Law Enforcement Guidelines

These Law Enforcement Guidelines ("Guidelines") describe the policies and procedures of XEX ("we," "us," "our," or the "Company") for responding to requests from law enforcement agencies, regulatory authorities, and governmental bodies ("Requesting Parties") for information relating to XEX users and their accounts. XEX is committed to cooperating with legitimate law enforcement investigations while protecting the privacy and rights of its users to the fullest extent permitted by applicable law. These Guidelines do not create any rights enforceable by third parties and may be updated by XEX at any time without prior notice.

1. Scope and Jurisdiction

These Guidelines apply to all law enforcement agencies, government authorities, regulatory bodies, and other official entities seeking information about XEX users, their accounts, transactions, or activities on the XEX platform. This includes, without limitation, federal, state, and local law enforcement agencies, international law enforcement organizations (such as Interpol and Europol), financial regulators, tax authorities, and intelligence agencies operating under valid legal authority.

XEX operates globally and may be subject to the laws of multiple jurisdictions. Requests for information must comply with the laws of the jurisdiction in which the Requesting Party operates and, where applicable, the laws of the jurisdictions in which XEX is incorporated or maintains operations. XEX reserves the sole right to determine whether a request is legally valid and enforceable and whether disclosure is required, permitted, or prohibited under applicable law.

Requests originating from jurisdictions outside the United States may be required to comply with applicable mutual legal assistance treaties (MLATs), letters rogatory, or other international cooperation mechanisms. XEX is not obligated to respond to international requests that do not comply with these requirements, though it may elect to do so voluntarily in appropriate circumstances.

2. Acceptable Legal Process

XEX requires valid and enforceable legal process before disclosing user information in response to law enforcement requests. The type of legal process required depends on the nature and scope of the information sought:

2.1 Subpoenas

A valid subpoena issued in connection with an official criminal or civil investigation may compel the disclosure of basic subscriber information, including the name associated with the account, email address, date of account creation, recent login IP addresses and associated timestamps, and payment method details (excluding full financial account numbers). Grand jury subpoenas, administrative subpoenas, and civil subpoenas accompanied by a court order may also be accepted. XEX reserves the right to object to or move to quash any subpoena that it deems overly broad, unduly burdensome, or legally deficient.

2.2 Court Orders

A court order issued under applicable law (including, in the United States, orders issued pursuant to 18 U.S.C. § 2703(d) or equivalent state law provisions) may compel the disclosure of more detailed information, including transaction records, trading history, deposit and withdrawal records, account activity logs, IP address logs, and other non-content records associated with a user's account. Court orders must be issued by a court of competent jurisdiction and must articulate specific and articulable facts showing reasonable grounds to believe the information sought is relevant and material to an ongoing investigation.

2.3 Search Warrants

A search warrant issued by a court of competent jurisdiction, supported by probable cause, and describing with particularity the information to be seized, is required for the disclosure of the contents of communications, including but not limited to private messages, support ticket contents, internal notes, uploaded documents (such as identity verification documents), and any other stored content. XEX may require that search warrants comply with the requirements of the Fourth Amendment to the United States Constitution and the Electronic Communications Privacy Act, as amended, or equivalent protections under applicable foreign law.

2.4 Mutual Legal Assistance Treaties (MLATs)

International law enforcement agencies seeking disclosure of XEX user information must submit requests through the appropriate MLAT channels or other established international cooperation mechanisms recognized by the Republic of Costa Rica. Direct requests from foreign law enforcement agencies that do not comply with MLAT requirements will generally not be honored, except in cases involving imminent threats to life or safety as described in Section 4 below. XEX may, at its sole discretion, accept requests processed through recognized international cooperation frameworks such as the Budapest Convention on Cybercrime or bilateral cooperation agreements.

2.5 Emergency Disclosure Requests

In the absence of formal legal process, XEX may voluntarily disclose user information in response to an emergency disclosure request if XEX believes in good faith that an emergency involving imminent danger of death or serious physical injury requires immediate disclosure. Emergency requests are evaluated on a case-by-case basis and are subject to the criteria set forth in Section 4 below. Submission of a false or misleading emergency request may result in referral to the appropriate authorities for prosecution.

