Compliance

1. Introduction

At Nosyq, we are committed to operating with integrity and in compliance with all applicable laws, regulations, and industry standards. This Compliance Policy outlines our approach to meeting regulatory requirements and maintaining the highest standards of security, privacy, and business ethics.

As a provider of hardware wallet solutions for cryptocurrency storage, we recognize the importance of compliance in building trust with our customers and partners. This policy demonstrates our commitment to responsible business practices in the evolving cryptocurrency and digital asset landscape.

2. Regulatory Framework

Nosyq monitors and adheres to relevant laws and regulations across various jurisdictions, including but not limited to:

2.1 U.S. Federal Regulations

• Federal Trade Commission (FTC) regulations regarding consumer protection and unfair business practices
• Electronic Communications Privacy Act (ECPA)
• Computer Fraud and Abuse Act (CFAA)
• Federal consumer protection laws

2.2 State-Specific Regulations

• California Consumer Privacy Act (CCPA)
• New York Department of Financial Services (NYDFS) cybersecurity regulations
• Various state data breach notification laws

2.3 International Regulations

• European Union General Data Protection Regulation (GDPR)
• United Kingdom Data Protection Act
• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• Australia's Privacy Act

2.4 Industry-Specific Regulations

• Payment Card Industry Data Security Standard (PCI DSS) for processing payment card information
• Relevant cryptocurrency and digital asset regulations in jurisdictions where we operate

We continuously monitor regulatory developments and update our compliance program as necessary to address new requirements.

3. Security Standards and Certifications

Nosyq is committed to implementing industry-leading security standards and obtaining relevant certifications for our products and services:

3.1 Product Security Certifications

• Common Criteria (CC) Certification: Our secure elements are certified under the Common Criteria framework, an international standard (ISO/IEC 15408) for computer security certification.
• Federal Information Processing Standard (FIPS) 140-2/140-3: Our cryptographic modules comply with FIPS requirements for cryptographic modules.
• Evaluation Assurance Level (EAL) Ratings: Various components of our hardware wallets have achieved EAL ratings, indicating their security evaluation under Common Criteria.

3.2 Organizational Security Frameworks

• ISO/IEC 27001: We maintain an Information Security Management System (ISMS) aligned with ISO/IEC 27001 standards.
• SOC 2 Type II: We undergo regular Service Organization Control (SOC) 2 Type II audits to verify our security, availability, and confidentiality controls.
• NIST Cybersecurity Framework: Our security practices are aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

3.3 Secure Development Practices

• Implementation of Secure Software Development Lifecycle (SSDLC) methodologies
• Regular security testing, including penetration testing and vulnerability assessments
• Continuous monitoring and rapid response to security vulnerabilities
• Bug bounty program to encourage responsible disclosure of security issues

3.4 Supply Chain Security

• Secure and verified component sourcing
• Manufacturing security controls and audits
• Secure packaging and anti-tampering measures
• Verifiable authenticity for all devices

4. Data Protection Compliance

Nosyq is committed to protecting the privacy and security of personal data in accordance with applicable data protection laws:

4.1 Privacy by Design

We incorporate Privacy by Design principles in our product development and business operations, ensuring that privacy considerations are integrated from the earliest stages of development and throughout the entire lifecycle of our products and services.

4.2 Data Minimization

We collect only the personal data necessary for the specific purpose for which it is processed. By design, our hardware wallets do not collect or transmit users' private keys or cryptocurrency transaction data to Nosyq.

4.3 Data Subject Rights

We respect and facilitate the exercise of data subject rights under applicable laws, including:

• Right to access personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing

4.4 International Data Transfers

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that do not provide an adequate level of protection, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

4.5 Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that may result in a high risk to the rights and freedoms of individuals.

4.6 Vendor Management

We ensure that our vendors and service providers that process personal data on our behalf maintain appropriate security measures and comply with applicable data protection laws through contractual commitments and periodic assessments.

5. Anti-Money Laundering Policies

While Nosyq provides hardware wallet devices and does not directly facilitate cryptocurrency transactions or function as a financial institution or exchange, we are committed to preventing the use of our products and services for money laundering, terrorist financing, or other illegal activities.

5.1 Know Your Customer (KYC) Procedures

For certain enterprise customers and high-value orders, we may implement risk-based KYC procedures to verify customer identity in accordance with applicable regulations.

5.2 Suspicious Activity Monitoring

We monitor for suspicious patterns in product orders that may indicate attempts to circumvent regulations or engage in illegal activities.

5.3 Cooperation with Law Enforcement

We cooperate with legitimate law enforcement inquiries in accordance with applicable laws and our Privacy Policy, while respecting user privacy and requiring proper legal process for any information requests.

5.4 Prohibited Countries and Restricted Parties

We do not ship products to countries subject to comprehensive sanctions, and we screen against applicable sanctions and restricted party lists to prevent transactions with designated individuals or entities.

6. Export Controls

Nosyq complies with applicable export control laws and regulations, including the U.S. Export Administration Regulations (EAR). Our export compliance program includes:

6.1 Product Classification

We properly classify our products under applicable export control classification numbers (ECCNs) or as EAR99 items.

6.2 Destination Screening

We screen all shipment destinations against lists of embargoed or sanctioned countries and regions.

6.3 End-User and End-Use Screening

We implement procedures to identify potential prohibited end-users or end-uses of our products, including screening against various restricted party lists.

6.4 Anti-Boycott Compliance

We comply with U.S. anti-boycott laws and regulations, which prohibit participation in unsanctioned foreign boycotts.

7. Accessibility Compliance

Nosyq is committed to ensuring that our website, applications, and products are accessible to people with disabilities:

7.1 Web Content Accessibility Guidelines (WCAG)

We strive to conform to WCAG 2.1 Level AA standards for our website and web applications.

7.2 Product Accessibility

We incorporate accessibility considerations into our product design process, including:

• High-contrast display options
• Tactile features for navigation
• Compatibility with screen readers when possible
• Clear documentation in accessible formats

7.3 Ongoing Improvements

We continuously work to improve the accessibility of our products and services through regular assessments, user feedback, and implementation of best practices.

8. Updates to Compliance Policies

We regularly review and update our compliance policies to address changes in:

• Applicable laws and regulations
• Industry standards and best practices
• Our products, services, and business operations
• The threat landscape and security technologies

When we make significant changes to our compliance policies, we will notify our customers and partners through appropriate channels and update the "Last Updated" date at the top of this policy.

9. Contact Us

If you have questions or concerns about our compliance policies or practices, please contact us at:

Nosyq
Attn: Compliance Officer
13014 N Dale Mabry Hwy
Tampa, FL 33618
United States

Email: compliance@nosyq.com
Phone: +1 (813) 781-1628