XB2BX | Global Business Expansion & Market Strategies

1

Introduction & Scope

Purpose, applicability, and guiding principles

XB2BX.COM ("Platform", "we", "us") operates the world's leading cross-border B2B marketplace, facilitating trade between buyers, suppliers, distributors, and manufacturers across 180+ countries. The integrity of every transaction, identity, and data point on our platform is foundational to global commerce.

This Anti-Fraud & Platform Integrity Policy ("Policy") establishes the comprehensive framework under which XB2BX.COM detects, prevents, investigates, and responds to fraudulent activities, data misuse, identity theft, and any conduct that undermines the trust and safety of our marketplace community.

        Who this Policy applies to: This Policy governs all registered users including individual traders, SMEs, enterprise buyers, verified suppliers, logistics partners, payment service providers, and any third party accessing XB2BX.COM's services, APIs, or integrations worldwide.
      

🌐

Global Reach

Applies to all 180+ operating countries and all cross-border transactions processed through our platform.

🏢

Business & Individual

Covers both corporate entities and individual users. Enhanced due diligence applies to high-value accounts.

🔗

All Touchpoints

Extends to web, mobile app, API access, third-party integrations, and all marketplace modules.

⚖️

Multi-Jurisdiction

Aligns with GDPR, CCPA, PDPA, UK DPA, and equivalent data protection regimes globally.

2

Definitions

Key terms used throughout this policy

Term	Definition
Fraudulent Activity	Any deliberate deception, misrepresentation, or manipulation intended to obtain financial benefit, unauthorized access, or competitive advantage on the Platform.
Platform User	Any person or entity with an active or inactive registered account on XB2BX.COM, including buyers, sellers, agents, and administrators.
Personal Data	Any information relating to an identified or identifiable natural person as defined under applicable data protection laws (GDPR Art. 4, CCPA §1798.140).
Transaction	Any commercial interaction facilitated through the Platform including inquiries, quotes, orders, payments, and logistics coordination.
Identity Verification (KYC)	The process of confirming the identity of a user or business entity through document validation, biometric checks, or third-party verification services.
Suspicious Activity	Any pattern of behaviour that deviates from normal usage baselines and may indicate fraud, money laundering, or policy violation.
Data Controller	XB2BX.COM, as the entity that determines the purposes and means of processing personal data collected through the Platform.
Third-Party Provider	Any external service integrated with the Platform including payment processors, logistics partners, identity verification services, and cloud infrastructure providers.

3

Prohibited Conduct

Actions strictly forbidden on the XB2BX.COM platform

The following activities are strictly prohibited and constitute grounds for immediate account suspension, permanent ban, financial recovery action, and referral to relevant law enforcement or regulatory authorities:

Violation Category	Description	Severity
Identity Fraud	Creating accounts using false, stolen, or fabricated identities; impersonating another business or individual.	Critical
Payment Fraud	Use of fraudulent payment instruments, chargeback abuse, unauthorized card transactions, or money laundering.	Critical
Counterfeit Goods	Listing, promoting, or shipping counterfeit, infringing, or misrepresented products through the Platform.	Critical
Phishing & Social Engineering	Attempting to obtain credentials, payment information, or sensitive data from other users through deceptive communications.	Critical
Account Manipulation	Operating multiple accounts to circumvent bans, manipulate ratings, inflate reviews, or gain undue competitive advantage.	High
Data Scraping & Harvesting	Automated collection of user data, contact details, or commercial information without express authorization.	High
Market Manipulation	Artificial inflation or deflation of prices, fake inventory listings, bid manipulation, or predatory pricing schemes.	High
Unauthorized Data Access	Accessing, exporting, or exploiting another user's account, order history, or personal data without consent.	High
Misrepresentation	Falsely describing products, certifications, business credentials, geographic origin, or compliance status.	Medium
Spam & Unsolicited Contact	Mass unsolicited messaging, promotional abuse, or off-platform solicitation harvested from the Platform.	Medium

⚠ Zero Tolerance Notice: XB2BX.COM operates a zero-tolerance policy for Identity Fraud, Payment Fraud, and Counterfeit Goods. These violations will result in immediate permanent account suspension, forfeiture of all held funds, and mandatory referral to law enforcement regardless of transaction value or account history.

4

Identity Verification (KYC/KYB)

Know Your Customer and Know Your Business requirements

XB2BX.COM employs a tiered verification framework to ensure all market participants are who they claim to be. Verification level determines platform access, transaction limits, and trust badge status displayed to other users.

🔵

Tier 1 — Basic

Email + phone verification. Browse access and inquiry sending. Transaction cap applies.

🟡

Tier 2 — Standard

Government-issued ID, selfie verification. Full buying access. Supplier listing enabled.

🟢

Tier 3 — Business

Business registration, VAT/Tax ID, director verification. Verified Supplier badge. Higher limits.

🏆

Tier 4 — Premium

Enhanced due diligence, AML screening, trade reference checks. Gold-tier trust certification.

