Compliance & financial privacy
TT Swap is being built on a simple position: financial privacy is a right, and compliance is how you keep it. Privacy and lawfulness are not opposites — the tools that let ordinary people transact without broadcasting their whole balance to the world are the same tools that must refuse the small number of actors who abuse them. This page sets out how the protocol is designed to do both.
Financial privacy is the default, not the exception
Cash lets you buy a coffee without the merchant, your bank and a data broker all recording it. On a public blockchain, the default is the opposite: every balance and every transaction is exposed forever to anyone who cares to look. Privacy-preserving assets restore the ordinary confidentiality people already expect from money. Wanting that confidentiality is normal, and treating it as suspicious by default gets the ethics backwards.
So TT Swap will route across both transparent chains and privacy-preserving assets. That is a stance in favour of everyday financial privacy — not a product for defeating lawful oversight. The distinction is the whole point of this document, and it is enforced, not just asserted.
Non-custodial by design
The protocol never takes ownership, custody or unilateral control of your assets, and never holds your keys. A swap moves value between your wallet and liquidity venues through a routing layer; at no point does the protocol hold a balance it could freeze, seize or misdirect. You self-custody from the first click to the last. This is an architectural fact, not a promise — there is no custodial account to compromise because none is ever created.
Not a mixer, and the difference matters
A mixer exists to sever the link between a sender and a receiver by pooling many users’ funds together and paying them back out from the commingled pool. TT Swap does none of that. A swap is a discrete exchange of one asset for another between counterparties in a market — the economic equivalent of a currency exchange, not a laundering step. Balances are not pooled to obscure their origin, and breaking transaction linkage is not the service being sold. The privacy that comes from using a privacy-preserving asset is a property of that asset, chosen by the user — it is not a mixing function the protocol performs on their behalf.
What is enforced at the protocol level
Sanctions screening
Wallet addresses are screened against sanctions lists — including the OFAC Specially Designated Nationals list — using blockchain analytics that also flag indirect exposure to sanctioned actors. Flagged addresses are refused service.
Geographic restrictions
Access from comprehensively sanctioned jurisdictions, and from any region where the service may not lawfully operate, is geo-blocked. The perimeter is maintained as designations change.
Illicit-flow monitoring
Routing is monitored for exposure to known theft, ransomware, fraud and sanctioned-entity flows. Interactions with addresses tied to that activity are declined.
Privacy-asset parity
Screening, monitoring and geo-restrictions apply to privacy-asset routes exactly as they do to transparent ones. A privacy coin does not buy a lighter compliance posture.
Restricted jurisdictions
Because the legal treatment of cross-chain and privacy-preserving swaps differs sharply by country, TT Swap will not be available to residents or citizens of, or persons accessing it from, the jurisdictions below. This is a legal-risk decision, not a judgment of the people in them — and the list will change as the law does.
- Comprehensively sanctioned jurisdictions — Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk and Luhansk regions, plus any territory added to comprehensive OFAC, UN or EU embargoes.
- United States — US persons and anyone accessing from the US, given the unsettled regulatory posture toward non-custodial and cross-chain swap services.
- Singapore — residents and citizens, given the current licensing stance toward digital-asset services.
- Any jurisdiction where using the service would breach local law, or where the desk cannot lawfully offer it.
Access from these regions is geo-blocked, and it remains the user’s responsibility not to circumvent that restriction. Attempting to bypass geo-blocking does not shift the legal risk back onto the protocol — it simply breaks these terms.
Where the law is, honestly
The legal treatment of decentralized, non-custodial software is unsettled and moving. In late 2024 a US federal appeals court held that immutable smart contracts are not “property” that sanctions authority can reach, and in March 2025 the relevant sanctions on a well-known non-custodial protocol were formally lifted. At the same time, obligations on any operator that touches user flows — screening, monitoring, geographic controls — have only expanded across jurisdictions. TT Swap is built for that reality: maximal self-custody and privacy for the user, maximal screening and refusal at the points the protocol does control.
What the protocol asks of you
Use it lawfully in your own jurisdiction. Financial privacy is a right; using privacy to further sanctioned, fraudulent or criminal activity is not exercising that right, and the controls above exist to refuse it. Compliance obligations that apply to you where you live remain yours to meet — the protocol’s job is to run a clean venue, not to relieve anyone of their own legal duties.
This policy describes design intent and operating principles for a product in active development. It will be versioned as the product ships and as the regulatory picture evolves. Questions, or a lawful-process request, reach the desk via Telegram.