Blacklist, KYC, and appeals

Tollgate operates a two-layer blacklist:

• Global (OFAC / SDN). Addresses on OFAC's specially-designated-nationals list are rejected protocol-wide. The list is ingested daily from Treasury's canonical source and retained per OFAC rules. See packages/core/src/blacklist/ for the ingestion code.
• Developer scope. An individual developer may blacklist an agent that defaulted on settlement. The scope is the one developer only — not protocol-wide — so it does not cartelize. See docs/TASK-07.md.

KYC

Developers. To receive settlements to a custom payout address, developers complete a Know Your Business (KYB) flow during onboarding. Default-tier payouts go to a Circle-custodied wallet that requires no KYC until withdrawal.

Agents. Agents do not KYC protocol-side. The EIP-712 IOU is signed by an EOA; on-chain balances and allowances are public. Developers may add their own gating (pre-funding requirement, custom agent onboarding) on top of the protocol.

Appeals

If an agent believes it was wrongly blacklisted:

1. Check which layer. Global blacklist is listed in X-Tollgate-Blacklist-Source: global on the 403 response; developer-scope is developer-scope.
2. Developer-scope appeals go to the developer directly (the 403 body links to the developer's support URL where configured).
3. Global appeals go to compliance@tollgatepay.com. We cannot remove an address from OFAC; if the underlying listing is in error, the appeal path is Treasury's.

Related

• BLACKLISTED error
• Availability (geo-blocks)