Terms of Service

Xchange360 SA is a financial intermediary supervised by ARIF (Association Romande des Intermédiaires Financiers), a self-regulatory organisation recognised by the Swiss Financial Market Supervisory Authority (FINMA) pursuant to Article 24 of the Swiss Federal Act on Combating Money Laundering and Terrorist Financing (AMLA, SR 955.0).

Xchange360 SA is not a bank within the meaning of the Swiss Federal Act on Banks and Savings Institutions (BankA, SR 952.0), is not directly supervised by FINMA, and does not participate in any depositor protection scheme. Cryptocurrency assets are not protected by any government guarantee or deposit insurance.

These Terms of Service govern the provision of Services on a business-to-business (B2B) basis exclusively. The Services are not offered to natural persons acting in their personal capacity or for personal or family use.

Trading in cryptocurrencies involves substantial risk of loss, including the possibility of total loss of the invested amount. Please read the Risk Disclosure Policy and the brochure Special Risks of Crypto Assets before using the Services.

1. PRELIMINARY NOTES

1.1 Xchange360 SA (“XCHANGE360” or the “Company”) is a company incorporated under the laws of Switzerland (société anonyme), registered with the commercial register of the Canton of Vaud under number CHE-342.141.056, with its registered office at Chemin de la Joliette 3, 1006 Lausanne, Switzerland. The Company provides cryptocurrency exchange and liquidity services on a business-to-business (B2B) basis. These Terms of Service (“Terms” or “Agreement”) govern the business relationship between the Client and XCHANGE360 (the “Business Relationship”), unless otherwise agreed individually in a separate written agreement.

1.2 The Company operates as a financial intermediary within the meaning of Article 2 paragraph 3 of AMLA (SR 955.0) and is subject to the supervision of ARIF (Association Romande des Intermédiaires Financiers), a self-regulatory organisation approved by FINMA pursuant to Article 24 AMLA. The Company’s VASP activities have been expressly approved by ARIF in accordance with ARIF Directive 15. The Cryptocurrencies exchanged by the Company are payment tokens that do not qualify as financial instruments within the meaning of Article 3 of the Swiss Financial Services Act (FinSA, SR 950.1). The Services therefore do not constitute financial services under FinSA, and the client classification, information, suitability, and best execution obligations of FinSA do not apply to the Services. Regulatory matters may be addressed to ARIF at: Rue de Rive 8, 1211 Geneva, Switzerland (www.arif.ch).

1.3 The Company is not a bank within the meaning of BankA (SR 952.0) and is not part of any depositor protection scheme. Funds held temporarily during transaction settlement are not bank deposits and are not covered by deposit protection.

1.4 The Company provides cryptocurrency exchange services on a business-to-business basis, enabling Clients to buy Cryptocurrency with Fiat Currency, sell Cryptocurrency for Fiat Currency, and access liquidity services. The Company does not provide investment advice, portfolio management, discretionary asset management, or custody services (other than temporary holding during settlement).

1.5 The Business Relationship is also governed by the following documents, which form an integral part of the contractual relationship:

(a) the Privacy Notice;

(b) the Risk Disclosure Policy;

(d) the applicable Fee Schedule; and

(e) any other policies published on the Site from time to time.

In the event of a conflict between these Terms and any Policy, these Terms shall prevail unless otherwise expressly stated.

1.6 IF THE CLIENT DOES NOT ACCEPT THESE TERMS AND ALL APPLICABLE POLICIES, THE CLIENT SHALL NOT ACCESS THE SITE AND SHALL NOT USE THE SERVICES.

2. DEFINITIONS

2.1 “Account” means the account opened by the Client with the Company in accordance with these Terms. The Account is not a bank account, is not a Wallet, and does not permit the custody of Cryptocurrency or the holding of Fiat Currency deposits.

2.2 “ARIF” means the Association Romande des Intermédiaires Financiers, a FINMA-recognised self-regulatory organisation pursuant to Article 24 AMLA.

