ShapeShift offers users a variety of exciting and unique benefits such as lower fees, higher trading limits, rewards on trading volume, seamless access to decentralized exchanges, and more. While some services do not require us to collect and store customer data (or “Know Your Customer” practices), others—such as buying Bitcoin—still do in order to meet regulatory requirements.
At ShapeShift, we are committed to doing everything possible to keep customer data safe. We asked the question, “what can hackers do if they break into our systems?” to inform our design decisions.
For our services requiring KYC, the ShapeShift platform collects your information and immediately encrypts it with a 4096-bit RSA key using the widely used open-source GPG software. This encrypted data is stored in our database and—in most cases—is never used again. Once it’s collected, we don’t need to reference it for any business reason.
If you run into a problem and contact customer support (for example for help), they do not see your name or details by default, allowing them to focus on your problem rather than your identity.
Since ShapeShift’s servers never have the decryption key to any personal information (it’s held in cold storage), even if an attacker breaches the servers and copies the entire database, they will not be able to see or access your information. If one of our cold storage devices is lost or stolen, it is configured to wipe itself under certain circumstances.
ShapeShift understands the value of your data and privacy. We are committed to ensuring the safety and security of your information while providing the best non-custodial, decentralized finance solutions in the industry.