Privacy for your business and your clients

CypherpunkPay does not magically solve Bitcoin’s privacy limitations but attempts to not make things worse.

We recommend you to understand the limitations and practice Bitcoin privacy.

Self hosted

Self hosting is the only way to avoid inherent limitations of 3rd party payment processors. The 3rd party payment processors conveniently exclude many legal businesses; they also ask for your personal data at some threshold point. Finally, they are privy to all of your individual invoices and revenue. Hence, CypherpunkPay is installed on your own server.

Local xpub

Bitcoin xpub key never leaves your server. This is in contrast to the so called watch-only 3rd party payment processors that are privy to your invoices, revenue and (in Bitcoin’s case) spendings from the business wallet. The xpub key is used to derive unique payment address for each invoice.

Tor native

All outgoing connections are made through Tor. User interface is fully compatible with the Tor Browser.

Onion aware

CypherpunkPay can be hosted as onion service by standard means. For merchant integration, onion callback URL-s are supported.

JavaScript disabled friendly

The UI has first-class support for disabled JavaScript. This guarantees more privacy to your paying clients. It is also fully compatible with the “safest” mode of the Tor Browser. If JavaScript is enabled, CypherpunkPay will use it to enhance the UX.

No CDN or external assets

The user interface (HTML) does not fetch any external assets. There are few lightweight assets and all are served locally from within the CypherpunkPay build, sitting on your server.

Randomization

For each charge (invoice) CypherpunkPay picks two random block explorers to cross-check the payment arrival against. New Tor circuit (and so IP address) is used for each charge. User agent and headers are consistent with the Tor Browser. From the block explorer perspective it is not evident if this is CypherpunkPay or anyone else asking. It is even less clear which specific business the transaction belongs to (unless the amount itself is globally unique to your business, but then even running the full node would not help as Bitcoin blockchain itself is plain text).