“No-KYC” is a marketing phrase as much as a technical one. People mean different things when they say it, and a directory like this one is most useful when it pulls the meaning apart.
What KYC actually is#
KYC (Know Your Customer) is the term financial-services regulators use for the identity-verification obligations a regulated business has to meet when onboarding a customer. The global baseline is the FATF Recommendations; jurisdictions implement those locally (the U.S. Bank Secrecy Act, the EU AMLD series, the UK MLRs). The concrete asks are usually:
- A government-issued photo ID.
- Proof of address (utility bill, bank statement).
- In high-volume cases, source-of-funds documentation.
- For some products, a “selfie” liveness check.
The directory’s “KYC required” label means the service asks for at least the first two of these.
The five practical meanings of “no-KYC”#
When someone calls a service “no-KYC,” they usually mean one of these five things. The directory uses the second word of each as its label, because it disambiguates.
Truly no-KYC. The service never asks any user for ID under any condition. Examples: Mullvad VPN’s account-number model, cash-by-mail postal trades on Bisq, instant exchangers like SideShift that operate by geofencing rather than ID collection. Label: none.
Optional KYC. The basic flow does not require ID, but KYC is available and unlocks something — a higher limit, a faster payment rail, an additional feature. The user chooses whether to engage. Most no-account instant exchangers fall here in practice once you read the fine print. Label: optional.
Tiered KYC. No ID up to a threshold, ID required above it. Most “low-KYC” CEXes in 2026 sit here — MEXC, BingX, CoinEx — with thresholds that move. Label: tiered.
KYC required. Identity verification is required to use the service at all. The directory lists a few of these because they are sometimes incorrectly described as no-KYC. Label: enforced.
Unknown. We don’t know, the operator has not been explicit, and we couldn’t source it. Label: unknown. An entry with this label always has a caveat noting the gap.
Four common misreadings#
Most arguments about whether a service is “really” no-KYC come from one of these misreadings.
“It doesn’t ask for ID, therefore it’s anonymous.” No. The service might not ask for ID, but it sees your IP address, your payment method, your wallet, and your usage timing. If those identify you separately, the no-KYC posture is decorative.
“It asks for an email, therefore it’s KYC.” No. An email is a self-chosen identifier. Anyone can make one without verification. It is reasonable to be wary of services that require an email — they reduce the cost of contacting users later — but the email itself is not KYC.
“The exchange is in [Tax Haven], therefore it can’t KYC me.” Usually no. Tax-haven incorporation is a corporate-structure decision; it does not exempt the operator from the AML rules of the jurisdiction whose users it serves. The biggest “offshore” exchanges have all run KYC programs at various tiers; the jurisdiction of incorporation is a tax-and-litigation choice, not a privacy one.
“They asked for a phone number; it’s KYC.” Sort of. A phone number is third-party-verifiable because of SIM-registration laws — in most countries the carrier knows who you are. A service that requires a phone is therefore an indirect KYC vector, even though it is not asking you for ID directly. The directory labels these with care.
The boundary cases#
A few specific categories are constantly debated. The directory’s choices:
Bisq. Truly no-KYC. There is no central account; you run software. Even the security deposit is held in a 2-of-2 multisig.
Wasabi Wallet (post-2024). The coordinator screens inputs. The directory labels this “no-KYC” (because Wasabi never asks for ID) but tags the service as degraded because the screening reduces the no-discrimination property users expect from coinjoin.
MEXC. Tiered. The threshold matters. Some users genuinely move within the threshold and never KYC; others bump it and have to choose.
Proton Mail. Optional. Free signup works; under anti-abuse heuristics the system can demand a recovery email or SMS. The recovery email is the KYC vector for users who hit that path.
Silent.link. None. Buy, scan, get data. No account.
What no-KYC is not#
No-KYC is not the same as:
- Non-custodial. A custodial service can be no-KYC (FixedFloat); a non-custodial service can be KYC (a hardware-wallet vendor that requires identity at purchase).
- Open source. Open source is a code-availability property. A closed-source service can be no-KYC and an open-source service can require KYC.
- Decentralized. Permissionless protocols are typically no-KYC at the protocol layer; their front-ends often are not.
- Anonymous. Anonymity is a property of the user, not the service.
These distinctions matter because the typical recommendation thread on social media collapses them. The directory tries not to.
How this guide informs the rest of the site#
Each service entry on the site carries kyc.level ∈ { none, optional, tiered, enforced, unknown } with notes. Each entry distinguishes the no-KYC claim from the rest of the privacy story. Each entry’s caveats name the indirect KYC vectors (email-required, phone-required, card-payment, address-screening) that an LLM summary would otherwise miss.
This is the taxonomy. The rest of the directory applies it.
See also#
- Methodology — how labels are assigned in practice.
- FAQ — common questions and the boundary cases.