registering for, or using any portion of the Kashu platform, mobile application, website, or services (collectively, the "Services"), you agree to be bound by these Terms, our Acceptable Use Policy ("AUP"), our Software & Technology Services Agreement ("STSA"), our Privacy Policy, and any other policies referenced herein. If you do not agree to these Terms, do not access or use our Services.

‍

1. Eligibility

The Services are made available exclusively to businesses organized under the laws of the United States and operating in the United States. By accessing the Services, you represent and warrant that:

(a) you are a legal entity in good standing under the laws of a U.S. state or territory and possess a valid Employer Identification Number (EIN);

(b) the individual accepting these Terms on behalf of the entity is at least 21 years of age and is duly authorized to bind the entity to this agreement;

(c) the entity has completed, or will complete, Kashu's Know Your Business ("KYB") verification, including beneficial ownership and control-person disclosures;

(d) neither the entity, its beneficial owners, nor its control persons appear on any U.S. government sanctions, denied-party, or politically-exposed-person list; and

(e) all information you provide to Kashu is accurate, complete, and current.

The Services are not offered to consumers, sole proprietors operating without an EIN, or entities organized outside the United States.

‍

2. Scope of Services

Kashu is a software platform that delivers business financial-operations tooling on top of regulated payment and banking rails operated by licensed third-party institutions. Kashu does not itself provide money transmission, deposit-taking, lending, or other regulated financial services. The Services consist of three integrated pillars:

(a) Platform Access, the Kashu software, user interface, mobile and web applications, account-management tools, and APIs through which you operate your program account, initiate transfers, and manage business financial activity.

(b) Transaction Intelligence, risk monitoring, transaction categorization, structured transaction-level data enrichment (including Level 3 and corporate-card enhanced data fields), reporting, analytics, and program-rule enforcement.

(c) Program Administration, KYB onboarding, compliance operations, sanctions screening, dispute coordination with regulated providers, recordkeeping, and ongoing program administration on your behalf.

Access to the Services is subject to verification, compliance review, ongoing risk monitoring, and program limits. The Services are provided on an "as is" and "as available" basis.

2.1 Role of Kashu

Kashu acts solely as a software and technology provider and program administrator. Kashu does not hold user funds, take deposits, transmit money, settle transactions, or exercise discretion over the approval, processing, timing, reversal, or completion of any movement of funds. All regulated financial activity is performed by licensed third-party institutions identified in Section 3 below. Kashu's role is limited to providing software and instructing those institutions in accordance with rules you agree to under these Terms and the AUP.

‍

3. Custody and Fund Management

Kashu does not hold customer funds and has no legal, beneficial, or equitable interest in customer funds at any time.

(a) Money Transmission. Money transmission services in connection with the Services are provided by Monarch Technologies, Inc., a licensed Money Services Business (MSB Registration No. 31000186536125) and NMLS-registered provider (NMLS ID 1908316).

(b) Custody of Funds. Customer funds are held in custodial For-Benefit-Of ("FBO") accounts at Chesapeake Bank, Member FDIC, for the benefit of users. Funds in FBO accounts are not assets of Kashu, are not commingled with Kashu's operating funds, and are not available to Kashu's creditors.

(c) No Direct Banking Services. Kashu does not accept deposits, issue accounts, extend credit, or provide banking services directly. All regulated financial services are provided by, and remain the responsibility of, the licensed third-party institutions identified above.

(d) Instruction-Only Authority. Kashu may instruct Monarch to initiate, hold, freeze, or release funds in accordance with these Terms, the AUP, applicable law, lawful third-party requests, and the rules of the underlying financial institutions. Such instructions reflect Kashu's role as program administrator and do not constitute control of, or a property interest in, the funds.

‍

4. Account Registration and Security

To use the Services, the entity must register for a program account, designate authorized users, and provide required business and financial information. Onboarding is subject to verification procedures that satisfy Kashu's and its partners' compliance obligations, including Know Your Business (KYB), Know Your Customer (KYC) for beneficial owners and control persons, Anti-Money Laundering (AML), and sanctions-screening requirements.

You agree to:

(a) keep account credentials confidential and restrict access to authorized users;

(b) notify Kashu immediately of any unauthorized access or suspected compromise;

(d) cooperate with periodic re-verification, enhanced due diligence, and information requests.

Kashu reserves the right to suspend or terminate any account that provides false, incomplete, or outdated information, or that we reasonably suspect is engaged in fraudulent or unlawful activity.

‍

5. Business Information Accuracy

You certify that all KYB and program-account information you provide, including but not limited to legal entity name, jurisdiction of formation, EIN, registered and operating addresses, beneficial owners (each person owning 25% or more), control persons, authorized signatories, primary line of business, and bank account information, is accurate, complete, and current as of the date submitted.

You agree to notify Kashu in writing within ten (10) business days of any material change, including but not limited to:

(a) change in legal entity name, structure, or jurisdiction;

(b) change in beneficial ownership of 25% or more;

(d) change in primary business activity or industry classification;

(e) change in registered or operating address; or

(f) change in linked bank account.

Failure to maintain accurate KYB information may result in suspension or termination of the program account in accordance with the AUP and applicable regulatory obligations.

‍

6. Fees and Payments

Kashu charges a Platform Service Fee in consideration of the three pillars of the Services described in Section 2: Platform Access, Transaction Intelligence, and Program Administration. The Platform Service Fee is the consideration paid to Kashu for software, data, technology, and program-administration services rendered to you, and is disclosed in the STSA and any Fee Schedule made available within the Services.

The Platform Service Fee is structured on a per-transaction basis as a function of transaction value. This pricing structure reflects the fact that the compliance review, fraud screening, risk monitoring, transaction-level data enrichment, and program-administration work performed by Kashu's software scales with the value and risk profile of each transaction. The fee is consideration for software services rendered and is not contingent on the success, completion, or settlement of any underlying funds transfer.

Kashu may, from time to time, offer additional optional services, including, without limitation, expedited program administration in connection with real-time or accelerated settlement options. Fees for such optional services are charged in consideration of the additional risk-review, fraud-screening, and compliance work required to support those services, and are disclosed in the STSA and any Fee Schedule made available within the Services.

All fees paid to Kashu are consideration for software, technology, data, and program-administration services. Fees for the underlying transmission, custody, or settlement of funds, where applicable, are charged separately by the licensed money transmitter or custodial institution and are disclosed by those parties to you.

By using the Services, you authorize Kashu to charge your designated payment method for applicable fees and related charges. Failure to remit payment when due may result in account suspension, legal recovery efforts, and assessment of interest and penalties as permitted by law. You are responsible for all taxes associated with your use of the Services, excluding taxes based on Kashu's net income.

6.1 Cardholder Agreement Responsibility

You acknowledge that your relationship with your card issuer, including all terms, rates, fees, and conditions, is governed exclusively by your cardholder agreement or corporate card program agreement. Kashu does not alter, override, or assume any obligations arising from that agreement. If your issuing bank reclassifies or re-categorizes a transaction, such determinations are solely between you and your card issuer. Kashu has no authority over those decisions and is not responsible for any fees, penalties, interest, or adverse effects that may result.

6.2 User Authorization

By initiating any transfer from your program account or any other transaction request, you expressly authorize the transaction and acknowledge that such authorization is final at the time of submission. You assume full responsibility for the transaction amount, timing, and destination once initiated.

‍

7. License Grant and Use Restrictions

Subject to these Terms, Kashu grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Services for your business use. You may not:

(a) reproduce, modify, adapt, or create derivative works based on the Services;

(b) reverse engineer, decompile, or disassemble any portion of the Services;

(d) use the Services to violate any applicable law, regulation, or third-party right; or

(e) attempt to interfere with the integrity or security of our systems or networks.

Any unauthorized use of the Services terminates the rights granted to you under these Terms and may result in legal action.

‍

8. Intellectual Property

All content, graphics, user interface, visual interfaces, software, algorithms, models, and code contained in or made available through the Services, and all related rights including trademarks, copyrights, patents, and trade secrets are the exclusive property of Kashu or its licensors. Except as expressly stated herein, no rights or licenses are granted to you under any intellectual property rights, whether by implication, estoppel, or otherwise. You agree not to use the Kashu name, logo, or proprietary marks without prior written permission.

‍

9. Privacy and Data Use

By using the Services, you acknowledge and agree that we will collect, store, and use your business and personal information in accordance with our Privacy Policy. You further consent to the use of data for lawful purposes, including compliance, fraud prevention, risk analysis, transaction intelligence, and regulatory reporting. For more details, refer to our Privacy Policy.

‍

10. Third-Party Services

The Services incorporate or facilitate access to third-party platforms, including payment processors, money transmitters, custodial banks, card networks, identity-verification providers, and other financial institutions. Kashu is not responsible for the performance, privacy practices, or terms of service of third-party services. Your use of such services is at your own risk and subject to separate terms. Kashu disclaims any and all liability for content, functionality, or damage caused by or arising from third-party services.

Your interactions with third-party providers, including card issuers and financial institutions, are governed by their respective terms of use and cardholder agreements. Kashu does not participate in, control, or assume liability for the rates, fees, or reclassification of transactions imposed by your issuing bank. Any obligations or disputes arising from such matters remain strictly between you and your card issuer.

10.1 Transaction Processing Authority

Kashu does not control or guarantee the approval, settlement, completion, or final disposition of any transaction. While Kashu may, in limited circumstances, initiate a refund or reversal request through its payment gateway or instruct Monarch to take action, all transaction execution, settlement, reversal approval, and funds movement are subject to the rules, controls, and final determination of third-party financial institutions and service providers. Kashu is not responsible for any delay, rejection, or outcome resulting from such third-party decisions.

‍

11. Suspension and Termination

Kashu reserves the right to suspend or terminate your access to the Services at any time, with or without notice, for any reason permitted under these Terms or the AUP, including but not limited to: violation of these Terms or the AUP, suspected fraud, breach of applicable law, regulatory or partner-institution direction, or to protect the integrity of the platform.

Upon termination, your license to use the Services will be revoked. Because Kashu does not hold or control user funds, Kashu cannot release, transfer, or distribute funds directly; Kashu may instruct Monarch to freeze, hold, or release funds in the program account pending resolution in accordance with the AUP and the rules of the underlying financial institutions. Termination does not relieve you of any obligations or liabilities accrued prior to such termination.

11.1 Regulatory and Legal Cooperation

Kashu may comply with lawful requests, inquiries, or directives from regulators, courts, card networks, or financial institutions without notice to you and without liability.

‍

12. Disclaimers

The Services are offered without any guarantees, either express or implied. Kashu disclaims all warranties, including those related to merchantability, fitness for a particular purpose, non-infringement, availability, and reliability. Kashu does not guarantee that the Services will be free from errors or interruptions. You acknowledge that your use of the Services involves risks and that Kashu shall not be held responsible for the accuracy, timeliness, or completeness of any information or transactions facilitated by the Services.

Kashu expressly disclaims responsibility for the classification or treatment of transactions by your card issuer. All determinations regarding whether a transaction constitutes a purchase, cash advance, or other category are made solely by your issuing bank in accordance with your cardholder agreement. Kashu is not liable for, and does not indemnify you against, any fees, penalties, interest charges, or adverse consequences resulting from such classifications.

12.1 Assumption of Risk

You assume all risks associated with your use of the Services, including your business's decisions regarding the use of credit, the timing and amount of transfers, cash-flow management, repayment obligations to your card issuer or corporate card program, and any financial consequences resulting from your use of funds.

12.2 No Fiduciary or Advisory Relationship

Kashu does not act as a fiduciary, financial advisor, lender, agent, or representative of any user. Kashu does not provide financial, legal, tax, or accounting advice, and no such relationship is created through use of the Services.

‍

13. Limitation of Liability

To the fullest extent allowed by law, Kashu and its officers, directors, employees, or affiliates will not be liable for any indirect, incidental, consequential, special, exemplary, or punitive damages, including lost profits, data, or business opportunities, resulting from your use of the Services. Our total liability to you will not exceed the amount of Platform Service Fees you paid to Kashu in the six (6) months preceding the incident that led to the claim.

