How SwiftSwap protects your assets and data
SwiftSwap is a non-custodial exchange. We never hold your funds. The swap process works as follows:
This means even if SwiftSwap servers are compromised, your funds in transit are protected by our exchange partners' security.
All connections use TLS 1.2+ with modern cipher suites. HSTS preload enforced.
Multi-layer rate limiting: nginx (20 req/s) + Express (50 req/5min). Automatic IP blacklisting.
Stateless JWT tokens with short expiry. Secret rotation support. Admin tokens use separate secret.
CSP, HSTS, X-Frame-Options, X-Content-Type, Referrer-Policy, Permissions-Policy all enforced.
SQL injection patterns blocked. XSS filtering. Input sanitization on all API inputs.
CSRF tokens on state-changing operations. SameSite cookie policy enforced.
TOTP-based two-factor authentication (Google Authenticator compatible). Recovery codes provided.
All security events logged with IP, timestamp, and event type. Real-time alerts for critical events.
| Data Type | Encryption | Storage |
|---|---|---|
| Passwords | bcrypt (rounds: 12) | Database (hash only) |
| API Keys | bcrypt hash | Database (prefix + hash) |
| Session Tokens | JWT signed | Client-side only |
| Wallet Addresses | TLS in transit | Database (encrypted at rest) |
| 2FA Secrets | AES-256 | Database (encrypted) |
✓ UFW firewall with minimal exposed ports (22, 80, 443)
✓ CIS Ubuntu Level 1 hardening applied
✓ File integrity monitoring on critical system files
✓ Automatic security patches via unattended-upgrades
✓ Daily database backups with encryption
✓ 24/7 uptime monitoring with Telegram alerts
Found a security issue? We have a Bug Bounty program with rewards up to $15,000.
Contact: security@swiftswap.net | security.txt