Privacy Policy

Privacy Policy.

What uSwap holds, what we don't, and how we stay AML-compliant without a KYC surface. The honest version.

Last updated June 14, 2026

Summary

The short version.

uSwap doesn't ask for government ID, full legal names, dates of birth, or residential addresses. We don't have a profile for you because there is no account to attach one to. The data we do hold is what we need to route your swap, recover it if something goes wrong, and screen the source / destination addresses against sanctions and known-illicit-funds lists.

If we can't route a deposit because it triggers a flag, we refund it. We do not retain the funds and we do not request additional identity information from you to "release" them.

Section 1

What we collect.

Swap data

  • The asset, network, amount, and quote mode of each intent you create.
  • The deposit address derived for your bridge and the addresses that send to it.
  • The destination address you provide for each intent.
  • The execution providers used by the routing engine and the outcome of each leg.
  • Any spend-product credentials we need to deliver to your destination (gift card code, Telegram gift link, Discord boost claim URL, etc.) — held only long enough to complete delivery.

Operational data

  • Server logs (truncated IP, user-agent, timestamp) for abuse mitigation and uptime monitoring.
  • Errors and stack traces from the engine, scrubbed of user-supplied identifiers before retention.

Partner data (partner.uswap.net only)

  • An email address and an API key for each partner organization.
  • API usage metrics tied to the organization, not to end-users.

Section 2

What we don't collect.

uSwap does not collect, store, or process:

  • Government-issued identification (passport, driver's license, national ID).
  • Full legal name, date of birth, or place of birth.
  • Residential address or proof of residence.
  • Selfies, biometric scans, or liveness videos.
  • Bank account numbers, IBAN, routing numbers, or card data of your own.
  • Tax-residency declarations or social-security / tax-ID numbers.
  • A uSwap account, login, or password — there is no account to create, and the operator surface has no field for one.

We don't ask, we don't store, and we don't share what we don't have. This is architectural, not a discretionary policy — the operator surface does not have inputs for these fields.

The uSwap browser extension is a separate surface that handles fiat-payment-confirmation data on your own device to complete an on-ramp purchase. It never collects your password and is covered in full in Section 7.

Section 3

Why we hold what we hold.

To route your swap

The deposit address, destination address, asset, and amount are what the engine needs to construct a route and deliver value to you. Without these, no swap.

To recover your swap if something goes wrong

If your deposit arrives off-quote, on the wrong network, or after expiry, the engine offers you market / hold / refund options on the same page. Holding the original quote and the actual arrival lets recovery happen without a support ticket.

To screen against sanctions and illicit-funds designations

The source and destination addresses are checked against sanctions lists and known-illicit-activity designations at the moment of routing. See the next section.

To improve and protect the service

Aggregate metrics (route success rates, provider latency, error frequencies) inform engineering. Server logs help us mitigate abuse and keep the engine online.

Retention is the shortest period consistent with each purpose. Spend-product credentials are wiped after successful delivery. Server logs are aged out on a rolling window. Settled intents are retained for recovery and reporting obligations and may be retained longer than active routes.

Section 4

AML / sanctions screening.

uSwap is AML-compliant. We meet that obligation through deposit-and-destination screening, not by collecting end-user identity.

What we check

  • Source addresses against the U.S. OFAC SDN list and equivalent sanctions designations from recognized authorities.
  • Source addresses against stolen-funds, exchange-hack, ransomware, and darknet-market designations from reputable on-chain analytics providers.
  • Destination addresses against the same sets at the moment a route is constructed.

What happens on a hit

  • Flagged deposit — refunded to the originating address. We do not retain the funds. We do not request additional information from you to "clear" the flag.
  • Flagged destination — the quote is rejected before you deposit. No funds move.

Where applicable, uSwap complies with reporting obligations of the jurisdictions in which it operates. We do not launder funds. We do not knowingly facilitate transactions in violation of applicable sanctions.

Section 5

Third parties.