‍

14. Indemnification

You agree to indemnify, defend, and hold harmless Kashu and its affiliates, officers, directors, employees, agents, and representatives from any claims, losses, liabilities, damages, costs, or expenses (including reasonable attorneys' fees) arising out of or related to: (i) your use of the Services, (ii) your violation of these Terms, the AUP, the STSA, or any law, regulation, or third-party rights, or (iii) your fraud, negligence, or willful misconduct.

‍

15. Dispute Resolution and Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Arizona, without regard to its conflict-of-law principles. Any dispute, claim, or controversy arising out of or relating to these Terms or your use of the Services shall be resolved exclusively by binding arbitration administered by the American Arbitration Association (AAA) in Phoenix, Arizona, under its Commercial Arbitration Rules. Judgment on the arbitration award may be entered in any court having jurisdiction. You agree to waive any right to a jury trial or to participate in a class action lawsuit. The provisions of this Section, together with Sections 3 (Custody and Fund Management), 12 (Disclaimers), 13 (Limitation of Liability), and 14 (Indemnification), shall survive termination of these Terms.

‍

16. Modifications to Terms

Kashu reserves the right to modify or update these Terms at any time. Non-material changes are effective upon posting. Material changes will be communicated via the Services or via email at least thirty (30) days before they take effect, unless a shorter period is required by law, regulator direction, or partner-institution requirements. Your continued use of the Services after the effective date constitutes acceptance of the modified Terms. If you do not agree to the revised Terms, you must discontinue use of the Services prior to the effective date.

‍

17. Document Hierarchy and Incorporation by Reference

These Terms are incorporated by reference into, and shall be read together with, the STSA, the AUP, the Privacy Policy, the Fee Schedule, and any other agreement or disclosure presented to you in connection with the Services. In the event of any conflict between these documents, the order of precedence is:

(1) STSA → (2) these Terms → (3) AUP

All other policies and disclosures are subordinate to the above.

‍

18. Contact Information

For questions, legal notices, or service of process, you may contact us as follows:

Kashu, Inc

Attn: Legal Department

1603 Capitol Ave, Ste 415 #674380

Cheyenne, WY 82001

Email: legal@kashupay.com

Kashu, Inc. (“Kashu,” “we,” “our,” or “us”) uses cookies and similar technologies to enhance your browsing experience, improve our services, and protect your security. This Cookie Policy explains what cookies are, how we use them, and your choices regarding their use.

‍

1. What are cookies?

Cookies are small text files that are downloaded to your device (computer, smartphone, tablet, or other internet-enabled device) when you access a website or application. They contain information that allows websites to recognize your device and remember certain details about your visit.

There are different types of cookies, including:

Session Cookies – Temporary cookies that are erased when you close your browser. These are typically used to remember actions during a single browsing session, such as keeping you logged in while navigating between pages.
Persistent Cookies – Stored on your device for a set period of time or until you delete them. These allow websites to remember you across multiple visits, such as your saved login details or customized preferences.
First-Party Cookies – Set directly by the website you are visiting. These support core functionality such as authentication and personalization.
Third-Party Cookies – Set by external services integrated into the website, such as analytics providers, social media platforms, or advertisers.

Cookies are widely used because they make web experiences more efficient, secure, and personalized. Without them, many features—such as staying logged into your account, saving payment preferences, or maintaining a shopping cart—would not work properly.

‍

2. How we use cookies

At Kashu, we use cookies and similar tracking technologies to ensure our platform is secure, efficient, and easy to use. Our cookie usage supports both operational needs and the continuous improvement of our products.

Specifically, we use cookies for the following purposes:

Essential Cookies
These are required for the operation of our website and mobile application. They enable you to log in securely, authenticate your identity, and access key features such as account dashboards, payment services, and fraud protection measures. Disabling these cookies may prevent you from accessing core parts of the Kashu platform.
Performance & Analytics Cookies
These help us understand how users interact with our site and app. For example, they track which pages are visited most often, how long users spend on certain pages, and whether users encounter error messages. This information allows us to improve site navigation, optimize app performance, and deliver a smoother experience.
Functional Cookies
These allow us to remember your choices and preferences, such as language settings, saved login sessions, or personalized account views. By remembering your preferences, we reduce the need for repetitive actions and create a more seamless user experience.
Advertising & Marketing Cookies
These are used to deliver relevant advertisements to you, both on our platform and across third-party websites. They help us measure the effectiveness of campaigns, limit the number of times you see an ad, and ensure the content is more tailored to your interests.
Security Cookies
These are critical for detecting suspicious activity, preventing unauthorized access, and maintaining compliance with financial regulations. They allow us to identify unusual login patterns, protect against fraudulent transactions, and maintain a secure environment for our users.

‍

3. Third-Party Cookies

In addition to the cookies that Kashu sets directly, we work with trusted third-party service providers who may place their own cookies on your device. These third-party cookies enable integrations that support our platform and help us provide the services you expect.

Examples include:

Analytics Providers (e.g., Google Analytics, Mixpanel) – These help us understand how users navigate our platform, identify trends, and measure the effectiveness of new features or marketing campaigns.
Fraud Detection and Security Services – Partners that assist in monitoring for unusual activity, verifying device integrity, and safeguarding user accounts from unauthorized access.
Customer Support Tools – Third-party chat or helpdesk providers may set cookies to remember user sessions, enabling faster and more personalized support.
Advertising Networks and Social Media Platforms – These partners may place cookies to deliver targeted advertising and track engagement across multiple platforms (e.g., Google Ads, Meta/Facebook Pixel, LinkedIn).

Please note that these third parties may collect information about your browsing behavior across different websites and apps, not just on Kashu. Their use of data is governed by their own privacy and cookie policies, and we encourage you to review those policies for more information.

‍

4. Your Choices and Control

We believe it’s important for you to have control over how cookies are used. You can manage cookies in the following ways:

Browser Settings
Most internet browsers allow you to view, manage, delete, or block cookies. Instructions can usually be found in your browser’s “Help” or “Settings” menu. Please note that if you block essential cookies, certain features of Kashu may not function properly (e.g., login sessions, transaction processing).
Device Settings
On mobile devices, you can adjust privacy and advertising settings through your operating system. For example, iOS and Android devices allow you to reset advertising identifiers or limit ad tracking altogether.
Cookie Consent Banner
When you first visit Kashu’s website or app, you will see a cookie consent banner. This banner gives you the option to accept all cookies, reject non-essential cookies, or customize your preferences. Your choices will be remembered on future visits unless you clear your cookies or change your settings.
Opt-Out Tools
Certain third-party service providers (such as Google Analytics and major ad networks) provide opt-out tools that prevent your data from being used for targeted advertising or analytics. Links to these tools can be found in their respective privacy policies.
Withdrawal of Consent
You may withdraw your consent to non-essential cookies at any time by adjusting your cookie settings via our banner or clearing cookies from your browser/device.

By exercising these controls, you can tailor your cookie preferences to balance convenience, privacy, and personalization.

‍

5. Data Protection and Privacy

Cookies sometimes collect information that is considered “personal data” under applicable privacy laws (such as GDPR, CCPA, and other data protection regulations). Examples include your IP address, device identifier, or online behavior patterns.

At Kashu, we treat all cookie-related data with the same level of care as any other personal data:

Security Measures – We apply encryption, secure transmission protocols (HTTPS/TLS), and strict access controls to protect cookie data.
Minimal Retention – We retain cookie-related data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law.
Compliance – We comply with relevant data protection laws and implement safeguards to ensure cookies are used lawfully and transparently.
Integration With Privacy Policy – Information collected through cookies is covered by our [Privacy Policy], which details how data is processed, stored, and shared.

We never sell your personal information. Any third parties that receive data from cookies (e.g., analytics providers) are required to use it only for the purpose of providing services to us and must adhere to strict privacy and security standards.

‍

6. Updates to This Policy

We may update this Cookie Policy periodically to reflect:

Changes in Law – Regulatory requirements, such as updates under the GDPR, CCPA, or other emerging privacy frameworks.
Technological Advances – New tracking methods, analytics tools, or security improvements that alter how cookies are used.
Business Practices – Updates to Kashu’s services, integrations, or partnerships that involve third-party cookies or related technologies.

When we make material changes to this Cookie Policy, we will:

Post the updated version on our website and mobile app.
Update the “Last Updated” field at the top of this page.
In some cases, provide additional notice (such as an in-app alert or email) if the changes significantly affect your cookie choices or rights.

We encourage you to review this policy regularly to stay informed about how we use cookies and how you can manage your preferences.

‍

7. Contact Us

If you have any questions about this Cookie Policy or our data practices, please contact us at:

Kashu, Inc.
1603 Capitol Ave Ste 415 #674380
Cheyenne, WY 82001
Email: help@kashupay.com

‍

Last Updated: 5/11/2025 | Version 2.0

1. Scope and Application

Kashu, Inc. ("Kashu," "we," "our," or "us"), a Wyoming corporation, is a software platform that provides business financial-operations tooling on top of regulated payment and banking rails operated by licensed third-party institutions. This Privacy Policy describes how Kashu collects, uses, shares, retains, and protects information in connection with the Kashu platform, mobile and web applications, websites, APIs, and related services (collectively, the "Services").

The Services are made available exclusively to businesses organized under the laws of the United States. References to a "User" or "you" in this Policy refer to the business entity and to the authorized individuals associated with that entity, including beneficial owners, control persons, authorized signatories, and authorized employees who interact with the Services on the entity's behalf.

This Policy is supplemented, where applicable, by jurisdiction-specific notices, including the California CCPA/CPRA Supplement in Section 14, the GLBA Financial Privacy Notice in Section 12, and the Biometric Data Notice in Section 13.

Kashu processes information in accordance with the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, "CCPA"), the Illinois Biometric Information Privacy Act (BIPA) and comparable state biometric privacy laws, and other applicable U.S. federal and state privacy and data-protection laws.

‍

2. Our Services

The Services consist of three integrated pillars:

(c) Program Administration, Know Your Business (KYB) onboarding, compliance operations, sanctions screening, dispute coordination with regulated providers, recordkeeping, and ongoing program administration on your behalf.

Kashu is not a bank, money transmitter, deposit-taking institution, or lender. Regulated financial activity is performed by the licensed third-party institutions identified in Section 5.

‍

3. Information We Collect

Kashu collects information about the business entity, its authorized individuals, and the use of the Services. The categories of information we collect include:

3.1 Business Information

Legal entity name, jurisdiction of formation, and date of formation
Employer Identification Number (EIN) and other tax identifiers
Registered, operating, and mailing addresses
Primary business activity and industry classification
Beneficial ownership information for each person owning 25% or more
Control persons and authorized signatories
Linked bank account information and financial-institution identifiers

3.2 Personal Information (about authorized individuals)

Full legal name, date of birth, and Social Security Number or ITIN
Residential and mailing address, telephone number, and email address
Government-issued identification (e.g., driver's license, passport)
Title, role, and authority level within the business
Beneficial-ownership percentage and source of authority

3.3 Biometric Information

In connection with identity verification, our third-party verification provider (ClearMe) may collect biometric identifiers and biometric information, including facial geometry derived from a selfie image and matched against a government-issued identification document. Kashu does not retain raw biometric templates. See Section 13 for our full Biometric Data Notice.

3.4 Financial and Transaction Information

Card and bank account details linked to your program account
Transaction amount, date, time, counterparty, and category
Level 3 and corporate-card enhanced data fields associated with transactions
Program account balances and activity history
Reconciliation, dispute, and chargeback records

3.5 Device and Usage Information

IP address, device identifiers, operating system, and browser information
Session metadata, pages and features accessed, and clickstream data
System logs, error logs, and security-monitoring data
Cookies and similar tracking technologies (see Section 9)
Approximate geolocation derived from IP address

3.6 Communications

Support tickets, chat transcripts, and email correspondence
Recorded calls (where permitted and disclosed)
Survey responses and product feedback

3.7 Sources of Information

We collect information (a) directly from you when you register for, configure, and use the Services; (b) automatically from your devices and browsers; (c) from third-party verification, compliance, screening, and data-enrichment providers; (d) from financial institutions, card networks, and payment processors in connection with transactions; and (e) from public sources, including government and regulatory databases.

