Key Risks and Disclosure

This disclosure describes material operational, infrastructure, and compliance risks associated with use of the Ashta platform (the "Services") by fund managers, fund administrators, and similar institutional customers (each, a "Customer"). It is not a description of the investment risks of any fund, security, or transaction. Those risks are the sole responsibility of the Customer and its advisers. Use of the Services involves risks, including those described below. This disclosure is not exhaustive.

1. Service Availability and Infrastructure

The Services depend on cloud infrastructure, networks, and third-party providers. Outages, latency, degradation, or data-center failures may occur and may interrupt onboarding, signing, capital-flow, or reporting workflows, including at time-sensitive moments. Where service-level commitments apply under a written agreement, the associated remedies are the Customer's exclusive remedy and may not compensate for operational impact.

2. Dedicated Infrastructure and Data Segregation

Each Customer is provisioned with dedicated, single-tenant infrastructure — including a separate database and separate server resources — running a unified Ashta codebase. This architecture is designed to keep Client Data physically and logically separated between customers. While dedicated infrastructure materially reduces cross-tenant exposure, no architecture eliminates all residual risk arising from misconfiguration, software defects, or shared management and deployment tooling.

3. Third-Party Integration and API Dependency

The Services interoperate with third-party systems selected or enabled by Customers, including KYC/AML and identity-verification providers, e-signature services, and legacy fund systems. Ashta does not control these systems. Changes to their APIs, outages, deprecations, data-format changes, or errors may disrupt integrated workflows or cause data to be incomplete, delayed, or rejected.

4. KYC/AML and Identity-Verification Reliance

Verification outcomes surfaced through the Services originate from third-party providers and source data. Ashta does not independently guarantee the accuracy, completeness, or legal sufficiency of any verification result. Responsibility for compliance determinations, sanctions-screening adequacy, and the acceptance or rejection of any investor or counterparty rests with the Customer.

5. Capital Flow and Capital-Call Execution

The Services automate the preparation, routing, and tracking of capital-flow and capital-call instructions. Ashta is not a bank, money transmitter, custodian, or payment processor and does not move, hold, or execute the movement of funds. The Customer is solely responsible for reviewing, authorizing, and executing all financial instructions, and for the accuracy of beneficiary, amount, and timing data. Automation errors, misconfiguration, or reliance on unreviewed outputs may result in financial loss for which the Customer is responsible.

6. Cybersecurity and Unauthorized Access

No system is fully secure. The Services may be targeted by credential theft, phishing, social engineering, malware, or other attacks. A breach could expose sensitive limited partner, investor, or fund data. The Customer is responsible for managing user provisioning, access reviews, credential hygiene, and enabling available security controls such as multi-factor authentication and single sign-on.

7. Data-Processing Boundary and Instruction Risk

Ashta processes Client Data only on documented Customer instructions and configuration. Outcomes therefore depend on the correctness of the Customer's configuration and instructions. Erroneous instructions, permission grants, or workflow settings may produce unintended processing, disclosure, or routing of data.

8. Artificial Intelligence and Automation Accuracy

Certain features generate probabilistic outputs and may be inaccurate, incomplete, or misleading. All outputs are provided as decision-support only. The Customer and its users are solely responsible for reviewing and validating outputs before relying on them in any financial, legal, compliance, or operational context.

9. Regulatory and Compliance Allocation

Ashta is a technology provider and is not a broker-dealer, investment adviser, fund administrator of record, custodian, transfer agent, or other regulated financial entity. The Services do not constitute legal, tax, accounting, or investment advice. The Customer remains responsible for its own regulatory obligations, filings, and licensing.

10. Data Migration, Portability, and Vendor Dependency

Onboarding and exit involve data migration that may surface format, mapping, or completeness issues. Adopting the Services creates operational dependency, and transitioning away may require time, effort, and cost. Export rights are governed by the applicable written agreement.

11. Service Changes, Deprecation, and Termination

Because the Services evolve on a shared codebase, features may change, be deprecated, or be discontinued. Ashta may also suspend or terminate access under the governing agreement. Such changes may require the Customer to adapt its processes.

12. Subprocessor and Vendor Concentration

The Services rely on a limited set of infrastructure and service subprocessors. Failure, breach, insolvency, or policy change at a key subprocessor could affect the availability, security, or continuity of the Services.

13. Business Continuity and Disaster Recovery

While Ashta maintains backup and recovery practices, catastrophic events may result in data loss between recovery points or extended restoration times. The Customer should maintain its own records and continuity arrangements for critical data.

Contact

For questions about these disclosures, please contact us at [email protected]