Privacy Policy
Last updated: January 2026. Robosats Exchange is built to know as little about you as technically possible. This document explains exactly what minimal data our routing engine needs to process a swap, and the much larger category of data we deliberately never touch.
1. The Principle Behind Our Architecture: Collect Nothing Unnecessary
Most data breaches in cryptocurrency history share one underlying cause: the platform stored information it had no operational need to retain. Robosats Exchange was architected from the ground up on a different foundation. If a piece of data is not strictly required to route your swap from a source wallet to a destination address, we do not collect it — not during your session, not after it ends, and not anywhere in our infrastructure. This applies whether you are swapping Bitcoin to Monero, converting USDT to XMR, exchanging ETH for BTC, or using any other supported asset pair.
This document describes what the swap engine actually requires to function, what we categorically refuse to collect under any circumstances, and how our technical infrastructure is built to protect your activity from the moment you create an order.
2. Data We Never Collect
Robosats Exchange does not request, process, store, or share any of the following, under any circumstances:
- Your legal name, aliases, or any personal identifier
- Email addresses, phone numbers, or physical mailing addresses
- Government-issued identification of any kind (passports, driver's licences, national ID cards)
- Biometric data, facial recognition results, or liveness check outputs
- Geographic location data, home addresses, or postal codes
- Browser fingerprints, device identifiers, or cross-site tracking profiles
- Third-party advertising cookies or behavioral tracking tools
- Persistent user account data, login histories, or transaction histories linked to any individual
3. Data the Swap Engine Requires
To route a Bitcoin to Monero exchange — or any other supported swap — from your source asset to your destination wallet, our automated engine holds the following data in a temporary PHP session state for the duration of the active order:
- One-time deposit address: A freshly generated wallet address created exclusively to receive your incoming funds for this specific order. For BTC to XMR swaps, this is a unique Bitcoin address that expires with your session.
- Destination address: The external wallet address you entered to receive the converted funds — your Monero (XMR) wallet address, for example.
- Asset pair and amount: The trading pair and volume for your specific order — for example, 0.05 BTC to XMR.
- Order timestamp: Used solely to enforce the 30-minute exchange rate lock.
- Session Order ID: A randomly generated reference code (for example, ORD-7X9P2L) that tracks the progress of your swap through our routing engine.
None of this data contains any personal identifier. Once your browser session ends, the connection between this session data and your device is permanently severed and cannot be reconstructed.
4. Server Infrastructure Logs
Our servers produce standard operational logs that include HTTP request paths, timestamps, and IP addresses. These exist only to defend against DDoS attacks and maintain platform availability. They are never aggregated into user profiles, never linked to individual order sessions, and are purged on a short retention schedule. We strongly recommend connecting through a VPN or Tor when swapping Bitcoin to Monero or performing any other exchange — doing so prevents your IP from appearing in these infrastructure logs entirely.
5. Third-Party Services
Robosats Exchange operates in an isolated environment. The only external services that interact with any part of the swap process are:
- Market price APIs (such as KuCoin): Used exclusively to fetch live exchange rates, including the current BTC/XMR rate. No user data, order IDs, or wallet addresses are transmitted to these endpoints.
- QR code renderer (api.qrserver.com): Generates the visual QR code of your deposit address. The API receives only the alphanumeric deposit address string — nothing else about your order or session.
- Google Fonts: CDN delivery for typography only. No session data is shared.
We do not use Google Analytics, Meta Pixel, Mixpanel, Hotjar, or any other behavioral analytics or advertising platform. No advertising network has any presence on this site.
6. Cookies
We use exactly one cookie: the PHP session identifier. This server-side cookie holds your active order state so the page works correctly if you refresh mid-swap. It contains no personal data of any kind and is automatically deleted when you close your browser. There are no tracking cookies, advertising cookies, or persistent cookies anywhere on Robosats Exchange.
7. Data Retention
Order session data is inherently short-lived. When a swap completes and the session ends, that data exits active storage. We do not build historical transaction ledgers, we do not maintain records linking multiple swaps to a single user, and we cannot produce a transaction history for any individual — because no such record exists in our system.
8. What We Can and Cannot Provide to Authorities
Robosats Exchange does not sell or share user data for commercial purposes. If we receive a legally binding order from an authorized body in a recognized jurisdiction, our compliance is naturally constrained by what we actually possess. We can provide order session metadata — timestamps, asset pairs, blockchain addresses — for active or recently active sessions. We cannot provide names, email addresses, IP histories, or user profiles because our system never stores them. Our architecture is not a policy choice that could be reversed by a court order; it is a technical reality.
9. Security
All traffic between your browser and our exchange is encrypted via HTTPS/TLS. Deposit addresses are never reused — each BTC to XMR order and every other swap receives a unique address generated at the time of creation. Private keys for routing wallets are managed in isolated server environments that are inaccessible from the public-facing application layer.
10. Age Requirement
Robosats Exchange is intended for adults making independent financial decisions. Use of the platform is restricted to individuals aged 18 or older. We do not knowingly collect or process data belonging to minors.
11. Policy Changes
We may update this policy as our platform evolves. Changes take effect when published to this page. Continued use of Robosats Exchange after an update constitutes acceptance of the revised terms.
12. Privacy Questions
For questions about our data architecture or privacy practices — including how we handle data related to Bitcoin to Monero swaps — contact us at support@robosats.exchange.