‍

4. How We Use Information

We use information to operate, secure, and improve the Services, including to:

Verify the identity of the business and its authorized individuals (KYB/KYC)
Conduct AML, sanctions, fraud, and risk screening
Open, administer, and maintain the program account
Initiate and reconcile transactions through licensed third-party institutions
Generate Level 3 and enhanced-data invoices and transaction records
Provide reporting, analytics, and Transaction Intelligence features
Communicate with you about the Services, including service notices and updates
Investigate and respond to disputes, complaints, and regulatory inquiries
Comply with applicable law, regulation, court orders, and partner-institution requirements
Detect, prevent, and respond to security incidents, fraud, and unlawful activity
Improve and develop the Services, including model training on de-identified data
Enforce our Terms of Service, Acceptable Use Policy, and other agreements

Our processing is not designed to result in automated decisions producing legal or similarly significant effects on individuals without human review, except where expressly disclosed and consented to in advance or where required to satisfy compliance obligations.

‍

5. How We Share Information

Kashu does not sell personal information. We share information only as necessary to deliver the Services and to satisfy legal and contractual obligations. The principal categories of recipients are:

5.1 Regulated Financial Institutions and Service Providers

Monarch Technologies, Inc., Licensed Money Services Business (MSB Registration No. 31000186536125) and NMLS-registered provider (NMLS ID 1908316). Provides money transmission, KYB/AML processing, and program-related financial services. Receives business, personal, and financial information necessary to perform regulated services.

Fresno First Bank, Member FDIC, Custodian of For-Benefit-Of (FBO) accounts in which customer funds are held. Receives information necessary for account opening, custody, and recordkeeping.

ClearMe, Identity-verification and biometric-processing provider. Receives identification documents and biometric data necessary to verify the identity of authorized individuals. Subject to the Biometric Data Notice in Section 13.

Card Networks, Acquirers, and Issuing Banks, Receive transaction, authorization, settlement, and dispute information.

5.2 Other Service Providers

We share information with vendors and contractors who perform services on our behalf, including cloud hosting, security, fraud screening, analytics, customer support, communications, and professional services (accounting, legal, audit). These providers are contractually restricted to using information only as necessary to perform services for Kashu.

5.3 Legal, Regulatory, and Compliance Disclosures

We may disclose information to regulators, law-enforcement agencies, courts, card networks, and financial institutions when required by law, subpoena, court order, regulatory request, or partner-institution requirement, or where we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Kashu, our users, or others.

5.4 Corporate Transactions

In the event of a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred to a successor or acquirer, subject to applicable law and to the protections of this Policy. Affected users will be notified in accordance with applicable law.

5.5 With Your Direction

We share information at your direction, including with integrations and third-party applications you connect to your program account.

‍

6. Data Security

Kashu implements administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of information, including:

Encryption of data in transit and at rest
Tokenization of card and bank account information
Role-based access controls and least-privilege provisioning
Multi-factor authentication for personnel and, where supported, users
Continuous security monitoring, logging, and intrusion detection
Vendor risk management and contractual security requirements
Periodic security assessments and penetration testing

No system can be guaranteed to be completely secure. You are responsible for safeguarding your account credentials, restricting access to authorized users, and promptly notifying Kashu of any suspected unauthorized access or compromise. In the event of a data breach affecting your information, Kashu will notify you in accordance with applicable law.

‍

7. Data Retention

Kashu retains information for the period necessary to fulfill the purposes described in this Policy or as required by applicable law, regulation, or partner-institution requirements. Indicative retention periods include:

KYB and KYC records: five (5) years following account closure (BSA/AML)
Transaction records, invoices, and settlement records: seven (7) years
Tax-related records: seven (7) years
Dispute, chargeback, and fraud records: seven (7) years
Support communications: three (3) years
Security logs: minimum one (1) year, extended as required by investigations
Biometric data: as described in Section 13
Marketing data: until opt-out or as required by law

Following the applicable retention period, information is securely deleted, destroyed, or de-identified, except where continued retention is required by law or for the establishment, exercise, or defense of legal claims.

‍

8. Your Rights

Depending on your jurisdiction, you may have rights with respect to your personal information, including the rights to:

Know what personal information we collect, use, and share
Access a copy of your personal information
Correct inaccurate personal information
Request deletion of personal information, subject to lawful exceptions
Restrict or object to certain processing
Receive a portable copy of your personal information
Limit the use of sensitive personal information
Opt out of the sale or sharing of personal information (Kashu does not sell)
Withdraw consent where processing is based on consent
Lodge a complaint with a supervisory authority

To exercise these rights, contact legal@kashupay.com. We will verify your identity before responding and will respond within the timeframe required by applicable law. Certain rights are subject to exceptions, including for legal compliance, BSA/AML obligations, fraud prevention, completion of transactions, and the establishment or defense of legal claims. Authorized agents may act on your behalf with documented consent and verified identity.

Kashu will not discriminate or retaliate against you for exercising any privacy right.

‍

9. Cookie and Tracking Technologies

Kashu uses cookies, pixels, web beacons, software development kits (SDKs), and similar technologies to operate, secure, and improve the Services. These technologies enable session management, authentication, fraud prevention, analytics, and feature delivery. You may manage cookie preferences through your browser settings; disabling certain cookies may limit functionality of the Services.

Kashu does not currently respond to "Do Not Track" signals. Where required by law, Kashu will honor Global Privacy Control (GPC) signals as opt-out requests for the sale or sharing of personal information.

‍

10. International Data Transfers

The Services are hosted in the United States and are intended for U.S.-based businesses only. By using the Services, you acknowledge that information will be processed and stored in the United States. Authorized individuals located outside the United States (for example, foreign beneficial owners of a U.S. entity) acknowledge that their information will be transferred to, and processed in, the United States, where privacy laws may differ from those of their home jurisdiction.

‍

11. Children's Privacy

The Services are designed for U.S.-based businesses and are not directed to children. Individuals using the Services on behalf of a business entity must be at least twenty-one (21) years of age and authorized to bind the entity. Kashu does not knowingly collect personal information from individuals under the age of thirteen (13) in violation of the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected information from a child in violation of applicable law, we will delete it promptly.

‍

12. GLBA Financial Privacy Notice

Because the Services facilitate financial activity through licensed third-party institutions, Kashu may handle nonpublic personal information ("NPI") as defined by the Gramm-Leach-Bliley Act (GLBA). This Section describes how Kashu handles NPI.

Categories of NPI Collected. Identifying information, account and transaction information, financial-institution identifiers, and information from consumer reports and verification services.

Categories of Parties to Whom NPI Is Disclosed. Licensed financial institutions and money transmitters identified in Section 5; service providers acting on Kashu's behalf; regulators, courts, and law-enforcement authorities; and parties to a corporate transaction. Kashu does not disclose NPI to non-affiliated third parties for those parties' independent marketing purposes.

Confidentiality and Security. Kashu maintains administrative, technical, and physical safeguards to protect NPI as described in Section 6. Access to NPI is restricted to personnel with a legitimate business need.

Former Users. Kashu continues to apply this Policy to NPI relating to former users, subject to applicable retention obligations.

A separate Financial Privacy Notice may be provided at account opening and annually thereafter, where required by applicable financial-services regulations.

‍

13. Biometric Data Notice

This Notice is provided in accordance with the Illinois Biometric Information Privacy Act (740 ILCS 14, "BIPA"), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), the Washington Biometric Privacy Act (RCW 19.375), and other applicable biometric-privacy laws.

Purpose. Biometric identifiers and biometric information (collectively, "Biometric Data") are collected solely to verify the identity of authorized individuals and to satisfy regulatory KYC, AML, and fraud-prevention obligations.

Collection. Biometric Data is collected and processed by our third-party verification provider, ClearMe, through a selfie image matched against a government-issued identification document. Kashu does not retain raw biometric templates.

Consent. Biometric Data is collected only after the individual has received notice and provided written consent in connection with onboarding.

Use and Disclosure. Biometric Data is used only for identity verification and is not sold, leased, traded, or otherwise disclosed for profit. Disclosure to third parties occurs only as permitted or required by applicable biometric-privacy law.

Retention and Destruction. Biometric Data is retained only for the period necessary to satisfy the verification purpose and applicable legal obligations, and in any event no longer than three (3) years following the individual's last interaction with the Services, after which it is permanently destroyed in accordance with BIPA.

Security. Biometric Data is stored using a reasonable standard of care, including encryption and access controls at least as protective as those used for other confidential and sensitive information held by Kashu.

‍

14. California Residents CCPA/CPRA Supplement

This Section supplements the rest of this Policy and applies to California residents whose personal information is processed by Kashu, including authorized individuals associated with business users (the B2B exemption under the CCPA expired on January 1, 2023). This Section is provided pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA").

14.1 Categories of Personal Information Collected

Over the prior twelve (12) months, Kashu has collected the following categories of personal information defined by the CCPA:

Identifiers (name, address, email, phone, government IDs, account identifiers)
Personal-records information (Cal. Civ. Code § 1798.80(e))
Protected classifications (age, where required by law)
Commercial information (transaction history, program-account activity)
Internet or network activity (device and usage information)
Geolocation data (approximate, from IP address)
Audio, electronic, and similar information (support recordings and communications)
Professional or employment-related information (role, title, authority)
Inferences drawn from the above to characterize preferences and behavior
Sensitive Personal Information (see Section 14.2)

14.2 Sensitive Personal Information

Kashu collects the following categories of Sensitive Personal Information (SPI): Social Security Number / ITIN; driver's license, state ID, and passport numbers; financial account, debit, and credit card numbers in combination with access credentials; precise geolocation (only where expressly authorized); and biometric information processed for identification (see Section 13). Kashu uses SPI only for the purposes permitted by Cal. Civ. Code § 1798.121, including providing the Services, preventing fraud, ensuring security, and complying with legal obligations. California residents have the right to limit the use of SPI to those permitted purposes.

14.3 Sources, Purposes, and Recipients

Sources of personal information, business and commercial purposes for collection, and categories of recipients are described in Sections 3, 4, and 5 of this Policy.

14.4 Sale and Sharing

Kashu does not sell personal information or Sensitive Personal Information, and does not share personal information for cross-context behavioral advertising, as those terms are defined by the CCPA.

14.5 California Rights

California residents have the following rights:

Right to know what personal information is collected, used, and disclosed
Right to access a copy of personal information
Right to correction of inaccurate personal information
Right to deletion of personal information, subject to lawful exceptions
Right to opt out of the sale or sharing of personal information (Kashu does not sell or share)
Right to limit the use and disclosure of Sensitive Personal Information
Right to non-discrimination for exercising CCPA rights

Requests may be submitted to legal@kashupay.com or by mail to the address in Section 16. We will verify your identity through account credentials or supporting documentation and respond within the timeframe required by law. Authorized agents may submit requests on your behalf with documented consent and verified identity. Kashu maintains CCPA request records for no less than twenty-four (24) months.

‍

15. Changes to This Policy

Kashu may update this Policy from time to time to reflect changes in our practices, the Services, or applicable law. Non-material changes are effective upon posting. Material changes will be communicated through the Services or by email at least thirty (30) days before they take effect, unless a shorter period is required by law or partner-institution requirements. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

‍

16. Business Owner Rights Policy

16.1 Introduction

This Business Owner Rights Policy (“Policy”) sets forth the rights, privileges, and protections available to individuals or entities registered with Kashu, Inc (“Kashu,” “we,” “our,” or “the Company”) as business clients (“Business Owners,” “you,” or “your”). This document applies to all Business Owners who use our platform, mobile application, or affiliated services for commercial, entrepreneurial, or investment purposes. Kashu is committed to fostering transparent and ethical business relationships, respecting the operational independence of our clients, and ensuring fair treatment across all touchpoints. This Policy is not exhaustive of your legal rights but is intended to codify the standards of practice Kashu follows to uphold your interests as a business partner and platform user.

