BunnySwap
Sign in Register

Privacy, in plain words.

We collect what we need to settle a swap and keep the site running. Nothing more. We don’t sell data, we don’t build profiles, and we don’t tie your network identity to your trades.

Last updated 2 April 2026

What we store for a swap

  • The pair, amount, and rate type you picked.
  • The destination address you typed.
  • The order ID we use to settle and reconcile.

No IP, no user-agent, no network fingerprint against the order. Order rows live by their public ID. Nothing else is attached.

What we store if you create an account

  • Username, optional email, and a bcrypt password hash. The password itself is never stored anywhere.
  • An optional Telegram handle, in case we need to reach you about a swap.
  • A 2FA secret if you turn 2FA on. It never leaves the server.
  • A history of orders linked to your account, for your convenience.
  • Sign-in events (sign-in, sign-out, failed attempts), kept briefly for abuse-limiting.

Sign-in events are kept just long enough to spot abuse patterns and then dropped. They’re never used to build a picture of you and they’re never linked to your trades.

What we never collect

  • Your real name, address, ID, or any KYC data.
  • Your seed phrase or private keys. We never ask. Anyone who does is a scam.
  • Tracking cookies for ads. One cookie for theme, one for the session, that’s it.
  • Third-party analytics SDKs. No Google Analytics, no Segment, no Hotjar, none of that on this site.

How a swap settles

We aggregate quotes from a network of non-custodial sources and route your order on-chain. The pair, amount, and destination address travel with the order so the trade can settle. We don’t attach your network identity to any of it.

Retention

  • Server logs: every log file is deleted after 7 days, no exceptions.
  • Sign-in events: kept briefly for abuse-limiting, then deleted automatically. Capped at 7 days.
  • Sessions: expire after 7 days of inactivity. Anonymous browsing sessions drop within minutes. You can sign other devices out from the dashboard at any time.
  • Orders: kept while in flight, kept on file as a record once they complete. Orders are not tied to user accounts, IP addresses, or user-agents.
  • Account deletion: self-serve from the dashboard. Removes your user record, every session, and every sign-in event tied to your account in one sweep.

Contact

Privacy questions go to @bunnyswapofficial on Telegram or [email protected]. A person reads them, not a ticket queue. Our PGP key for sensitive reports is at /pgp.txt.