Policy

Summary Of Custody And Administration Policy

  • BitFlow
  • 29 Jul 2025
  • Important

This Summary of Custody and Administration Policy (hereinafter referred to as «Policy») outlines the custody and administration procedures for crypto-assets provided by Bitflow Lab s.r.o., a company registered in the Czech Republic under registration number 193 05 800, with its registered address at Antala Staška 1859/34, Krč, 140 00 Praha 4, Czech Republic (hereinafter referred to as «Company»).

  1. GENERAL PROVISIONS AND PLATFORM
    1. Bitflow Lab s.r.o. provides custody and administration services for crypto-assets on behalf of clients in compliance with Regulation (EU) 2023/1114 (MiCA).
    2. All client relationships are governed by the Company’s Terms of Use, available at https://bitflow-lab.com/terms-of-use.html.
    3. The Bitflow platform enables client onboarding (via Sumsub), wallet generation, transaction execution, and balance management under secured and encrypted architecture.
    4. The Company applies a hot wallet-only model, supported by robust information security controls, including encryption, identity verification, and two-factor authentication. Wallets are not interconnected, and each client is assigned a unique identifier.
    5. The Company ensures strict segregation of client assets, including:
      1. Tagging and separating client crypto-assets from Company assets;
      2. Operational and legal segregation on the platform and distributed ledger;
      3. Internal processes for identifying, monitoring, and retrieving each client’s holdings.
    6. Custodial assets are shielded from the Company’s creditors under Czech law and segregated both legally and operationally.
  2. REGISTER OF TRANSACTION MOVEMENTS
    1. The Company maintains a dedicated, client-specific register (hereinafter referred to as «Register») that records the positions, balances, and all transactional movements associated with each client’s crypto-assets held in custody. This Register is an essential part of the custody framework and is designed to enable accurate traceability and segregation of client assets.
    2. The Company ensures that all instructions, orders, and operations initiated by clients — including deposits, withdrawals, internal transfers, and other relevant activities — are recorded in the Register promptly and in chronological order. Entries are only prevented or delayed if legal, regulatory, or technical circumstances apply, such as:
      1. Ongoing AML/CTF investigations;
      2. System maintenance or outages;
      3. Regulatory reporting requirements or freezes;
      4. Legal injunctions.
    3. The Register is maintained in a real-time or near-real-time format using automated back-end systems and monitored by authorized personnel. This ensures ongoing integrity, auditability, and reconciliation of client records. In case of any discrepancy (e.g., misrecorded balances, double entries, or timing mismatches), the Company:
      1. Identifies and logs the anomaly;
      2. Immediately suspends further affected operations (if needed);
      3. Investigates the cause;
      4. Corrects the entry and documents the fix;
      5. Notifies the client if relevant.
    4. The Company provides clients with quarterly electronic statements of holdings, which include:
      1. Types and quantities of crypto-assets held;
      2. Timestamped records of transactions conducted during the reporting period;
      3. Applicable fees and charges;
      4. Wallet-specific identifiers and balances;
      5. Historical valuation based on market rates.
      Clients may also request ad hoc statements, which will be delivered securely and free of charge.
  3. LIABILITY FOR LOSS OF CLIENTS’ CRYPTO-ASSETS
    1. The Company accepts responsibility for the loss, theft, or unauthorized alteration of client crypto-assets resulting from:
      1. Cyberattacks that compromise Company-controlled infrastructure;
      2. Internal system malfunctions or software errors;
      3. Unauthorized access or negligence by employees or third-party contractors engaged by the Company;
      4. Failure to implement reasonable security, administrative, or technical safeguards.
    2. In the event of a verified incident, the Company shall compensate the affected client up to the fair market value of the crypto-assets at the time the loss occurred. The price shall be based on rates provided by one or more leading liquidity providers designated by the Company and disclosed in the internal pricing policy.
    3. The Company shall not be held liable for losses or damages caused by events outside of its reasonable control or not attributable to its operations, such as:
      1. Blockchain or distributed ledger errors beyond Company control (e.g., network-level forks, consensus failures);
      2. Force majeure events including natural disasters, acts of war, or governmental restrictions;
      3. Changes in regulation that affect accessibility or usage of certain crypto-assets;
      4. Actions or inactions by clients, including phishing, credential compromise, incorrect wallet addresses, or failure to adhere to Terms of Use;
      5. Fraudulent acts or misrepresentations by clients.
    4. In all cases, the Company conducts a formal internal investigation in accordance with its incident response procedures. Clients must:
      1. Report the issue immediately;
      2. Provide requested supporting documentation;
      3. Cooperate with investigations to enable the Company to determine attribution and eligibility for compensation.
