Privacy Policy | OneSwap.ai

1. Framework & Updates

OneSwap.ai orchestrates a hyper-efficient, non-custodial decentralized asset aggregator. As a nexus between your digital wallet and external liquidity reservoirs, we inevitably process specific streams of telemetry. This document maps out exactly what we harvest, how we secure it, and your fundamental rights over it, operating under the bedrock of the EU General Data Protection Regulation (GDPR) and overlapping global frameworks.

Interacting with our web matrix, APIs, or smart contract endpoints binds you implicitly to this framework. If this data doctrine misaligns with your personal privacy thresholds, you must sever all connections to our platform immediately.

Core Non-Custodial Realities:

We are a routing engine. The vast majority of our operations act purely as technical passthroughs linking you to decentralized or centralized liquidity providers (herein "Nodes").
We inherently reject the stockpiling of rich biometric or governmental IDs. If our interface demands localized KYC inputs, it is strictly brokering that data directly to the specific Node executing your swap. We hold no vault of your passports.
Data entered into our interface is dynamically encrypted and propelled to the receiving Node. Their distinct privacy edicts govern the ultimate fate of that data.

For inquiries striking at the heart of our data practices, dial our compliance desk via [email protected].

Living Document: This protocol mutates alongside shifting digital paradigms. Substantive infrastructural updates will trigger active alerts, but silently refreshing this page remains your best defensive posture.

2. Telemetry & Data Harvesting

Our sensors capture multi-layered data arrays depending directly upon your velocity and depth of integration with OneSwap.ai.

A. Direct Volunteered Data

Support & Troubleshooting	Email addresses, Telegram handles, fault descriptions, and text threads volunteered when confronting a stuck router.
Compliance (Pass-through)	When a target Node demands AML verification, you may upload IDs, selfies, or wealth origins. We buffer and instantly transmit this payload; we do not archive the raw images.
Asset Addressing	Source addresses, destination addresses, and specific MEMOs typed or pasted into our GUI.

B. Exhaust & Autonomous Collection

Merely rendering the site generates passive digital footprints vital for DDOS mitigation and UI rendering.

Data Genus	Manifestation
Network Signatures	Raw IP addresses, geo-location triangulations, ISP headers, and the time-to-live of your socket connections.
Hardware Topography	Browser type, screen resolution payloads, embedded OS versions, and specific plugin hashes used to defeat fraud rings.
Behavioral Metrics	Click mapping, route abandonment metrics, error log triggers, and session longevity parameters.
Ledger Extractions	Publicly viewable blockchain footprints corresponding to the hashes triggered through our interface.

3. Utilization & Legal Anchors

We weaponize this data solely to fortify the platform, fulfill your explicit swap commands, and dodge regulatory tripwires. Each action requires a concrete legal foundation.

Operational Goal	Ingested Data	Legal Anchor
Routing & Swap Execution	Asset Addressing, Ledger Extractions	Contract Execution
Pass-through AML Compliance	Compliance Data, Network Signatures	Statutory Mandate
DDOS / Exploit Deflection	Hardware Topography, Network Signatures	Legitimate Defense
Architecture Optimization	Behavioral Metrics	Legitimate Interest
Support Reconciliations	Support & Troubleshooting Data	Contract Execution

4. Tracking Technologies

Our interface deploys cryptographic tokens (Cookies/Pixels) into your local cache to distinguish your session from hostile bot swarms and to remember dark-mode toggles. Disabling these via your browser is your absolute right, though it may shatter the GUI experience. For deep mechanics, parse Section 12.

5. Information Distribution

We aggressively embargo the traditional "sale" of data to ad brokers. Your footprint is only projected outward when structurally unavoidable:

Liquidity Nodes. The ultimate execution partners require your destination address and potentially your IP to calculate risk curves before accepting the swap.
Infrastructure Vendors. Cloud flare mitigations, redundant database hosts, and forensic analytics providers process our traffic strictly under walled-garden vendor contracts.
Sovereign State Actors. Wielding valid subpoenas, international police or financial regulators can extract specific telemetry blocks to chase illicit capital.

6. International Data Routing

OneSwap.ai's architecture spans multiple geopolitical zones. Your connection might bounce through a European proxy before touching a database in Singapore.

For European block citizens, we deploy Standard Contractual Clauses (SCCs) to bridge the strict GDPR privacy guarantees across international waters, ensuring your rights do not evaporate at the border.

7. Archival Timelines

Data decays natively. We retain operational telemetry strictly for debugging horizons (usually measured in weeks). High-level ledger associations are retained up to five (5) years solely to defend against prolonged financial audits or systemic compliance sweeps.

Once data outlives its legal or technical utility, our microservices physically shred the database nodes or hash the payload beyond recovery.

8. Cryptographic Defense

We construct a hostility-first network perimeter. Transport Layer Security (TLS v1.3) blankets all inbound client connections. Backend databases are encrypted at rest using AES-256 primitives rotating on zero-trust architectures.

Despite military-grade configurations, the internet remains fundamentally porous. Transmitting routing keys across public ISPs carries an inescapable baseline of peril.

9. Sovereign Subject Rights

You hold heavy artillery regarding your digital footprint, generally including the right to:

Extraction (Portability): Demand a raw JSON payload of the telemetry we possess linking to your IP.
Erasure (The Right to be Forgotten): Command the immediate vaporization of your support tickets or IP logs, presuming no outstanding criminal holds block the wipe.
Audit: Scrutinize the exact algorithms or Nodes we route your data through.
Opt-Out: Detach entirely from optional analytics or marketing funnels.

Deploy your demands to [email protected]. Proof of dominion over the targeted wallet or IP address will be rigorously demanded before we execute the command.

10. CCPA Provisions

For Californian domiciles leaning on the CCPA/CPRA, recognize unequivocally: We do not sell your data.

You maintain the precise rights to unearth what categories of data we touched over a 12-month rolling window, and to blast that data into the void without facing platform discrimination or reprisal fees.

11. Minor Protection

The intersection of cryptography and capital is unequivocally a zone for adults (18+). Synthesizing profiles of minors is anathema to us. If we uncover telemetry pointing to an underage operator, the connection is instantly severed and the digital footprint is purged without archive.

12. Extended Tracking Policy

Web tokens ("Cookies") physically map your journey across our topography.

The Matrix:

Structural (Strictly Necessary): These cannot be deactivated. They keep the API bridge connected while you approve a transaction. Without them, the site fragments immediately.
Diagnostic (Analytics): Invisible telemetry beaming back data on page-load speeds, rendering crashes, and UI dead-zones. Helps our engineers patch the hull.
Environmental (Preferences): Anchors your locale, language translations, or dark-mode settings to the specific browser instance.

Absolute dictatorial control over these trackers lies within the settings panel of your chosen browser (Brave, Chrome, Firefox). Decapitating all tracking implies assuming the risk of diminished UI stability.

Privacy & Telemetry Protocol