AllSwap

Privacy policy

Last updated: 2026-06-22

This Privacy Policy describes how Allswap (“we”, “our”) handles data we receive when you register for and use the Allswap API (the “Service”).

1. What we collect

  • Account data. Email, company name, and any contact details you provide when requesting an API key.
  • API metadata. Request timestamps, source IP, key id, and the chains / assets involved in each quote and swap. We retain this for rate-limit enforcement, billing, and abuse investigation.
  • End-user addresses. The sender and recipient on-chain addresses you submit in a quote request. These are not linked to any personally identifying information unless you send it in the metadata field — which we recommend you avoid.

2. What we do not collect

We do not collect end-user emails, names, or other personally identifying information from your application. If you transmit any such data to us (e.g., in the metadata field of a quote), please ensure you have appropriate consent and a lawful basis under your jurisdiction.

3. How we use the data

We use the data above to:

  • Operate, maintain, and improve the Service;
  • Enforce rate limits, billing, and abuse policies;
  • Investigate security incidents and detect suspicious activity;
  • Communicate with you about service updates and incidents.

4. Sharing

Quote requests are forwarded to upstream routing partners to assemble the best available price. Only the minimum data required for routing (asset ids, amounts, addresses) is shared. We do not sell data to advertisers and do not share account-level data with third parties for marketing.

5. Retention

  • API request metadata: 90 days.
  • Swap records (status, hashes, timestamps): 7 years for audit purposes.
  • Account contact data: until you close the account, plus 90 days.

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your account data. Email [email protected] to exercise these rights.

7. Security

API secrets are stored as one-way hashes. We use TLS 1.2+ in transit, and AES-256 at rest for sensitive data. We will notify affected customers of any confirmed security incident within 72 hours.

8. Changes

Material changes to this policy will be announced at least 30 days in advance via email and on the changelog.

9. Contact

Privacy questions: [email protected].