Routing a swap requires uSwap to interact with execution providers, the underlying blockchains, and — for spend products — upstream issuers. Specifically:

  • Execution providers — 1Click, SageSwap, Wagyu, Chainflip, OctoSwap, THORChain, and similar crypto routing surfaces. The engine sends them quote requests and deposit / withdrawal instructions; what they see is the routing data they need to execute, not your identity.
  • Spend-product providers — Telegram, Discord, Mullvad, gift-card and prepaid-card issuers, and P2P fiat counterparties. The engine purchases the product on your behalf; what they see is the order, not who you are.
  • Sanctions / on-chain analytics providers — used to check addresses against sanctions and illicit-activity designations.
  • Infrastructure providers — Coolify-managed hosting, Cloudflare for edge caching and DNS, Postgres for state. These see operational data only.

We do not sell user data, run third-party ad trackers, or share routing data with marketing partners. The site does not include ad networks.

Section 6

Server logs and IP addresses.

The engine logs operational data needed to keep the service online: request timestamps, response status, and truncated source IP for abuse mitigation. We do not maintain a long-lived per-user behavioral profile. Logs are aged out on a rolling window.

If you connect from behind a VPN, Tor exit, or shared NAT, the IP we see is that of your exit — not anything more granular.

Section 7

The uSwap browser extension.

The uSwap browser extension is the companion to uSwap's fiat on-ramp. Its single purpose is to confirm — privately, on your device — that you have sent a fiat payment to your peer-to-peer counterparty, so the escrow releases the crypto you bought. It does nothing else.

What it touches

  • Your payment confirmation. When you pay a counterparty through your own payment app (Cash App, Venmo, Wise, Revolut, and similar), the extension reads the confirmation of that one transaction to prove the payment was made.
  • Your existing payment-app session. To read that one confirmation, the extension uses the session you are already logged into in your browser (session tokens / request headers). It never asks for, sees, or stores your password, PIN, or login.

How that data is handled

  • On your device. Capture happens locally inside the extension. Plaintext session material never leaves your browser.
  • Encrypted before it leaves. Only a tamper-proof, encrypted proof — produced inside a trusted execution environment (TEE) — is relayed to complete your purchase. uSwap cannot read the underlying session material; the TEE attests that the payment happened without exposing it.
  • Not stored. Capture sessions are short-lived and wiped on delivery or failure. The only thing the extension keeps is a local list of which sites you have connected it to.
  • Not sold, not profiled. The extension does not sell or transfer your data, build a profile of you, or track your browsing, and it runs no analytics or advertising code.

Permissions and access

  • The install prompt never requests access to your payment accounts. Access to a specific payment platform is requested only at the moment you choose to pay with it, and only for that platform.
  • The extension loads and runs no remotely-hosted code — everything it executes ships inside the published, reviewed package.
  • You can revoke a site connection or a platform permission at any time from your browser's extension settings.

Section 8

Cookies and local storage.

uSwap.net (this marketing site) uses minimal cookies — none for cross-site tracking and no third-party advertising networks. Analytics, where present, is privacy-respecting and aggregate.

app.uswap.net (the routing app) uses local storage to remember your bridge so that you can return to it without re-typing addresses. Clearing your browser storage forgets the bridge from this device; the bridge itself continues to exist server-side and can be recovered with its bridge ID.

Section 9

Your choices.

  • You can use uSwap without supplying anything we don't strictly need to route the swap. The destination address is the only user-supplied field that affects fulfillment.
  • You can clear your local bridge data at any time by clearing browser storage for app.uswap.net.
  • If you need a settled intent removed from operational logs for a specific reason, write to @maintenance on Telegram; we will assess against any retention obligations that apply.

Section 10

Children.

uSwap is not directed at and not intended for use by anyone under 18. We do not knowingly process data from anyone under 18. If you believe a minor is using the service, contact us and we will take appropriate action.

Section 11

Changes.

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page and, when reasonable, by surfacing a banner on uSwap.net.

Section 12

Contact.

For privacy-related questions — including anything about the browser extension's data handling — email support@uswap.net or message us on Telegram (@slither). See the contact page. For Terms-related questions, see the Terms of Service.