Skip to content

PII Data Handling in Travel Rule Transactions

CryptoSwift API implements strict controls to protect Personally Identifiable Information (PII) in accordance with regulatory requirements and best practices. This article explains how PII is handled in travel rule transactions, especially for INCOMING transactions, and how wallet confirmation status affects data exposure.

Overview

When processing travel rule transactions, CryptoSwift API distinguishes between OUTGOING and INCOMING transactions and applies different rules for exposing PII data (such as originator and beneficiary details).

  • OUTGOING transactions: PII data is always included for the originator, as the transaction is initiated by the tenant.
  • INCOMING transactions: PII data for the originator and beneficiary is only included if the destination wallet is confirmed.

This ensures that sensitive information is not exposed to tenants until the beneficiary wallet has been verified and confirmed.

If PII data is not included, the originator and beneficiary will only include the type (legal or natural person), all other fields are excluded.

Wallet Confirmation and Blockchain Info

A wallet is considered confirmed if it has been verified by the beneficiary VASP (Virtual Asset Service Provider). Confirmation occurs when:

  • The beneficiary VASP acknowledges ownership of the wallet.
  • The wallet is added and verified through the CryptoSwift platform/API.

When fetching transactions using:

  • GET /transactions
  • GET /transactions/:id

the field blockchainInfo->isDestinationConfirmed indicates whether the destination wallet has been confirmed.

Outgoing Transactions

For outgoing transactions:

  • The destination wallet points to the receiving VASP.
  • isDestinationConfirmed shows if the receiving VASP has confirmed ownership of the custodial wallet.
  • PII data for the originator is always included.

Incoming Transactions

For incoming transactions:

  • isDestinationConfirmed shows if YOU (the tenant) have confirmed the destination wallet.
  • If not yet confirmed, you can do so by confirming an existing wallet using the address, blockchain, and asset from your unconfirmed wallet list.

PII data for the originator and beneficiary is only exposed once the wallet is confirmed.

PII Data Exposure Logic

  • OUTGOING transactions:
    • PII for the originator is always included.
  • INCOMING transactions:
    • If the destination wallet is confirmed, PII is included.
    • If the destination wallet is not confirmed, PII is excluded. Only type and high-level information are visible.

This logic applies consistently across both list and detail endpoints.

Example API Responses

Incoming Transaction (Unconfirmed Wallet)

  {
    "id": "c5fc47fd-3399-48e4-97be-bd19ad196cfa",
    "status": "DELIVERED",
    "direction": "INCOMING",
    "createdAt": "2025-10-01T11:32:33.816Z",
    "asset": "USDC",
    "amount": 100,
    "blockchainInfo": {
        "transactionHash": "...",
        "origin": "0xabc...",
        "destination": "0xdef...",
        "destinationType": "CUSTODIAL",
        "blockchain": "Etereum",
        "isDestinationConfirmed": false
    },
    ...
    "originator": {
        "type": "NATURAL"
    },
    "beneficiary": {
        "type": "NATURAL"
    }
  }

FAQ

Q: Why is PII hidden for unconfirmed wallets?
A: This is to comply with privacy and security requirements, ensuring that sensitive data is only shared with verified parties.

Q: How can I confirm a wallet?
A: Wallets are confirmed via the CryptoSwift platform (Client Dashboard or API) with a simple "Confrim" button click or API call.

Next steps