Legal pack at a glance
CryptoProcessing is a crypto payment gateway for businesses. Merchants can accept payments in cryptocurrencies, exchange digital assets into fiat currencies, and withdraw funds to bank accounts via SEPA or SWIFT.
This pack ties each regulatory point to the applicable legal entity and jurisdiction.
| Brand | CryptoProcessing by Coinspaid |
| Entities in scope and countries of registration | Dream Finance OÜ (Estonia)
Dream Finance US LLC (United States)
Dream Finance Processing Inc. (Canada)
Dream Finance UAB (Lithuania) |
| Core topics | Registrations, AML, KYC, KYB, sanctions, privacy, retention, complaint handling, security controls |
Legal entities and jurisdictions
Jurisdiction: Estonia
Legal entity: Dream Finance OÜ
Status note: VASP licence FVT000166
Core identifiers: Company number 14783543. VAT EE102212301. Kai tn 4, Tallinn, Estonia.
Dream Finance US LLC
United States
Active
Jurisdiction: United States
Legal entity: Dream Finance US LLC
Status note: Delaware limited liability company and FinCEN-registered money services business
Core identifiers: MSB Registration Number: 31000313808665. 8 The Green, STE B, Dover, Delaware 19901, USA
Dream Finance Processing Inc.
Canada
Active
Status note: Alberta corporation and FINTRAC-registered money services business.
Core identifiers: Business Number 752929620. MSB N300000209. 5240-1A St SE, Unit 201, Calgary, Alberta, T2H 1J1, Canada.
Dream Finance UAB
Lithuania
Suspended
Status note: Crypto-asset related services are temporarily suspended. The entity page remains live for legal information, regulatory disclosures, and contact details.
Core identifiers: Company number 306036821. VAT LT100016406514. Kęstučio g. 47-27, Vilnius, Lithuania.
Entity note for Lithuania
Crypto-asset related services are temporarily suspended. The Lithuania pages remain available for legal information, regulatory disclosures, complaint handling, and contact details.
AML, KYC, KYB, and sanctions
The AML framework uses a risk-based program that covers onboarding checks, customer identification, beneficial owner verification, PEP review, enhanced due diligence for higher-risk customers, transaction monitoring, suspicious activity reporting, staff training, and cooperation with authorities.
- Customer identity data is verified with reliable and independent sources.
- Beneficial owners are identified and their ownership and control structure is reviewed.
- Higher-risk cases can trigger extra due diligence.
- Customer activity and transactions are reviewed on an ongoing basis.
- Suspicious activity is escalated to the FIU in Estonia, FinCEN in the United States, and FINTRAC in Canada.
Provider ecosystem
The privacy notices identify support providers such as identity verification vendors, anti-fraud providers, sanctions-list data providers, compliance and verification providers that include Travel Rule tools, financial service providers for fiat flows, and cloud providers. Detailed vendor schedules are available in the full diligence package.
Sanctions scope
Sanctions screening is included in the AML framework. The Estonia AML policy lists screening against UN, EU, OFSI, OFAC, and Estonia sanctions lists. The US AML policy covers OFAC screening, PEP review, and higher-risk jurisdiction review.
Data protection, retention, and complaint handling
Dream Finance OÜ, Dream Finance US LLC, and Dream Finance Processing Inc. each maintain privacy notices with contact routes, data subject rights, transfer safeguards, retention terms, and baseline security measures. Estonia and the United States list a Data Protection Officer. Canada lists a Privacy Officer and a dedicated Alberta PIPA section.
Key points
- General personal data retention is set at a maximum of five years after the legal relationship ends, except where the law requires a longer retention period.
- Estonia AML records are up to eight years in most cases from the end of the business relationship or completion of the transaction.
- Published complaint procedures cover security breaches, operational failures, and transaction-related issues.
- Complaint procedures specify intake channels, response timelines, and escalation paths.
Complaint timeline snapshot
| Jurisdiction | Acknowledgement | Standard final reply | Extended deadline |
| Estonia | Next business day | 15 calendar days | 60 calendar days |
| United States | Next business day | 30 calendar days | 60 calendar days |
| Canada | Next business day | 30 calendar days | 60 calendar days |
| Lithuania | Next business day | 15 calendar days | 35 calendar days |
Detailed incident and security review materials are handled through the full diligence process.
Security and technical control points
The platform control set includes the following points.
Sandbox & Production
Separate sandbox and production environments are available.
Signed API Requests
API requests are signed with HMAC-SHA512.
HTTPS callbacks
& 2FA
Callbacks require HTTPS and verified domain configuration. Dashboard changes require 2FA.
IP whitelisting
API keys can use an IP whitelist.
Transaction tracking
Transaction tracking includes inflow assessment and risk score fields for supported chains.
Encryption in transit & at rest
Published privacy notices list encryption in transit, encryption at rest, access controls, anti-malware, vulnerability management, application security tests, data masking, and SSL/TLS.
ISO/IEC 27001:2022 certificate
Dream Finance OÜ holds an ISO/IEC 27001:2022 Management System certificate for providing a virtual currency service, certified by Bureau Veritas. Dream Finance OÜ is certified under CCSS v9 Level III, the highest tier defined by CCSS.
Dream Finance UAB holds an ISO/IEC 27001:2022 certificate for the provision of cryptocurrency services, including wallet solutions, development, and supporting information systems and business processes.
How to request the full
due diligence pack
Your CryptoProcessing representative can coordinate the full diligence set. Send the request from a corporate email. Name the entity or entities in scope, list the jurisdictions you review, state your NDA status, give the target date, and list the documents your team needs.
Typical request set
Corporate extracts, ownership chart, current policy set, certificate copies, security materials, privacy materials, and vendor disclosures, where permitted.
Commercial route
Use your account representative or the contact route on the Contacts page.
Legal route
Use the legal and compliance contact route shown on the Legal Hub and the linked policies.
FAQ
Is CryptoProcessing regulated?
Regulatory status is at the entity level. Dream Finance OÜ holds Estonian VASP licence FVT000166. Dream Finance Processing Inc. holds FINTRAC MSB registration N300000209. Dream Finance US LLC holds FinCEN MSB registration 31000313808665 money services business. Dream Finance UAB remains listed for legal and regulatory matters, and its crypto-asset related services are temporarily suspended.
Do you run KYC and KYB checks?
Yes. The AML framework covers customer identification, beneficial owner review, PEP and sanctions checks, higher-risk review, and ongoing monitoring.
How is personal data handled?
Our privacy notices set out contact routes, data subject rights, transfer safeguards, retention terms, and baseline security measures. General personal data retention is up to five years after the legal relationship ends, except where the law sets a longer period. Estonia AML records are kept for up to eight years in most cases.
How are complaints and incidents handled?
Our complaint procedures cover security breaches, operational failures, account issues, timelines, and authority escalation paths.
Can Legal request the full diligence pack?
Yes. Send the request through your CryptoProcessing representative or the linked contact routes and list the entities, jurisdictions, NDA status, deadline, and document scope.
This document is an informational overview prepared by CryptoProcessing for clients, counterparties, and their legal, finance, and compliance teams. It does not present legal, tax, or regulatory advice. It does not amend any contract, policy, or statutory duty. Reliance should be placed on the current primary records, executed agreements, and the document set shared through formal due diligence.
