Privacy Policy
Last updated: April 2026
1. Principles
smallswap is designed to handle the minimum information required to execute a cryptocurrency swap. This policy describes, honestly, what we receive, what we keep, for how long, and why.
2. What We Do Not Collect
- No personal identification at the front door — no name, email, phone, or government ID is required to initiate a swap.
- No user accounts. Every swap is independent.
- No browser fingerprints, analytics, or tracking cookies.
- No persisted customer IP address. Your IP is used briefly by our rate-limiter and then discarded; it is not written to our database.
3. What We Receive and Retain
| Data | Why we receive it | How long we keep it |
|---|---|---|
| Refund address | Required to return your deposit if a swap fails or is refused. | Cleared 72 hours after the swap reaches a terminal state. |
| Deposit address, payout address, amounts, chain, on-chain transaction hashes | Required to execute, prove, and reconcile the swap. | Retained indefinitely in our transaction ledger. We plan to move to a 90-day retention window for unflagged swaps in a future update. |
| Operational logs (service errors, diagnostics) | Required to keep the service running. Logs do not contain user IP addresses. | Rotated on a rolling 7-day window. |
| Compliance-screening results (pass / flag + list source) | Required to meet the screening policy described in our Terms of Service. | 90 days for clean results. Up to 5 years for flagged results. |
| Telegram handle (if you contact our support bot) | Required to relay your message to our operators and respond. | Visible to our operators during the conversation. Not persisted after the support interaction is closed. |
4. What We Do Not Retain
- No customer IP addresses in our database.
- No user-agent strings, referer headers, or fingerprint data.
- No email or contact details unless you voluntarily provide them to us for support.
- No funds custody beyond the brief period required to execute a swap.
5. Compliance Screening
Deposit and payout addresses are automatically screened against publicly available sanctions lists and compliance-relevant data sources, as described in our Terms of Service. Screening is performed on addresses only — not on you as a user. Results are retained according to the retention schedule above.
6. Third-Party Counterparties
When we route liquidity through a third-party exchange or liquidity provider, the transaction data required to execute that leg (addresses, amounts) is shared with that counterparty. Each counterparty operates under its own privacy practices. We do not control their retention or use of that data.
7. Cooperation with Law Enforcement
We respond to legitimate legal process from competent authorities. The data we can produce is limited to what we retain as described in Section 3. We do not volunteer data outside of legal process.
8. Your Rights
Because we do not collect personal identification, there is generally no user profile to access, correct, or delete. If you believe we hold data connected to you and want to inquire, contact privacy@smallswap.io.
9. Security
Data at rest is stored on servers protected by standard disk and application-level controls. Data in transit is protected by TLS. Access to production infrastructure is limited to operational personnel.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be noted at the top of this page with an updated revision date.
11. Contact
- Privacy questions: privacy@smallswap.io
- Compliance / screening disputes: compliance@smallswap.io
- Law enforcement requests: le@smallswap.io