Statement on Custody Policy

1. Introduction and Purpose of the Policy

YouHodler Italy S.r.l. (the “Company”) is committed to providing custody and administration services for crypto-assets and related funds. 
‍

The Company’s priority is to protect clients’ assets from unauthorised access and to safeguard their ability to access and exercise their rights over such assets at all times. To achieve this objective, the Company implements the most advanced and cutting-edge security technologies and protocols, ensuring the integrity, confidentiality and availability of our clients’ assets.
‍

The Company understands the importance of maintaining trust in the crypto-asset custody sector and is committed to upholding the highest standards of integrity and security and ensuring compliance with all applicable regulatory obligations. For this reason, the Company has drawn up a Custody Policy outlining the rules and procedures the Company has put in place to ensure the safeguarding of clients’ assets and funds and to prevent any unauthorised use of clients’ assets for personal gain. 
‍

In addition to the above, this Custody Policy Disclosure (the “Disclosure”) provides an overview of the key aspects of the Custody Policy, ensuring that clients have a clear understanding of how their assets are managed and protected: it contains a description of the services offered by the Company to clients, outlines the processes and controls in place to ensure that clients’ assets are protected from unauthorised use, accurately tracked and separated, from an operational and legal perspective, from the Company’s own assets. It also details clients’ rights in relation to their assets and the procedures followed by the Company to manage, transfer and report on such holdings. Clients of the Company’s custody services are also invited to consult the terms and conditions governing the provision of custody services by the Company. The Company recognises the fundamental role it plays as a custodian and is committed to maintaining a transparent relationship with clients. 

2. Segregation of assets and custody

YouHodler Italy S.r.l. utilises a multi-layered custody architecture designed to protect clients’ crypto-assets from unauthorised use and to ensure they remain accessible to their rightful owners at all times. The Company applies strict segregation measures, ensuring that clients’ assets remain separate, both operationally and legally, from the Company’s own funds. This segregation is essential to maintain [ Crypto-asset as defined in Article 3(1)(5) of Regulation (EU) 2023/114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937. the integrity of clients’ assets and prevent any risk of misappropriation, misuse, commingling or unauthorised access.
‍

The custody framework combines three complementary storage environments: hot wallets, warm/omnibus wallets and cold storage, each of which performs a specific function within the overall security model. Clients deposit assets into individual hot wallet addresses, which provide clear attribution at the entry point of the custody chain. For reasons of operational efficiency, assets are then consolidated into warm (omnibus) wallets, where they remain stored collectively but tracked individually through the Company’s internal ledger system. A substantial portion of the assets is further secured in cold storage solutions supported by Ledger Vault and Fireblocks, ensuring offline security and long-term resilience.
‍

To safeguard this architecture, the Company implements advanced technical and organisational controls. These include cryptographic validation mechanisms requiring multi-party consent (MPC), multi-factor authentication (MFA), complex password policies and role-based access controls (RBAC) that prevent any single individual from independently controlling or moving assets. Omnibus accounts are never accessible to clients, and only omnibus wallets controlled by the Company are whitelisted by exchanges and external custodians, reducing exposure to cyber risks and maintaining strict operational control under the Company.
‍

Continuous reconciliations, monitoring of custody activities, encryption measures and regular internal and external audits reinforce the integrity and transparency of the custody process. Together, these safeguards ensure that client assets remain secure, segregated and fully recoverable, whilst guaranteeing that only authorised and legitimate owners can access and exercise rights over their crypto assets.

1. Client Rights and Asset Management via the Position Register

The Custody Policy ensures that the recognition and protection of each client’s rights over their crypto-assets are a priority. 
‍

Each client’s rights over their assets are recorded in a detailed positions register maintained by the Company.  This register records each client’s specific holdings, tracking all movements, including deposits, withdrawals and transfers. The register is continuously updated to ensure that it accurately reflects the client’s holdings at all times, providing a clear and transparent view of their financial positions.
‍

This tool ensures that any movement affecting a client’s assets is promptly recorded and that each client’s ownership is clearly defined and respected: clients have full visibility of their asset holdings via the secure client portal, where they can view detailed reports of their positions, transaction history and any relevant updates. 
‍

The Company will provide the client with a quarterly statement of transactions, which will include the assets held, their value and the balance as at the statement date, as well as the movements made during the reporting period. 

