Skip to content

feat(legal): load in-app legal docs from GitHub at runtime #3427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
CharlVS merged 8 commits into from
Mar 18, 2026
Merged

feat(legal): load in-app legal docs from GitHub at runtime #3427

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
464b7fe
feat(legal): render terms of service from markdown asset
CharlVS Feb 9, 2026
4ad9cd3
fix(legal): prevent tos popup freeze on open
CharlVS Feb 9, 2026
2d99a9a
chore: add pubspec assets
CharlVS Feb 9, 2026
b4bdff1
fix(disclaimer): improve ToS markdown rendering and dialog behavior
CharlVS Feb 9, 2026
1a63cb3
Merge branch 'dev' into chore/update-legal
CharlVS Mar 16, 2026
6e6b611
feat(legal): load legal docs from GitHub at runtime
CharlVS Mar 18, 2026
08bdd0d
Merge branch 'dev' into chore/update-legal
CharlVS Mar 18, 2026
0634b87
feat(legal): add kyc policy to settings
CharlVS Mar 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 87 additions & 0 deletions assets/legal/eula.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
# End User License Agreement (EULA) | GLEEC Wallet

This End User License Agreement (“**EULA**”) is a legally binding agreement between you (“**User**,” “**you**,” or “**your**”) and **GLEEC** (“**GLEEC**,” “**we**,” “**us**,” or “**our**”).

This EULA governs your access to and use of the GLEEC Wallet software, including any associated web applications, mobile applications, desktop applications, features, content, updates, and related services (collectively, the “**Software**”), whether obtained directly from GLEEC or through an authorized distributor, reseller, or partner (“**Distributor**”).

By clicking “Accept,” downloading, installing, accessing, or using the Software, you acknowledge that you have read, understood, and agree to be bound by the terms of this EULA. If you do not agree to these terms, you must not download, install, access, or use the Software.

If you are entering into this EULA on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind such entity and its affiliates to this EULA. If you do not have such authority, you must not accept this EULA or use the Software.

If you participate in any beta, trial, or early-access program, this EULA also governs such use unless separate terms are provided.

This EULA applies solely to the Software provided by GLEEC, regardless of whether other software or services are referenced. Any updates, supplements, support services, or internet-based services provided by GLEEC are governed by this EULA unless accompanied by separate terms.

## 1. License Grant

Subject to your compliance with this EULA, GLEEC grants you a limited, personal, non-exclusive, non-transferable, non-sublicensable, and revocable license to download, install, and use the Software on devices owned or controlled by you solely for its intended purposes.

You are responsible for ensuring that your device meets the minimum system, security, and compatibility requirements necessary to use the Software securely and effectively.

The Software is licensed, not sold. No ownership rights are transferred to you under this EULA.

## 2. Restrictions

You agree that you will not, and will not permit any third party to:

* Modify, adapt, translate, alter, or create derivative works of the Software.
* Combine or incorporate the Software into other software without authorization.
* Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Software, except to the extent such restriction is prohibited by applicable law.
* Reproduce, copy, distribute, lease, sublicense, sell, assign, or otherwise commercially exploit the Software.
* Use the Software in violation of any applicable local, provincial, national, or international law or regulation.
* Use the Software for unlawful, fraudulent, abusive, or harmful activities.
* Circumvent, disable, or interfere with security-related features of the Software.

GLEEC reserves the right to suspend or restrict access to the Software if it reasonably believes you are in breach of this EULA.

## 3. Intellectual Property

The Software, including all content, features, functionality, trademarks, service marks, logos, and intellectual property rights therein, are and shall remain the exclusive property of GLEEC and its licensors.

All rights not expressly granted to you under this EULA are reserved by GLEEC.

GLEEC may grant licenses to third parties at its sole discretion.

## 4. Updates and Modifications

GLEEC may, from time to time, provide updates, enhancements, patches, or modifications to the Software. Such updates may be automatic and may modify or remove certain features.

Continued use of the Software following updates constitutes acceptance of such updates.

## 5. Disclaimer of Warranties

To the maximum extent permitted by applicable law, the Software is provided on an “AS IS” and “AS AVAILABLE” basis without warranties of any kind, whether express, implied, statutory, or otherwise.

GLEEC expressly disclaims all implied warranties, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, reliability, and uninterrupted availability.

GLEEC does not warrant that the Software will be error-free, secure, or free from viruses or other harmful components.

## 6. Limitation of Liability

To the maximum extent permitted by applicable law, GLEEC shall not be liable for any indirect, incidental, consequential, special, punitive, or exemplary damages, including but not limited to loss of profits, data, digital assets, goodwill, or business interruption arising out of or related to your use of the Software.

GLEEC’s total aggregate liability under this EULA shall not exceed the amount (if any) paid by you for the Software.

Some jurisdictions may not allow certain limitations of liability; in such cases, liability will be limited to the fullest extent permitted by law.

