Privacy Policy
AllSwap is a non-custodial service — by design, we do not need and do not collect your private keys, KYC documents, or real-name identity. This page sets out exactly what we do, and what we don't.
What We Do Not Collect
AllSwap is a non-custodial service, and by design we do not need and do not collect: (a) your private keys, mnemonic phrases, seed phrases, or any credentials that could be used to move your funds — we will never ask you for these, and you should never share them with anyone claiming to represent AllSwap; (b) KYC documents, passports, facial images, or biometric data; (c) bank card, payment account, or fiat account information; (d) real-name identity information (legal name, ID number, home address, phone number, etc.). These fields simply do not exist anywhere in our service architecture.
What We Do Collect
To provide the service, we collect: (a) your cross-chain swap request parameters (source asset, destination asset, chain, amount, slippage preference); (b) the deposit address and receiving address you provide (once a transaction is broadcast, these are publicly visible on-chain by nature); (c) your browser User-Agent, IP address, and access timestamps (used for anti-abuse, security monitoring, and error diagnostics); (d) essential cookies (see the next section). Our use of this data is strictly limited to operating the service and protecting its security.
Cookie Usage
This service uses: (a) essential cookies — to remember your language preference, theme (dark/light), time zone, and other local settings; (b) security cookies — for CSRF protection, rate limiting, and abuse detection; (c) limited anonymous analytics (page-view counts only, with no personal identification). We do not use third-party advertising cookies, we do not engage in cross-site tracking, and we do not sell your data to ad networks.
Third-Party Services
This service relies on the following categories of third parties for core infrastructure: (a) hosting and CDN providers (such as Vercel and Cloudflare); (b) cross-chain settlement protocols (independently audited decentralized protocols); (c) block explorer APIs (used to query on-chain state). In the course of providing services to us, these vendors may process the data described under "What We Do Collect" above. All such vendors have signed industry-standard Data Processing Agreements (DPAs) with us.
Public Nature of Blockchain Data
Please note: all on-chain transactions — including your deposit address, receiving address, amounts, timestamps, and transaction hashes — are permanent, public, and irreversible once broadcast to the blockchain. This is an inherent property of public blockchains and is independent of what AllSwap collects or retains. Anyone can look up this data through block explorers (Etherscan, Solscan, Mempool, etc.). We have no ability to delete or modify on-chain data.
Data Retention and Deletion
Swap request and status records are retained for up to 12 months (for customer support reconciliation, dispute resolution, and legal compliance). Data beyond this retention period is periodically destroyed or anonymized. You may request early deletion of data associated with you by contacting [email protected], and we will process such requests within a reasonable time frame; please note, however, that we cannot delete data that already exists on a public blockchain.
Your Rights
Under the Hong Kong Personal Data (Privacy) Ordinance (PDPO) and the EU General Data Protection Regulation (GDPR), you have the following rights: (a) to access the personal data we hold about you; (b) to correct inaccurate data; (c) to request erasure (within the limits permitted by applicable law); (d) to object to or restrict processing; (e) to data portability. To exercise these rights, please submit your request to [email protected], and we will respond within 30 days.
Cross-Border Data Transfers
Our servers, CDN nodes, and hosting infrastructure are distributed across multiple jurisdictions worldwide. By using this service, you agree that your data may be stored and processed in regions outside your own (including Hong Kong, the European Union, the United States, and others). All cross-border data processing is conducted under Standard Contractual Clauses (SCCs) or equivalent safeguards required by applicable law.
Children's Privacy
This service is not directed to users under 18 years of age (or below the legal age of majority in your jurisdiction). We do not knowingly collect data from minors. If we become aware that a minor is using the service, we will terminate their access and delete the associated data as promptly as possible. If you believe we may hold data relating to a minor, please contact us at [email protected].
Changes and Contact
We may revise this Policy from time to time to reflect changes in law, technology, or our operations. Material changes will be posted on this page and announced via Telegram @allswapservice. Your continued use of the service constitutes acceptance of the revised Policy. For any questions, complaints, or to exercise your privacy rights, please contact our data protection lead at [email protected]. This Policy takes effect from the "Effective" date above.