16.2 Right to Access and Use Services

As a Business Owner with an active and verified account, you have the right to access Kashu’s financial tools, technology services, and integrations under the terms of your agreement and in accordance with all applicable laws. This includes the ability to:

Link business credit cards or accounts to your profile;
Initiate credit-to-cash transactions and wire/ACH transfers;
View historical activity and download payment/export logs;
Access tools for transaction management, peer payments, or service provider payments.

Your access is subject to ongoing compliance with our Terms of Service and any applicable usage limitations disclosed in advance.

16.3 Right to Financial Transparency

You are entitled to full transparency regarding:

Fees: All applicable service fees, processing costs, and any other charges will be disclosed prior to transaction execution. No hidden fees shall be levied.
Processing Timeframes: Kashu shall provide accurate and reliable information about the expected timing for processing, settlement, or refunds related to financial transactions.
Reconciliation and Receipts: For every completed transaction, you have the right to receive detailed documentation outlining the date, amount, payment method, service type, and associated fees.

All financial data provided is subject to your review, dispute, or inquiry. We will investigate any billing discrepancies brought to our attention in a timely and professional manner.

16.4 Right to Privacy and Confidentiality

Kashu acknowledges your right to maintain the confidentiality of sensitive business data. We are committed to:

Protecting any data submitted to us under applicable data privacy laws (including the CCPA and GLBA);
Preventing unauthorized disclosures of financial or operational data;
Ensuring that your transaction data is not used for marketing purposes without explicit consent;
Encrypting all transactional and identifying data using industry-leading standards.

Your confidential business records will only be shared with service providers or regulators under secure and legal conditions.

16.5 Right to Independent Business Decisions

As a Business Owner, you retain full autonomy over how and where to use your available funds. Kashu will never:

Interfere with your business decision-making;
Impose limitations on who you pay or transfer funds to (other than for regulatory compliance reasons);
Require exclusive use of our platform as a condition of service.

You are encouraged to use Kashu in a manner that complements your broader financial and operational strategy.

16.6 Right to Equal Access and Non-Discrimination

All Business Owners shall be treated equitably regardless of size, location, industry, credit profile, or account tenure. We do not discriminate in:

Approval of accounts (except for compliance purposes);
Access to product features;
Platform support;
Pricing or fee structures.

Any eligibility criteria or usage restrictions will be disclosed clearly and consistently.

16.7 Right to Account Portability and Closure

At any time, you have the right to:

Access and download your transaction history in a structured, portable format;
Request full account closure and data deletion (subject to retention policies governed by law or regulation);
Transition to or from Kashu without penalty, withholding, or obstruction.

Kashu will honor all data export and account termination requests in a manner that respects your independence and time.

16.8 Right to Dispute Resolution and Escalation

You are entitled to a fair and timely resolution process in the event of:

Unauthorized transactions;
Platform errors;
Support neglect;
Contractual disputes;
Account freezes or service interruptions.

Kashu shall provide:

A dedicated escalation pathway through the Client Success and Legal teams;
A record of your request, issue status, and resolution;
A final written explanation, including your appeal rights if applicable.

If no internal resolution is satisfactory, you may pursue resolution through mediation, arbitration, or the courts as defined in our Terms of Service.

16.9 Right to Platform Stability and Notification

Kashu commits to delivering a stable and secure platform. You have the right to:

Receive notice of system outages, scheduled maintenance, or substantial changes to service availability;
Be informed of any updates that affect your data, rights, or financial operations;
Access technical support or live chat assistance during defined service hours.

Reasonable efforts will be made to minimize downtime and provide business continuity guidance during outages.

16.10 Right to Participate in Product Feedback and Roadmap Input

Kashu values the input of its business clientele. As a Business Owner, you are entitled to:

Participate in surveys, beta features, or roadmap discussions;
Provide feedback that may shape future product enhancements;
Submit feature requests or integration ideas through formal channels like email.

Although implementation is not guaranteed, all feedback is reviewed and tracked internally for prioritization.

16.11 Right to Regulatory Transparency

You have the right to know:

What licenses and regulatory bodies govern Kashu’s financial operations;
How compliance with federal and state-level financial regulations is managed;
How your account activity is reported to or shared with regulators (when applicable).

We are obligated to cooperate with regulatory authorities but will ensure that such compliance does not infringe upon your commercial rights without notice.

16.12 Right to Amendment Notice

This Business Owner Rights Policy may be amended from time to time to reflect changes in our operations, regulatory guidance, or platform structure. All material changes will be:

Communicated to active users via email and/or in-platform notification;
Reflected by updating the Effective Date listed above;
Implemented no sooner than 15 days from notice unless legally required sooner.

Continued use of the Services constitutes your acceptance of such changes.

16.13 Enforcement and Contact

Violations of this Policy by internal staff or affiliated partners may result in disciplinary action or termination of access rights. Business Owners who believe their rights have been violated are encouraged to contact us directly:

Kashu, Inc

Attn: Legal Department

1603 Capitol Ave, Ste 415 #674380

Cheyenne, WY 82001

Email: legal@kashupay.com

We are committed to protecting your autonomy, financial clarity, and operational freedom.

Last Updated: 5/11/2026‍

1. Overview

This Refund Policy explains how refund requests are handled in connection with the use of the software, technology, data, and program-administration services provided by Kashu, Inc. ("Kashu," "we," "us," or "our"), a Wyoming corporation, through the Kashu platform, mobile and web applications, websites, APIs, and related services (collectively, the "Services"). The Services consist of three integrated pillars: Platform Access, Transaction Intelligence, and Program Administration, as further described in the Kashu Terms of Service.

Kashu is a software platform. Kashu does not hold, transmit, or issue funds. Refund mechanics flow through Kashu's partners, as described in Section 3.

These rules exist to protect users, maintain regulatory and card-network compliance, and ensure proper reconciliation with Kashu's partners.

‍

2. Definitions

"User," "you," or "your" — the U.S.-organized business entity that is a customer of Kashu, together with its Authorized Individuals.
"Authorized Individual" — a natural person authorized to act on behalf of the User, including a beneficial owner, control person, authorized signatory, or authorized employee.
"Program Account" — the account established for a business User to access the Services. Funds associated with a Program Account are held in custodial For-Benefit-Of (FBO) accounts at Fresno First Bank, Member FDIC, by Monarch Technologies, Inc.
"Platform Service Fee" — the fee paid to Kashu in consideration of the three pillars of the Services, as described in the Terms of Service and the STSA.‍
"Business Day" — a day, other than a Saturday, Sunday, or U.S. federal holiday, on which commercial banks in the United States are open for business.

‍

3. Custody and Refund Mechanics

Kashu has no legal, beneficial, or equitable interest in customer funds at any time and does not hold, transmit, settle, authorize, or directly issue refunds. Refund activity is performed by Kashu's partners, which include licensed acquirers and card payment providers, a licensed money transmitter, and a custodial bank. As of the date of this Policy, Kashu's partners include Monarch Technologies, Inc. (MSB Registration No. 31000186536125; NMLS ID 1908316), which holds customer funds in custodial For-Benefit-Of (FBO) accounts at Fresno First Bank, Member FDIC, and initiates ACH disbursements and ACH refunds where applicable. Card-funded transactions, including card-funded refunds, are authorized, settled, and issued by Kashu's acquirer and card payment providers in accordance with the rules of Visa, Mastercard, and other applicable card networks.

Kashu's role in connection with refunds is limited to reviewing requests, applying this Policy, and instructing the applicable Kashu partner to initiate approved refunds. Kashu does not directly process, authorize, settle, or issue any refund.

‍

4. Eligibility for Refunds

A refund may be approved if one of the following applies:

Duplicate Charge, the same transaction was processed more than once.
Incorrect Amount Charged, a system or processing error caused an inaccurate debit.
Transaction Cancelled Before Settlement, the transaction was stopped prior to final clearing through the card network.
System or Processing Error, a technical or network failure resulted in an invalid or incomplete charge.
Compliance or Regulatory Requirement, a refund is required to satisfy AML, KYC, KYB, OFAC, sanctions, or card-network obligations.

Refunds will not be issued for:

Completed and settled transactions initiated correctly by the User;
Funds that have already been transferred, withdrawn, or disbursed from the Program Account;
Platform Service Fees, except as described in Section 6;
Transactions under review for dispute, fraud, chargeback, or compliance investigation;
Requests submitted by a person who is not an Authorized Individual of the User.

‍

5. Refund Destination

Refunds are returned to the original funding instrument whenever possible, in accordance with the rules of the applicable card network, payment provider, and financial institution.

If the funding instrument was a credit or debit card, the refund is issued back to the same card account by Kashu's partners in accordance with applicable card-network rules.
If the funding instrument was a bank account, the refund is issued by ACH back to the originating account by Kashu's partners.
Refunds will not be issued in cash, check, or to a financial instrument other than the original funding instrument.

If the original funding instrument has been closed or is otherwise unavailable, Kashu will work with its partners to determine the appropriate treatment, which may include holding the funds in the Program Account pending additional verification or returning the funds to the issuing institution in accordance with card-network or banking rules.

‍

6. Platform Service Fee

The Platform Service Fee is consideration for software, technology, data, and program-administration services rendered at the time of the transaction. Because those services, including KYB review, risk monitoring, sanctions screening, transaction-level data enrichment, reporting, and program administration, are performed and consumed at the moment of the transaction, the Platform Service Fee is earned upon transaction completion and is non-refundable, except in the following limited circumstances:

The underlying transaction did not complete or did not settle, in which case the Platform Service Fee will not be charged;
A duplicate transaction was processed in error, in which case the Platform Service Fee associated with the duplicate (and only the duplicate) will be refunded together with the duplicated principal;
A refund of the Platform Service Fee is required by applicable law, regulator direction, or card-network rule.

Where a partial refund of principal is approved, the Platform Service Fee remains fully earned and non-refundable, except as set forth above.

‍

7. Processing Timeframes

Kashu typically instructs its partners to initiate approved refunds within two (2) Business Days of approval. Settlement of the refund to the original funding instrument is performed by Kashu's partners and the issuing or receiving financial institution, and typically results in funds appearing on the cardholder statement or in the receiving bank account within five (5) to ten (10) Business Days of instruction.

Kashu does not control downstream processing or settlement timelines. Delays may occur due to additional verification, intermediary-bank holds, card-network settlement cycles, or compliance review.

‍

8. How to Request a Refund

To request a refund, an Authorized Individual must submit a written request to the address listed in Section 16 (Contact Information) with the following details:

Business legal name and Employer Identification Number (EIN);
Program Account identifier;
Name, title, and role of the Authorized Individual submitting the request;
Transaction ID, date, and amount;
Funding instrument identifier (e.g., last four digits of the card or bank account);
Detailed reason for the refund request;
Any supporting documentation.

For security, additional identity verification or supporting documentation may be required before a review can begin.

‍

9. Review and Approval Process

All refund requests are reviewed by Kashu's Risk and Compliance teams. Each request is assessed to confirm that:

The transaction qualifies under the eligibility criteria in Section 4;
There is no indication of fraud, misuse, chargeback abuse, or AUP violation;
The refund complies with Visa, Mastercard, and other applicable card-network rules; and
The refund complies with applicable banking, AML, KYC, KYB, OFAC, and sanctions standards.

Refunds are approved or denied at Kashu's sole discretion in accordance with this Policy and applicable law. If denied, the requesting Authorized Individual will receive a written explanation. Once an approved refund has been instructed and settled by Kashu's partners, the refund is final.

‍

10. High-Value Refunds

Refund requests for amounts exceeding ten thousand U.S. dollars (US$10,000) may require additional verification, enhanced due diligence, and sign-off by Kashu's Finance or Compliance officers. These reviews ensure that high-value refund instructions are consistent with anti-money-laundering standards, card-network settlement requirements, and the rules of Kashu's partners. Processing times for high-value refunds may be extended.