2. Transaction Management

The Company has developed a secure and efficient transaction management system to support its custody services and safeguard clients’ assets. All asset movements, whether deposits, withdrawals and/or internal transfers, are carried out under strict security controls to preserve the integrity and accuracy of clients’ holdings.

To minimise the risk of misuse or cyber-attacks, all transactions are executed exclusively through the Company’s omnibus account, which is under the Company’s full operational control. Clients have no direct access to this omnibus wallet, ensuring that no external party can interact with the consolidated storage environment. For this reason, clients’ initial deposits are always made to individual hot wallet addresses generated specifically for each client and asset type. Once the deposit has been validated, the assets are securely transferred from the hot wallet to the omnibus account, where they benefit from advanced protection and centralised oversight.

Every transaction initiated by the client, whether incoming or outgoing, is subject to a rigorous internal workflow that includes multi-level authorisation, verification of client instructions and the use of secure communication channels to prevent unauthorised actions or fraudulent interference. These procedures ensure that no assets can be moved without proper authentication and approval.

All movements are recorded in real time within the Company’s internal accounting system, ensuring that client positions remain accurate and continuously updated. This enables immediate reconciliation and significantly reduces the risk of operational discrepancies. Furthermore, all transactions are continuously monitored and reviewed to verify compliance with regulatory standards and internal policies, thereby enhancing the reliability and transparency of the custody service.

3. Compliance and risk mitigation

The Company operates within a robust compliance framework in line with the latest regulatory standards, including MiCAR. Compliance is fundamental to all custody operations, ensuring that client assets are managed in accordance with both legal requirements and industry best practices. 
‍

The Company’s risk management procedures are designed to identify, assess and mitigate the risks associated with the custody and administration of crypto-assets: the Company continuously monitors and assesses the risks associated with custody services, particularly the custody of crypto-assets. 
‍

Appropriate risk mitigation strategies are in place to address potential threats and vulnerabilities, and regular training and awareness programmes focusing on cybersecurity and fraud are conducted for employees to enhance their understanding of security practices.
‍

To maintain high standards of compliance, the Company conducts periodic audits to review and verify that all custody activities meet regulatory and company policy requirements. 

4. Reporting and transparency: communication and customer support

The Company is committed to maintaining transparency in its custody operations by providing clients with comprehensive and timely reports on their crypto-asset holdings. These reports are designed to give clients a clear overview of the status of their assets, including detailed information on account balances, transaction history and any movements within their portfolios. 
‍

A secure online portal is available through which clients can log in at any time and even request a statement. Historical statements will be provided on a quarterly basis and upon request. Please note that more than one request at any given time may be subject to additional charges. The platform provides real-time updates on asset positions, allowing clients to monitor their holdings and review past transactions with ease: this level of transparency ensures that clients are always informed about the status of their assets, fostering trust in the custody services provided. 
‍

Reports are generated using secure systems that protect client data and maintain the confidentiality of all information. To ensure that clients are well-informed and supported in all aspects of their crypto-asset custody experience, the Company provides clients with various contact channels, including email or the support chat on the platform, ensuring that assistance is always readily available.
‍

In addition to routine communications, the Company offers dedicated support for any questions or issues that may arise: the customer support team is trained to handle a wide range of enquiries, from basic account management to more complex queries regarding custody operations and asset movements. For more specialised matters, clients have access to expert support staff who can provide detailed explanations and guidance.
‍

In any event, the Company will not make any claims or exercise any ownership rights over clients’ assets without explicit authorisation, and protects clients’ assets from any third-party claims.

5. Liability of the Company

Pursuant to Article 75(8) of Regulation (EU) 2023/1114, YouHodler Italy S.r.l. assumes, on an exclusive and proportional basis, liability towards its clients for the loss of any crypto-asset or the means of access to such crypto-assets, where such loss is attributable to the Company, its systems or its operations. Where liability applies, the Company’s financial liability is limited to the actual remedy for the cause of the damage and to the market value of the crypto-asset concerned at the time the loss occurred, as prescribed by MiCAR.
‍

This liability framework does not extend to incidents not attributable to the Company, including, but not limited to, events occurring independently of the provision of the custody service or independently of the Company’s operations. Examples include failures or vulnerabilities inherent in the underlying distributed ledger technology, protocol-level malfunctions, or other events beyond the Company’s control. In such cases, the Company shall not be held liable for any loss suffered by clients as a result of the loss of their crypto-assets or the means of access to such crypto-assets.