Compliance Framework

Last Updated: August 25, 2025

At Aave-us, we are committed to maintaining the highest standards of regulatory compliance and security. This document outlines our approach to compliance with various laws, regulations, and industry standards that govern the cryptocurrency and hardware security sectors.

1. Regulatory Compliance

1.1 Data Protection and Privacy

Aave-us is fully committed to protecting user privacy and complying with applicable data protection laws and regulations, including:

  • United States Privacy Laws: We comply with federal and state privacy laws, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
  • General Data Protection Regulation (GDPR): Although primarily operating in the US, we adhere to GDPR principles for our European customers.
  • Cross-Border Data Transfers: We implement appropriate safeguards for international data transfers, including standard contractual clauses where necessary.

Our detailed approach to data protection can be found in our Privacy Policy.

1.2 Anti-Money Laundering (AML) and Know Your Customer (KYC)

While hardware wallets themselves are not financial service providers subject to full AML/KYC requirements, Aave-us implements reasonable measures to prevent our products from being used for illegal purposes:

  • We conduct identity verification for high-value transactions in accordance with legal requirements.
  • We maintain records of sales as required by applicable laws.
  • We cooperate with law enforcement agencies when legally required to do so.

1.3 Import/Export Compliance

Our hardware wallets incorporate cryptographic technology that may be subject to import/export controls. We ensure compliance with:

  • Export Administration Regulations (EAR): We maintain appropriate controls on exporting our hardware wallets in compliance with US export regulations.
  • International Traffic in Arms Regulations (ITAR): We ensure our products and technologies comply with ITAR requirements where applicable.
  • Sanctions Compliance: We do not conduct business with sanctioned countries, entities, or individuals.

2. Security Standards and Certifications

2.1 Hardware Security

Our hardware wallets are designed and manufactured to meet or exceed industry security standards:

  • Common Criteria EAL6+ Certification: Our secure elements have achieved EAL6+ certification, providing high assurance of security against sophisticated attacks.
  • FIPS 140-2 Level 3: Our cryptographic modules comply with Federal Information Processing Standards, ensuring secure generation and management of cryptographic keys.
  • Physical Tamper Resistance: Our devices incorporate multiple tamper-resistant and tamper-evident features to protect against physical attacks.

2.2 Software and Firmware Security

We implement rigorous security practices for our software development and firmware updates:

  • Secure Development Lifecycle: We follow industry best practices for secure software development.
  • Code Audits: Our firmware and software undergo regular security audits by independent third-party security firms.
  • Cryptographic Signature Verification: All firmware updates are cryptographically signed to prevent tampering.
  • Open Source Components: We maintain transparency by publishing the source code of key components for public review.

2.3 Organizational Security

Our internal organizational security measures include:

  • ISO 27001 Certification: Our information security management system is certified to ISO 27001 standards.
  • Personnel Security: We conduct background checks on employees and implement strict access controls to sensitive information.
  • Supply Chain Security: We maintain strict controls over our manufacturing and distribution processes to prevent tampering or counterfeiting.

3. Industry Standards and Best Practices

3.1 Cryptocurrency Standards

Our hardware wallets implement and support industry-standard protocols and specifications for cryptocurrency management:

  • BIP32, BIP39, BIP44: We support hierarchical deterministic wallet standards for key generation and management.
  • SLIP-0039: We support Shamir's Secret Sharing for backup and recovery of private keys.
  • ERC-20, BEP-20, and other token standards: We ensure compatibility with major token standards across different blockchains.

3.2 Security Research and Vulnerability Disclosure

We actively engage with the security research community to continuously improve our products:

  • Bug Bounty Program: We maintain a bug bounty program to incentivize responsible disclosure of security vulnerabilities.
  • Coordinated Vulnerability Disclosure: We follow responsible disclosure practices when addressing security vulnerabilities.
  • Security Research Collaboration: We collaborate with academic and industry researchers to advance hardware security.

4. Compliance Governance

4.1 Compliance Program Structure

Our compliance program is overseen by our Board of Directors and includes:

  • A dedicated Compliance Officer responsible for maintaining and updating our compliance program
  • Regular compliance training for all employees
  • Periodic internal and external compliance audits
  • Clear procedures for addressing compliance issues or violations

4.2 Risk Assessment and Management

We conduct regular risk assessments to identify and mitigate potential compliance and security risks:

  • Annual comprehensive risk assessments covering all aspects of our business
  • Continuous monitoring of regulatory developments and emerging threats
  • Regular updates to our policies and procedures based on risk assessment findings

5. Incident Response and Business Continuity

We maintain robust incident response and business continuity plans to address potential security incidents or business disruptions:

  • Incident Response Plan: We have established procedures for detecting, reporting, and responding to security incidents.
  • Business Continuity Plan: We maintain plans to ensure continuous operation of critical business functions in the event of disruptions.
  • Disaster Recovery: We implement backup and recovery procedures to protect critical data and systems.

6. Customer Support and Education

We are committed to providing our customers with the information and support they need to use our products securely:

  • Comprehensive documentation and guides for secure setup and use of our hardware wallets
  • Educational resources on cryptocurrency security best practices
  • Responsive customer support to address security concerns and questions
  • Transparent communication about security updates and potential vulnerabilities

7. Updates and Ongoing Compliance

This Compliance Framework is regularly reviewed and updated to reflect changes in regulations, industry standards, and best practices. We conduct regular assessments of our compliance program's effectiveness and make improvements as necessary.

For specific inquiries regarding our compliance program, please contact our Compliance Officer at compliance@aave-us.com.

Disclaimer

This Compliance Framework provides an overview of Aave-us's approach to regulatory compliance and security standards. It is not a guarantee of compliance with all applicable laws and regulations in all jurisdictions. Users are responsible for ensuring their use of Aave-us products complies with local laws and regulations.