‍

11. Holds and Freezes

Kashu may instruct its partners to hold or freeze a refund amount, or to delay an instruction, pending compliance review, dispute investigation, regulatory cooperation, or partner direction. Refunds released after a hold are subject to the same downstream processing timelines as approved refunds.

‍

12. Refunds vs. Chargebacks

Refunds are reviewed by Kashu and, if approved, instructed by Kashu to the applicable Kashu partner. Chargebacks, by contrast, are initiated by a cardholder through their issuing bank under the dispute process defined by the applicable card network, and are processed by the card network, the cardholder's issuing bank, and Kashu's partners without Kashu's involvement in the decisioning step.

If a chargeback is filed while a refund request is pending, Kashu will suspend its refund review until the chargeback is resolved by the card network. Card-network rules and the cardholder's agreement with the issuing bank govern chargeback rights, not this Policy. Duplicate or coordinated refund and chargeback claims for the same transaction may result in account suspension, instructions to hold funds in the Program Account.

‍

13. Compliance and Limitations

All refunds are subject to applicable:

Visa, Mastercard, and other applicable card-network operating regulations;
Banking, AML, KYC, KYB, OFAC, and sanctions compliance standards;
The processing, settlement, and ACH rules of Kashu's partners; and
Kashu's internal Risk Management and Fraud Prevention policies and the Acceptable Use Policy.

Kashu reserves the right to deny, delay, or instruct the hold of refunds that:

Conflict with ongoing investigations, legal holds, or regulatory cooperation;
Appear to circumvent AML, KYB, sanctions screening, or fraud-prevention controls;
Are otherwise inconsistent with card-network, partner, financial-institution, or regulatory obligations.

Refund instructions may be reversed by Kashu's partners where fraudulent behavior, chargeback misuse, or non-compliance is identified after issuance.

‍

14. Liability Disclaimer

Kashu is not responsible for delays or actions caused by Kashu's partners, card networks, issuing banks, intermediary banks, network outages, or other third-party financial institutions or processors.

Refunds are issued only to the verified original funding instrument. Kashu bears no liability for losses arising from changes to user banking details, account closures, card expirations, or instructions provided by the User that are subsequently disputed. A refund cannot exceed the original transaction amount.

‍

15. Relationships to Other Policies

This Policy forms part of, and is incorporated by reference into, the Kashu Terms of Service and the Kashu Software & Technology Services Agreement ("STSA"), and is read together with the Acceptable Use Policy, the Privacy Policy, and any other published Kashu compliance documents. In the event of any conflict between these documents, the order of precedence is: (1) STSA → (2) Terms of Service → (3) Acceptable Use Policy → (4) this Refund Policy. All other policies and disclosures are subordinate to the above.

‍

16. Contact Information

For refund requests, questions about this Policy, or to check the status of a submitted refund, you may contact us as follows:

Kashu, Inc

Attn: Refunds — Risk & Compliance

1603 Capitol Ave, Ste 415 #674380

Cheyenne, WY 82001

Email: help@kashupay.com

Support Hours: Monday – Friday, 9:00 AM – 6:00 PM (CST)

‍

17. Modifications

Kashu reserves the right to modify or update this Policy at any time to reflect changes in regulations, card-network rules, the requirements of Kashu's partners, or internal processes. Non-material changes are effective upon posting. Material changes will be communicated through the Services or by email at least thirty (30) days before they take effect, unless a shorter period is required by law, regulator direction, or partner-institution requirements. Your continued use of the Services after the effective date constitutes acceptance of the modified Policy.

Last Updated: 5/11/2026 | Version 2.0

These Affiliate and Partner Terms of Service ("Terms") constitute a binding agreement between Kashu, Inc., a Wyoming corporation ("Kashu," "we," "us," or "our"), and any individual or entity that applies for, is accepted into, or participates in Kashu's Affiliate or White Label Partner Programs (collectively, the "Programs," and each individually a "Participant," "Affiliate," or "Partner," as applicable).

These Terms govern your participation in the Programs and are incorporated by reference into, and shall be read in conjunction with, the Kashu Independent Contractor & Affiliate Agreement or Kashu White Label Partner Agreement, as applicable (each a "Program Agreement"), as well as Kashu's Software & Technology Services Agreement ("STSA"), Terms of Service, Acceptable Use Policy, Customer Identification Program, Privacy Policy, and Refund Policy.

By applying to, being accepted into, or continuing participation in either Program, you acknowledge that you have read, understood, and agreed to be bound by these Terms.

‍

1. Overview and Program Distinctions

Kashu operates a software platform that delivers business financial-operations tooling to U.S.-based businesses. The Services consist of three integrated pillars: Platform Access, Transaction Intelligence, and Program Administration, as further described in the Kashu Terms of Service.

The Programs allow independent participants to either refer business users to the Kashu platform or operate their own branded instance of the Kashu software. Each Program is distinct in structure and compensation as described below.

(a) Affiliate Program. The Affiliate Program allows approved participants to promote and refer new business users to Kashu's platform through an authorized referral link. Affiliates earn commissions based on Kashu's collected Platform Service Fees on a referred user's first completed transaction, subject to the tiered compensation structure and limitations described in Section 4.

(b) White Label Partner Program. The White Label Program allows approved partners to operate a customized or co-branded instance of the Kashu software. White Label Partners earn a negotiated percentage of Kashu's collected Platform Service Fees from Program Accounts onboarded through their designated branded instance. White Label Partners are subject to separate commercial and technical obligations, as described in Section 5.

Participation in either Program is strictly conditional upon adherence to these Terms, the applicable Program Agreement, and Kashu's compliance standards.

Scope Clarification. These Terms govern referrals of business users to the Kashu software platform and white-label deployments of the Services. They do not govern Kashu's ISO or merchant-processing referral programs, which operate under separate agreements and are not available through these Programs.

‍

2. Eligibility and Acceptance

To participate in the Programs, you must:

(a) Be at least twenty-one (21) years of age and possess full legal capacity to enter into binding contractual obligations; if applying as an entity, be a legal entity in good standing with authority to bind the entity;
(b) Maintain a verified account in good standing with Kashu;
(c) Complete all required tax, compliance, and identity-verification processes, including Know Your Business ("KYB") for entity Participants, Know Your Customer ("KYC") for individual Participants and beneficial owners, and Anti-Money Laundering ("AML") and sanctions screening;
(d) Execute the applicable Affiliate Agreement or White Label Partner Agreement; and
(e) Be approved by Kashu's compliance and partnerships departments in their sole discretion.

Kashu reserves the right to deny or revoke participation at any time, with or without cause, including for any breach of these Terms, violation of applicable law, reputational risk, or compliance irregularity.

‍

3. General Representations and Warranties

By participating in the Programs, you represent, warrant, and covenant that:

(a) You will conduct all activities lawfully, ethically, and in accordance with these Terms, the applicable Program Agreement, and all applicable federal, state, and international laws, including the Bank Secrecy Act, USA PATRIOT Act, FinCEN Customer Due Diligence Rule, OFAC sanctions regulations, the CAN-SPAM Act, the Telephone Consumer Protection Act (TCPA), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data-protection and consumer-protection laws;
(b) You will not engage in false, deceptive, or misleading marketing or make unauthorized statements regarding Kashu, its affiliates, products, or services;
(c) You will not imply any joint venture, employment, or agency relationship between yourself and Kashu; and
(d) You will maintain accurate and complete records of all promotional and referral activities as may be requested by Kashu for audit, compliance, or verification purposes.

‍

4. Affiliate Program Terms

4.1 Compensation and Commission Structure

Affiliates shall earn commissions based solely upon Kashu's receipt of collected Platform Service Fees from the first transaction completed by a referred user who registers through the Affiliate's designated referral link. Commissions shall be determined according to the following structure:

Gold Tier: 5% of Kashu's collected Platform Service Fees on the referred user's first transaction (for affiliates generating between $100,000 and $499,999 in referred monthly volume).
Platinum Tier: 10% of Kashu's collected Platform Service Fees on the referred user's first transaction (for affiliates generating $500,000 or more in referred monthly volume).
Executive Tier (Custom): A negotiated percentage rate, available only to approved affiliates operating through an authorized white-label or co-branded instance.

Affiliates shall not be entitled to any residual or recurring compensation for subsequent transactions by referred users unless expressly stated in a written agreement signed by Kashu.

4.2 Referral Attribution and Tracking

Affiliate commissions are earned only for users who (i) access Kashu through the Affiliate's unique referral link, and (ii) complete their first transaction on the platform. Kashu shall maintain exclusive discretion over the methods used for referral tracking and attribution. If a referred user fails to register or transact via the Affiliate's designated link, the Affiliate shall not be credited for that user. Kashu shall have no obligation to adjust tracking results or pay commissions on untracked referrals.

4.3 Payouts and Adjustments

Affiliate payouts shall occur no earlier than thirty (30) days following the close of the month in which the qualifying transaction occurred. Notwithstanding the foregoing, Kashu and an Affiliate may agree in writing to a different payment schedule or structure; any such written agreement, signed by an authorized representative of Kashu, shall control over the timing set forth in this Section. Payouts shall be made by ACH or other approved method to the account on file and shall be net of chargebacks, refunds, reversals, disputes, or other offsets affecting the underlying Platform Service Fees. Kashu reserves the right to withhold, delay, or offset payments in cases of suspected fraud, compliance review, or accounting error. Affiliates shall have thirty (30) days from receipt of payment to dispute any discrepancies in writing; failure to do so constitutes waiver of all claims.

4.4 Taxes and Reporting

Affiliates are independent contractors and shall be solely responsible for the payment of all federal, state, and local taxes, including income and self-employment taxes. Kashu shall report payments on IRS Form 1099 or equivalent as required by law.

4.5 Prohibited Conduct

Affiliates shall not:

Use unauthorized advertising methods, including misleading claims or representations;
Bid on Kashu trademarks, domain names, or variants in paid search or digital advertising campaigns;
Represent themselves as employees, agents, or representatives of Kashu;
Engage in unsolicited telemarketing, cold-calling, or any practice in violation of the TCPA or CAN-SPAM Act; or
Engage in any activity likely to harm the reputation, goodwill, or compliance posture of Kashu.

Violation of this Section shall result in immediate termination and forfeiture of unpaid commissions.

‍

5. White Label Partner Program Terms

5.1 Commercial Framework

Each approved White Label Partner shall enter into a separate White Label Partner Agreement, which governs the commercial, technical, and operational terms of participation. White Label Partners earn a negotiated percentage of Kashu's collected Platform Service Fees from Program Accounts onboarded through their designated branded instance ("Revenue Share"). The applicable percentage shall be memorialized in the executed Schedule A to the White Label Partner Agreement.

5.2 Fees and Payment Obligations

White Label Partners shall pay the following fees unless otherwise specified in writing:

(a) One-Time Setup Fee: USD $20,000 (non-refundable).
(b) Monthly Platform Fee: USD $3,000, due on the first day of each month during the initial twelve (12)-month term.

Failure to remit payment within sixty (60) days of the due date shall authorize Kashu to suspend access to the platform, withhold all commissions and Revenue Share distributions, and impose late fees or interest as permitted by law.

5.3 Payout Schedule

Revenue Share payments shall be calculated monthly in arrears and disbursed no earlier than thirty (30) days following the close of the applicable transaction period. All payments shall be net of chargebacks, reversals, or other deductions affecting the underlying Platform Service Fees. Kashu reserves the right to withhold or offset any amounts due to a Partner in satisfaction of outstanding obligations.

5.4 Branding, Compliance, and Conduct

Partners may operate the platform under their own branding, provided that Kashu retains attribution rights such as "Powered by Kashu" or equivalent, where reasonably required. Partners shall:

Comply with all applicable BSA/AML, KYC, KYB, OFAC, sanctions, FinCEN Customer Due Diligence Rule, PCI DSS, CCPA/CPRA, and related legal standards;
Promptly report any suspicious activity, regulatory inquiry, or data breach to help@kashupay.com; and
Maintain accurate operational and support records in accordance with Kashu's audit and compliance requirements.

