Financial and data protections
Understand how Swan protects your funds and your users' funds, how Swan protects and stores your data, and what to do if you find a vulnerability.
Visit Swan's Trust Center for live information about Swan's security. Understand security measures in depth, review policies, and find answers to frequent security questions.
Protecting funds
Regardless of what happens to Swan, your money is always secure.
This is a non-negotiable requirement of all e-money licenses that Swan takes seriously. Swan protects you and all of your accounts holders with a safeguarding account that offers two layers of protection.
Layer 1: Safeguarding account
All funds belonging to Swan account holders are safeguarded in an account at BNP Paribas, completely separate from Swan's accounts.
- E-money institutions are required to hold onto your funds, meaning Swan can't invest them.
- Therefore, all of your funds are in this safeguarding account.
- In the case that Swan goes bankrupt, your funds are secure at the safeguarding bank.
Layer 2: Crisis operator
In the case that Swan's safeguarding bank goes bankrupt, the Fonds de Garantie des Dépôts et de Résolution (FGDR) protects each account holder for up to €100 000 (one hundred thousand euros). In English, FGDR translates to Deposit Guarantee and Resolution Fund, and it's a French fund that extends to all accounts at French e-money institutions.
- The FGDR applies to individuals and companies (natural and legal persons) with a few exceptions (for example, banks as legal persons).
- If Swan's safeguarding bank goes bankrupt, Swan's ledger will be the single source of truth and all account holders, regardless of nationality, will be reimbursed by the FGDR.
Protecting and storing user data
Because Swan is a financial institution supervised by the Banque de France, Swan has a regulatory requirement to verify the identity of all users. Your users often verify their identity through a short video of their face, which is a great way for Swan to prevent fraud.
Swan processes and stores these videos with great care. Videos are encrypted in Swan's systems and stored in European data centers. User data is never transferred outside of Europe. Additionally, only Swan teams responsible for verifying identities and teams in charge of compliance with banking regulations can access these videos.
Swan is required by law to keep data for five years after an account is closed, in accordance with French banking regulations.
Vulnerability disclosure
Swan prioritizes offering secure services and protecting all Swan accounts. Researchers and the Swan community are encouraged to report all security-related issues. Swan thoroughly investigates all reports internally while coordinating with you to fix the issue and prepare a responsible disclosure.
Report a vulnerability
To make a security vulnerability report, email security@swan.io with the full details, including steps to reproduce the issue.
If you'd like to encrypt the email (not required), please use the provided GNU Privacy Guard (GPG) key, attributed to Swan's security team.
Encryption GNU Privacy Guard (GPG) key
- You think you discovered a potential security vulnerability in Swan's APIs or services.
- You are unsure how a vulnerability affects Swan's APIs or services.
- You think you discovered a vulnerability in another project that Swan depends on.
- You need help fine-tuning Swan components for security.
- Your issue isn't security related.