1. Scope
SwapZilla offers two distinct usage modes with different privacy footprints:
- Anonymous swap and Payer flows — no account, no email, no registration. We collect only technical metadata necessary to operate the Service.
- Merchant accounts (SwapZilla Pay) — sign-in by email magic link. We process the email and limited account metadata as described in Section 3.
This Policy applies to both modes; sections below note where treatment differs.
2. Data We Do Not Collect From Anonymous Users
For anonymous swap, Private Swap, and Payer flows we do not require or collect:
- Personal Identifiable Information (PII) such as Name, Physical Address, or Government ID;
- Email addresses or Phone numbers;
- Account creation or verification data.
3. Merchant Data (Pay Service Only)
When you sign in to the Pay Service as a Merchant, we process:
- Email address — used to deliver magic-link sign-in tokens and security notifications.
- Session cookie (
szpay_session) — HttpOnly, Secure, SameSite cookie that authenticates Merchant API calls. Removed on logout or after the configured session lifetime. - API keys and webhook secrets — stored hashed; the plaintext is shown only at creation.
- Payment Request metadata you create: amount, receive asset, network, payout address, description, expiration, status.
- Webhook delivery logs — URL, timestamp, response status, retry attempts (no payload content beyond what you yourself created).
4. Technical Data We May Log
- Network identifiers: IP address (anonymized where feasible), user agent, geolocation at country level. Used for fraud detection, rate limiting, and DDoS mitigation.
- Transaction metadata: Swap and Payment IDs, asset/network pairs, timestamps, status. Used for support and dispute handling. Not linked to real-world identity for anonymous users.
- Functional cookies: language preference, theme, session token (Pay only). No advertising or cross-site tracking cookies.
5. Third-Party Recipients
- Providers. When you initiate a Swap, we forward the data needed to execute it (receive address, refund address, amounts) to the selected Provider. Providers have their own privacy policies.
- Webhook endpoints. If a Merchant configures a webhook URL, we deliver Payment status events to that URL. The Merchant controls and is responsible for the security of that endpoint.
- Cloudflare. Our edge/CDN routes traffic; Cloudflare logs IP and request metadata under their privacy terms.
- Email delivery. Magic-link emails are sent through a transactional email provider. The provider sees recipient email and message content.
6. Retention
- Anonymous swap/payment metadata: up to 24 months for support and dispute resolution; technical logs up to 90 days.
- Merchant account data: retained while the account is active and for up to 24 months after closure (regulatory and audit purposes), then deleted or anonymized.
- Session cookies: removed at logout or after session expiry.
7. Your Rights
To the extent you have rights under applicable law (such as access, correction, deletion, or data export), contact us at [email protected]. For anonymous flows we may have very little data attributable to you, which limits the scope of access/deletion requests.
8. Contact
For any privacy-related concerns, please reach out to us at [email protected].