Privacy Policy
Last updated: January 2026. Stellar Swap is designed to know as little about you as technically possible while still routing your anonymous XLM swap or any other supported crypto exchange. This policy explains exactly what minimal data our engine requires and the far larger category of data we deliberately never collect.
1. Our Core Principle: Collect Nothing You Do Not Need
Every significant privacy breach in crypto history has one thing in common — the platform stored data it did not actually need to perform its core function. Stellar Swap was built around a different idea from day one: if a piece of data is not strictly required to route your swap from a sending wallet to a destination address, we do not collect it. This principle applies whether you are swapping Stellar Lumens for Monero, converting Bitcoin to USDT, or exchanging any other supported pair with zero KYC.
This document describes what the swap engine actually needs to function, what we categorically refuse to collect, and how our technical infrastructure is structured to keep your activity private by default.
2. Data We Never Collect
Stellar Swap does not request, process, store or share any of the following under any circumstances:
- Your legal name, aliases or any personal identifier
- Email addresses, phone numbers or physical mailing addresses
- Government-issued identification of any kind
- Biometric data, facial scans or liveness check results
- Geographic location data or postal codes
- Browser fingerprints, device identifiers or cross-site tracking profiles
- Third-party advertising or behavioral tracking cookies
- Persistent user account data, login histories or transaction histories linked to individuals
3. Data the Swap Engine Requires
To route an anonymous crypto swap from your source asset to your destination wallet at the best available rate, our automated engine holds the following data in a temporary PHP session state for the duration of the order:
- One-time deposit address: A freshly generated wallet address created exclusively to receive your incoming funds for this specific order. It expires when your session ends.
- Destination address: The external wallet address you entered to receive the converted funds.
- Asset pair and amount: The trading pair and volume for the order.
- Order timestamp: Used solely to enforce the 30-minute rate lock.
- Session Order ID: A randomly generated reference code that tracks the mechanical progress of your swap through our routing engine.
None of this data contains any personal identifier. Once your browser session ends, the connection between this session data and your device is permanently severed.
4. Server Infrastructure Logs
Our servers generate standard operational logs that include HTTP request paths, timestamps and IP addresses. These exist solely to defend against DDoS attacks and maintain platform availability. They are not aggregated into user profiles, are never tied to order session data and are routinely purged on a short retention schedule. Using a VPN or Tor when swapping crypto prevents your IP from appearing in these logs entirely.
5. Third-Party Services
Stellar Swap operates in an isolated environment. The only external services involved in the swap process are:
- Market price APIs: Used exclusively to fetch live exchange rates so we can offer the best rate. No user data, order IDs or wallet addresses are transmitted to these endpoints.
- QR code renderer (api.qrserver.com): Generates the visual QR code of your deposit address. The API receives only the alphanumeric deposit address string, nothing else.
- Google Fonts: CDN delivery for typography only.
We do not use Google Analytics, Meta Pixel, Mixpanel, Hotjar or any other behavioral analytics or advertising tool. No advertising network has any presence on this platform.
6. Cookies
We use exactly one cookie: the PHP session identifier. This server-side cookie holds your active order state so the page works correctly if you refresh mid-swap. It contains no personal data and is automatically deleted when you close your browser. There are no tracking cookies, advertising cookies or persistent cookies of any kind on Stellar Swap.
7. Data Retention
Order session data is inherently short-lived. Upon swap completion and session termination, the data exits active storage. We do not build historical transaction ledgers, we do not maintain records linking multiple swaps to a single user, and we cannot produce a transaction history for any individual because no such record exists in our system.
8. What We Can and Cannot Share With Authorities
Stellar Swap does not sell or share user data for commercial purposes. If we receive a legally binding order from an authorized body, our ability to comply is naturally constrained by what we actually possess. We can provide order session metadata (timestamps, asset pairs, blockchain addresses) for active or recently active sessions. We cannot provide names, email addresses, IP histories or user profiles because our system never stores them.
9. Security
All traffic between your browser and our exchange is encrypted via HTTPS/TLS. Deposit addresses are never reused — every order receives a unique address generated at the time of creation. Private keys for routing wallets are managed in isolated server environments inaccessible from the public-facing application layer.
10. Age Requirement
Stellar Swap is intended for adults making independent financial decisions. Use of the platform is restricted to individuals aged 18 or older. We do not knowingly process data belonging to minors.
11. Policy Changes
We may update this policy as our platform evolves. Changes take effect when published to this page. Continued use of Stellar Swap after an update constitutes acceptance of the revised terms.
12. Privacy Questions
For questions about our data architecture or privacy practices, contact us at support@changexlm.exchange.