GLOBAL COOKIE & TELEMETRIC GOVERNANCE POLICY

Date: January 1, 2026

Version: 1.0.6

SECTION 1: ARCHITECTURAL NECESSITY AND SCOPE OF TELEMETRY

1.1. Technical Rationale for Telemetric Deployment: The banxtack™ digital ecosystem and its underlying "Experience Layer" utilize "Cookies," "Web Beacons," "Local Storage Objects," and "Pixel Tags" (collectively referred to as “Telemetric Tools”). Unlike standard consumer-facing applications, these tools are architecturally indispensable for the maintenance of Session Persistence, Multi-Asset Ledger Security, and the prevention of unauthorized API ingress. The deployment of these tools is a fundamental requirement for the functional stability of the global financial infrastructure.

1.2. Scope of Governance: This Policy governs all telemetric data acquisition across the Company’s digital real estate, including:

(a) Public Portals: The informational interfaces situated at www.banxtack.com.
(b) Operational Interfaces: The "Back-Office" Operational Command Center and the administrative dashboards utilized for "Eligibility Evaluation" and "Investigations & Reporting."
(c) White-Label Gateways: Any "Experience Layer" components deployed as part of a branded infrastructure instance.

1.3. Definition of Telemetry in the Fintech Context: For the purposes of this Policy, "Telemetry" refers to the automated collection of real-time operational data regarding user interaction, system performance, and network behavior. This data is essential for the "Atomic Reconciliation" protocols and serves as a first line of defense against sophisticated cyber-assaults and "Data Poisoning" attempts.

1.4. Manifestation of Assent: By accessing the Website or interacting with the infrastructure’s API interfaces, the Counterparty acknowledges and agrees to the deployment of these Telemetric Tools as being necessary for the delivery of a secure and compliant financial environment.

SECTION 2: TAXONOMY OF TELEMETRIC TOOLS AND FUNCTIONAL HIERARCHY

2.1. Categorization by Criticality: The Company classifies its Telemetric Tools into a discrete hierarchy based on their necessity for systemic integrity, operational stability, and regulatory compliance. Each category serves a specific role within the multi-asset ledger environment.

2.2. Tier I: Strictly Necessary (Security and Session Integrity): These tools are mandatory for the technical execution of the platform's core logic and cannot be deactivated without compromising the security architecture of the infrastructure.

Purpose: Orchestration of multi-factor authentication (MFA) states, CSRF (Cross-Site Request Forgery) protection, and the maintenance of authenticated "Back-Office" sessions.
Forensic Utility: Ensuring that a single user session is tethered to a verified device/IP combination to prevent "Session Hijacking" and unauthorized ledger manipulation.
Duration: Typically session-based (expiring upon the termination of the administrative session) or short-term persistent.

2.3. Tier II: Functional and Performance Telemetry (Infrastructure Optimization): These tools monitor the health, throughput, and latency of the global financial rails and API response times.

Purpose: Load balancing optimization across geo-redundant data centers and the identification of "Experience Layer" latency that may impact "Atomic Reconciliation" speeds.
Data Points: Anonymized telemetrics, including geographic point of ingress, browser versioning, and system heartbeat data.
Utility: Improving the efficacy of the "Pricing & Fee Engine" by analyzing traffic patterns during peak transaction windows to ensure high-velocity settlement.

2.4. Tier III: Compliance and Forensic Telemetry (AML & Fraud Mitigation): Specialized tools designed to detect anomalous behavior indicative of "Data Poisoning" or high-frequency automated script ingress.

Purpose: Advanced device fingerprinting and distinguishing legitimate human interaction from sophisticated bot-based attempts to scrape the infrastructure’s conversion logic or test card vulnerabilities.
Integration: These telemetric signals are fed directly into the "AML & Compliance Engine" to contribute to the "Dynamic Risk Scoring" of a specific connection.

SECTION 3: THE MECHANIZATION OF CONSENT AND GOVERNANCE MANAGEMENT

3.1. Provision of Granular Control: In accordance with the "Privacy by Design" principles inherent in the banxtack™ architecture, the Company provides the Counterparty and its Users with a specialized Governance Consent Manager. This interface, accessible upon initial ingress to the Website or the "Back-Office," enables the granular selection or rejection of Telemetric Tools that are not classified as "Strictly Necessary" under Section 2.2.

