Privacy Policy

Swiftz ("we", "our", "us") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it when you use our cryptocurrency payment infrastructure.

We are a non-custodial service. We never hold your funds, and we are not a financial institution. This policy covers the data generated by using our platform, API, and dashboard.

We use the data we collect to operate the service: authenticate your account, process and verify payments, deliver webhook notifications, detect fraud, enforce rate limits, and respond to support requests.

We do not use your data for advertising, profiling, or sale to third parties. We do not build behavioral profiles.

We do not sell your data. We share data only in these limited cases:

Infrastructure providers: Our hosting and database providers process data on our behalf under strict data processing agreements. They do not have independent access to your data.

Legal requirements: We may disclose data if required by a valid legal process, court order, or to protect the rights and safety of our users or the public.

Business transfers: In the event of a merger or acquisition, data may transfer to the successor entity under the same privacy commitments.

Confirmed payments are recorded in the Swiftz public ledger at swiftz.us/explorer. Each entry contains: block number, SHA-256 entry hash, chain, amount in USD, and a truncated checkout ID.

No personally identifiable information is included in ledger entries. Wallet addresses are not published in the ledger.

All data is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256. API keys are stored as SHA-256 hashes — the plaintext is shown once at creation and never stored.

Webhook signing secrets are stored as hashes. Access to production systems is restricted to authorized personnel with multi-factor authentication.

Account data is retained for the lifetime of your account. Transaction records are retained for 7 years to comply with financial record-keeping requirements.

API logs are retained for 90 days. If you close your account, personal data is deleted within 30 days, except where retention is required by law.

We use a single session cookie to keep you logged in. No tracking cookies, no advertising cookies, no third-party cookies are set on any Swiftz page.

Disabling cookies will prevent you from staying logged in to the dashboard but does not affect the checkout page for your customers.

You have the right to access, correct, export, or delete your personal data at any time. You can manage most of this directly in your dashboard under Settings.

To request data deletion or export, contact support@swiftz.us. We will respond within 30 days. Deletion requests may be subject to retention requirements for financial records.

Swiftz is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.

We may update this policy as the service evolves. Material changes will be communicated via email or dashboard notification at least 14 days before taking effect. The current version is always available at swiftz.us/privacy.

For privacy questions or data requests, contact us at support@swiftz.us.