## 7. Termination

This EULA becomes effective upon your first use of the Software and remains in effect until terminated.

You may terminate this EULA at any time by discontinuing use of the Software and uninstalling it from your devices.

GLEEC may suspend or terminate this EULA immediately if you breach any provision of this EULA.

Upon termination:

* All rights granted to you under this EULA shall immediately cease.
* You must discontinue all use of the Software.
* Any provisions which by their nature should survive termination shall remain in effect, including intellectual property rights, disclaimers, and limitations of liability.

## 8. Governing Law and Jurisdiction

This EULA and any dispute, claim, or controversy arising out of or relating to this EULA or the use of the Software shall be governed by and construed in accordance with the laws of **Canada**, without regard to its conflict of law principles.

The parties agree that the courts located in Canada shall have exclusive jurisdiction over any disputes arising under this EULA.

**Last updated: February 24, 2026**
112 changes: 112 additions & 0 deletions assets/legal/kyc-due-diligence-policy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
## **KYC AND DUE DILIGENCE POLICY**

**Gleec Pay LTD and its Affiliates**
(“Gleec”, “Gleec.com”, “The Company”, “we”, “us”, “our”)

### **1\. Purpose, Scope and Regulatory Context**

This Know Your Customer (“KYC”) and Due Diligence Policy (the “Policy”) establishes the principles, standards, governance framework, and operational controls adopted by Gleec Pay LTD and all affiliated entities within the Gleec Group to prevent, detect, and mitigate the risks of money laundering, terrorist financing, sanctions violations, fraud, corruption, and other forms of financial and economic crime.

This Policy applies to all natural persons and legal entities, including users, customers, clients, merchants, counterparties, partners, and beneficial owners who access, register for, or use any of the Company’s products, services, platforms, infrastructure, or applications, including but not limited to Gleec Pay, Gleec Card, Gleec Chat, Gleec BTC Exchange, and Gleec DEX (collectively, the “Services” or the “Platform”).

The Policy is designed to ensure compliance with all applicable anti-money laundering (“AML”), counter-terrorist financing (“CTF”), sanctions, and financial crime prevention laws and regulations in the jurisdictions in which the Company operates or provides Services. It aligns with internationally recognised standards and best practices, including the recommendations of the Financial Action Task Force (“FATF”), relevant EU Directives, and applicable national regulatory frameworks.

### **2\. Governance and Responsibility**

Ultimate responsibility for the implementation, oversight, and effectiveness of this Policy rests with the Board of Directors and Senior Management of the Company. The Board ensures that the Company maintains adequate systems, controls, and resources to manage financial crime risks proportionate to its business model, geographic footprint, and risk exposure.

Day-to-day responsibility for implementing and maintaining this Policy is delegated to the Money Laundering Reporting Officer (“MLRO”), who operates with sufficient authority, independence, and access to information. The MLRO is supported by the Risk and Compliance function and relevant operational teams.

All employees, officers, contractors, and relevant third parties involved in onboarding, customer interaction, transaction processing, or monitoring activities are required to comply with this Policy and supporting procedures.

### **3\. Risk-Based Approach**

#### **3.1 General Principles**

The Company applies a comprehensive risk-based approach (“RBA”) to KYC, customer due diligence, enhanced due diligence, and ongoing monitoring. The level and intensity of controls are proportionate to the level of money laundering, terrorist financing, sanctions, and fraud risk identified.

The RBA recognises that risks vary based on customer type, jurisdiction, product and service usage, transaction behaviour, and delivery channels. Enhanced scrutiny is applied to higher-risk relationships, while baseline controls are maintained across all Services. This approach ensures flexibility in responding to emerging risks, regulatory developments, and evolving typologies.

#### **3.2 Risk Assessment Methodology**

The Company identifies, assesses, and manages risks using a combination of qualitative analysis and quantitative indicators. Factors considered include service complexity, client profiles, geographic exposure, transaction size and frequency, funding methods, asset types, source and destination of funds or virtual assets, and behavioural indicators.

Risk assessments are formally documented, subject to review, and retained in an auditable manner.

### **4\. Client Risk Assessment and Categorisation**

#### **4.1 Initial Risk Assessment**

Before establishing a business relationship or granting access to the Services, the Company conducts an initial client risk assessment. Each relationship is assigned a Low, Medium, or High Risk classification, which determines due diligence requirements, approval thresholds, escalation procedures, and monitoring frequency.

Risk classifications are dynamic and are reviewed throughout the lifecycle of the relationship whenever new or material information becomes available.

#### **4.2 Risk Factors Considered**

The Company assesses multiple risk factors, including sanctions exposure, reputational risk, Politically Exposed Person (“PEP”) status, geographic exposure, industry and business activity, financial transparency, products and services used, and transactional and behavioural patterns.