3.2. Mandatory Nature of Tier I Infrastructure Tools: The Counterparty acknowledges that Tier I (Strictly Necessary) tools are a technical prerequisite for the secure orchestration of the multi-asset ledgers and the maintenance of systemic integrity. These tools cannot be deactivated through the Governance Consent Manager. Any attempt to bypass or block these specific scripts via third-party browser extensions or firewall configurations may result in a "Systemic Lockout," rendering the "Experience Layer" and its associated financial modules non-functional.

3.3. Affirmative Assent for Optimization and Compliance Tiers: For Tier II (Functional) and Tier III (Forensic) telemetry, the Company employs an "Opt-In" framework for Users residing in jurisdictions with stringent privacy mandates (such as the EEA or UK). By toggling these options to "Active," the User provides their explicit, informed consent for the Company to utilize these tools for infrastructure optimization and fraud mitigation.

3.4. Administrative Revocation and Temporal Expiration: Consent granted via the Governance Consent Manager is not perpetual. Users retain the right to modify their telemetric preferences at any time through the "Settings" menu of the Operational Command Center. Furthermore, to ensure compliance with the "Right to be Forgotten," the system is programmed to trigger a "Consent Re-validation" prompt every twelve (12) months, ensuring that the user’s preferences remain current and documented for regulatory audit trails.

3.5. Impact of Consent Withdrawal: While the Company respects the withdrawal of consent for Tier II and Tier III tools, the Counterparty acknowledges that such withdrawal may degrade the "Dynamic Risk Scoring" efficacy for that specific user session. In cases where forensic telemetry is unavailable, the "AML & Compliance Engine" may default to a more restrictive security posture to protect the broader infrastructure.

SECTION 4: THIRD-PARTY ECOSYSTEM TELEMETRY AND INTEGRATED PARTNER SCRIPTS

4.1. The Consolidated Infrastructure Principle: The Counterparty acknowledges that the banxtack™ ecosystem functions as a high-velocity gateway, orchestrating connectivity to a global network of regulated financial institutions, card schemes, and compliance providers. To facilitate the "Atomic Reconciliation" and "Payments & Money Movement" pillars, the infrastructure may load technical scripts or Telemetric Tools originating from authorized Integrated Partners (collectively, “Third-Party Telemetry”).

4.2. Nature and Utility of Integrated Scripts: These third-party tools are strictly functional and are deployed only within the specific operational context of a transaction or compliance event. Their utility includes:

Payment Authorization & Tokenization: Scripts from card networks (e.g., Visa, Mastercard) or banking partners (e.g., Banking Circle) utilized to secure the "Card Issuance" bridge and ensure transaction validity.
Identity Orchestration & Liveness: Telemetric signals from specialized forensic partners (e.g., Sumsub, Chainalysis) integrated into the AML & Compliance Engine to perform biometric liveness verification and real-time blockchain forensic analysis.
Secure Custody Handshakes: Cryptographic heartbeat signals from institutional-grade custody providers (e.g., Fireblocks) to maintain the integrity of the "Secure Custody Bridge" during the movement of virtual assets.

4.3. Governance of Third-Party Domains: While these tools are loaded via the banxtack™ infrastructure, the data processing activities of Integrated Partners are governed by their respective privacy and cookie policies. The Company ensures that these scripts are only active during authenticated sessions and are restricted from accessing any Personal Data not explicitly required for the technical execution of the specific service pillar being utilized.

4.4. Proliferation of "Fintech Shield" Standards: The Company conducts rigorous technical due diligence on all Integrated Partners to ensure their Telemetric Tools adhere to cybersecurity standards commensurate with the global financial industry. This includes the requirement for encrypted data transmission and the prohibition of "Cross-Site Tracking" for non-functional purposes.

4.5. Disclosure of Integrated Partners: A comprehensive and periodically updated list of the technical domains associated with our Integrated Partners is available to Clients upon formal request via the administrative channels. The Counterparty is responsible for informing its End Users that such third-party scripts may be active within their branded white-label instance to facilitate the underlying financial logic.