2.3 “Beneficial Owner” means the natural person who ultimately owns or controls the Client or on whose behalf a transaction is being conducted, as defined in Article 4 AMLA and the AMLA Ordinance (AMLO, SR 955.01).

2.4 “Business Day” means any day other than a Saturday, Sunday, or public holiday in the Canton of Vaud, Switzerland.

2.5 “Client” means the legal entity, or natural person acting in a professional or commercial capacity, that has entered into this Agreement with the Company.

2.6 “Cryptocurrency” or “Virtual Asset” means a digital representation of value or rights that can be transferred and stored electronically using distributed ledger technology or similar technology.

2.7 “Exchange Operation” means the service allowing the Client to exchange one currency (fiat or cryptocurrency) for another at the applicable Exchange Rate.

2.8 “Exchange Rate” means the value of one currency expressed in terms of another, as displayed in the Account at the moment of initiating an Exchange Operation.

2.9 “Fee Schedule” means the schedule of commissions, fees, and charges applicable to the Services, as published on the Site.

2.10 “Fiat Currency” means government-issued legal tender currency (e.g., CHF, EUR, USD, GBP).

2.11 “FINMA” means the Swiss Financial Market Supervisory Authority.

2.12 “Order” means any instruction related to the Services placed by the Client using the XCHANGE360 Online Tools or other Communication Channels.

2.13 “Restricted Jurisdiction” means any jurisdiction subject to comprehensive Swiss sanctions prohibiting the provision of cryptocurrency exchange services, as defined in Section 13.

2.14 “Sanctioned Person” means any person as defined in Section 13.3.

2.15 “Services” means all products, services, content, features, technologies, or functions offered by the Company on a B2B basis.

2.16 “Transaction” means any fiat or cryptocurrency payment to or from the Account, including Exchange Operations.

2.17 “Wallet” means a cryptographic storage solution that permits the sending, receiving, and/or storing of Cryptocurrency.

2.18 “Whitelisted Wallet Address” means an external wallet address verified through the Proof-of-Ownership Process and approved by the Company for receiving Cryptocurrency withdrawals.

3. AUTHORISATION AND REPRESENTATION

3.1 The Services are available exclusively to legal entities and natural persons acting in a professional or commercial capacity. By opening an Account, the Client represents and warrants that it is: (a) a legal entity duly organised and validly existing under the laws of its jurisdiction of incorporation; or (b) a natural person acting solely in a professional or commercial capacity.

3.2 The persons acting on behalf of the Client must have authority to bind the Client to these Terms. The Client shall communicate to XCHANGE360 any person authorised to act on its behalf (“Authorised Representatives”), together with evidence of their authority. XCHANGE360 may request further proof of identity or authority at any time.

3.3 By opening and using an Account, the Client represents and warrants that:

(a) the Client’s use of the Services does not violate any applicable laws or regulations;

(b) the Client is not incorporated, organised, or resident in any Restricted Jurisdiction;

(d) the funds used for Exchange Operations are not derived from, and shall not be used for, money laundering, terrorist financing, proliferation financing, or any other criminal activity;

(e) the Client shall use the Services exclusively for its own account and not on behalf of any undisclosed third party, unless separately agreed in writing;

(f) all information provided to the Company is complete, accurate, and truthful;

(g) the Client is not a U.S. Person as defined in Section 13;

(h) the Client is not subject to restrictions under the Swiss Ordinance on Measures in Connection with the Situation in Ukraine (UKRO, SR 946.231.176.72), as amended from time to time; and

(i) the Client maintains its own adequate AML/CFT compliance procedures where required by applicable law or reasonably expected given the nature of the Client’s activities and the jurisdictions in which it operates.

3.4 The Client takes full responsibility for any consequences arising from a breach of the representations and warranties in this Section 3.

4. COMMUNICATION CHANNELS

4.1 XCHANGE360 may use various communication channels to provide information to the Client, including the XCHANGE360 web and mobile applications (“XCHANGE360 Online Tools”) and unencrypted channels including e-mail and third-party messaging services. XCHANGE360 shall apply due care to identify and prevent fraudulent activities.

