Skip to main content

Financial and data protections

Understand how Swan protects your funds and your users' funds, how Swan protects and stores your data, and what to do if you find a vulnerability.

Protecting funds

Regardless of what happens to Swan, your money is always secure.

This is a non-negotiable requirement of all e-money licenses that Swan takes seriously. Swan protects you and all of your accounts holders with a safeguarding account that offers two layers of protection.

Layer 1: Safeguarding account

All funds belonging to Swan account holders are safeguarded in an account at a bank completely separate from Swan's accounts.

  • E-money institutions are required to hold onto your funds, meaning Swan can't invest them.
  • Therefore, all of your funds are in this safeguarding account.
  • In the case that Swan goes bankrupt, your funds are secure at the safeguarding bank.

Layer 2: Crisis operator

In the case that Swan's safeguarding bank goes bankrupt, the Fonds de Garantie des Dépôts et de Résolution (FGDR) protects each account holder for up to €100 000 (one hundred thousand euros). In English, FGDR translates to Deposit Guarantee and Resolution Fund, and it's a French fund that extends to all accounts at French e-money institutions.

  • The FGDR applies to individuals and companies (natural and legal persons) with a few exceptions (for example, banks as legal persons).
  • If Swan's safeguarding bank goes bankrupt, Swan's ledger will be the single source of truth and all account holders, regardless of nationality, will be reimbursed by the FGDR.

Protecting and storing user data

Because Swan is a financial institution supervised by the Banque de France, Swan has a regulatory requirement to verify the identity of all users. Your users often verify their identity through a short video of their face, which is a great way for Swan to prevent fraud.

Swan processes and stores these videos with great care. Videos are encrypted in Swan's systems and stored in European data centers. User data is never transferred outside of Europe. Additionally, only Swan teams responsible for verifying identities and teams in charge of compliance with banking regulations can access these videos.

Swan is required by law to keep data for five years after an account is closed, in accordance with French banking regulations.

Vulnerability disclosure

Swan prioritizes offering secure services and protecting all Swan accounts. Researchers and the Swan community are encouraged to report all security-related issues. Swan thoroughly investigates all reports internally while coordinating with you to fix the issue and prepare a responsible disclosure.

Report a vulnerability

To make a security vulnerability report, email security@swan.io with the full details, including steps to reproduce the issue.

If you'd like to encrypt the email (not required), please use the provided GNU Privacy Guard (GPG) key, attributed to Swan's security team.