3. How to Submit Requests

All law enforcement requests for user information must be submitted in writing to XEX at the following address:

Email: legal@xex.to

Requests submitted through any other channel (including general customer support, social media, or direct contact with XEX employees) will not be processed. Each request must include the following information:

• Agency Identification: The full name of the requesting law enforcement agency or governmental body, including the division, bureau, or unit responsible for the request.
• Officer Identification: The full name, badge or identification number, title, and direct contact information (phone number and official email address) of the requesting officer or agent.
• Case Number: The official case number, investigation reference number, or docket number associated with the investigation or proceeding.
• Legal Authority: A clear citation to the legal authority under which the request is made, accompanied by a copy of the relevant legal process (subpoena, court order, search warrant, or other instrument).
• Specific Data Requested: A detailed and specific description of the information sought, including the types of records, applicable date ranges, and the purpose for which the data is needed. Overly broad requests that do not describe the information with reasonable particularity may be rejected or narrowed.
• User Identifiers: All known identifiers for the user(s) whose information is sought, including but not limited to XEX account email addresses, account identifiers, usernames, cryptocurrency wallet addresses, IP addresses, phone numbers, or other identifying information.
• Return Address: The official mailing address and email address to which XEX should direct its response.

Requests must be submitted in English. Requests submitted in other languages must be accompanied by a certified English translation. XEX reserves the right to request additional information, clarification, or authentication before responding to any request. Incomplete, vague, or improperly served requests may be rejected or returned for correction.

4. Emergency Disclosure

XEX recognizes that certain exigent circumstances may require the disclosure of user information without the delay inherent in obtaining formal legal process. Accordingly, XEX may, in its sole discretion, voluntarily disclose user information without a subpoena, court order, or search warrant in the following circumstances:

• Imminent Danger to Life: Where XEX has a good-faith belief that an emergency involving imminent danger of death or serious physical injury to any person requires disclosure without delay.
• Threat of Serious Bodily Harm: Where there is a credible and specific threat of serious bodily harm that can be mitigated or prevented through timely disclosure of user information.
• Child Exploitation: Where the request involves the exploitation, abuse, or endangerment of a minor, including the production, distribution, or possession of child sexual abuse material.
• Terrorism: Where the request relates to an imminent or ongoing act of terrorism, domestic or international, and immediate disclosure is necessary to prevent harm.

Emergency disclosure requests must be submitted by a sworn law enforcement officer or authorized government agent and must include a detailed description of the emergency, the specific information requested, and an explanation of why formal legal process cannot be obtained in time. XEX evaluates all emergency requests in good faith but is not obligated to disclose information in any particular case. The determination of whether an emergency exists is made solely by XEX, and such determination is final and non-reviewable.

5. User Notification

It is XEX's general policy to notify affected users when their information is disclosed in response to law enforcement requests, except where such notification is prohibited or would be inappropriate. Specifically, XEX will not notify users of a law enforcement request in the following circumstances:

• Where notification is prohibited by a court order, gag order, or other legally binding non-disclosure requirement.
• Where notification is prohibited by statute or regulation, including but not limited to grand jury secrecy requirements.
• Where notification would compromise the integrity of an ongoing investigation, as determined by XEX in consultation with the Requesting Party.
• Where the request involves an emergency as described in Section 4, and notification could endanger the safety of any person.
• Where the request involves suspected fraud, money laundering, terrorist financing, or other financial crimes in which the user is a suspect, and notification could result in the destruction of evidence, flight from jurisdiction, or other obstruction of justice.
• Where XEX determines, in its sole discretion, that notification would be impractical or inadvisable under the circumstances.

Where notification is deferred due to a non-disclosure order, XEX will notify the affected user upon expiration or lifting of the order, unless the order is renewed or extended. XEX is not liable for any failure to notify or delay in notifying any user of a law enforcement request, regardless of the reason for such failure or delay.