XB2BX.COM reserves the right to request additional verification documents at any time based on risk scoring, transaction size, or country of operation.
Verification data is processed by certified third-party KYC providers compliant with ISO 27001 and SOC 2 Type II standards.
Re-verification may be triggered by changes in account ownership, jurisdiction, or significant increases in transaction volume.
Failure to complete requested verification within 14 calendar days will result in temporary account restriction pending compliance.
All verification documents are encrypted at rest and in transit and are not shared with other platform users.

5

Transaction Monitoring & Risk Detection

How XB2BX.COM monitors and protects every transaction

XB2BX.COM deploys continuous, AI-assisted transaction monitoring systems operating 24/7/365. Our fraud detection infrastructure analyses hundreds of behavioural, technical, and transactional signals in real time to identify and intercept suspicious activity before harm occurs.

        Our monitoring systems analyse: IP geolocation and device fingerprinting · Transaction velocity and value anomalies · Shipping address inconsistencies · Payment instrument history · Cross-account behavioural patterns · Communication content flags · Third-party watchlist screening (OFAC, UN Sanctions, PEP lists).
      

Real-Time Blocking: High-confidence fraud signals trigger automatic transaction holds pending manual review by our Trust & Safety team within 4 business hours.
Velocity Limits: Automated controls cap transaction volumes for unverified and newly registered accounts to contain exposure during onboarding.
Geo-Risk Scoring: Transactions originating from or destined to high-risk jurisdictions are subject to enhanced scrutiny and may require supplementary documentation.
Dispute Monitoring: Accounts with dispute rates exceeding platform thresholds are automatically escalated for review and potential restriction.
AML Screening: All transactions above applicable thresholds are screened against international anti-money laundering watchlists as required by applicable law.

6

Data Protection & Privacy

How we collect, process, store, and protect your data

XB2BX.COM processes personal and business data in accordance with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), the UK Data Protection Act 2018, Thailand's PDPA, and all applicable national data protection laws in our operating jurisdictions.

Data we collect includes:

Full legal name and contact details
Business registration documents
Government-issued identification
Payment and banking information
Transaction and order history
Communication records on-platform
Device identifiers and IP addresses
Usage behaviour and analytics
Shipping and logistics data
Product listings and trade data
Tax identification numbers
Biometric verification data (encrypted)

✓ Data Minimisation Commitment: XB2BX.COM collects only the data strictly necessary to operate the platform, maintain compliance, and protect users. We do not sell personal data to third parties for marketing or profiling purposes. Fraud-related data may be shared with law enforcement under valid legal process.

Data Retention: Transaction records and KYC documentation are retained for a minimum of 7 years to satisfy financial regulation requirements. Account data is deleted within 90 days of account closure, subject to legal hold obligations. Anonymised analytics data may be retained indefinitely.

Third-Party Data Processors: XB2BX.COM engages third-party processors (payment gateways, KYC providers, cloud infrastructure) under Data Processing Agreements (DPAs) that mandate GDPR-equivalent protections. A list of current sub-processors is available upon written request to privacy@xb2bx.com.

International Transfers: Cross-border data transfers are governed by Standard Contractual Clauses (SCCs) or equivalent adequacy mechanisms. Data localization requirements in applicable jurisdictions are respected where mandated.

7

User Rights & Data Subject Requests

Your rights regarding your personal data

All users of XB2BX.COM have the following rights with respect to their personal data, exercisable at any time by contacting privacy@xb2bx.com. We will respond to all verifiable requests within 30 calendar days (or as required by applicable law).

👁️

Right of Access

Request a copy of all personal data we hold about you, including processing purposes and sharing arrangements.

✏️

Right of Rectification

Request correction of any inaccurate or incomplete personal data held in your account profile.

🗑️

Right to Erasure

Request deletion of your personal data where no longer necessary, subject to legal retention obligations.

⏸️

Right to Restrict Processing

Request that we limit how we use your data while a dispute or objection is being resolved.

📦

Data Portability

Receive your data in a structured, machine-readable format for transfer to another service provider.

🚫

Right to Object

Object to processing based on legitimate interests, including profiling for credit or risk assessment.

🤖

Automated Decision-Making

Request human review of any automated fraud decision that materially affects your account standing.

📋

Right to Complain

Lodge a complaint with your national data protection authority if you believe your rights have been violated.

8

Reporting Fraud & Suspicious Activity

How to report concerns and our response commitment

XB2BX.COM encourages all users to report suspected fraud, policy violations, or suspicious activity. Reports are treated with strict confidentiality. Retaliation against good-faith reporters is expressly prohibited and constitutes an independent policy violation.

🚨

Report In-Platform

Use the "Report" flag on any listing, profile, message, or transaction. Available on all platform interfaces.

📧

Email Trust Team

Send detailed reports to fraud@xb2bx.com with supporting evidence. Encrypted submissions accepted.

🔒

Confidential Hotline

Whistleblower-protected channel at security@xb2bx.com for sensitive internal or supply-chain fraud reports.

Upon receipt of a report, XB2BX.COM commits to: acknowledge receipt within 24 hours; conduct an initial assessment within 72 hours; provide a substantive update to the reporter within 10 business days; and escalate to law enforcement where required by law or where criminal conduct is evident.