4.2 Communication is deemed delivered when provided to the most recently registered contact details or made accessible in the XCHANGE360 Online Tools.

4.3 The Client acknowledges that unencrypted communication channels carry risks including interception, manipulation, and malware.

4.4 The Client shall raise objections to Services or Communications in writing within thirty (30) calendar days of receipt. Otherwise, the Communication shall be deemed accepted.

5. INFORMATION OBLIGATIONS

5.1 The Client must provide XCHANGE360 with up-to-date, accurate, and complete information, including details of its legal form, registered office, authorised signatories, Beneficial Owners, and controlling persons.

5.2 The Client shall inform XCHANGE360 immediately in writing about changes to any information previously provided, including corporate structure, Beneficial Ownership, and regulatory status.

5.3 This obligation extends to information regarding the Client’s Authorised Representatives, Beneficial Owners, and other persons involved in the Business Relationship.

6. CUSTOMER DUE DILIGENCE

6.1 The Company is legally required to carry out customer due diligence (CDD) measures in accordance with AMLA (Articles 3–5), the AMLO (SR 955.01), AMLO-FINMA (SR 955.033.0), and ARIF Directives. The Client agrees to comply with all requests for information and documentation.

6.2 To open an Account, the Client must: (a) read and agree to these Terms and all Policies; (b) provide all requested KYC documentation, including commercial register extract, identity documents for all Authorised Representatives and Beneficial Owners, and proof of registered address; (c) complete the identity verification procedure; (d) provide a Beneficial Ownership Declaration (Form A); and (e) provide information on the purpose and intended nature of the Business Relationship.

6.3 The Client must declare whether it acts on its own behalf or on behalf of a third party. Providing false information regarding beneficial ownership may constitute a criminal offence under Article 251 of the Swiss Penal Code and Article 37 AMLA.

6.4 In accordance with Article 7 paragraph 1bis AMLA, the Company periodically reviews and updates all client identification and beneficial ownership information. The Client agrees to cooperate with all periodic re-verification requests.

6.5 The Company operates continuous transaction monitoring systems, including blockchain analytics and sanctions screening.

6.6 The Client authorises the Company to make any inquiries necessary to validate information provided, including checking commercial databases, public registers, and sanctions screening databases.

7. TRAVEL RULE COMPLIANCE

7.1 In accordance with FINMA Guidance 02/2019, AMLO-FINMA Article 10, ARIF Directive 2 (Articles 20–23), and FATF Recommendation 16, the Company collects and transmits originator and beneficiary information for all Cryptocurrency transfers, with no minimum threshold. Switzerland applies a zero-threshold Travel Rule for the exchange of originator and beneficiary data. This is distinct from the CDD verification threshold of CHF 1,000 applicable to certain one-off virtual currency transactions under ARIF Directive 2.

7.2 The Company has implemented a Proof-of-Ownership Process to verify that the Client has the power of disposal over external wallet addresses. The Company will only execute transfers to or from verified Whitelisted Wallet Addresses.

7.3 Transfers to self-hosted Wallets are permitted only if the Wallet belongs to the Company’s own onboarded Client, with ownership proven via cryptographic message signing, AOPP, micro-transaction verification, or equivalent technical means.

7.4 Transfers to third-party Wallets require full identification and verification of the third-party wallet holder and establishment of the third party’s Beneficial Owner.

7.5 The Company may reject any transfer where Travel Rule information is incomplete, wallet ownership cannot be verified, or the counterparty financial intermediary cannot be identified.

7.6 For Stablecoins, the Company applies enhanced holder identification requirements in accordance with ARIF Directive 3C, Article 12 (as amended from time to time).

8. DUTY OF CARE

8.1 The Client shall inform XCHANGE360 immediately of any irregularities, including unusual errors or unexpected system behaviour that may indicate unauthorised or criminal activity.

8.2 The Client shall securely store all Login Information and use multi-factor authentication where available. XCHANGE360 will never ask the Client to share Login Information.

