CoinVastSwap now
Legal

Privacy

The best privacy policy is having little to write about. No accounts means no profile of you exists here — this page covers the little that does.

Template notice — this is a working draft prepared by the team and has not yet been reviewed by legal counsel. It must be reviewed and adapted to the operating entity and jurisdiction (including GDPR/equivalent applicability) before launch.

1. The short version

There are no accounts, so there is no profile of you to build. We keep the records a swap itself creates — order details, addresses, transaction hashes — and almost nothing else. We run no tracking pixels, no ad cookies, and no third-party analytics, and we do not sell data to anyone.

2. What we collect

Order data: the pair, amounts, rate and spread, the deposit and payout addresses, an optional refund address, transaction hashes, and a timestamped status timeline. This is the swap's own paper trail and it is what powers your order page.

Screening data: the result of the pre-trade risk screen run on each deposit (a risk assessment of the sending address and transaction — see section 4).

Technical logs: standard, short-lived server logs (IP address, user agent, requested URL) kept by our hosting infrastructure for security and debugging, then rotated out.

Support email: if you write to us, we keep the thread so we can answer and follow up. That is the only place a name or email address can enter our systems, and only because you chose to send it.

3. What we deliberately don't collect

No registration data — there is no sign-up. No names, emails, or phone numbers attached to swaps. No tracking pixels, advertising cookies, fingerprinting scripts, or third-party analytics on any page. The site sets no cookies for browsing; your recent swaps list is stored only in your own browser's local storage and never sent to us.

4. Screening provider

Before any exchange begins, the deposit's sending address and transaction identifiers are checked against a blockchain risk-screening provider. The provider receives on-chain data only — addresses and transaction hashes that are already public on the blockchain — never your IP address, browser data, or support correspondence. This pre-trade screen is what allows our no-freeze policy; the policy itself is described on the trust page.

5. Infrastructure

The web application is hosted on Vercel; order records are stored in a managed Postgres database; our exchange infrastructure runs on a server operated by us at Hetzner. Each processes data on our behalf under their own security and data-processing terms. Market price data is fetched server-side from CoinGecko — no user data is involved in those requests.

6. Retention

Order records (including addresses and transaction hashes) are retained as long as operationally and legally required — they are the evidence that lets us resolve disputes, process refunds, and meet record-keeping obligations. Technical server logs are short-lived and rotate automatically. Support email is kept for as long as the conversation is useful, and deleted on request where no legal duty requires keeping it.

7. Sharing

We do not sell or rent data. Records are shared only with the service providers listed above (to operate the service) and with authorities when presented with a valid legal demand — a limit we state plainly on the trust page rather than hide here.

8. Your rights and contact

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold. Given how little we hold, the practical scope is usually your support correspondence and any order you can identify by its order ID.

To exercise these rights or ask anything about this policy: info@coinvast.io.

Draft revision — June 2026. The published revision date will be maintained here after counsel review.