We build the swap we wanted to use.

Mission

Peer-to-peer crypto exchange should be a right, not a privilege. The original promise of cryptocurrency — send value over the wire without asking permission — was quietly erased by a decade of exchange consolidation, risk-scoring creep, and compliance over-reach. Most "swap" services today demand email, log IPs, fingerprint browsers, and escalate to identity demand on any order their upstream flags. NoKYCSwap is a refusal of that pattern.

Our mission is to offer a fast, honest, zero-friction swap that earns trust by not asking for any, and that reads the same way to a privacy researcher, a sanctioned-state dissident, a remote-worker hedging currency exposure, and an ordinary user who just doesn't want another account.

Who we are

NoKYCSwap is operated by a small, pseudonymous team with a combined decade-plus of experience across cryptography, backend engineering, payments infrastructure, and privacy research. We publish under pseudonyms because the project is the work, not the personality — and because a team whose tagline is "we don't record your identity" cannot credibly invite scrutiny of its own by plastering photos and bios on an "about" page.

If you need to verify our technical seriousness without meeting us, read the transparency page for the architecture, the AML statement for how we handle flagged orders, and our security.txt for responsible-disclosure terms. Anyone can make promises. We try to make our promises verifiable.

Operating principles

• Non-custodial, always. We never take possession of user funds. Deposit addresses are single-use and provisioned by our upstream routing layer, which itself hands off to liquidity venues — funds transit, they do not rest.
• No account, no email, no cookie-based identity. The only cookie we set is a CSRF session token, strictly necessary for the API that creates swaps. No analytics cookies. No behavioural tracking. No third-party pixels.
• Refund-first on flagged orders. If an upstream flag fires, the first offer is always: refund to an address you provide, no questions asked. We never condition recovery of funds on identity verification.
• Short-lived logs. Nginx access logs rotate within 24 hours. Order records are purged on settlement (or within 30 days in the worst case). No long-term correlating identifiers.
• Honest comparison. Our comparison pages link to each competitor and cite their public docs. Where a competitor does something better than us, we say so.
• No affiliate-rewrite games. We don't rewrite destination addresses, we don't inject referral codes, we don't siphon arbitrage between the quoted rate and the delivered rate. What the widget shows is what you receive.

Security & audits

The NoKYCSwap frontend is intentionally thin. There is no database: order state lives as flat JSON files that are purged on settlement. All sensitive secrets (upstream API keys, signing material) live outside the webroot and are never exposed to HTTP. The content-security-policy is strict enough to reject any third-party script beyond a privacy-preserving font mirror.

We accept security reports at [email protected]. Responsible-disclosure policy: ninety-day coordinated disclosure, no legal action against good-faith researchers, credit in the release notes if you want it. We do not yet operate a paid bounty programme; we do acknowledge and credit every substantive report.

Compliance posture

We are not a VASP, an exchange, or a money transmitter. We are a non-custodial routing front-end. The regulated entity in the swap chain is our upstream liquidity provider, which operates its own AML programme and performs address screening against the usual sanctions feeds (OFAC, EU, UN, UK). Read the AML statement for the detail and the jurisdiction guide for a region-by-region summary of where this model works.

Why "no KYC" is not "no rules"

Our prohibited-use list is short and specific: we do not want the service used to launder proceeds of crime, evade sanctions against designated persons or regimes, finance terrorism, or fund child-sexual-abuse material. These are not compliance theatre — they are the minimum ethical floor. Everything else is none of our business. If you are a journalist protecting a source, a dissident moving savings out of a collapsing currency regime, a business hedging receivables, or a private individual who simply declines to hand a government ID to a swap aggregator every time you rebalance, you are the user we built this for.

What we won't do

• Never bolt on an "optional" KYC account with feature-gating to herd users toward it.
• Never run analytics, tracking pixels, or fingerprinting — not even the "privacy-friendly" kind that phones home with anonymised telemetry.
• Never demand identity documents as a condition of refund on a flagged order.
• Never sell, share, or monetise any metadata we do hold. The business model is a small, transparent fee baked into each swap — nothing else.
• Never accept an ad placement, sponsorship, or affiliate relationship that would bias our comparison pages or asset listings.

Contact

The canonical channels are [email protected] for security and compliance matters, and the contact page for everything else. There is no phone line, no live chat, no account support — because there are no accounts.