Skip to content

PII Data Handling in Travel Rule Transactions

How CryptoSwift API handles Personally Identifiable Information (PII) in Travel Rule transactions.

CryptoSwift API implements strict controls to protect Personally Identifiable Information (PII) in accordance with regulatory requirements and best practices. This article explains how PII is handled in travel rule transactions, especially for INCOMING transactions, and how wallet confirmation status affects data exposure.

Overview

When processing travel rule transactions, CryptoSwift API distinguishes between OUTGOING and INCOMING transactions and applies different rules for exposing PII data (such as originator and beneficiary details).

  • OUTGOING transactions: all PII data (originator and beneficiary data) is always included and visible for the originating VASP, as the transaction is initiated by them.
  • INCOMING transactions: PII data (originator and beneficiary data) is only included if the destination wallet is confirmed by the beneficiary VASP.

This means that when you create a Travel Rule message, you will always see all the data associtated with it. The VASP who receives the message however only sees the PII data included if they have added the destination wallet to their custodial wallet list ("My Wallets"), or once they confirm ownerhip of the destination wallet (which adds the wallet to their "My Wallets" list).

This ensures that sensitive information is not exposed to receiving VASPs until the destination wallet ownership has been confirmed by them.

If PII data is not included, the originator and beneficiary will only include the type (legal or natural person), all other fields are excluded.

Wallet Confirmation

A wallet is considered confirmed if it has been confirmed by the beneficiary VASP (Virtual Asset Service Provider). Confirmation occurs when:

  • The beneficiary VASP acknowledges ownership of the wallet.
  • The wallet is added through the CryptoSwift platform/API.

PII Data Exposure Logic

  • OUTGOING transactions:
    • PII for the originator is always included.
  • INCOMING transactions:
    • If the destination wallet is confirmed, PII is included.
    • If the destination wallet is not confirmed, PII is excluded. Only type and high-level information are visible.

This logic applies consistently across both list and detail endpoints.

FAQ

Q: Why is PII hidden for unconfirmed wallets?
A: This is to comply with privacy and security requirements, ensuring that sensitive data is only shared with verified parties.

For API payload examples and wallet confirmation steps, see Confirming wallets to access PII.

Next steps