8.3 The Client shall protect its IT Infrastructure against cyberattacks and unauthorised use.

8.4 Unless separately agreed in writing, the Client must not allow any other person to operate its Account or aggregate orders from its own clients. The Client may open only one Account.

9. EXCHANGE SERVICES

9.1 To purchase Cryptocurrency, the Client logs into its Account and follows the on-screen steps. The Company receives Fiat Currency payment as payee and is not acting as a payment services provider.

9.2 Payment methods (e.g., bank transfer, SEPA, SWIFT) depend on the Client’s jurisdiction and verification status. The Company may change or discontinue any payment method at any time.

9.3 Any payment instrument used must be registered in the Client’s name. Third-party payments are not accepted unless expressly agreed.

9.4 Sell Orders require the Client to transfer Cryptocurrency to the address specified by the Company. Fiat Currency proceeds will be transferred to the bank account registered in the Client’s name.

9.5 XCHANGE360 executes Orders on an execution-only basis. The Company does not provide investment advice, personal recommendations, or portfolio management. No communication from the Company shall constitute investment advice or a recommendation to buy or sell any Cryptocurrency. The Client initiates all Exchange Operations at its own discretion and risk. No suitability or appropriateness assessment is performed.

9.6 Payment Orders received after 17:00 CET on a Business Day or on a non-Business Day will be deemed received on the following Business Day.

9.7 The Client cannot cancel a Purchase Order once the Fiat Currency payment has been executed to the Company.

9.8 The Company endeavours to execute Orders promptly and at competitive market rates. However, the Company does not owe a best execution obligation under FinSA, as the Services do not involve financial instruments within the meaning of that Act.

10. EXCHANGE RATES

10.1 The Company uses multiple market sources to determine prices. Exchange Rates include a spread to account for market conditions, liquidity, and operational costs.

10.2 Exchange Rates are indicative until order execution and may change without prior notice.

10.3 XCHANGE360 does not guarantee execution at a specific price or within a specific timeframe.

11. SERVICE LIMITATIONS

11.1 Services are subject to XCHANGE360 Operating Hours as communicated on the Website. Orders are usually executed within one (1) Business Day.

11.2 XCHANGE360 may reject an Order for any reason, including insufficient balance, legal restrictions, or compliance monitoring alerts.

11.3 XCHANGE360 reserves the right to set or adjust minimum or maximum sizes for Orders at any time.

11.4 The Client acknowledges that late or non-performance may occur due to compliance requirements, third-party operational restrictions, market conditions, or circumstances outside XCHANGE360’s control.

11.5 Complaints shall be submitted within thirty (30) calendar days from the provision of the relevant Service.

12. REPORTING OBLIGATIONS AND ASSET FREEZING

12.1 The Company is subject to mandatory reporting obligations under Article 9 AMLA. Suspected money laundering, terrorist financing, or criminal activity is reported to MROS (Money Laundering Reporting Office Switzerland) without delay.

12.2 The Company shall not be liable for losses arising from asset freezing, transaction blocking, or termination pursuant to legal obligations.

12.3 Information may be shared with: MROS, ARIF, FINMA, SECO, Swiss criminal prosecution authorities, Swiss courts, and foreign authorities pursuant to mutual legal assistance agreements.

13. SANCTIONS COMPLIANCE AND RESTRICTED JURISDICTIONS

13.1 The Company complies with applicable sanctions regimes, including: Swiss sanctions under the Federal Act on the Implementation of International Sanctions (EmbG, SR 946.231); applicable UN Security Council resolutions; and EU sanctions to the extent implemented by Switzerland.

13.2 All Clients, Beneficial Owners, Authorised Representatives, and Transaction counterparties are screened against applicable Sanctions Lists at onboarding, periodically, and in connection with each Transaction.

13.3 A “Sanctioned Person” means any individual or entity that is: (a) listed on any applicable Sanctions List; (b) owned 50% or more or controlled by a listed person; (c) acting on behalf of a listed person; or (d) located, domiciled, or organised in a Restricted Jurisdiction.

