Where is your Bitcoin stored?
We always encourage our users to take custody of their own coins as soon as possible. When you purchase Bitcoin using Swan, your coins are stored by a licensed and regulated Nevada chartered trust company, Prime Trust, which secures billions of dollars worth of fiat and cryptocurrency for some of the biggest companies in the industry.
Your Bitcoin and USD is stored under your name with Prime Trust, with you as the sole legal owner. Swan does not have the ability to move your funds.
Bitcoin is stored using best-in-class security practices and technologies.
Swan cannot move your Bitcoin or USD without your authorization
In order to ensure that Swan cannot move Bitcoin out of your account, you will receive a direct confirmation of withdrawal from Prime Trust whenever you withdraw your Bitcoin. This email is delivered directly from Prime Trust, and requires your authorization to move Bitcoin from Prime Trust storage to your own wallet.
How does fiat money move from your bank account and turn into Bitcoin?
When you supply your bank account information to Swan, it is passed to and stored directly with Prime Trust, a licensed and regulated trust company, into an account registered legally under your name. Swan never stores your bank information and has no ability to withdraw from your bank.
Bank withdrawals via ACH are initiated directly by Prime Trust. Once the money clears in Prime Trust, a trade is executed by Prime Trust to convert your fiat money to Bitcoin at the current market price.
What personal data does Swan store?
Swan stores the minimal personal data required to be compliant with regulations. Currently, this is limited to your name, email, address, phone number, and date of birth. This information is stored in an encrypted database.
While our site collects social security numbers and identity documentation as required by law to open a trust account with Prime Trust, this information is relayed over an encrypted connection directly to Prime Trust and never stored on Swan servers.
How is your data secured?
All Swan data is stored encrypted with military-grade AES-256 encryption.
All traffic is encrypted using industry standard TLSv1.2 encryption.
Swan does not store nor have access to the private keys for Bitcoin stored with our custodial partner, Prime Trust.
Swan follows the Center For Internet Security Benchmarks for security standards.
What happens if Swan goes out of business?
The entirety of your fiat and Bitcoin holdings is stored in an account in your name with Prime Trust. In the unlikely event of Swan winding up operations, you still have legal control of funds stored within Prime Trust and can request disbursement using your email. Please contact Prime Trust for more information.
As always, we encourage you to withdraw your Bitcoin often to a secure wallet whose keys you control.
Reporting security issues
If you have found a critical security vulnerability, please practice responsible disclosure by reporting it to firstname.lastname@example.org and giving us a chance to respond.
We will consider bounties for disclosures that include a proof of concept and lead to the direct compromise of user data. Reports that are related to best practices including missing headers will not be rewarded.
Please do not run vulnerability scanners against our site. We have our own scans running and will not reward reports found from automated scans.
To keep our security program focused and useful, we disqualify reports that are on Google's list of non-qualifying reports. Please note that this list is a non-exhaustive guideline. If your report falls into one of those categories, it will likely not be rewarded. Please review the list prior to submitting your report.