noKYCme

Case file · Exchange

Peach Bitcoin

Install the app and trade Bitcoin peer-to-peer - no email, no account, no ID. Peach polices abuse with hard trading limits instead of KYC.

No-KYC · Level 1
Based
Peach Sàrl (Neuchâtel, Switzerland; regulated under Swiss AMLA)
Price
Buyer fee 2%, seller 0%, plus on-chain network fees
Reviewed
2026-07-15
Audited by
The noKYCme Bureau

The systematized overview

The bureau vs the internet.

What the bureau found

7.2/10 · No-KYC (limit-gated)

A low-friction P2P marketplace that asks for no email, no account and no government ID for normal trades - it caps trade sizes (about CHF 1,000/day) instead of asking who you are. It lands at level 1, not 0, because Peach keeps a per-person device+payment hash server-side (retained for years, banned users indefinitely) to enforce those limits. Add a regulated Swiss operator with long data retention, source-available (not fully open) code, and an escrow that gives Peach a unilateral key after a ~30-day timelock, and you get a solid but not maximal no-KYC option.

What the internet says

3 recurring praises · 3 recurring gripes

Most praised: fast, smooth mobile experience. Most cited downside: scam-counterparty attempts happen (mitigated by escrow + disputes).

We track our editorial score and community sentiment separately — neither moves the other. Read together, they're the systematized overview.


The facts

Custody & jurisdiction.

Jurisdiction
Peach Sàrl, Neuchâtel, Switzerland (regulated under Swiss AMLA)
Custody
Non-custodial - 2-of-2 multisig (seller + Peach), ~30-day timelock
Escrow
2-of-2 multisig; timelock grants Peach unilateral signing for disputes
Traded
Bitcoin only (on-chain, plus Liquid and some Lightning)
Fiat rails
No - fiat moves directly between buyer and seller
Payment methods
SEPA, bank transfer, Revolut, Wise, Advcash, PayPal, gift cards, cash
Payment privacy
No native Monero; no Tor; no ID at signup; payment data kept on-device (hashes only)
Disputes
In-app encrypted chat, then Peach staff mediation; timelock backstop
KYC trigger
No gov-ID for normal trades (trade limits instead); optional gov-ID only to lift high-volume seller limits
Open source
Source-available only (Commons Clause), not OSI open source
Audited
No published independent security audit found
Operating since
2022 (Ten31-backed)

The full read

Our analysis, in plain words.

Peach takes a different route to no-KYC than the pure decentralized exchanges: it is a slick mobile app run by a real, regulated Swiss company, and it refuses to ask for your identity - not an email, not an account, not an ID. Where a compliant exchange would gate you behind verification, Peach simply caps trade sizes (around CHF 1,000 a day), enforced by a hash of your phone and payment details rather than any document you hand over. An independent no-KYC directory rates it level 0.

The trade-offs are the flip side of that regulated-but-private posture. Because Peach Sàrl operates under Swiss AMLA, it must retain trade and dispute data for ten years and reportedly cannot delete it on request - so "no ID" does not mean "no records." Its escrow is a 2-of-2 multisig between you and Peach with a ~30-day timelock that hands Peach unilateral signing afterwards; that is how disputes get resolved, but it is less trustless than a 2-of-3 where the platform holds only one of three keys. And the app is source-available under a Commons Clause licence, not fully open source, with no independent audit we could find.

On balance it is a strong, low-friction no-KYC on-ramp for Europe, with a genuinely no-ID model and a good record on disputes and custody - no hacks, seizures or frozen-funds reports surfaced. A privacy purist will prefer the trustless, account-free decentralized options; a user who wants a polished app and an accountable operator, and who is comfortable with a regulated firm holding encrypted records, is well served here. One honest gap: we could not fetch the live Terms during review, so the level-0 rating should be treated as provisional until someone reads them directly.


The score, broken down

How the 7.2 is built.

Privacy 3.5Trust 2.2Reliability 1.5 Headroom 2.8

Privacy

weight 50%

What identity, data and metadata the service can demand or collect.

71/100

71 × 50% = 3.5 of 10

Trust

weight 30%

Whether it can technically deliver what it claims — code, audits, age.

72/100

72 × 30% = 2.2 of 10

Reliability

weight 20%

Whether the no-KYC claim holds under real-world pressure.

75/100

75 × 20% = 1.5 of 10

Weighted total 7.2 / 10 · no reliability rule triggered, so the score stands. See the rubric →


Every point, sourced

What earned the score.

Privacy

  • +7No email, no account, and no gov-ID for normal trades
  • +4Payment data stays on-device; IP kept only ~1 hour
  • +-5Server-side per-person device+payment hash, retained years (banned users kept indefinitely)
  • +-3No Tor support; central server + regulated entity subject to lawful data requests

Trust

  • +5Named, regulated Swiss operator (Peach Sàrl, reg. CHE-158.025.408) - accountable
  • +4Non-custodial escrow; Peach never holds user money
  • +-2App is source-available (Commons Clause), not fully open source
  • +-2No published independent security audit found

The fine print, read for you

The clause they bury.

Verbatim — the catch
“No KYC where permitted by local law. Users are responsible for complying with all applicable regulations in their jurisdiction, including any KYC/AML requirements.”

What it meansPeach itself does not verify identity - it enforces per-person trade limits (around CHF 1,000/day) instead, using a hash of your phone and payment details rather than an ID. The honest caveat is jurisdictional: the responsibility to comply with local KYC/AML law is pushed to you, and as a regulated Swiss firm Peach must retain trade data for ten years even though it never collects your ID.

Read the source →
Verbatim — the catch
“Escrow is a 2-of-2 multisig between the seller and Peach, with a timelock (~30 days) that grants Peach unilateral signing rights after expiry.”

