nullpay.

The problem

Every subscription leaves a trail.

When you subscribe directly, every party in the chain — your bank, the payment processor, and the service itself — sees a piece. Together, they form a complete picture of who you are and what you chose.

Direct subscription

You (identity)
Payment (card)
Service provider

One traceable line. Your bank names the service. The service knows your card. Every intermediary sees both sides.

Through nullpay.

You (identity)
NullPay SAS
Service (voucher)

Your bank sees nullpay., not the service. The service sees a voucher, not you. nullpay. itself cannot connect the two.

The protocol

Signing without seeing.

In 1982, David Chaum introduced blind signatures — a way to sign a message without ever seeing its content. Think of it as stamping a sealed envelope: the mark transfers through, but the signer never reads what's inside. nullpay. implements this with RFC 9474.

You

You see the content

Server

Signs without seeing

NullVPN€10.00 — 1 month
?
1. You see it2. Signed blind3. Stamp transferred
01

Generate and blind

You generate a token. Your browser blinds it — like sealing a message in an envelope. The content is hidden, but a signature can transfer through.

02

Sign without seeing

nullpay. signs the sealed envelope without opening it. The signature is applied to the blinded token — valid, but unrecognizable.

03

Unblind and redeem

You unseal the envelope. The signature transfers to the original token. Valid, but nullpay. can never recognize which token it signed.

RFC 9474 — an Internet standard used by Apple and Cloudflare.

The guarantee

No party holds the full picture.

Payment records and redemption records are kept apart. No shared key, no join path. The blind signature prevents any party from linking payment to redemption at the cryptographic layer.

Your bank

Sees: "NullPay SAS — €10"

Blind to: Which service

The service

Sees: A valid voucher code

Blind to: Who paid

nullpay.

Sees: A payment and a voucher

Blind to: The link between them

The blind signature prevents any party from linking payment to redemption at the cryptographic layer. Batch processing, infrastructure separation, and user precautions address remaining side channels.

That's the protocol.

The link between your identity and your service is severed by architecture. Ready to try it?

Browse servicesUnderstand blind signatures