13.4 “Restricted Jurisdictions” include but are not limited to: North Korea (DPRK), Iran, Syria, Cuba, and the Crimea, Donetsk, Luhansk, Zaporizhzhia, and Kherson regions. This list is updated in accordance with Swiss sanctions enactments.

13.5 Pursuant to Article 20 paragraph 2 UKRO (SR 946.231.176.72), as amended from time to time, the Company is prohibited from providing, directly or indirectly, crypto-asset services to: (a) Russian nationals (except Swiss, EEA, or UK nationals or holders of valid residence permits in those jurisdictions); (b) natural persons resident in Russia; and (c) legal entities established in Russia. For the purposes of this clause, “crypto-asset services” includes, without limitation: custody services, crypto-wallet services, crypto-account services, trading platform services, exchange services, order execution, placement, advisory, portfolio management, transfer services, payment services involving crypto-assets, payment initiation services, issuance of payment instruments, and issuance of electronic money.

13.5a Pursuant to Article 20 paragraph 2bis UKRO, Russian nationals, natural persons resident in Russia, and legal entities established in Russia are prohibited from acquiring ownership in, exercising control over, or assuming management or governing body functions at providers of crypto-wallet, crypto-account, or crypto-custody services established in Switzerland or in the European Economic Area.

13.5b Pursuant to Article 20a UKRO, the Company is prohibited from directly or indirectly participating in transactions involving crypto-assets listed in Annex 13a to UKRO, irrespective of the identity or location of the counterparty. As of the date of these Terms, Annex 13a includes the ruble-backed stablecoin A7A5. This list may be amended by the Swiss Federal Council from time to time without prior notice.

13.5c In compliance with SECO guidance, the Company is required to close existing accounts, wallets, and business relationships with persons falling within the scope of Article 20 paragraph 2 UKRO. Mere freezing or blocking of accounts is insufficient; assets must be returned or converted to non-sanctioned assets in accordance with applicable law.

13.6 U.S. Persons. The Company does not offer Services to U.S. Persons. A “U.S. Person” means a citizen or resident of the United States, or an entity incorporated or organised under U.S. laws. The Client shall inform XCHANGE360 at least thirty (30) calendar days in advance of any circumstances causing it to be considered a U.S. Person.

13.7 In accordance with ARIF Directive 15, Article 15, the Company implements technical measures to prevent the provision of Services in unauthorised jurisdictions.

13.8 The Company reserves the right, without prior notice, to: (a) reject any application or Transaction involving a Sanctioned Person or Restricted Jurisdiction; (b) freeze or block assets as required; (c) terminate the Account; and (d) report to SECO and other competent authorities. The Company shall notify SECO without delay upon identifying any sanctions-related concerns in connection with crypto-asset operations.

14. FEES AND EXPENSES

14.1 Fees are based on the currently valid Fee Schedule, available at the Website. Additional charges may apply, including blockchain network fees and third-party payment processing fees.

14.2 The Client authorises XCHANGE360 to debit applicable fees, charges, and expenses when due. Applicable taxes shall be charged separately.

14.3 XCHANGE360 may propose fee changes with thirty (30) calendar days’ notice. If the Client objects, the Client may terminate at no cost. Continued use after the notice period constitutes acceptance.

14.4 Contact: info@xchange-360.ch.

15. CRYPTO ASSET EVENTS AND DISCONTINUED ASSETS

15.1 It is the Client’s sole responsibility to monitor Crypto Asset Events (airdrops, forks, token migrations, governance). XCHANGE360 may decide not to support such events.

15.2 If XCHANGE360 discontinues certain Crypto Assets, the Client must provide a Whitelisted Wallet Address within thirty (30) calendar days. Failing this, XCHANGE360 will convert to fiat currency at the prevailing market price.

16. TAX REPORTING (CARF)

16.1 Switzerland has adopted the OECD Crypto-Asset Reporting Framework (CARF). As of the date of these Terms, CARF due diligence and reporting obligations are not yet in force in Switzerland. CARF implementation is expected no earlier than 1 January 2027. The Company will update these Terms when CARF obligations become applicable.