  4. CLIENTS’ RIGHTS ATTACHED TO CRYPTO-ASSETS
    1. When clients store crypto-assets with Bitflow Lab s.r.o. under its regulated custody framework, they retain full legal ownership of those assets. This includes the unrestricted right to request a transfer of their holdings to an external wallet address at any time, subject only to standard compliance procedures and identity verification.
    2. Clients may freely transfer or exchange their assets within the platform in accordance with the User Agreement and applicable laws. Through their user dashboard, clients can access real-time information about their crypto-asset balances and view a complete historical log of their transaction activity, including transfers, internal movements, deposits, and withdrawals. In the event of technical failures, cybersecurity breaches, or other loss incidents attributable to the Company, clients are eligible for compensation in accordance with Section 3, which defines liability caps, calculation methods, and qualifying circumstances.
    3. While clients maintain full asset rights in custody, their relationship with the Company does not entitle them to any governance or financial participation rights in Bitflow Lab s.r.o. Clients are not considered shareholders, partners, or beneficiaries of any corporate income, equity, or internal funds. Specifically, clients do not hold voting rights in any decision-making process of the Company, do not receive dividends or profit-sharing distributions, and have no claims on the Company’s treasury, operational accounts, or technology infrastructure.
    4. Additionally, unless explicitly granted through a separate agreement or investment contract, clients do not acquire rights to participate in derivative instruments, leveraged products, or structured yield offerings managed by the Company or third parties.
    5. Bitflow Lab is committed to transparent, timely, and client-centric communication. The Company actively informs clients about any relevant operational or security matters, including platform upgrades, supported network migrations, temporary service outages, integration of new crypto-assets, or critical actions requiring client approval (e.g., hard forks, token swaps, or delistings). Such communication is conducted via multiple secure and auditable channels, including the email address registered by the client, encrypted in-platform notifications, official notices published on the Company’s website (https://bitflow-lab.com), and designated support contacts such as the compliance hotline and secure submission forms.
  5. RETURN OF CRYPTO-ASSETS
    1. Clients may initiate the return of their crypto-assets at any time using the secure interface available in their authenticated user account. Withdrawal requests are processed without undue delay, unless specific legal, regulatory, or security-related circumstances require further review. Bitflow Lab prioritizes efficiency and client control, ensuring the prompt execution of legitimate return requests in line with internal custody procedures and MiCA requirements.
    2. Clients may request the withdrawal or return of assets for a variety of reasons, including the voluntary closure of their account, the transition to an external wallet or third-party custodian, the liquidation or conversion of their holdings, or in response to a Company-initiated event such as service suspension or delisting of a supported crypto-asset.
    3. In cases where the service relationship is terminated—whether at the initiative of the client or the Company—Bitflow Lab will immediately restrict further activity on the affected client wallet, isolate the remaining balance into a non-operational holding account under internal custody, and await secure and verifiable transfer instructions from the client. Throughout this process, the Company maintains an audit trail of all associated actions, including internal approvals, verification steps, and wallet-level transaction logs.
    4. To ensure that crypto-assets are not misappropriated during the return process, Bitflow Lab applies strict security protocols including two-factor authentication, re-verification of client identity documents, address whitelisting procedures, and confirmation of instructions via the client’s verified email or phone number. Only after these safeguards are satisfied does the Company authorize the return transaction on the relevant blockchain.
    5. If the return of crypto-assets is delayed due to AML/CTF investigations, external network congestion, custodial system maintenance, or other technical anomalies, the Company notifies the client as soon as possible. Clients are provided with an explanation of the reason for the delay, an estimated resolution timeframe, and any necessary follow-up instructions. The Company continues to offer status updates throughout the resolution process, except in cases where regulatory confidentiality (e.g., ongoing law enforcement or AML procedures) prevents disclosure.
    6. In the event of full or partial suspension of services, liquidation of operations, or permanent discontinuation of custody infrastructure, Bitflow Lab takes all necessary steps to ensure that clients can safely retrieve their assets. Clients are notified in advance through multiple channels and provided with instructions for withdrawing their holdings within a defined timeframe. The Company ensures that all return operations are properly documented, securely executed, and auditable by supervisory authorities if required.