Compliance

Suby operates as a non-custodial payment orchestration layer, relying on licensed third-party partners to ensure regulatory compliance across fiat and crypto payment flows.

Compliance & Regulatory Framework

Suby’s role

Suby is a technology company providing a payment orchestration and automation layer for recurring and one-off payments.

Suby does not act as a bank, money transmitter, or custodian, and does not hold or custody customer funds, fiat balances, private keys, or card data at any point.

Suby provides technical infrastructure used to configure, trigger, and monitor payment instructions and workflows. All payments are executed and settled by licensed third-party providers or blockchain networks, directly between end users and merchants.

Funds do not transit through accounts owned or operated by Suby.

Suby’s role is limited to operating within merchant-defined configurations and parameters, subject to controls enforced by regulated partners. Suby does not have discretionary authority over funds and does not independently determine beneficiaries or settlement destinations outside of these predefined constraints.

All regulated activities within the payment stack are handled by licensed and compliant third-party partners, including but not limited to:

Card Payment Service Providers (PSPs)
On-ramp and off-ramp providers
Banking and settlement partners
Stablecoin issuers and blockchain infrastructure providers

These partners are responsible for regulatory obligations related to:

Funds custody and settlement
AML / CTF compliance
Sanctions and screening requirements
Regulatory reporting and licensing

Suby integrates with these partners through APIs and webhooks and does not perform regulated financial activities itself.

Payment flow clarification

For both card and crypto payments:

Payments are executed and settled by licensed payment service providers or blockchain networks
Funds are settled directly to merchant-designated wallets or accounts, as configured by the merchant
Suby acts as a technical orchestration layer, responsible for triggering, routing, and monitoring payment instructions and events
Payment flows, available features, and automated actions are determined by the merchant’s selected pricing plan and configuration, and are enforced through predefined rules and partner-level controls
Suby does not exercise discretionary authority over funds and does not independently alter beneficiaries or settlement destinations outside of these predefined parameters

Card payments & PCI compliance

Card payments are processed exclusively via PCI DSS–compliant payment providers.

Suby servers never receive, store, or process raw cardholder data
Card information is transmitted directly from the end user to the PSP
Suby relies on tokenization and provider-hosted payment flows
Disputes, chargebacks, and refunds follow card-network–compliant procedures, including:
- Evidence management
- SLA handling
- Refund orchestration through the PSP

Business onboarding & information requirements

To enable card payments, Suby requires business-level information from merchants, as mandated by its PSP partners.

This may include:

Legal entity information
Beneficial ownership details
Business activity descriptions
Jurisdictional and compliance checks

These requirements are enforced by regulated partners. Suby does not independently perform merchant underwriting.

End-user identity & KYC

End-user KYC is not applied for card payments, in line with standard card-network rules and PSP risk frameworks.
Crypto payments may be available without end-user identity checks, subject to:
- Partner requirements
- Blockchain network rules
- Transaction thresholds
- Jurisdictional regulations

Where identity verification is required, it is performed by Suby’s regulated partners.

Data protection & security

Suby follows industry best practices for infrastructure security, access control, and operational resilience.

Sensitive payment data is never stored on Suby systems
User and merchant data is processed strictly for service delivery and platform operations
Suby does not sell, rent, or monetize personal data

Jurisdictional limitations

Suby does not actively market or provide services in jurisdictions where its partners are unable to offer compliant payment services.

Feature availability may vary based on:

Merchant location
End-user location
Payment method
Partner coverage and regulatory constraints

PreviousCrypto Payment (from Discord)NextCustody

Last updated 16 days ago

hashtagCompliance & Regulatory Framework

hashtagSuby’s role

hashtagPayment flow clarification

hashtagCard payments & PCI compliance

hashtagBusiness onboarding & information requirements

hashtagEnd-user identity & KYC

hashtagData protection & security

hashtagJurisdictional limitations