CORPORATE POLICIES AND BEST PRACTICES FOR THE PREVENTION OF MONEY LAUNDERING AND THE PROTECTION OF MINORS.

Issued by:
DAVINCI VC & F S.A.S. – NIT: 901.572.048-5 (Colombia), as the owner of the digital platform ZTREAMO and the logistics, financial, and operational manager of the platform.

​

1). OBJECTIVE AND SCOPE.

This document aims to clearly, comprehensively, and bindingly establish the internal policies, operational procedures, control mechanisms, and preventive measures adopted by ZTREAMO TECH & IT Corp and DAVINCI VC & F S.A.S. to ensure full compliance with international regulations on anti-money laundering (AML), counter-terrorism financing, and the comprehensive protection of minors against digital sexual exploitation.

These policies apply to all parties within the ZTREAMO digital ecosystem, including internal staff, users, models, strategic partners, providers, external auditors, and any third party interacting with the platform. Compliance with these provisions is mandatory. Failure to comply will result in internal sanctions, termination of contractual relationships, and possible referral to the relevant legal authorities.

2). INTERNATIONAL LEGAL AND REGULATORY FRAMEWORK.

ZTREAMO adheres to the main international regulations in force as of the date of this document, including but not limited to:

2.1) Recommendations of the Financial Action Task Force (FATF/GAFI) on anti-money laundering and counter-terrorism financing.

2.2) Regulations issued by the United States Financial Crimes Enforcement Network (FinCEN), applicable to digital transactions and content platforms.

2.3) European Union anti-money laundering directives AMLD4, AMLD5, and AMLD6.

2.4) Applicable national laws: legislation against money laundering and child protection in the United States, Panama, and Colombia.

2.5) Personal data protection standards (GDPR, Colombian Law 1581 of 2012) and cybersecurity standards (ISO/IEC 27001).

2.6) Child protection laws such as COPPA (U.S.), FOSTA-SESTA, and criminal frameworks prohibiting the production, distribution, or promotion of sexual content involving minors.

​

3). ANTI-MONEY LAUNDERING POLICY.

The company enforces a zero-tolerance policy regarding the use of its platform for money laundering purposes. To ensure this, all users, models, and commercial partners operating or interacting within ZTREAMO’s ecosystem must undergo rigorous identity verification processes, specifically KYC (Know Your Customer) and KYB (Know Your Business) protocols.

These procedures include validation of government-issued identification, real-time video-based liveness tests, and cross-verification against international restricted lists such as OFAC, UN Sanctions Lists, and INTERPOL alerts.

Additionally, an automated financial transaction monitoring system operates continuously, using specialized algorithms to detect unusual transactions, abnormal patterns, and suspicious structures such as payment triangulation. This system generates internal alerts for review by the company’s compliance team. This monitoring service is outsourced and provided by PAYSECURE (https://paysecure.net/), based in the United Kingdom.

In the event of suspicious activity, a Suspicious Activity Report (SAR) will be immediately generated and submitted to the relevant Financial Intelligence Unit (FIU) in coordination with PAYSECURE, within the jurisdictions of the United States, Panama, Colombia, and/or the jurisdiction where the user or transaction is based.

Furthermore, internal financial audits are conducted semi-annually, supplemented by annual external audits to assess the effectiveness and compliance of the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) system. All operational staff must complete mandatory, certified training every six months, focused on risk identification, reporting procedures, and compliance with international regulations.

4). POLICY FOR THE PROTECTION OF MINORS AND ILLICIT CONTENT.

ZTREAMO strictly and permanently prohibits the presence, promotion, or commercialization of any content involving minors. To prevent any breach of this policy, the following measures have been adopted:

4.1) Mandatory age verification (21+ years) for all models and users who generate or consume content. This process is conducted via TRUORA (https://www.truora.com/), which validates official IDs such as passports, driver’s licenses, or national IDs, supported by facial biometric recognition and liveness detection. This technology is connected to official government databases to ensure authenticity.

4.2) All uploaded content undergoes automated pre-screening using AI technology for facial recognition, pattern detection, and content classification. The system flags potential risks involving minors, generating immediate alerts for analysis by a specialized human review team. No content is published without human validation.