5.5 Technical Support and Operations

Kashu shall provide system maintenance, infrastructure support, and second-level technical assistance as outlined in the applicable White Label Partner Agreement. Kashu shall also provide first-line customer support to end users and ensure that its personnel are adequately trained in the use of the platform.

5.6 Termination and Post-Termination Obligations

Upon termination of the Partner's Agreement for any reason:

(a) Partner's right to access or operate the Kashu platform shall immediately cease;
(b) All outstanding platform fees and charges shall become immediately due and payable;
(c) Partner shall remove all branding, content, and references to Kashu from public-facing materials; and
(d) All confidential information and proprietary materials of Kashu shall be returned or destroyed in accordance with Section 6.7.

‍

6. General Provisions Applicable to All Participants

6.1 Independent Contractor Relationship

Affiliates and Partners are independent contractors and not employees, agents, joint venturers, or franchisees of Kashu. Nothing in these Terms shall be construed to create any relationship of employment or agency. Participants have no authority to bind Kashu in contract or otherwise.

6.2 Chargebacks, Fraud, and Clawbacks

Kashu reserves the right to reverse or reclaim ("claw back") any prior payment or credit if the underlying transaction is reversed, disputed, fraudulent, or otherwise invalidated. Kashu may offset such amounts against future payments without prior notice.

6.3 Limitation of Liability

In no event shall Kashu, its officers, directors, employees, or affiliates be liable for any indirect, incidental, consequential, or punitive damages, including loss of profits or business opportunities. Kashu's aggregate liability to any Participant under these Terms shall not exceed the total amount paid to such Participant under the applicable Program during the twelve (12) months preceding the event giving rise to the claim.

6.4 Indemnification

Each Participant agrees to indemnify, defend, and hold harmless Kashu and its affiliates, officers, directors, employees, and representatives from and against any and all claims, losses, liabilities, or expenses arising from (i) Participant's breach of these Terms or the applicable Program Agreement, (ii) violation of applicable law, or (iii) negligence, fraud, or willful misconduct.

6.5 Modification of Terms

Kashu reserves the right to modify these Terms or the structure of the Programs at any time. Non-material changes are effective upon posting. Material changes will be communicated through the Services or by email at least thirty (30) days before they take effect, unless a shorter period is required by law, regulator direction, or partner-institution requirements. Continued participation after the effective date constitutes acceptance of the revised Terms.

6.6 Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the State of Wyoming, without regard to its conflict-of-law provisions. Any dispute arising under or relating to these Terms shall be submitted to binding arbitration before the American Arbitration Association in Cheyenne, Wyoming. The prevailing party shall be entitled to recover its reasonable attorneys' fees and costs.

6.7 Confidentiality

Participants will, in the course of the Programs, have access to non-public, proprietary, or confidential information of Kashu, including business strategies, pricing, user data, technology, financial information, and operational methods ("Confidential Information"). Participants shall maintain Confidential Information in strict confidence, use it solely for purposes of the Programs, and not disclose it to third parties except to personnel and advisors bound by confidentiality obligations no less protective than these Terms. Upon termination, all Confidential Information shall be returned or destroyed at Kashu's election.

6.8 Notices

All notices, requests, or communications under these Terms shall be in writing and deemed given when delivered personally, sent by certified mail (return receipt requested), or transmitted by email to affiliates@kashupay.com, or to such other address as Kashu may designate.

6.9 Document Hierarchy

In the event of any conflict between these Terms and the applicable Program Agreement, the Program Agreement shall control. The user-facing Services that Affiliates and Partners promote are governed by Kashu's STSA, Terms of Service, Acceptable Use Policy, Customer Identification Program, Privacy Policy, and Refund Policy, in the order of precedence stated in those documents.

‍

7. Contact Information

For questions or correspondence regarding the Affiliate or Partner Programs, please contact:

Kashu, Inc.

Attn: Partnerships and Affiliates Department

1603 Capitol Avenue, Suite 415 #674380

Cheyenne, WY 82001

Email: affiliates@kashupay.com

Compliance / suspicious activity: help@kashupay.com

Website: www.kashupay.com/affiliates

Last Updated: 5/11/2026 | Version 2.0

1. Overview

Kashu, Inc. ("Kashu," "we," "us," or "our"), a Wyoming corporation, operates a software platform that provides business financial-operations tooling, Platform Access, Transaction Intelligence, and Program Administration, on top of regulated payment and banking rails operated by Kashu's partners.

As part of the Program Administration pillar of the Services, Kashu maintains a Customer Identification Program ("CIP") to verify the identity of the business entities that use Kashu and the individuals associated with those entities. The CIP supports the customer-identification, customer-due-diligence, and anti-money-laundering obligations of Kashu's partners under the Bank Secrecy Act (BSA), the USA PATRIOT Act, the FinCEN Customer Due Diligence Rule (31 CFR 1010.230), the Corporate Transparency Act and its Beneficial Ownership Information rule, OFAC sanctions programs, and applicable state law.

This CIP is a customer-facing summary of how Kashu collects and verifies identity information. It does not modify, replace, or limit Kashu's internal compliance procedures or the regulatory obligations of Kashu's partners.

‍

2. Definitions

"Services" — the Kashu platform, software, mobile and web applications, APIs, and related technology, data, and program-administration offerings.
"User," "you," or "Customer" — the U.S.-organized business entity that uses the Services, together with its Authorized Individuals.
"Authorized Individual" — a natural person authorized to act on behalf of the User, including a beneficial owner, control person, authorized signatory, or authorized employee.
"Beneficial Owner" — each natural person who, directly or indirectly, owns twenty-five percent (25%) or more of the equity interests of the User.
"Control Person" — a single natural person with significant managerial control or authority over the User, such as a Chief Executive Officer, Chief Financial Officer, Managing Member, General Partner, President, Vice President, or Treasurer.‍
"Program Account" — the account established for a business User to access the Services.

‍

3. Who Must Be Identified

The Services are available exclusively to businesses organized under the laws of the United States. Before a Program Account can be opened or used, Kashu must identify and verify:

The business entity itself;
Each Beneficial Owner;
The Control Person; and
Each Authorized Individual who will access or transact on the Services.

All Authorized Individuals must be at least twenty-one (21) years of age and must be authorized to act on behalf of the User.

‍

4. Information We Collect

4.1 Business Information

Legal entity name, jurisdiction of formation, and date of formation;
Employer Identification Number (EIN) and other applicable tax identifiers;
Registered, operating, and mailing addresses (no P.O. boxes for primary addresses);
Primary business activity, industry classification, and merchant category;
Formation documents (e.g., articles of incorporation or organization, operating agreement, certificate of good standing);
Linked bank account information and financial-institution identifiers;
FinCEN Beneficial Ownership Information (BOI) report identifiers, where applicable.

4.2 Beneficial Owner and Control Person Information

Full legal name;
Date of birth;
Residential address (no P.O. boxes);
Social Security Number, Individual Taxpayer Identification Number (ITIN), or, for non-U.S. persons, passport number and country of issuance;
Government-issued photo identification (e.g., U.S. driver's license, state ID, or passport);
Beneficial-ownership percentage, role, title, and authority within the User.

4.3 Authorized Individual Information

Full legal name;
Date of birth;
Email address and telephone number;
Government-issued photo identification;
Role, title, and authority within the User.

4.4 Biometric Information

In connection with identity verification, Kashu's identity-verification partner may collect biometric identifiers and biometric information, including facial geometry derived from a selfie image matched against a government-issued identification document. Collection and use of biometric information is subject to the Biometric Data Notice in the Kashu Privacy Policy.

‍

5. How We Verify

Kashu uses a combination of automated and manual methods to verify the information collected under Section 4, including:

Verification of formation, registration, and good-standing status through Secretary of State records and other authoritative business registries;
Cross-checking identifying information against government, credit-bureau, and third-party data sources;
Document authenticity review of government-issued identification, including security-feature analysis;
Biometric and liveness verification of natural persons through Kashu's identity-verification partner;
Validation of linked bank account ownership;
Verification of beneficial-ownership disclosures against the FinCEN BOI database, where applicable;
Manual review and enhanced due diligence by Kashu's Compliance team for higher-risk profiles or transactions.

If verification cannot be completed, Kashu may request additional information or documentation, restrict or delay access to the Services, or decline to open the Program Account, as described in Section 8.

‍

6. Sanctions and Watchlist Screening

Kashu screens the User, each Beneficial Owner, the Control Person, each Authorized Individual, and linked counterparties against U.S. and international sanctions and watchlists, including:

The U.S. Department of the Treasury Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) list and Consolidated Sanctions list;
U.S. Department of Commerce Bureau of Industry and Security (BIS) Denied Persons, Entity, and Unverified lists;
U.S. Department of State debarred-parties lists;
Politically Exposed Persons (PEP) and adverse-media screening;
Card-network and partner-institution screening requirements.

Screening occurs at onboarding and on an ongoing basis. A match or potential match may result in account hold, restriction, declination, or termination, and may be reported to regulators and Kashu's partners as required by applicable law.

‍

7. Risk-Based Approach and Enhanced Due Diligence

Kashu applies a risk-based approach to identity verification and ongoing monitoring. Risk factors considered include, without limitation:

Industry, NAICS, and business activity;
Geographic factors, including the location of the business, its owners, and counterparties;
Ownership structure, including the presence of foreign ownership, layered entities, or politically exposed persons;
Transaction volume, size, frequency, and counterparty patterns;
Funding sources and program-account activity patterns;
Public-records, regulatory, and adverse-media findings.

Where elevated risk is identified, Kashu may apply Enhanced Due Diligence ("EDD"), including additional documentation requests, source-of-funds review, in-depth ownership-structure analysis, additional sanctions and adverse-media screening, and senior-Compliance approval prior to account activation or specific transactions.

‍

8. If We Cannot Verify

If Kashu cannot reasonably verify the identity of the User or any required individual, Kashu may:

Decline to open the Program Account;
Restrict, suspend, or terminate access to the Services;
Instruct Kashu's partners to hold or freeze funds pending resolution;
Refer the matter to internal review for potential filing of a Suspicious Activity Report (SAR) by Kashu's partners; and
Notify regulators and partner institutions as required by applicable law.

Kashu does not provide reasons for adverse identification decisions in cases where doing so could compromise an ongoing investigation or violate confidentiality obligations imposed by law.

‍

9. Notice to Customers

Important information about procedures for opening a new Program Account: To help the government fight the funding of terrorism and money-laundering activities, federal law requires financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: when you open a Program Account, we will ask for the business's name, address, taxpayer identification number, and other information that will allow us to identify the business. We will also ask for the name, address, date of birth, taxpayer identification or passport number, and other information that will allow us to identify each Beneficial Owner, the Control Person, and each Authorized Individual. We may also ask to see identifying documents.

‍

10. Ongoing Monitoring and Refresh

Identity verification does not end at account opening. Kashu conducts ongoing monitoring of identifying information, account activity, and partner-institution feedback. Kashu may request that the User update or re-verify information, in whole or in part, when:

A government-issued identification document expires or appears invalid;
Ownership, control-person, or material business information changes (which must be reported within ten (10) business days under the Acceptable Use Policy);
Activity patterns or risk factors trigger Enhanced Due Diligence;
Sanctions, watchlist, or adverse-media findings warrant additional review;
Kashu's partners or applicable regulators require refreshed information.

‍

11. Recordkeeping

Kashu retains identifying information, descriptions of documents reviewed, and records of verification methods and outcomes for a minimum of five (5) years following closure of the Program Account, or for such longer period as required by applicable law, regulator direction, or partner-institution requirements. Records are stored using encryption in transit and at rest, role-based access controls, and other safeguards as further described in the Kashu Privacy Policy.