16.2 Once effective, the Company will collect and report to the Swiss Federal Tax Administration (FTA) information regarding the Client’s Cryptocurrency transactions for automatic exchange with partner jurisdictions.

16.3 XCHANGE360 has no responsibility for tax reporting on behalf of the Client. Compliance with applicable tax laws is the Client’s sole responsibility.

17. OUTSOURCING

17.1 XCHANGE360 may delegate certain functions to service providers, including Affiliates, in Switzerland or abroad. XCHANGE360 remains responsible for AML compliance regardless of outsourcing.

18. DATA PROTECTION AND PRIVACY

18.1 Data Controller: Xchange360 SA, Chemin de la Joliette 3, 1006 Lausanne, Switzerland. Data protection contact: privacy@xchange-360.ch.

18.2 The Company processes personal data in accordance with the Swiss Federal Act on Data Protection (nDSG/FADP, SR 235.1) and its implementing ordinance (DSV/DPO, SR 235.11). The Privacy Notice, available at the Website, forms an integral part of this Agreement.

18.3 Personal data may be disclosed to banks, service providers, authorities, and Affiliates in connection with the performance of this Agreement or to fulfil legal obligations.

18.4 Where data is transferred outside Switzerland, appropriate safeguards are applied in accordance with Article 16 nDSG, including adequacy decisions, Standard Contractual Clauses, or equivalent measures.

18.5 AML/KYC data is retained for a minimum of ten (10) years following termination of the Business Relationship (Article 7 paragraph 3 AMLA). This legal obligation overrides shorter retention periods.

18.6 The Company uses automated decision-making systems for KYC scoring, transaction monitoring, risk classification, and sanctions screening. In accordance with Article 21 nDSG, natural persons affected by automated decisions with significant legal effects — including Authorised Representatives and Beneficial Owners of the Client — have the right to be informed, to express their point of view, and to request human review. Requests may be addressed to privacy@xchange-360.ch.

18.7 Subject to the Client’s separate opt-in consent, XCHANGE360 may process Personal Data for marketing purposes. The Client may withdraw consent at any time by contacting privacy@xchange-360.ch.

18.8 Natural persons whose personal data is processed by the Company (including Authorised Representatives and Beneficial Owners) have the following rights under nDSG: the right to information about their data (Articles 25–27), the right to data portability (Articles 28–29), the right to rectification (Article 32), and the right to request deletion of their data, subject to legal retention obligations. Requests may be addressed to privacy@xchange-360.ch.

18.9 In accordance with Article 24 nDSG, the Company will notify the Federal Data Protection and Information Commissioner (FDPIC) without delay of any data security breach likely to result in a high risk to the personality or fundamental rights of affected persons. Where the breach is likely to result in a high risk to individual data subjects, the Company will also inform the affected persons.

19. RISK DISCLOSURE

19.1 Crypto Assets may be highly volatile with the risk of total loss of value. Markets may be illiquid. The Client acknowledges that: (a) the price of Crypto Assets can fluctuate significantly over short periods, including to zero; (b) liquidity may be insufficient to execute transactions at expected prices; (c) Crypto Assets are not legal tender, are not backed by any government, and are not covered by any deposit protection scheme; (d) the regulatory framework for Crypto Assets is evolving and may change in a manner adverse to the Client’s interests; and (e) the Company does not assess the suitability or appropriateness of any Exchange Operation for the Client’s specific financial situation, investment objectives, or risk tolerance. The Client confirms that it has independently evaluated the risks of Crypto Asset transactions and that it has the financial capacity to bear the loss of its entire investment.

19.2 Devices, systems, and networks on the Client’s end are outside XCHANGE360’s control.

19.3 The Client specifically bears the risk for: (a) unauthorised access due to misuse of credentials; (b) use of unencrypted channels; (c) security incidents on the Client’s IT infrastructure; (d) incorrect or unsupported transfers; (e) transfers to unverified wallet addresses; and (f) non-compliance with the Proof-of-Ownership Process.