4.3) In the event that prohibited content bypasses human review, it will be immediately removed, the account permanently suspended, and authorities in the corresponding jurisdiction will be promptly notified.

4.4) ZTREAMO provides a confidential reporting channel within the platform, enabling users, staff, and third parties to anonymously report any suspected presence of minors or illegal content. All reports are investigated and documented. The company actively collaborates with INTERPOL, national police, prosecutors, and child protection agencies, providing evidence, digital records, and traceability for legal investigations involving minors.

5). VERIFICATION AND SUPPORT PLATFORMS.

ZTREAMO maintains international support and verification agreements with TRUORA and PAYSECURE, specialized in fraud prevention and digital payment verification technologies. This partnership ensures an additional layer of security and compliance for all operations within the platform.

TRUORA provides a complete suite of verifications including ID verification (IDV), facial biometrics, liveness detection, and criminal background checks. These verifications are mandatory for all content-generating models and users.

The TRUORA system connects in real-time with official databases and government records, ensuring the integrity of identification processes and enabling detection of false documents, duplicate identities, or users with criminal records. All verified data is securely encrypted and stored, with access strictly limited to ZTREAMO’s authorized compliance personnel.

TRUORA also supports internal and external audits, regulatory or judicial investigations, and provides certified traceability for every validation process. This partnership is key to ZTREAMO’s compliance with global KYC/AML standards and the effective protection of minors.

PAYSECURE provides technological infrastructure for payment system validation and control, certifying the lawful and reliable origin of funds.

6). OPERATIONAL AND CONTROL PROTOCOLS.

To ensure effective compliance with these policies, a series of mandatory operational protocols apply to all company departments:

6.1) Mandatory registration and verification for all models and content-generating users, including valid ID submission, interactive video-based liveness tests, and linked bank account validation. Accounts cannot be activated without full approval.

6.2) All platform activity is monitored through IP tracking, digital behavior analysis, and automated content review tools, designed to detect anomalies, impersonation attempts, high-risk access, or policy violations.

6.3) A risk assessment system evaluates each user and model, assigning a score based on activity history, transaction frequency, related user behavior, and verified background. High-risk profiles are monitored more closely and may be temporarily suspended for manual review.

6.4) Compliance policies and operational procedures are updated quarterly by the Legal Compliance Committee, based on new laws, emerging technologies, and international recommendations. Operational staff receives regular training to ensure full awareness of roles and responsibilities.

6.5) All records (verifications, transactions, reports, audits) are securely stored for a minimum of five (5) years, in compliance with international and local regulations, ensuring process traceability and transparency.

7). CORPORATE RESPONSIBILITY.

ZTREAMO TECH & IT Corp, as owner of the platform, is responsible for the technological infrastructure, information security, data protection, and the safe digital operation of the ZTREAMO ecosystem. This includes feature development, secure server maintenance, and implementation of internal access and monitoring controls.

DAVINCI VC & F S.A.S. is responsible for the logistical, financial, and administrative management of the platform. This includes legal and tax compliance in Colombia, identity verification, payment auditing, coordination with local and international authorities, and overall regulatory compliance oversight.

Together, both companies are responsible for implementing incident response mechanisms, coordinating remediation actions, managing relations with regulatory entities, and ensuring uniform and effective application of all policies described herein.

8). COMPLIANCE STATEMENT.

By signing this document, ZTREAMO TECH & IT Corp and DAVINCI VC & F S.A.S. declare their full commitment to legality, business ethics, and human rights protection. Both companies reaffirm their zero-tolerance stance against child exploitation, money laundering, and terrorism financing, and their willingness to cooperate fully with national and international authorities in the prevention and prosecution of such crimes.

This document is effective as of the date of signing and will be reviewed annually or earlier if significant regulatory changes occur. All parties involved are obligated to strictly comply with the provisions contained herein.

Signed on the 28 day of July, 2025.

DAVINCI VC & F S.A.S.
NIT.: 901.572.048-5 – Bogotá/COL.

Legal Representative: CLARA MARCELA ARIAS MONTAÑA.