Risk Disclosure

Last Updated: October 30, 2025

Company: The Evolve Kernel, Inc. d/b/a “EvolveNP” (“EvolveNP,” “we,” “us,” or “our”)
Contact: legal@evolve-np.com • security@evolve-np.com

This document explains material risks associated with using our software and interacting with related smart contracts. It is not legal, tax, accounting, or investment advice. Nonprofits and users should consult their own advisors.

1) What the product does (context)

EvolveNP provides on-chain software and dashboards that interact with smart contracts designed to: (i) apply rules to an ERC-20 fundraising token, (ii) convert designated assets (e.g., to USDC) via allow-listed routes, and (iii) forward proceeds to nonprofit-controlled wallets. Standard custody: a Safe multisig (3-of-5) with three nonprofit signers and two EvolveNP emergency signers. EvolveNP never has unilateral control over funds.

2) Who should read this

• Nonprofit organizations (finance, operations, legal/compliance).
• Donors/supporters interacting with the token or viewing dashboards.
• Partners and developers integrating with our public interfaces.

3) Key risks (high-level)

• Market & Liquidity Risk – Token prices can be volatile; DEX liquidity may be thin.
• Smart-Contract Risk – Bugs or design flaws can cause loss or delays despite audits.
• Third-Party Dependency Risk – DEXs, oracles, automation, or providers can fail or change behavior.
• Custody & Key Management Risk – Loss or compromise of keys can impair access.
• Upgrade/Pause/Emergency Controls Risk – Governance actions still carry operational risk.
• Regulatory & Compliance Risk – Obligations vary by jurisdiction and can change without notice.
• Accounting & Tax Risk – Fair-value recognition and reporting are the nonprofit’s responsibility.
• Operational & Human Factors – Phishing, social engineering, misclicks, and errors remain significant.
• Data & Privacy Risk – On-chain activity is public and permanent.
• Force Majeure – Network outages, forks, or systemic events can disrupt operations.

4) Detailed risk factors

4.1 Market, liquidity, and execution

Volatility, slippage, and limited liquidity can cause materially different outcomes from estimates. Insufficient DEX liquidity may cause higher price impact or skipped conversions.

4.2 Smart-contract and protocol mechanics

Audits reduce but do not eliminate vulnerabilities. Immutable portions of code may require migration if issues arise. Misconfiguration or automation failures can block or delay transactions.

4.3 Third-party dependencies

DEX/Router, oracle, RPC, or stablecoin provider failures can degrade or halt operations. Centralized exchanges may impose holds or limits beyond our control.

4.4 Custody, multisig, and key management

Nonprofits control three signer keys; EvolveNP holds two emergency keys with limited, security-only powers. Lost or compromised keys may lock funds or allow unauthorized approvals.

4.5 Pause/upgrade/emergency mechanisms

Even with allow-listing and nonprofit approvals, upgrades and emergency actions require coordination. Delays may occur during incidents or governance votes.

4.6 Regulatory, sanctions, and compliance

Laws on securities, AML, and charitable solicitation evolve rapidly. Nonprofits must maintain compliance and monitor for sanctioned counterparties.

4.7 Accounting & tax (nonprofits)

Nonprofits are responsible for GAAP/FASB recognition, fair-value reporting, and documentation. Dashboards and CSVs are convenience tools, not official ledgers.

4.8 Operational & human risks

Phishing, misconfiguration, or malware can compromise keys or cause incorrect actions. Maintain secure hardware, MFA, and careful signer management.

4.9 Data, privacy, and transparency

Blockchain activity is public and immutable. Limited site analytics may be used to secure or improve the product.

4.10 Force majeure & systemic events

Chain congestion, halts, or ecosystem events (e.g., stablecoin stress, major exploits) may impair operations or value.

5) Responsibilities & good practices

For nonprofits

• Maintain strict key management and secure backups.
• Define incident procedures and update signer rosters regularly.
• Use screening and audit logs for compliance.
• Work with accounting/tax advisors on reporting and record-keeping.

For donors/supporters

• Verify contract addresses and URLs before interacting.
• Understand that on-chain transactions are final and volatile.
• Do not expect profits, dividends, or investment returns from tokens.

6) No guarantees; target metrics

Any cost figures (e.g., “~1% cost per dollar raised”) are targets, not guarantees. Actual outcomes depend on network conditions, liquidity, and third-party fees.

7) Limitation of liability; incorporation by reference

Use of our software is governed by our Terms of Service, including disclaimers and limitations of liability, which are incorporated into this Risk Disclosure by reference.

8) Security reporting & status

If you discover a vulnerability or suspect abuse, email security@evolve-np.com. Please allow 90 days for remediation before public disclosure (or sooner if fixed). We’ll post material security notices on our Security page (/security) or status channel.

9) Changes to this disclosure

We may update this page periodically. Material changes will be dated above and may be highlighted in-app or on our site.