SmallSwap SmallSwap

Privacy Policy

Version: pending counsel review. Effective on publication.

The full Privacy Policy for SmallSwap v2 is pending review by counsel. The required disclosures are specified in docs/specs/08-affiliates-legal.md §C in the project repository.

Until then, the operative summary is below.

What we collect

  • Swap input/output currencies, amounts, and addresses
  • Your IP address (or the Tor exit's IP when you connect via Tor, or the constant .onion address when you use our hidden service)
  • Your User-Agent string at swap creation

No name. No email (except optionally for affiliates). No KYC. No government ID.

What we don't

  • No fingerprinting
  • No third-party analytics, advertising trackers, or social-media widgets
  • No Google Fonts (we self-host Manrope)
  • No CDN for static assets
  • No third-party cookies, ever

Cookies

The only cookies we set:

  • ss_theme — your dark/light preference (1 year, first-party only)
  • ss_csrf — anti-forgery token for form submissions (24 hours)

Data retention

Financial records (swap details, ledger entries, commissions, payouts) are kept indefinitely as a regulatory and accounting necessity. Audit logs (quote calculations, eligibility checks, partner-request traces) are kept for 90 days by default — adjustable by the operator.