Conquest Labs LLC d/b/a CardOutpost
Effective Date: April 1, 2026 · Last updated: May 13, 2026
CardOutpost is a digital trading card pack-opening platform operated by Conquest Labs LLC ("CONQUEST LABS LLC"). Users deposit funds, purchase virtual packs containing randomized digital trading cards based on weighted odds, and may sell cards back to the platform at 90% of displayed fair market value for site credit (Earnings Balance). Earnings Balance may be withdrawn via PayPal or Wise subject to identity verification and fraud review. The platform is not a casino, sportsbook, or gambling platform; users purchase a digital entertainment experience with the option to monetize received cards through the platform’s buyback feature.
CONQUEST LABS LLC adopts BSA-aligned controls voluntarily because we move user funds, support cash withdrawals, and operate under the compliance requirements of our payment service providers. The application of the Bank Secrecy Act and money services business registration requirements to digital collectible platforms is fact-specific; Conquest Labs LLC reviews its classification with counsel periodically and as facts change.
AML Compliance Officer (AMLCO): Luke Burmeister, Head of Experience and Legal Matters, appointed by CONQUEST LABS LLC on May 13, 2026. The AMLCO reports to the company’s management and has authority to suspend accounts, freeze balances, and escalate matters to law enforcement. Contact: support@cardoutpost.com.
Tier 1 — Deposit only.At signup we collect: full legal name, date of birth, residential address (U.S. or, where eligible, non-U.S.), mobile number, and email. All users undergo basic identity verification including government-issued photo ID and liveness check through Stripe Identity. Users who fail basic verification may be restricted from depositing. Our payment processor’s fraud tooling runs fraud screening (3DS, AVS, device and behavioral signals). Players can deposit and open packs but cannot withdraw.
Tier 2 — Withdrawal eligible.Before a player’s first withdrawal, Stripe Identity completes full verification: government-issued photo ID, live selfie with passive liveness, proof of address (utility bill or bank statement, last 90 days), and payment method ownership confirmation. Verification results are stored in the player’s compliance record.
Players must be 18+ (21+ in U.S. states where required, or older if required by their local age of majority) and verified to be located in an eligible jurisdiction (U.S. or, where eligible, non-U.S.) via our geolocation provider.
Players are screened at onboarding and on an ongoing basis against the OFAC Specially Designated Nationals (SDN) List and consolidated sanctions lists, as well as politically exposed persons (PEP) and adverse media databases. Screening runs at two levels:
A confirmed sanctions match results in immediate account suspension, freezing of all balances (Pack and Earnings), prompt escalation to the AMLCO, and reporting to OFAC and relevant payment processors (Stripe, PayPal, Wise) where required. PEP matches trigger enhanced due diligence and AMLCO review before the account is permitted to transact above standard thresholds.
We monitor deposits, pack purchases, card sales, and withdrawals continuously using signals from our payment processor’s fraud and risk tooling, and our internal rules engine. Monitoring is risk-based: high-risk users, instruments, and behaviors get more scrutiny.
Quantitative review thresholds. The following activity automatically triggers enhanced review by the AMLCO:
Behavioral red flags that trigger review:
Escalations go to the AMLCO on the same business day. The AMLCO decides whether to apply enhanced due diligence, request source of funds, restrict the account, or close it. All escalation decisions are logged.
All user deposits are monitored against Stripe dispute data in real time. Any user with an active dispute, chargeback, or bank inquiry on any deposit is immediately restricted from withdrawal and flagged for review. Users who file chargebacks without first contacting CardOutpost support are subject to immediate account termination, permanent ban from the platform, and forfeiture of all balances and cards. We do not allow chargeback users to remain on the platform under any circumstances.
We retain KYC files, sanctions and PEP screening results, transaction records, escalation logs, and training records for a minimum of five years from the date of the relevant transaction or account closure, whichever is later.
Where a user submits a deletion or erasure request under applicable privacy law (e.g., CCPA), we honor the request only to the extent it does not conflict with our regulatory recordkeeping obligations. AML, KYC, and sanctions records are retained for the full five-year period regardless of any deletion request, and the user is informed of this carve-out in writing.
All employees with customer-facing, payments, fraud, or compliance responsibilities complete AML training within 30 days of joining and annually thereafter. Training covers our business, the regulatory framework, KYC procedures, sanctions and PEP screening, red flags, and this policy. Completion is logged.
This policy and the underlying controls are tested at least annually by personnel functionally independent of compliance operations, or by an external firm. Findings are reported in writing to the AMLCO and management; remediation is tracked to closure.
CardOutpost is not available to:
The platform may not be used to launder funds, evade sanctions or taxes, finance illegal activity, or in furtherance of any unlawful purpose. Players who attempt to use VPNs, proxies, or location-spoofing tools to circumvent geographic restrictions are subject to immediate suspension under Section 8 of the Terms of Service.
This policy is reviewed and approved annually, and after any material change to applicable law, our business model, or our processors’ requirements. The AMLCO is responsible for review and the company’s management approves the final version.