🛡️ Compliance

Compliance & Trust

How SusuFlex protects our community through robust compliance, fraud prevention, and regulatory best practices.

100%

KYC Verified*

Stripe

Identity + Connect

24/7

Fraud Monitoring

SOC 2

Infrastructure

*For users participating in circles above verification thresholds

1. Identity Verification (KYC)

We use Stripe Identity for industry-leading Know Your Customer (KYC) verification:

Document Verification

Government ID checked against databases for authenticity, tampering, and validity.

Selfie Matching

Biometric comparison ensures the person presenting ID is the actual document holder.

Liveness Detection

Anti-spoofing technology prevents photos of photos, masks, or deepfakes.

Watchlist Screening

Checked against OFAC, PEP, and global sanctions lists.

2. Anti-Money Laundering (AML)

SusuFlex implements a comprehensive AML program:

Transaction Monitoring: Automated systems flag unusual patterns—large transactions, rapid velocity, geographic anomalies.
Suspicious Activity Reporting: We file SARs with FinCEN when required by law.
Risk-Based Limits: Transaction limits based on verification level and trust score.
Source of Funds: Users must use legitimate payment methods linked to their verified identity.
Ongoing Monitoring: Continuous assessment of user behavior patterns.

Stripe as AML Partner

Stripe maintains its own robust AML program as a licensed money services business. By using Stripe Connect, users benefit from Stripe's compliance infrastructure in addition to SusuFlex's controls.

3. Fraud Prevention System

Our multi-layered fraud prevention includes:

REAL-TIME Device Fingerprinting

Track device characteristics to identify suspicious account creation patterns and multi-accounting attempts.

REAL-TIME Velocity Checks

Monitor transaction frequency and amounts to detect rapid cash-out attempts or structuring.

ML-POWERED Behavior Analysis

Machine learning models analyze user behavior patterns to identify anomalies before fraud occurs.

NETWORK Sybil Attack Prevention

Graph analysis detects coordinated fake account networks attempting to defraud circles.

STRIPE Radar for Fraud Teams

Stripe Radar leverages billions of data points across the Stripe network to block fraudulent payments.

4. Chargeback Prevention

We actively work to minimize chargebacks through:

Clear Disclosures: Users understand they're joining peer-to-peer savings groups before any payment.
Binding Agreements: Circle membership creates a documented commitment with explicit consent.
Recognizable Descriptors: Payment descriptors clearly show "SUSUFLEX" so users recognize charges.
Support-First Policy: Dedicated team resolves issues before they become chargebacks.
Internal Dispute Resolution: Full mediation system for member disputes.
Refund Process: Legitimate refund requests processed promptly through proper channels.

Our Commitment to Stripe

We maintain strict chargeback rate monitoring with internal thresholds well below card network limits. Users who abuse chargebacks are permanently banned from the platform.

5. Trust Score System

Our proprietary trust scoring creates accountability:

Factor	Weight	Description
Payment History	40%	On-time contributions, no defaults
Circle Completion	25%	Completing circles after payout
Verification Level	20%	KYC, bank verification status
Peer Ratings	10%	Reviews from other members
Account Age	5%	Time on platform with good standing

6. Regulatory Posture

Our Legal Structure

Business Entity: susuflex LLC, registered in Minnesota
Business Model: Software platform facilitating peer-to-peer coordination
Payment Processing: All payments via Stripe Connect Express (Stripe holds funds)
Money Transmission: Not required—we never hold, transmit, or custody user funds
Stripe's Licenses: Stripe maintains money transmitter licenses in all 50 states

Regulatory Registrations (Planned):

FinCEN MSB Registration: Completing registration as Money Services Business (informational, not licensing)
FINTRAC (Canada): Registering for Canadian operations

7. Data Security

See our full Security page for details. Key highlights:

AES-256 encryption at rest, TLS 1.3 in transit
SOC 2 Type II certified infrastructure (Google Cloud/Firebase)
PCI-DSS compliant payment handling (via Stripe)
Vanta partnership for continuous compliance monitoring and automated security assessments
GDPR and CCPA compliant data practices
Biometric authentication (Face ID / Touch ID)
Regular third-party security assessments

8. Incident Response

We maintain documented procedures for:

Fraud incident investigation and remediation
User account compromise response
Data breach notification (per state/federal law)
Regulatory inquiry response
Law enforcement cooperation

Contact Compliance Team

For compliance inquiries, regulatory questions, or to report suspicious activity:

Email: compliance@susuflex.com
Legal: legal@susuflex.com
Report Fraud: fraud@susuflex.com

Last updated: January 2, 2026. This page describes our compliance framework and is not legal advice.