FAQ.

Yes. NullPay is a registered French SAS. Privacy by design is mandated by GDPR. NullPay sells voucher codes for specific services, which is exempt from full payment services licensing under French law.

Read more ↗

Yes, and NullPay will comply. Payment records show who paid. Redemption records show what was redeemed. The blind signature prevents linking one to the other at the cryptographic layer — by architecture, not by policy.

No. NullPay reports all revenue and pays all taxes. Tokens are fixed-denomination and can only be redeemed for specific privacy services — they can’t be converted to cash.

Privacy.com hides your card number from the merchant but retains the full picture itself (merchant, amount, date, your identity) for 5–6 years. NullPay uses blind signatures: the payment and the redemption are unlinkable, including by NullPay.

Read more ↗

Bitcoin has a transparent blockchain. Monero offers strong privacy but requires wallet setup, KYC-free acquisition (most exchanges delisted it), and careful operational security. NullPay works with a normal card.

Read more ↗

NullPay delivers a standard voucher code. You enter it in the service’s payment settings. The service credits your account. It doesn’t know the code came from NullPay.

EUR 5, 10, and 25. Fixed amounts reduce correlation by price.

Unredeemed tokens can be refunded. Once a token is redeemed and a voucher code delivered, the transaction is final.

The protocol is proven: blind signatures were invented in 1982, and NullPay uses RFC 9474, an IETF standard from 2023. Apple and Cloudflare deploy the same primitive. Our implementation of this protocol has not yet been independently audited. The code is open source so you can verify it yourself.

Read more ↗

DigiCash tried in 1994 — e-commerce wasn’t ready. Existing alternatives require cryptocurrency. RFC 9474 was published in 2023. The services that accept vouchers are now established.

Planned. Cryptographic audit, data separation audit, and regular transparency reports. Timelines are not yet set. All results will be published in full.

Read more ↗

An attacker would see who paid and what was redeemed, but not the link between them. The blind signature prevents that correlation. Compare this to a breach at a service that stores everything in one database.

Purchased tokens remain valid until redeemed. If the service shuts down, unredeemed tokens can’t be used — same risk as any prepaid service.

Strong data protection authority (CNIL), clear digital payment regulation (ACPR), EU jurisdiction with GDPR. The regulatory infrastructure fits this model.

RFC 9474 was published in 2023. Privacy services that accept vouchers are established. Cash is declining. The regulatory environment supports privacy-by-design.