Security at SecureSwap

Your money and data are protected at every step. Here's exactly how.

Escrow-Held Payments

Funds are held by SecureSwap, not by the other party. Payment is only released upon verified delivery — domain transfer confirmed via WHOIS, or freelance milestone approved by the client.

AES-256 Encryption

Bank account details and sensitive vault data are encrypted with AES-256 (Fernet). Passwords are hashed with bcrypt. All connections are HTTPS-only.

WHOIS Verification

For domain deals, SecureSwap verifies ownership via the WHOIS database before accepting any payment. This prevents sellers from listing domains they don't own.

Structured Dispute Resolution

Either party can raise a dispute with evidence. SecureSwap reviews the case, examines the audit trail, and mediates a fair resolution. No he-said-she-said.

Full Audit Trail

Every action in a deal is logged with timestamps — state changes, payments, messages, submissions, approvals, and disputes. Nothing is deleted.

Anti-Abuse Monitoring

Velocity limits prevent deal flooding. Disposable email addresses are blocked. KYC verification is required after 3 completed deals. Same-pair cooldowns prevent wash trading.

No Tracking Cookies

SecureSwap uses localStorage for authentication tokens only. No third-party tracking cookies, no analytics that follows you across the web.

When Do Refunds Happen?

Deal Cancelled

Either party cancels before completion. Full refund to buyer.

Domain Transfer Fails

Transfer not detected within 7 days. Automatic full refund.

Dispute Resolved

Dispute resolved in buyer's favor. Funds returned to buyer.

Built for deals where trust doesn't exist yet

SecureSwap handles the trust so you don't have to. Create your free account and start transacting safely.

Create Free Account