19.4 The Client confirms having read and understood the brochure Special Risks of Crypto Assets, available at the Website.

20. REGULATORY CHANGE

20.1 The Swiss regulatory framework for cryptocurrency activities is subject to ongoing development. On 22 October 2025, the Federal Council opened a consultation on amendments to the Financial Institutions Act (FinIA, SR 954.1), proposing two new FINMA-supervised licence categories: payment instrument institutions (Zahlungsmittelinstitute) and crypto-institutions (Krypto-Institute). Under the proposed framework, SRO supervision would no longer apply to companies providing custody, exchange, or trading services involving crypto-based assets, and the Company would be subject to direct FINMA supervision. If enacted, the Company’s current ARIF-supervised status may change, additional licensing requirements may apply, and the Services may become subject to conduct rules analogous to the Financial Services Act (FinSA), including client classification, information duties, and suitability assessments. The Company will keep the Client informed of material changes to its regulatory status.

20.2 The Swiss Parliament has adopted a revision of AMLA and the new Federal Act on Transparency of Legal Entities (LETA), introducing a federal register of beneficial owners. The revised provisions are expected to enter into force in the second half of 2026, with transitional periods for existing entities. The Company will update these Terms as necessary to reflect the revised requirements upon their entry into force.

21. LIABILITY AND INDEMNITY

21.1 In accordance with Article 100 paragraph 1 of the Swiss Code of Obligations (OR, SR 220), nothing in this Agreement shall exclude or limit the Company’s liability for damages caused through intentional misconduct (Vorsatz) or gross negligence (grobe Fahrlässigkeit). Any purported exclusion of such liability is void under mandatory Swiss law.

21.2 To the maximum extent permitted by law, the Company’s aggregate liability for ordinary negligence shall be limited to the total fees paid by the Client during the twelve (12) months preceding the event giving rise to the claim. The Client acknowledges that under Article 100 paragraph 2 OR, a court may, at its discretion, set aside an exclusion of liability for ordinary negligence where the liability arises from activities conducted under an official licence or authorisation (amtliche Konzession). Given the Company’s status as a supervised financial intermediary, the parties acknowledge that this provision may be applicable to the Business Relationship, and any limitation deemed excessive by a competent court shall be reduced to the extent permitted by law rather than voided entirely.

21.3 Subject to Section 21.1, the Company shall not be liable for indirect, incidental, special, or consequential damages, including loss of profit, loss of business, business interruption, or loss of business opportunity.

21.4 Where the Company engages auxiliary persons (Hilfspersonen) within the meaning of Article 101 OR, the Company is liable for damage caused by such persons in the performance of their duties. To the extent permitted by law and subject to Section 21.1, the Company’s liability for acts of auxiliary persons in cases of ordinary negligence is excluded pursuant to Article 101 paragraph 2 OR. The Client acknowledges that under Article 101 paragraph 3 OR, a court may, at its discretion, decline to uphold such exclusion where it relates to activities conducted under an official licence or authorisation.

21.4a Where the Company engages independent third-party service providers to perform specific functions on behalf of the Client (Substitution), the Client hereby authorises such delegation. In accordance with Article 399 paragraph 2 OR, the Company’s liability in respect of authorised substitutes is limited to due care in their selection and instruction (cura in eligendo et instruendo). The Client has a direct claim against the substitute under Article 399 paragraph 3 OR.

21.5 Subject to Section 21.1, the Company is not liable for: (a) losses from the Client’s breach of this Agreement; (b) mandatory compliance actions; (c) force majeure; (d) third-party website content; or (e) blockchain disruptions.

21.6 The Client shall indemnify, hold harmless, and defend XCHANGE360 and its Affiliates from all claims, losses, costs, and expenses arising from: (a) breach of this Agreement or applicable laws; (b) use of the Services; or (c) provision of inaccurate information. This obligation survives termination.

22. LIEN AND SET-OFF

22.1 XCHANGE360 has a lien on all Client assets held by XCHANGE360, based on Article 895 paragraph 2 ZGB (extended lien between commercial parties) and this contractual grant, for all current and future claims arising from the Business Relationship.