Encryption GNU Privacy Guard (GPG) key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGMRwxMBEADX+27SleleHaxYfU0ey+qH3KS3rS/L52xOKGyMDXtGw38mNWyn 6P7JvIcx86ti4HkplYRAw36FZSAK9NGSM2tnjfVzv7oJKhWg5EI/9gPQpKPktDQS xaD7ImGBuF42u0b7eJK5AvAizQ8RwMaKezo84gDMZdRkV4vPiWTxUH23uwD0ey57 13JjrzLqrr3t1ZkXE52nt+h89LR6q/78IJwtCHb/ZhHCw/giI37Ix25+MlVDrIB8 0mltoyUm/bFtR01hX97116KR4T4WhGJMackDG3AULm4YjPxBUQiuMWn+4DR+CBde xKrq+v2Q85/dq3HRaZ+Z3a2d7Yenne9AyTp19gCEy6+4ld1j170Cj7V7auB/bJcw 8Mzkd6JS02XWcC0Aq961AM7EQ6DZom+Q8lyqdRIjTI/QjWZSULQNusd7vJvFdEz3 Bd6YIFeC7chodN9TIaCOfJJJJIoN2ntB69uX2cyYtIr/keNkIL/vOgbwTfm0CviP h76GFgN1YiwJ4JGe4DmATmjBDtRf6SUalXL3fQeP6eBCnEPh3paCx3RyWkThme4L rbYR8EqFV9ipVnUTdN4i1IgVn5rydVpqqJd9zmN5Jk+xvgbthy1gxPFNFt26ZAXE FrbI/Xx0g6fNhN+51Z93OP2ckPT6+MkoZjB7WMiA5NsgeiAop3GTMYZdiwARAQAB tCVTd2FuIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QHN3YW4uaW8+iQJOBBMBCAA4 FiEEhpdeLqFNMSQgGJ+O1VBNzkad0mwFAmMRwxMCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ1VBNzkad0mxl4Q//TWMc2wPuYnr/m896IQqhUUzp+9jBb1/v 0a19J/aCRPw72i10az5PDXFpagPUE2gQoeTxT3A/0Sg9zYc2TBT0iP+zrj9GD1/W K0zM1efolRIHlUyOjyFjLAn6RNXKg8lyhWCv88hNSoKQ88bW3+GG3bnO1R+mPgCe m1AIQQE0pBP/I0K3XpLDQvdY22vkWpcXNbULjcirHG6JRWfJmlYhGRLQnAFdzzG4 afzD5k97fxdChJz78hpoUbmD9EZMbcoOgCQJyodzYQevwNDQ89SBLh2wQT9Bzm3y EE/vsqMG0aYKh0r6L9XfqPxTahcpEKT42mvkCLlmWy+HlEvicME9BStGST7C/a7I wpUx4nuqdPB4GIgxgOkaBbkotgxCammDe3qjQjtIRs/h7AhG/rXhNni1kzeQSZ5u SPvnkaUJvnT8tEQw+dU31z2MWq7M8LRgMsi4nKhDPpKBLH/ITGpTbyDCa1cPKTKD ey468x+8uJl+s1w/9Xg4pyT1fcBPzcc131gWykO6cqT9szITu518zBY2Hw54ywzf fHWJjI6sZ+ggYnj4ELVcLswIpPU2yWI6pXU+Ume8tHJvAAqyrqPqcyORNPZrwBjw AOMHB1RpFwqmyY8XbMUzFB/m1WnH29mbDS7UhWvqGpUeKfuowBZs8tDAR5YjJh32 3+2luh0mmOO5Ag0EYxHDEwEQAO5Z0iGFmLsSC/dWWXSYjOOuQM+S12iF7ot9grEY Pjlr4GqI2jhh7u/QuSCyvp54yF3DkAGT8on/IYv7PksnPOw32apWqinADGJWYCAD NgPMxo019+qGWbf4qUUooWLots0VJjCNhF2OPGmSGv5c/O1gespAC1E1CX5wgPEn hSkU1kUACauXyJYrs4tL5VKOcx1Km4J3kyCJYyE9RfTC5s0KovI/qKGgcCqFO4Bv iqT4aTbkhPdbztMPRgUobd3UoHyMA+lvAHnyOix47U+LQ43BMuHRuF0g3z8gpx4j 6RdJoqueLg/tMuRJ250kUU8bWpXEmOUjH1dZkT6m03Ez6oIFvxCTiPEe9VveXZkH przs4L+AdnAaAsOD4joz0kqD7Wu16yw0TPubJpYV+TWzo854gLqFIdR6hoAnY78U d6thq4kPHkZqG0qIqcfpvBKBxli4Ecza7utwYCSDkW7C5c9hGV8TtE6Sj4sh/oZP YXIjb9iNcLhD1Npnli6fUs1Uf5P0aedU1TLSunI1tzGr4gD6HqJX4BXc1TKQKPrL sRtscfdAHPy+QFLhK59ALalvvDwAHqu/EhlOi8xypBAhOAe3seAL7QYE8wNaVh0F qBmI363JEum0Cv7ObGUlPta/bEIRjnI0TbwsX+Bpt3QB51/1j1f8MYKKToOr6m4D DrK1ABEBAAGJAjYEGAEIACAWIQSGl14uoU0xJCAYn47VUE3ORp3SbAUCYxHDEwIb DAAKCRDVUE3ORp3SbK6CD/9+SWRPjIiAgSELmUBOCrJf4dl6wuJhuJumFrlO2CMb u7bfNg/P3eO533cF5SACH00t7qtgYWh/ykix3r+8nbbXGBX5PAo2FG2yVb8xiodQ wL8A6Wxa4XAQ0pFlQ3gWxMEvDmDJoCd3JvLAtdOxh0ytgLYENDz284sxdJp6t5F9 PwIc/eGPxIdfUdG82G9VM2TlYu59Glm1IhJy47CTzcqSiSn/kTmco628p9qI2aBh 7uyePaVXcJa9mz6KQos8HUlK4CRD/O7zNsAztl6MjTgJaTUfPj0qMZ2zMFelpj+F PoNEAuI28x5l89R+7+i+8Q4Pre6XLptVpbaNSrda5pc17hBTpNl7jpn0gcZbkto3 OIk32GFbSJnP/EFqoicEDHnzhRoDPoay5okwW5bWDA5xNseHTrwdyEm5hmF5GfsD xTeKTuphDxquHTPNaG2Z1Hx69J6bWtVlg7FTxhA9EN0lgnJSqQqy1T2EsbgjpsUx 4AocHZFOWGl4lsGROn7XZfvq8L04Kt6pBL41KW83GwscJQBDvDxNquZSw0bfBN0k g1+djZnolh3dHGzMHkAn1l664UDije1+zrRLr0ucA+MavlEKBsB5ZskgnaWVeYaY QJL+JSPQ3KKh6YdpZO9ppOnx9eDgl4/Cok/9OYyG+n+444KZZ3Pw+zKlcPd9SrW7 Ag== =LEk2

-----END PGP PUBLIC KEY BLOCK-----

Please file a report if...
  1. You think you discovered a potential security vulnerability in Swan's APIs or services.
  2. You are unsure how a vulnerability affects Swan's APIs or services.
  3. You think you discovered a vulnerability in another project that Swan depends on.
Please don't file a report if...
  1. You need help fine-tuning Swan components for security.
  2. Your issue isn't security related.