#### **4.3 High-Risk Indicators**

Certain indicators may result in immediate classification as high-risk, including complex or opaque ownership structures, offshore arrangements, PEP involvement, exposure to high-risk or sanctioned jurisdictions, unexplained or inconsistent transaction behaviour, difficulty verifying source of wealth or funds, or reluctance to provide required KYC information.

Risk scoring is not influenced by commercial considerations. The MLRO may override automated risk outcomes where justified, provided that the rationale is documented and approved.

### **5\. Business-Wide Risk Assessment**

The MLRO conducts a Business-Wide Risk Assessment (“BWRA”) covering all Gleec entities, Services, customer segments, products, and delivery channels. The BWRA identifies inherent and residual risks, evaluates the effectiveness of controls, and informs policy updates, system enhancements, and monitoring priorities.

The BWRA is reviewed at least annually and whenever material changes occur and is reported to Senior Management and the Board of Directors.

### **6\. Client Acceptance Policy**

#### **6.1 General Acceptance Principles**

The Company only establishes relationships with clients who can be properly identified and verified through KYC procedures, demonstrate a legitimate purpose for using the Services, pass sanctions, PEP, and adverse media screening, and meet the acceptance criteria defined in this Policy.

Account activation and continued access to the Services are conditional upon the successful completion of applicable KYC and due diligence measures.

#### **6.2 Prohibited Clients**

The Company does not onboard or maintain relationships with sanctioned persons or entities, clients linked to prohibited jurisdictions or industries, individuals involved in serious criminal activity, clients with unverifiable identity or ownership, clients providing false or misleading information, or entities with anonymous or unidentifiable beneficial owners.

### **7\. Politically Exposed Persons (PEPs)**

All relationships involving PEPs, their family members, or close associates are subject to Enhanced Due Diligence (“EDD”). This includes identification and verification of PEP status, MLRO and senior management approval, verification of source of wealth and source of funds, enhanced transaction monitoring, and more frequent reviews.

Former PEPs remain subject to enhanced measures for a minimum of 12 months, extendable based on risk.

### **8\. Customer Due Diligence (CDD)**

#### **8.1 CDD Measures**

Customer Due Diligence measures include the identification and verification of clients, beneficial owners, and controlling persons; understanding the purpose and intended nature of the business relationship; and ongoing monitoring of transactions and customer behaviour.

CDD is performed prior to onboarding, when trigger events occur, or when doubts arise regarding previously obtained KYC information.

#### **8.2 Use of Third-Party KYC Platform Provider**

To support the effective execution of its Know Your Customer (“KYC”) obligations, the Company utilises reputable third-party service providers for KYC and identity verification activities. **Gleec uses Sumsub (Sum & Substance) as its primary KYC platform provider** to perform and support customer identification and verification, document authentication, biometric and liveness checks, sanctions screening, Politically Exposed Person (“PEP”) screening, and adverse media monitoring.

Sumsub is fully integrated into the Company’s onboarding, risk assessment, and ongoing KYC monitoring processes and is used across the Services to ensure consistent, scalable, and risk-based KYC controls in line with regulatory requirements and industry best practices.

The use of Sumsub does not transfer regulatory responsibility. **Ultimate responsibility for KYC compliance, due diligence decisions, risk classifications, and regulatory adherence remains with the Company at all times**. The Company maintains appropriate oversight, governance, and validation of all KYC activities performed through Sumsub and ensures that the KYC platform provider meets required standards of security, data protection, reliability, and regulatory compliance.

### **9\. Enhanced Due Diligence (EDD)**

Enhanced Due Diligence is applied where higher risk is identified and may include additional identity and ownership verification, detailed analysis of source of wealth and source of funds, enhanced transaction scrutiny, justification of activity, and senior management approval prior to onboarding or continuation of the relationship.

### **10\. Source of Wealth and Source of Funds**

The Company verifies the legitimacy of source of wealth and source of funds using a risk-based approach and may request documentary evidence appropriate to the client’s risk profile, jurisdiction, and activity. All documentation is reviewed for authenticity, consistency, and plausibility.

### **11\. Ongoing Monitoring and Periodic Reviews**

All client relationships are subject to continuous transaction monitoring and periodic review based on risk classification. Reviews occur at least every 36 months for low-risk clients, 24 months for medium-risk clients, and 12 months for high-risk clients, or earlier where triggered by material changes, sanctions updates, PEP status changes, or suspicious activity.

### **12\. Record Keeping and Audit Trail**

The Company maintains complete, accurate, and retrievable records of KYC data, client risk assessments, monitoring activities, decisions, approvals, and escalations. Records are retained in accordance with applicable legal and regulatory requirements and are made available for internal audit and regulatory inspection.

### **13\. Policy Review and Updates**

This Policy is reviewed at least annually and updated as necessary to reflect regulatory developments, emerging risks, changes in business activities, and industry best practices.
Loading
Loading