        Safe Harbour for Good-Faith Reporters: Users who report suspected fraud or policy violations in good faith are fully protected from account action, even if the report is ultimately not substantiated. XB2BX.COM will not disclose the identity of a reporter without explicit consent except as required by law.
      

9

Enforcement & Sanctions

Consequences for policy violations

XB2BX.COM applies a graduated enforcement framework proportionate to the severity, intent, and impact of any violation. The following sanctions may be applied individually or in combination, at XB2BX.COM's sole discretion:

Formal Warning: Issued for minor or first-time violations. Recorded on the account and may affect trust rating.
Transaction Hold: Pending transactions suspended and funds held in escrow pending investigation resolution.
Feature Restriction: Selective removal of platform privileges such as messaging, listing, or payment capabilities.
Temporary Suspension: Account access suspended for a defined period of 7 to 180 days depending on violation severity.
Permanent Ban: Irrevocable account termination with prohibition from re-registration using any identity.
Financial Recovery: XB2BX.COM reserves the right to recover losses, investigation costs, and platform damages through civil proceedings.
Law Enforcement Referral: Mandatory referral for fraud, identity theft, money laundering, and counterfeit goods violations.
Regulatory Notification: Notification to relevant financial regulators, trade authorities, or consumer protection agencies as required.

Appeals Process: Users subject to sanctions may submit a written appeal within 14 days to appeals@xb2bx.com. Appeals are reviewed by a Senior Trust & Safety officer independent of the original decision-maker. Appeal decisions are issued within 21 business days and are final unless new material evidence emerges.

10

Corporate & Organisational Liability

Obligations of business accounts and their administrators

Businesses and organisations operating accounts on XB2BX.COM bear corporate responsibility for the conduct of all employees, agents, and representatives acting through their account. Corporate account holders acknowledge that:

The organisation accepts full liability for actions taken by any user operating under their corporate account credentials.
Businesses must maintain internal access controls and promptly report any compromised credentials or suspected internal misuse.
Corporate accounts must designate a named Compliance Contact responsible for responding to XB2BX.COM compliance inquiries within 48 hours.
Enterprises processing XB2BX.COM user data through API integrations must maintain a valid DPA with XB2BX.COM and are independently responsible for GDPR compliance within their systems.
Liability limitation clauses in service agreements do not apply where fraud or wilful misconduct is established.

⚠ Director Personal Liability: In cases of corporate fraud where directors or senior officers are shown to have authorised, directed, or knowingly facilitated fraudulent conduct, XB2BX.COM reserves the right to pursue personal liability claims against such individuals in addition to corporate remedies.

11

Legal & Regulatory Compliance

Applicable laws and regulatory frameworks

XB2BX.COM operates in compliance with the following legal frameworks, as applicable based on user jurisdiction and transaction type:

EU GDPR (Regulation 2016/679)
UK Data Protection Act 2018
California Consumer Privacy Act (CCPA)
Thailand PDPA 2019
EU Anti-Money Laundering Directives
US Bank Secrecy Act / FinCEN Rules
FATF Recommendations (AML/CFT)
UN Security Council Sanctions
OFAC Specially Designated Nationals List
EU Sanctions Regulations
WTO Trade Facilitation Agreement
EU AI Act (applicable modules)
ISO/IEC 27001 Information Security
PCI DSS Payment Card Standards
SOC 2 Type II (Service Providers)
UNCITRAL E-Commerce Model Law

Where local law imposes stricter obligations than this Policy, XB2BX.COM will comply with local requirements. Users are responsible for ensuring their own use of the Platform complies with laws applicable in their jurisdiction.

12

Policy Governance & Updates

How this policy is maintained and communicated

This Policy is owned by the XB2BX.COM Chief Compliance Officer and is reviewed quarterly and following any material regulatory change, significant fraud incident, or change to platform architecture. The Policy Review Board includes representatives from Legal, Trust & Safety, Product, and Data Protection.

Material policy changes will be communicated to registered users via email and in-platform notification with a minimum 30-day notice period before taking effect.
Non-material clarifications and corrections may be made without advance notice. The version history is maintained and available upon request.
Continued use of the Platform following the effective date of any policy update constitutes acceptance of the revised terms.
This Policy is governed by the laws of [applicable jurisdiction] and any disputes arising from it are subject to binding arbitration under ICC Rules.

        Version History: This document is Version 3.2, effective 1 January 2025. Previous versions are archived and available to registered users upon written request to legal@xb2bx.com. All prior versions remain applicable to conduct that occurred during their respective effective periods.
      

13

Contact & Escalation

How to reach the right team

For all matters relating to this Policy, please direct your inquiry to the appropriate team using the contact information below. All written correspondence should reference your account ID and the nature of the inquiry for efficient routing.

Fraud Reports

fraud@xb2bx.com

24/7 monitoring · Response within 24hrs

Data Protection Officer

privacy@xb2bx.com

GDPR / CCPA / Data Requests

Legal & Compliance

legal@xb2bx.com

Policy, disputes, law enforcement

Security

security@xb2bx.com

Vulnerability disclosure · Whistleblower