6. Data Preservation Requests

Law enforcement agencies may submit a preservation request to XEX, directing XEX to preserve account records and information for a specified user pending the issuance of formal legal process. Preservation requests are governed by the following terms:

• Initial Preservation Period: Upon receipt of a valid preservation request, XEX will preserve the specified records for a period of ninety (90) days from the date of the request. Preservation does not constitute disclosure; preserved records will only be disclosed upon receipt of valid legal process.
• Extension: The Requesting Party may request a single extension of the preservation period for an additional ninety (90) days by submitting a written extension request before the expiration of the initial preservation period. Further extensions may be granted at XEX's sole discretion and may require a court order.
• Formal Legal Process Required: Preservation requests must be followed by formal legal process (subpoena, court order, or search warrant) within the preservation period. If formal legal process is not received within the applicable preservation period (including any extensions), XEX will release the preservation and the records will be subject to XEX's standard data retention and deletion policies.
• Format: Preservation requests must be submitted in writing on official agency letterhead, must identify the specific user account(s) and records to be preserved, and must cite the legal authority for the request.

XEX will make reasonable efforts to preserve requested records but cannot guarantee that all requested data will be available, particularly where the data has already been deleted or was never collected in accordance with XEX's data retention policies. XEX shall not be liable for any failure to preserve data that has been deleted or was not retained in the ordinary course of business.

7. Response Timelines

XEX endeavors to respond to valid law enforcement requests in a timely manner, subject to the complexity and scope of the request, the volume of requests pending at the time of receipt, and the completeness of the submission. The following timelines are general guidelines and are not guaranteed:

• Standard Requests: XEX will use reasonable efforts to respond to standard law enforcement requests (subpoenas, court orders, search warrants, and preservation requests) within thirty (30) calendar days of receipt of a complete and valid request. Complex requests involving large volumes of data or multiple user accounts may require additional time.
• Urgent Requests: For requests that the Requesting Party designates as urgent (but not rising to the level of an emergency as defined in Section 4), XEX will use reasonable efforts to respond within twenty-four (24) to seventy-two (72) hours. The Requesting Party must clearly state the basis for urgency and provide an explanation of the time-sensitive nature of the investigation.
• Emergency Requests: XEX will use best efforts to respond to valid emergency disclosure requests as quickly as reasonably possible, which may be within hours of receipt depending on the nature and scope of the emergency. Emergency response times are not guaranteed, and XEX is not liable for any delays in responding to emergency requests.

XEX reserves the right to prioritize requests based on the severity and urgency of the underlying investigation, the nature of the threat, and XEX's available resources. Delays caused by incomplete, ambiguous, or deficient requests are not attributable to XEX.

8. Cost Reimbursement

XEX may seek reimbursement for the costs reasonably incurred in responding to law enforcement requests, to the extent permitted by applicable law. Such costs may include, without limitation:

• Personnel costs for the time spent reviewing, processing, and responding to the request, including legal review, data extraction, and quality assurance.
• Technology and infrastructure costs for data storage, retrieval, processing, and secure transmission of responsive records.
• Administrative costs for correspondence, record keeping, and compliance tracking.
• Legal fees incurred in connection with reviewing the legal sufficiency of the request or seeking judicial guidance.

A detailed fee schedule is available upon request. XEX may require advance payment of estimated costs before commencing production of records. Cost reimbursement may be waived at XEX's sole discretion for emergency requests, requests involving imminent threats to safety, or requests from agencies that have entered into a cost reimbursement agreement with XEX. XEX reserves the right to modify its fee schedule at any time without prior notice.

These Guidelines are provided for informational purposes and do not create any legal obligations, rights, or privileges on the part of any Requesting Party or any user. XEX reserves the right to deviate from these Guidelines at any time and for any reason, and nothing herein shall be construed as a waiver of any rights, defenses, or objections available to XEX under applicable law.