‍

12. Data Security and Privacy

Information collected under this CIP is used solely for identity verification, ongoing monitoring, regulatory compliance, and the operation of the Services. Kashu does not sell or share customer identification data for marketing purposes. Handling of personal information, biometric data, and Sensitive Personal Information is further described in the Kashu Privacy Policy.

‍

13. Reliance and Partner Coordination

Kashu performs the procedures described in this CIP in support of the customer-identification, customer-due-diligence, and anti-money-laundering obligations of Kashu's partners. Kashu's partners include the licensed money transmitter and custodial bank that hold customer funds, the acquirers and card payment providers that authorize and settle card transactions, the identity-verification provider, and other compliance vendors. Kashu shares verification information with these partners as necessary to satisfy regulatory and contractual obligations.

‍

14. Compliance and Oversight

Kashu's CIP is administered by the Compliance Department, under the oversight of a designated BSA Compliance Officer. The CIP is reviewed at least annually for consistency with applicable law, partner-institution requirements, and industry best practices. Kashu personnel with CIP responsibilities receive periodic training, and Kashu's compliance program is subject to independent testing in accordance with applicable BSA/AML requirements.

‍

15. Relationship to Other Policies

This CIP is incorporated by reference into the Kashu Terms of Service and is read together with the Kashu Software & Technology Services Agreement ("STSA"), the Acceptable Use Policy, the Privacy Policy, and the Refund Policy. In the event of any conflict between these documents, the order of precedence is: (1) STSA → (2) Terms of Service → (3) Acceptable Use Policy → (4) this CIP and the Refund Policy. All other policies and disclosures are subordinate to the above.

‍

16. Modifications

Kashu reserves the right to modify or update this CIP at any time to reflect changes in regulations, partner requirements, or internal processes. Non-material changes are effective upon posting. Material changes will be communicated through the Services or by email at least thirty (30) days before they take effect, unless a shorter period is required by law, regulator direction, or partner-institution requirements. Your continued use of the Services after the effective date constitutes acceptance of the modified CIP.

‍

17. Contact Information

For questions about this CIP, identity-verification status, or assistance completing verification, you may contact us as follows:

Kashu, Inc

Attn: Customer Support

1603 Capitol Ave, Ste 415 #674380

Cheyenne, WY 82001

Email: help@kashupay.com

‍

Last Updated: 5/11/2026 | Version 1.3

1. Introduction and Purpose

This Acceptable Use Policy ("Policy" or "AUP") sets forth the rules governing the use of the software, technology, data, and program-administration services provided by Kashu, Inc. ("Kashu," "we," "us," or "our"), a Wyoming corporation, through the Kashu platform, mobile and web applications, websites, APIs, and related services (collectively, the "Services"). The Services consist of three integrated pillars: Platform Access, Transaction Intelligence, and Program Administration, as further described in Kashu's Terms of Service.

This Policy is designed to ensure that all activity conducted through Kashu's systems complies with applicable laws, card-network rules, partner-institution requirements, and industry best practices, and to define the conduct expected of all users of the Services.

You are independently responsible for complying with all applicable federal, state, and local laws in all of your actions related to your use of the Services. You must also comply with this Policy, the Kashu Terms of Service, the Kashu Software & Technology Services Agreement ("STSA"), and any other agreement or disclosure presented to you in connection with the Services. Any violation of this Policy constitutes a violation of the Terms of Service and may result in suspension or termination of your program account.

‍

2. Scope and Application

This Policy applies to all users of the Services, including the business entity using the Services ("User" or "you") and all individuals authorized to access the Services on the entity's behalf, including beneficial owners, control persons, authorized signatories, and authorized employees ("Authorized Individuals").

The Services are made available exclusively to **businesses organized under the laws of the United States and operating in the United States**. Use of the Services from sanctioned jurisdictions, or by individuals or entities appearing on any U.S. government sanctions, denied-party, or politically-exposed-person list, is prohibited.

This Policy applies to all transactions processed, initiated, instructed, or received through Kashu's systems.

‍

3. Definitions

"Services" — the Kashu platform, software, mobile and web applications, APIs, and related technology, data, and program-administration offerings.
"Program Account" — the account established for a business User to access the Services. Funds associated with a Program Account are held in custodial FBO accounts at Fresno First Bank by Monarch Technologies, Inc., not by Kashu.
"Authorized Individuals" — the natural persons authorized to act on behalf of the User, including beneficial owners, control persons, authorized signatories, and authorized employees.
"Material Change" — any change to KYB information that would, if known at onboarding, have materially affected Kashu's eligibility, risk, or compliance determination, including changes in entity name, structure, jurisdiction, beneficial ownership of 25% or more, control persons, primary business activity, registered or operating address, or linked bank account.‍
"Business Day" — a day, other than a Saturday, Sunday, or U.S. federal holiday, on which commercial banks in the United States are open for business.

4. Custody and Fund Control

Kashu has no legal, beneficial, or equitable interest in customer funds at any time. Funds associated with a Program Account are held by Monarch Technologies, Inc. (MSB Registration No. 31000186536125; NMLS ID 1908316) in custodial For-Benefit-Of ("FBO") accounts at Fresno First Bank, Member FDIC.

Kashu's enforcement authority under this Policy is limited to (a) suspending or terminating access to the Services; and (b) instructing Monarch and the underlying financial institutions to initiate, hold, freeze, or release funds in accordance with this Policy, applicable law, lawful third-party requests, and the rules of the underlying financial institutions. Kashu does not hold, transfer, or release funds directly.

‍

5. Permitted Uses

The Services may be used to:

Operate the financial activities of a U.S.-organized business entity in good standing;
Fund the Program Account using authorized, lawfully-obtained credit, debit, or bank accounts held in the User's legal name;
Initiate transfers from the Program Account to verified bank accounts owned by the User or by KYB-verified counterparties of the User in connection with bona fide business activity;
Access reporting, analytics, transaction-level data enrichment, and program-administration features provided by the Services;
Conduct legitimate business-to-business commercial activity consistent with the User's declared line of business and KYB profile.

Any use that exceeds the scope of this Section, or that falls within Sections 6 or 7 without the required pre-approval, is a violation of this Policy.

‍

6. Prohibited Activities

You may not use the Services for any activity that violates any law, statute, ordinance, regulation, card-network rule, or partner-institution requirement. Without limitation, the following activities are prohibited.

6.1 Illegal or Restricted Products and Services

Narcotics, steroids, controlled substances, or products presenting consumer-safety risk
Drug paraphernalia
Cannabis, CBD, hemp, and hemp-derived products (federally restricted regardless of state legality)
Cigarettes, tobacco, e-cigarettes, vaping products, and related supplies where restricted by law
Stolen goods, including digital goods, virtual assets, or access credentials
Content promoting hate, violence, racial or other discriminatory intolerance, or financial exploitation of a crime
Obscene, indecent, or sexually explicit content or services, including adult content, cam, escort, and adult-entertainment platforms
Materials infringing copyright, trademark, right of publicity, right of privacy, or other proprietary rights
Ammunition, firearms, firearm parts, accessories, or regulated weapons
Unlawful high-yield investment programs, unregistered securities, or unregistered debt instruments
Content or items that encourage, promote, or instruct others to engage in illegal activity

6.2 Fraud, Misrepresentation, and Unfair Practices

Misrepresenting the nature of your business, products, services, or counterparties
Falsifying or omitting material information to Kashu, its partners, or regulators
Pyramid schemes, Ponzi schemes, matrix programs, "get-rich-quick" schemes, and recruitment-based multi-level marketing
Fake, altered, stolen, or synthetic identities, accounts, or payment instruments
Circumventing Kashu's KYB, KYC, AML, sanctions-screening, fraud-detection, or transaction-monitoring controls
Impersonating Kashu, its partners, or any other entity
Operating shell companies, nominee entities, or entities lacking bona fide business operations

6.3 Financial and Regulatory Evasion

Unlicensed money transmission, money services business, or remittance activity
Operating as a payment service provider, third-party payment processor, payment facilitator, or payment aggregator
Currency exchange, check cashing, or off-shore banking services
Cryptocurrency or digital-asset exchanges, mixers, tumblers, custodial wallets, ATMs, mining-as-a-service, and NFT marketplaces
Initial Coin Offerings, token sales, or unregistered digital-asset offerings
Debt-elimination, debt-consolidation, credit-repair, payday-lending, and title-lending services
Transactions designed to finance or refinance debts funded by a credit card
Corruption, bribery, kickbacks, or political-influence payments
Violation of U.S. economic sanctions, or transactions involving any party listed by OFAC or any other restricted-party list
Tax evasion or concealment of financial activity

6.4 Unsafe or Unregulated Commerce

Sale of products or services before the seller has lawful possession or control
Activity violating consumer-protection, data-protection, or lending laws
Sale of counterfeit or "grey market" goods
Activity associated with products identified by regulators as fraudulent or high-risk
Facilitating transactions for merchants engaged in illegal or prohibited activity through third-party processors
Pseudo-pharmaceuticals or nutraceuticals making unsubstantiated medical claims

6.5 Transaction Pattern Restrictions

Independent of the underlying activity, the following transaction patterns are prohibited because they undermine the integrity of the Services, AML controls, or card-network rules:

Structuring transactions to evade reporting, monitoring, or regulatory thresholds
Funneling business activity unrelated to your declared line of business through the Program Account
Transaction laundering, miscoding, or misrepresenting the nature of underlying activity to Kashu, card networks, or acquirers
Aggregating or factoring — accepting funds or initiating transfers on behalf of unrelated third parties
Splitting a transaction to avoid program limits, network thresholds, or compliance controls
Circular, wash, or self-dealing transactions intended to inflate volume or generate artificial activity
Velocity gaming — rapid in/out movement of funds without commensurate underlying business purpose

‍

7. Activities Requiring Pre-Approval

Certain activities may be permitted only with Kashu's prior written approval and may require enhanced underwriting, documentation, licensing verification, or partner-institution consent. You must obtain Kashu's written consent before using the Services in connection with the following categories (examples are illustrative, not exhaustive):

Transportation — airlines, air charter services, air taxi, scheduled or non-scheduled passenger transport, and marine charter.
Charitable / Non-Profit — accepting donations as a registered charity or nonprofit organization.
High-Value Goods — dealers in jewels, precious metals, precious stones, coins, or bullion.
Gambling, Gaming, and Contests — gambling, betting, lotteries, sweepstakes, fantasy sports, or other prize-based activities, even where lawful.
Prescription and Medical — sale or fulfillment of prescription products, medical devices, procedures, treatments, telehealth, or medical tourism.
Dating and Relationship Services — dating, matchmaking, or platforms facilitating personal or romantic relationships.
Live Streaming and Broadcasting — platforms or services involving user-generated live video, audio, or interactive content.
File Sharing and Data Storage — cyberlockers, remote file sharing, or storage platforms allowing public upload or download.
Alcohol — sale, distribution, or fulfillment of alcoholic beverages.
Marketplaces and Aggregators — e-commerce platforms enabling third-party sellers to list or sell products or services.
Cross-Border Transfers — international wire transfers or cross-border remittances.
High-Ticket Subscriptions — subscription services with annual commitments exceeding $5,000.
Coaching and Information Products — coaching, mentorship, or information-product businesses, particularly those offering refund or guarantee terms.
Travel and Tourism — travel agencies, tour operators, vacation rentals, and timeshare programs.
Auctions and Consignment — auction houses, consignment shops, and similar resale platforms.
Government and Public Sector — government contracting, public-sector procurement, and politically-exposed-person related activity.

Failure to obtain Kashu's prior written approval before engaging in any of the foregoing activities through the Services constitutes a violation of this Policy.

‍

8. User Responsibilities

You agree to:

Use the Services only for lawful, bona fide business purposes consistent with Section 5;
Provide true, accurate, complete, and current information during onboarding, KYB, KYC, and transaction activity;
Comply with all applicable laws and rules, including the Bank Secrecy Act, the USA PATRIOT Act, OFAC regulations, the FCPA, applicable state money-transmission and consumer-protection laws, and Visa, Mastercard, and other applicable card-network rules;
Maintain appropriate books, records, and supporting documentation for all transactions;
Cooperate with Kashu's periodic re-verification, enhanced due diligence, and information requests;
Restrict access to the Services to Authorized Individuals and safeguard account credentials;
Not engage in any activity that could damage, disable, overburden, or interfere with the Services, Kashu's infrastructure, or Kashu's reputation.

