Skip to content
Swan logo
Log InGet Started

Swan Security

Where is your Bitcoin stored?

We always encourage clients to take custody of their own Bitcoin as soon as possible. We provide free and automated withdrawals and are always here to answer any questions or concerns about making withdrawals.

When you open a Swan account, you will be presented with a terms of service agreement with a licensed and regulated financial institution ("custodian") appropriate for your account type and geographic location. Signing the agreement will establish a direct relationship between you and the custodian.

Swan facilitates your interactions with your custodian, but should Swan become unavailable for any reason, or terminate its relationship with you for any reason, you will be able to contact your custodian directly with regard to your assets. Please carefully read Swan's Terms of Use and the custodial agreements that you sign when using our services for more information.

When you purchase Bitcoin through Swan, your Bitcoin is held with your custodian until you withdraw it. Swan independently audits activity and ledger balances against ledger balances at your custodian, but does not have control of your funds. Each custodian may vary in its policies on Bitcoin storage, but in all cases, Bitcoin is held primarily in cold storage and with a regulated qualified custodian (trust company, or similar).

When you use Swan Vault, you control two of three keys, and you alone have unilateral control to move your funds. Swan controls one key, and does not have unilateral control to move your funds. The Swan key is used to assist you to execute transactions on an optional basis, for additional security controls.

Swan cannot move your Bitcoin or USD without your authorization.

You must authorize your custodian via Swan to move your Bitcoin from your custodial account by passing instructions to Swan via its app and website interfaces or other communication channels. Swan cannot, by itself, authorize a custodian partner company to move your Bitcoin. Bitcoin and other assets held at your custodian are held in an account in your name, not Swan’s name. Your assets are never commingled with Swan’s assets, nor the assets of the custodian. Swan does not receive or transmit dollars or Bitcoin, nor does it at any time hold client funds.

If you use Swan Vault, you must initiate a funds move from your own vault using your hardware key, and provide a second authorization by logging into our app and providing multiple security inputs including email login and additional OTP codes as appropriate. Alternatively, you can provide a second authorization by using your own second hardware key. Because of the design of the 2-of-3 authorization, Swan can never initiate a funds move on its own with the single backup key it holds.

How does fiat money move from your bank account and turn into Bitcoin?

When you supply your bank account information to Swan it is securely passed to and stored with your custodian and authorize the custodian to initiate withdrawals from your bank account. Based upon your instructions submitted through Swan, bank withdrawals via ACH are initiated directly by your custodian. At no time does your money pass through Swan or Swan titled accounts, or is otherwise controlled by Swan. When you wire funds, you do so directly from your bank to your custodian's bank, using instructions to credit to an account in your name. At no time do your wired funds land in accounts owned or controlled by Swan. Swan provides user interfaces, security systems, and other add-on features for managing your account at your custodian. 

Trades that convert dollars to Bitcoin are executed at the current market price at the custodian or its liquidity partners. After a wait period to allow the ACH transaction to clear, your Bitcoin becomes available for withdrawal.

If you do not withdraw your Bitcoin, the Bitcoin will be moved to cold storage on a recurring basis based on the custodian's policies. Bitcoin withdrawals may take additional time to withdraw in the future due to the high security measures required by the cold storage withdrawal process and Swan's internal security reviews.

What personal data does Swan store?

Swan stores the minimal personal data required to be compliant with regulations. Currently, this is limited to your name, email, address, phone number, date of birth, and Tax ID number. This information is stored in encrypted fields inside of a separately encrypted database. Please review our Privacy Policy for more information.

When our site collects social security numbers and identity documentation as required by law to open a custodial account, this information is relayed over an encrypted connection directly to your custodian and stored in encrypted fields inside of a separately encrypted database.

How is your data secured?

  • All Swan data is stored encrypted with military-grade AES-256 encryption.

  • All traffic is encrypted using industry-standard TLSv1.2 and TLSv1.3 encryption.

  • Swan does not store nor have access to the private keys for Bitcoin stored with your custodian.

  • Swan follows the Center For Internet Security Benchmarks for security standards.

What happens if Swan goes out of business?

The entirety of your fiat and Bitcoin holdings are legally held in an account in your name at your custodian. In the unlikely event of Swan winding up operations, you still have legal control of funds stored within your custodian and can request disbursement by contacting your custodian. Please contact your custodian for more information.

As always, we encourage you to withdraw your Bitcoin often to a secure wallet whose keys you control.

Reporting security issues

If you have found a security vulnerability within a Swan Bitcoin service, please practice responsible disclosure by reporting it to security@swanbitcoin.com or directly via our private HackerOne Bug Bounty Program submission form.

We will assess disclosures for validity and bounty payouts using our HackerOne policy. To review our policy and before doing any further testing on Swan Bitcoin products or services, we ask that you request an invite to our private HackerOne program by emailing security@swanbitcoin.com with your HackerOne username. This will ensure you are focused on the right assets and are not breaching our terms of service.

Own your future. Get started with Swan today.

Swan logo

Services

  • Swan IRA
  • Swan Private
  • Swan Vault
  • Swan Business
  • Swan Advisor
  • Swan API

Education

Swan

Pacific Bitcoin

Help

Swan Bitcoin does not provide any investment, financial, tax, legal or other professional advice. We recommend that you consult with financial and tax advisors to understand the risks and consequences of buying, selling and holding Bitcoin.

© Swan Bitcoin 2024