We transform your ideas into innovative digital solutions
Let's TalkLast updated: March 27, 2026
XSoftHub is committed to operating with the highest standards of integrity, transparency, and regulatory compliance. This Know Your Customer (KYC) Policy establishes the procedures that XSoftHub applies to verify the identity of its clients, assess risks, and prevent the misuse of its services for illicit activities, including money laundering, terrorist financing, and financial fraud. This policy is mandatory for all XSoftHub staff and applies to all clients and prospects. For compliance inquiries, contact compliance@xsofthub.com.
This policy aims to establish a robust framework for client identification and verification, associated risk assessment, and ongoing monitoring of business relationships. Its scope covers all XSoftHub clients who engage custom software development services, DevOps, AI agents, process automation, or who access the company's SaaS products. The procedures described herein are mandatory and are complemented by anti-money laundering (AML) regulations and the international standards of the Financial Action Task Force (FATF).
Before establishing a business relationship or processing payments of significant value, XSoftHub will collect and verify the following information: (a) Natural persons — full name, date of birth, address, copy of a valid official identity document (passport, national ID, or equivalent) and, depending on risk, proof of address; (b) Legal entities / Companies — company name, tax identification number, registered address, articles of incorporation, identification of ultimate beneficial owners (UBOs) with ownership equal to or greater than 25%, and data of authorized representatives. Verification is carried out through due diligence processes proportional to the client's risk level. Documents collected are treated with the utmost confidentiality.
XSoftHub classifies its clients into risk categories (low, medium, high) based on factors such as: (a) the nature and complexity of the requested services; (b) the client's country of residence or headquarters (including verification against FATF high-risk country lists); (c) corporate structure and ownership transparency; (d) the volume and frequency of expected payments; (e) the nature of the client's business activity. Clients classified as high-risk are subject to Enhanced Due Diligence (EDD) processes, which may include verification of the source of funds and greater documentary scrutiny. Risk classification is reviewed periodically and when relevant changes occur in the relationship.
XSoftHub maintains continuous monitoring of established business relationships, including: (a) periodic review of client KYC information to ensure its currency and accuracy; (b) monitoring of transactions and payment patterns that are unusual or inconsistent with the client's profile; (c) alerting to changes in corporate control, ultimate beneficial owners, or the nature of the client's activity; (d) periodic verification against international sanctions lists (OFAC, UN, EU) and lists of politically exposed persons (PEP). Any detected irregularity is evaluated by the compliance team and, where appropriate, reported to the competent authorities.
XSoftHub retains all KYC records and documentation for a minimum period of five (5) years from the end of the business relationship, in accordance with international AML/KYC standards and applicable local regulations. Retained records include: (a) client identification and verification documents; (b) transaction and payment records; (c) risk assessment reports; (d) communications and due diligence records; (e) suspicious activity reports and actions taken. Access to these records is restricted to authorized personnel and appropriate security measures are implemented for their protection.
XSoftHub does not provide services or establish business relationships with clients domiciled in countries subject to comprehensive international sanctions (for example, those designated by OFAC, the UN Security Council, or the European Union as subject to embargo), nor with individuals or entities appearing on sanctions lists, high-risk politically exposed persons (PEP) lists, or international financial exclusion lists. XSoftHub actively verifies against these lists before establishing any business relationship and on an ongoing basis throughout the relationship. The list of restricted countries and entities is updated in accordance with changes in international sanctions regulations.
XSoftHub uses Stripe, Inc. as an external PCI-DSS certified payment processor. Stripe implements its own KYC and AML procedures as part of its compliance requirements for merchants. By using Stripe as a payment gateway, XSoftHub ensures that financial transactions are processed with additional standards of identity verification and unusual activity detection. Client payment data is handled directly by Stripe in accordance with its privacy policy (stripe.com/privacy). XSoftHub may request additional verification information if Stripe or the competent authorities require it. The conditions of the payment service are subject to Stripe's applicable merchant terms.
XSoftHub has internal procedures for the identification and reporting of suspicious activities. The compliance team evaluates any alert generated by the monitoring system and, where there is a reasonable basis to suspect that a transaction is related to illicit activities, proceeds to report to the competent authorities in accordance with applicable regulations. XSoftHub may, at its sole discretion, suspend or cancel services to clients that generate high-risk alerts while the corresponding investigation is conducted. The identity of internal whistleblowers is protected in accordance with applicable whistleblower protection policies.
XSoftHub ensures that all staff involved in client acquisition, management, and billing receives regular training in KYC, AML, and regulatory compliance. This training includes: (a) recognition of red flags during the onboarding process and throughout the business relationship; (b) internal escalation and reporting procedures for suspicious activities; (c) updates on relevant regulatory changes in AML/KYC matters; (d) use of compliance tools and systems implemented by XSoftHub. The compliance officer is responsible for overseeing the implementation of this policy and reporting to the management team on the status of the KYC/AML program. For compliance inquiries, contact compliance@xsofthub.com.