‍

9. Business Information Accuracy and KYB Update Obligation

You certify that all KYB and Program-Account information you provide is accurate, complete, and current as of the date submitted. You agree to notify Kashu in writing within ten (10) Business Days of any Material Change, including but not limited to:

Change in legal entity name, structure, or jurisdiction;
Change in beneficial ownership of twenty-five percent (25%) or more;
Change in control persons or authorized signatories;
Change in primary business activity or industry classification;
Change in registered or operating address;
Change in linked bank account or financial-institution relationships;
Receipt of any subpoena, regulatory inquiry, enforcement action, or material litigation affecting the entity, its owners, or control persons.

Failure to maintain accurate KYB information may result in suspension or termination of the Program Account and reporting to applicable regulators and partner institutions.

‍

10. Monitering, Compliance, and Enforcement

Kashu actively monitors activity on the Services for suspicious, prohibited, or non-compliant conduct. Kashu may, in its discretion and without prior notice:

Suspend, restrict, or terminate your access to the Services;
Instruct Monarch and the underlying financial institutions to freeze, hold, or release funds in the Program Account pending review or resolution;
Request additional information, including invoices, identification, source-of-funds documentation, beneficial-ownership records, or other business documentation;
Reverse, decline, or refuse to process any transaction;
Report activity to law enforcement, regulators, card networks, acquirers, and partner financial institutions.

Kashu does not hold or control funds and cannot release, transfer, or distribute funds directly. All fund-movement actions described in this Section are effected by instruction to Monarch and the underlying institutions in accordance with their rules and applicable law.

‍

11. Suspension, Termination, and Appeals

Kashu reserves the right to suspend or terminate access to the Services at any time, with or without notice, for any reason permitted under this Policy, the Terms of Service, the STSA, applicable law, or partner-institution direction.

Appeals. If your Program Account is suspended or terminated, you may submit a written appeal within ten (10) Business Days of the suspension or termination notice to legal@kashupay.com. An appeal must include (a) the Program Account identifier; (b) a clear factual rebuttal addressing the basis for the action; (c) supporting documentation; and (d) the contact information of the Authorized Individual submitting the appeal. Kashu will acknowledge receipt of the appeal within five (5) Business Days and will issue a written determination within thirty (30) Business Days. Kashu's determination on appeal is final.

Suspension or termination does not relieve you of any obligations or liabilities accrued prior to such action. Funds held by Monarch in the Program Account remain subject to applicable laws, partner-institution rules, and any holds or freezes instructed by Kashu, by Monarch, or by lawful third-party request.

‍

12. Reporting Violations

Users, partners, and third parties may report suspected violations of this Policy by contacting:

Email: legal@kashupay.com

If you are uncertain whether your intended use of the Services complies with this Policy, you should contact Kashu's Compliance team for written clarification before engaging in the activity.

‍

13. Disclosure to Third Parties

You acknowledge and agree that Kashu may disclose information regarding suspected or actual violations of this Policy, including the identity of the User and Authorized Individuals, account activity, transaction records, and supporting documentation, to Monarch Technologies, Fresno First Bank, SoftPoint, card networks, acquirers, regulators, law-enforcement authorities, courts, and other parties as necessary to investigate, enforce, or comply with applicable law, partner-institution requirements, or this Policy.

‍

14. Enforcement Actions

Violations of this Policy may result in any combination of the following:

Immediate suspension or permanent termination of the Program Account;
Instructions to Monarch to freeze, hold, or release funds in the Program Account;
Disclosure to and investigation by partner financial institutions, card networks, regulators, and law enforcement;
Civil or criminal legal action;
Recovery of losses, damages, fines, penalties, chargebacks, and reasonable attorneys' fees caused by your conduct;
Placement on internal or industry watch lists, including processor and acquirer terminated-merchant files where applicable.

‍

15. Relationships to Other Policies

This Policy forms part of, and is incorporated by reference into, the Kashu Terms of Service and the Kashu Software & Technology Services Agreement ("STSA"), and is read together with the Privacy Policy and any other published Kashu compliance documents. In the event of any conflict between these documents, the order of precedence is: (1) STSA → (2) Terms of Service → (3) this Policy. All other policies and disclosures are subordinate to the above.

‍

16. Modifications

Kashu reserves the right to amend or update this Policy at any time. Non-material changes are effective upon posting. Material changes will be communicated through the Services or by email at least thirty (30) days before they take effect, unless a shorter period is required by law, regulator direction, or partner-institution requirements. Your continued use of the Services after the effective date constitutes acceptance of the modified Policy.

‍

17. Contact Information

Questions regarding this Policy or its application may be directed to:

Kashu, Inc

Attn: Legal Department

1603 Capitol Ave, Ste 415 #674380

Cheyenne, WY 82001

Email: legal@kashupay.com

Last Updated: 5/11/2026 | Version 2.0

Kashu, Inc. ("Kashu") is a software platform that supports business financial operations on top of regulated payment and banking rails operated by Kashu's partners. The Services are made available exclusively to U.S.-organized businesses, and consist of three integrated pillars: Platform Access, Transaction Intelligence, and Program Administration, as further described in the Kashu Terms of Service.

As part of the Program Administration pillar, Kashu maintains an Anti-Money Laundering ("AML") and Bank Secrecy Act ("BSA") compliance program that supports the customer-identification, customer-due-diligence, sanctions-screening, and suspicious-activity-detection obligations of Kashu's partners under the Bank Secrecy Act, the USA PATRIOT Act, FinCEN regulations including the Customer Due Diligence Rule (31 CFR 1010.230), the Corporate Transparency Act and its Beneficial Ownership Information rule, OFAC sanctions programs, and applicable state law.

This Statement is a customer-facing summary of Kashu's AML program. It does not modify, replace, or limit Kashu's internal compliance procedures or the regulatory obligations of Kashu's partners.

‍

1. Program Governance

Kashu's AML program is administered by a designated BSA Compliance Officer who reports directly to senior management and to the Board of Directors or its equivalent. The BSA Compliance Officer oversees daily operations of the program, coordinates with Kashu's partners on referrals and reporting, manages training and policy maintenance, and monitors regulatory developments.

‍

2. Customer Identification and Verification (KYB and KYC)

Before a Program Account can be activated, Kashu verifies the identity of the business entity (Know Your Business, "KYB"), each Beneficial Owner of 25% or more, the Control Person, and each Authorized Individual who will access the Services (Know Your Customer, "KYC"). Verification data may include formation documents, Employer Identification Number, registered and operating addresses, beneficial-ownership disclosures, government-issued identification, and biometric identity verification.

Kashu's procedures align with the Customer Identification Program requirements that apply to its partners, and are further described in the Kashu Customer Identification Program. Biometric identity verification is handled in accordance with the Biometric Data Notice in the Kashu Privacy Policy.

‍

3. Customer Due Diligence and Ongoing Monitoring

Kashu applies a risk-based approach to customer due diligence:

Business users are risk-rated at onboarding and reviewed periodically.
Higher-risk customers are subject to Enhanced Due Diligence ("EDD") procedures.
Transactions and account activity are monitored on an ongoing basis using automated tools that detect unusual activity, velocity patterns, structuring behavior, and inconsistencies with the User's declared business profile.
Accounts exhibiting suspicious or inconsistent activity are escalated for manual review.

Risk factors evaluated for EDD include, without limitation:

Industry, merchant category, and business activity;
Geographic factors, including the location of the business, its owners, and counterparties;
Ownership structure, including foreign ownership, layered entities, or politically exposed persons;
Transaction volume, size, frequency, and counterparty patterns; and
Public-records, regulatory, and adverse-media findings.

‍

4. Sanctions and Watchlist Screening

The User entity, each Beneficial Owner, the Control Person, each Authorized Individual, and linked counterparties are screened against U.S. and international sanctions and watchlists, including:

U.S. Department of the Treasury Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) and Consolidated Sanctions lists;
U.S. Department of Commerce Bureau of Industry and Security (BIS) Denied Persons, Entity, and Unverified lists;
U.S. Department of State debarred-parties lists;
Politically Exposed Persons (PEP) and adverse-media databases; and
Card-network and partner-institution screening requirements.

Screening occurs at onboarding and on an ongoing basis. A match or potential match may result in account hold, restriction, declination, or termination, and may be reported to Kashu's partners and to regulators as required by applicable law.

‍

5. Suspicious Activity Reporting (SAR)

When suspicious activity is detected, Kashu's Compliance team conducts an internal review and escalates findings to Kashu's partners — including Monarch Technologies, Inc., the licensed money transmitter (MSB Registration No. 31000186536125; NMLS ID 1908316) — for the filing of Suspicious Activity Reports with FinCEN in accordance with applicable thresholds and timing requirements. Kashu may also notify law enforcement or regulatory authorities where permitted, and cooperates fully with official investigations and subpoenas.

Federal law prohibits disclosure of the existence or content of a SAR. Kashu and its personnel comply with all confidentiality and non-disclosure requirements applicable to suspicious activity reporting.

‍

6. Training and Awareness

All employees receive AML and sanctions compliance training upon hire and at least annually thereafter. Training covers BSA/AML fundamentals, recognizing red flags, sanctions screening, data privacy obligations, escalation procedures, and SAR confidentiality. Personnel with compliance responsibilities receive role-specific training and are subject to competency assessments.

‍

7. Recordkeeping

Kashu maintains records of customer identification data, verification methods and outcomes, transaction history, sanctions-screening results, and compliance reviews for a minimum of five (5) years following closure of the Program Account, or for such longer period as required by applicable law, regulator direction, or partner-institution requirements. Records are stored using encryption in transit and at rest, role-based access controls, and other safeguards described in the Kashu Privacy Policy.

‍

8. Independent Review

Kashu's AML program is subject to periodic independent audits and risk assessments to verify its design and operational effectiveness. Findings are reviewed by the BSA Compliance Officer and senior management, and corrective actions are tracked to completion in accordance with applicable BSA/AML expectations.

‍

9. Commitment to Integrity

Kashu is committed to upholding the highest standards of ethics, transparency, and regulatory compliance. Our objective is to provide U.S. businesses with modern business financial-operations tooling, while ensuring that the Kashu platform and the infrastructure of Kashu's partners are never used to facilitate money laundering, terrorist financing, sanctions evasion, fraud, or other illicit financial activity.

‍

10. Relationship to Other Policies

This Statement should be read together with the Kashu Customer Identification Program, Acceptable Use Policy, Privacy Policy, Terms of Service, Refund Policy, and Software & Technology Services Agreement (STSA). In the event of any conflict between this customer-facing summary and Kashu's internal compliance procedures, the internal procedures — administered by the Compliance Department under the oversight of the designated BSA Compliance Officer — shall control with respect to BSA/AML matters.

‍

11. Contact

For questions regarding this Statement or to report suspicious activity, please contact us as follows:

Kashu, Inc.

Attn: BSA/AML Compliance — Legal Department

1603 Capitol Ave, Ste 415 #674380

Cheyenne, WY 82001

Email: legal@kashupay.com

By using this site, you agree to our Terms of Service and Privacy Policy, including the use of cookies for analytics, personalization, and marketing. Kashu is an independent financial technology platform and is not a bank. Money transmission services are provided by Monarch Technologies, Inc., a licensed Money Services Business (MSB: 31000186536125) and NMLS registered provider (NMLS ID: 1908316). Customer funds are held in custodial accounts at Fresno First Bank, Member FDIC, for the benefit of users.

All trademarks, service marks, and logos used are the property of their respective owners. Use of these marks does not imply endorsement or partnership.

For more information, please contact our offices at 1603 Capitol Ave, Ste #415, Cheyenne, WY 82001.

© 2026 Kashu, Inc. All rights reserved.