SECTION 5: TEMPORAL GOVERNANCE, STORAGE MANAGEMENT, AND TELEMETRIC PURGING

5.1. The Principle of Telemetric Minimization: In alignment with the "Data Minimization" requirements of global data protection frameworks, the Company implements a rigorous Temporal Governance Framework for all data acquired via Telemetric Tools. The Company does not store telemetric metadata indefinitely; instead, it adheres to a lifecycle management protocol designed to balance operational forensic requirements with the right to privacy.

5.2. Classification of Retention Durations: The retention period for telemetric data is dictated by its functional category within the infrastructure:

(a) Session-Based Telemetry (Volatile): Metadata associated with Tier I (Strictly Necessary) tools is typically purged immediately upon the termination of the browser session or the expiration of the authenticated "Back-Office" handshake.
(b) Optimization & Performance Logs (Short-Term): Telemetrics utilized for Tier II (Infrastructure Optimization) are retained for a period not exceeding ninety (90) days. This window allows for the analysis of monthly performance cycles and the identification of systemic latency trends.
(c) Forensic & Security Metadata (Long-Term): Telemetry linked to Tier III (AML & Fraud Mitigation) may be retained for a duration of twelve (12) to twenty-four (24) months. This extended window is required to facilitate forensic post-mortems following a security incident and to support the "Investigations & Reporting" module in identifying long-term patterns of "Data Poisoning" or synthetic identity fraud.

5.3. Secure Archival and Ledger De-linking: During the retention period, telemetric logs are stored in an encrypted, sequestered environment. Once the operational utility of the telemetry has concluded, the Company performs "Ledger De-linking," ensuring that the technical logs are stripped of any identifiers that could link them back to a specific Counterparty or End-User, effectively rendering the data anonymous.

5.4. Automated Purging Protocols: The banxtack™ infrastructure employs automated purging scripts that execute daily "Clean-Sweep" operations. These scripts identify and permanently delete data taxonomies that have reached their "End-of-Life" (EOL) as defined by this Policy, utilizing cryptographic erasure to ensure the data is irrecoverable.

5.5. Legal Hold Exception: Notwithstanding the standard retention windows, the Company reserves the unilateral right to place a "Legal Hold" on specific telemetric logs. This occurs if the telemetry is deemed critical evidence for an active judicial proceeding, regulatory inquiry, or an internal investigation into systemic infrastructure misuse. Once the Legal Hold is formally lifted, the data is prioritized for immediate purging.

SECTION 6: ADMINISTRATIVE OVERSIGHT AND PROFESSIONAL INQUIRY PROTOCOLS

6.1. Dedicated Governance Oversight: The governance of Telemetric Tools and the broader infrastructure telemetry is managed by the banxtack™ Global Compliance & Information Security Office. This office is responsible for the continuous monitoring of the "Fintech Shield" and ensures that the deployment of any new "Experience Layer" scripts aligns with the rigorous standards set forth in this Policy and international data protection edicts.

6.2. Mechanization of Technical Audit: The Company recognizes that institutional Clients may require transparency regarding the specific Telemetric Tools active within their branded white-label instances. Upon formal written request, and subject to non-disclosure obligations, the Company can provide a Technical Telemetry Audit, detailing the current taxonomy of active cookies and the specific sub-processors integrated via the API interfaces.

6.3. Professional Inquiry Channels: All technical inquiries, notifications of suspected telemetric irregularities, or requests for detailed cookie manifests must be directed exclusively through the Company’s verified professional business channels. To ensure priority handling and forensic traceability, please use the following coordinate:

Global Business & Compliance Affairs: business@banxtack.com

6.4. Limitation of Informal Communication: For the avoidance of doubt, and to preserve the security of the infrastructure, the Company does not provide telemetric support or governance updates via social media, informal messaging platforms, or unsecured communication rails. All formal governance correspondence must originate from the Counterparty’s registered corporate domain.

6.5. Severability and Policy Primacy: Should any provision of this Global Cookie & Telemetric Governance Policy be deemed invalid or unenforceable by a competent judicial authority, the remainder of the Policy shall continue in full force and effect. In the event of a conflict between this Policy and the Master Terms and Conditions, the Master Terms shall prevail as the primary governance indenture.