22.2 If the Client fails to discharge debts when due, or in bankruptcy, XCHANGE360 may dispose of assets immediately under SchKG (SR 281.1), excluding Article 41 paragraph 1bis thereof, and/or through private sale, to which the Client hereby agrees.

22.3 XCHANGE360 has a right of set-off for all claims arising from the Business Relationship irrespective of due dates or denomination. The Client waives set-off rights against the Company to the extent permitted by Article 126 OR.

23. AMENDMENTS

23.1 XCHANGE360 may propose amendments at any time. Amendment proposals will be communicated at least thirty (30) calendar days before the proposed effective date.

23.2 The Client may object in writing within the notice period. If the Client does not object, continued use of the Services after the effective date constitutes acceptance. If the Client objects, it may terminate the Business Relationship at no cost.

23.3 The following changes may take effect immediately: (a) changes more favourable to the Client; (b) changes required by mandatory law; (c) addition of new services; and (d) changes to Exchange Rates.

24. TERM AND TERMINATION

24.1 Both parties may terminate the Business Relationship at any time with immediate effect in writing.

24.2 The Company may suspend or terminate the Account without notice if: (a) the Client breaches this Agreement; (b) required by a competent authority; (c) there are reasonable grounds to believe the Client is in breach of any applicable law; (d) money laundering, terrorist financing, sanctions evasion, or fraud is suspected; (e) asset freeze obligations arise under AMLA or sanctions law; or (f) there are security concerns.

24.3 Notice of suspension will be provided as soon as practicable, unless unlawful or compromising security, or prohibited by the tipping-off prohibition (Article 10a AMLA).

24.4 Upon termination, the Client must provide a Whitelisted Wallet Address and other required information within thirty (30) calendar days. Otherwise, Crypto Assets will be converted to fiat currency at prevailing market prices.

24.5 All obligations survive Account closure, including record-keeping, cooperation with investigations, and liability. AML records are retained for ten (10) years (Article 7 paragraph 3 AMLA).

25. MISCELLANEOUS

25.1 If any provision is determined to be unlawful or unenforceable, the remaining provisions continue in effect.

25.2 Neither party is liable for failure caused by circumstances beyond its reasonable control, including blockchain disruptions, government actions, natural disasters, pandemics, or strikes.

25.3 The Client may not assign the Business Relationship without XCHANGE360’s prior written consent. XCHANGE360 may transfer to Affiliates or third parties in connection with corporate transactions.

25.4 These Terms, together with the Policies, constitute the entire agreement and supersede all prior agreements.

25.5 The English version prevails over any translation.

25.6 All IP rights in the Site, Services, and Company materials belong to the Company or its licensors. A limited, non-exclusive, non-transferable, revocable licence is granted for use of the Services. The Client must not reverse engineer, decompile, or disassemble Company materials.

25.7 The Company notifies via email or the Site. Contact: Xchange360 SA, Chemin de la Joliette 3, 1006 Lausanne, Switzerland; info@xchange-360.ch.

26. APPLICABLE LAW AND PLACE OF JURISDICTION

26.1 All legal relations shall be governed by and construed in accordance with the substantive laws of Switzerland, to the exclusion of: (a) the principles of conflicts of laws; and (b) the United Nations Convention on Contracts for the International Sale of Goods (CISG).

26.2 Unless otherwise stipulated by mandatory statutory provisions, all disputes shall be resolved by the competent courts of Lausanne, Canton of Vaud, Switzerland.

26.3 XCHANGE360 reserves the right to take legal action at the competent court of the Client’s domicile or registered office.

27. COMPLAINTS

If you are dissatisfied with any aspect of the Services, please contact:

Xchange360 SA — Complaints

Chemin de la Joliette 3, 1006 Lausanne, Switzerland

Email: complaints@xchange-360.ch

Complaints will be acknowledged within five (5) Business Days and a substantive response provided within thirty (30) calendar days. If not satisfied, the Client may refer the matter to ARIF.