NoKYCSwap
Launch app

How to reach us.

A short page, because we keep the contact surface narrow on purpose. No live chat, no phone line, no account support — just email, routed to humans.

Security & vulnerability reports

[email protected] — the canonical address for any security finding, from a typo in a header to a full account-takeover chain. Our machine-readable policy lives at /.well-known/security.txt per RFC 9116.

Responsible-disclosure terms in one paragraph: if you find something, tell us and give us ninety days before publishing. We will not take legal action against good-faith research that stays within the scope of our production surface (nokycswap.io and its subdomains) and avoids destructive testing. We credit reporters in release notes on request. We do not yet operate a paid bounty programme.

Compliance & law-enforcement

Same address: [email protected]. Read the AML statement first; it explains what we hold and do not hold, and who the VASP in the swap chain actually is. A lawful process directed to the correct entity will receive a proportionate response. We do not respond to informal or fishing inquiries.

Press & research

Journalists and researchers writing about non-custodial exchange, privacy coins, or the no-KYC landscape in general: we are happy to answer technical questions in writing. Same address. State the publication, the angle, and the deadline. If you want an on-record quote we can provide one within that scope; if you want identity verification of the team, that is not something we offer.

Order issues

We do not operate a support desk for individual swaps, because there are no accounts to authenticate against. The correct place to act on a specific order is the order page itself — reached from the URL that was returned when the order was created. If an order is flagged, the page surfaces Emergency actions (refund to an address you provide, or accept current market rate). Those actions are the authoritative channel.

If the order page is unreachable and you retain the order ID and token, email [email protected] with that exact material; we can often restore the order view. Do not send identity documents unprompted — we cannot use them and will not keep them.

General inquiries

If your question does not fit any of the above, the same address still works — it routes to the same small team. We reply when we reply; we are a small operation and we prioritise security and compliance mail first.

What we will not respond to

  • Unsolicited SEO, "link-building", or guest-post pitches. Our comparison pages are editorial and cannot be bought.
  • Unsolicited partnership, listing, or affiliate proposals.
  • Requests to add invasive analytics, marketing pixels, or any third-party tag to the site.
  • Informal "voluntary disclosure" invitations from authorities. Serve us properly and we will respond properly.

Reaching the broader team

We are active on the Fediverse and on Nostr under the NoKYCSwap handle. We do not maintain a Twitter/X presence because the surface is hostile to accounts that publish about non-custodial routing. We read email we do not post.