StableOps
Sign in
Legal/Compliance Statement
Legal

Compliance Statement

StableOps’ compliance boundary, non-custodial posture, and operational control commitments.

Last updated: 2026-06-07
Non-custodial boundary
  • StableOps monitors blockchain events and routes operational webhooks. It does not hold customer assets, control private keys, pool funds, settle fiat, or execute payouts.
  • Customers remain the merchant of record or payment operator for their own products and are responsible for wallet governance and user-facing disclosures.
Risk controls
  • The platform supports audit logs, API key scoping, webhook signing, secret rotation, event idempotency, confirmation thresholds, and reorg detection.
  • Enterprise deployments can integrate customer-selected KYT, sanctions screening, retention, and export workflows as contractual controls.
Scope of this statement
  • This page is a product-facing statement of StableOps’ compliance posture and the controls available on the platform. It describes how the service is designed to operate, not the obligations of any individual customer.
  • It is not legal advice and not a substitute for customer-specific compliance review. Customers should evaluate their own regulatory, sanctions, tax, and data protection obligations for the jurisdictions in which they operate.
Sanctions and AML posture
  • StableOps does not move or settle funds, so it is not the AML obligor for customer transactions. Customers operating regulated payment flows remain responsible for their own KYC/KYT/AML program.
  • We prohibit use by, or on behalf of, sanctioned persons or jurisdictions, and reserve the right to suspend access where credible sanctions or abuse signals arise.
Prohibited businesses and activities
  • The platform may not be used for mixers or tumblers, ransomware, darknet markets, fraud, unlicensed money transmission, or any activity prohibited by the terms of service.
  • Customers in higher-risk categories may be required to provide additional disclosures or contractual controls before production access.
Data residency and infrastructure
  • Event ingestion, confirmations, and webhook delivery run on infrastructure scoped by (organization, environment, chain, address) so tenant data stays isolated.
  • Enterprise deployments can negotiate region, retention, export, and sub-processor terms; default infrastructure regions are documented during onboarding.
Incident response and disclosure
  • We monitor service health with metrics and error reporting, and investigate security or availability incidents through an internal response process.
  • Where an incident materially affects customer data or payment-event processing, we aim to notify affected customers and coordinate remediation per applicable law and contract terms.
Compliance contact
  • For compliance, sanctions, or security questions, contact [email protected].
  • Responsible disclosure of suspected vulnerabilities is welcome; please avoid testing that disrupts other tenants or accesses data you are not authorized to view.
Privacy PolicyTerms of ServiceCompliance Statement