What it meansPeach cannot steal funds mid-trade (it needs the seller’s signature too), and this timelock is how it resolves disputes by releasing to the buyer on proof of payment. But it does mean Peach is a mandatory co-signer and an eventual unilateral signer - less trustless than a pure 2-of-3 where the platform holds only one of three keys.

Read the source →
KYC trigger threshold

No government ID is required for normal trading. Peach enforces per-person trade limits (about CHF 1,000/day, CHF 100,000/year) using a server-side hash of your device and payment details rather than an ID - and that persistent, years-retained identifier is why we place it at level 1 rather than 0. High-volume sellers can optionally complete gov-ID KYC (under the PolyReg SRO) to lift limits; we reviewed the live Terms and Privacy Policy directly and found no discretionary "we may demand ID" clause.

Policy review — point by point

  • No ID at signup

    No email, account or identity is required to install and trade; Peach uses trade limits instead of KYC.

  • Compliance pushed to the user

    The FAQ frames it as "no KYC where permitted by local law," making the user responsible for local KYC/AML - a jurisdictional caveat, not a Peach ID demand.

  • Ten-year data retention

    As a regulated Swiss firm Peach retains encrypted trade and dispute data for 10 years and reportedly cannot delete it on request.

  • Live Terms unverified

    The Terms page was Cloudflare-blocked during review, so a discretionary-ID clause could not be ruled out verbatim. Flagged for a manual read.

Jurisdiction analysis

Peach is unusual in this category: a named, regulated operator (Peach Sàrl, Neuchâtel) rather than a pseudonymous project or DAO. That cuts both ways - there is a real company you can hold accountable and a clear legal home, but Swiss AMLA obligations mean mandatory multi-year data retention and a compliance posture (US excluded, not marketed in the EU/EEA) that the trustless, entity-free exchanges avoid.


We keep watching

Incident & policy timeline.

  1. 2022

    Founded, backed by Bitcoin-focused VC

    Peach launched as a mobile P2P marketplace with investment from Ten31 and angels. It positioned itself from the start as a no-KYC, non-custodial alternative to ID-gated exchanges.

    source ↗
  2. Sep 2025

    Two-way marketplace launched

    An app update let buyers post offers too (not just take seller offers), making it a full two-way P2P marketplace - while keeping it no-KYC and non-custodial, with Peach never seeing payment data or keys.

    source ↗
  3. Ongoing

    No hack, seizure or exit scam on record

    We found no reports of a hack, fund loss, seizure, court action or exit scam. Review volume is still low, and the platform is not available in the US or actively marketed in the EU/EEA.

    source ↗

The verdict

Where it stands.

Strengths

  • No email, no account, and no gov-ID for normal trades - a very low-friction on-ramp
  • Non-custodial: Peach never holds your money, only co-signs escrow
  • A named, regulated Swiss operator you can actually hold accountable
  • Well-reviewed dispute mediation; escrow protects against scam counterparties

Trade-offs

  • Keeps a server-side per-person device+payment hash for years (banned users indefinitely) - a persistent identifier
  • Regulated Swiss status forces long retention of trade/dispute data; no Tor support
  • Escrow is 2-of-2 with a timelock that gives Peach unilateral signing later
  • App is source-available (Commons Clause), not fully open source; no public audit
  • Europe-focused; no US access, thin liquidity and a no-KYC price premium in places
Visit Peach Bitcoin No affiliate relationship. We link to the official site directly.

Across the internet

What reviewers report.

Consistently praised

  • Fast, smooth mobile experience
  • Genuinely no-KYC with an accountable operator
  • Effective dispute mediation; escrow defeats scam counterparties

Recurring complaints

  • Scam-counterparty attempts happen (mitigated by escrow + disputes)
  • A ~5-10% price premium over centralized-exchange spot for no-KYC coin
  • Thin liquidity in some regions; Europe-only, no US

Sentiment is positive but on low volume (small Trustpilot and directory samples, ~4.8/5 on kycnot.me). No credible surprise-KYC, frozen-funds or lost-funds complaints surfaced - a good signal, tempered by how few reviews exist. Synthesized from kycnot.me, Trustpilot and Stacker News.


Ask the bureau

Peach Bitcoin, common questions.

Does Peach Bitcoin require ID or KYC?

Not for normal trading - there is no email, no account and no gov-ID; you install the app and it generates your keys, and Peach caps how much you can trade (about CHF 1,000 a day) instead. We rate it KYC level 1 rather than 0 because Peach keeps a per-person hash of your device and payment details server-side to enforce those limits. High-volume sellers can optionally verify ID to lift limits, but it is never forced for ordinary use.

Is Peach non-custodial?

Yes, with a nuance. Bitcoin is escrowed in a 2-of-2 multisig between you (the seller) and Peach, so Peach cannot move funds alone during a trade. A roughly 30-day timelock does give Peach unilateral signing afterwards, which is how it resolves disputes - so it is non-custodial but a required co-signer.

Does Peach keep any of my data?

Your payment details stay on your device and Peach only sees hashes of your phone ID and payment info. But because Peach Sàrl is a regulated Swiss financial firm, it must retain encrypted trade and dispute data for ten years and reportedly cannot delete it on request - a real privacy trade-off despite the no-ID model.

Where can I use Peach?

It is Europe-focused (EUR, CHF, GBP, SEK) and is not available in the US, China or sanctioned regions, and not actively marketed in the EU/EEA. Fiat moves directly between you and your counterparty via methods like SEPA, Revolut, Wise or cash.

Your exact case not covered? The live Ask the bureau answers it and turns it into a public FAQ.