Skip to content
Get cardDashboard
The pledge

NOTHINGTO TELL.

privacy by architecture, not by promise.

Most privacy policies describe what a company does with your data. Ours is shorter: we engineered the company so there is almost no data to do anything with.

A dark archive room of black filing cabinets; the single open drawer is empty, glowing violet.

Our archive room · the drawer is the product

The manifesto

FOUR ARTICLES.NO ASTERISKS.

01

Privacy is a right, exercised quietly

You do not owe anyone a reason for wanting to pay without being profiled. Wanting privacy is not suspicious — it is the historical default, and we build for it.

02

Data not collected cannot leak

Every database is one breach away from being public. The only file that survives every attack is the one that was never created. That is our security model — absence.

03

We sell cards, not stories

No profiles, no behavioural scoring, no data resale, no pixel armies watching you read this. The product is the card. You are the customer, not the inventory.

04

Lawful, never curious

We comply with valid legal process and act on credible abuse — and we keep the file nearly empty either way. Cooperation does not require surveillance.

If anyone ever asks

THE WHOLE FILE.

This is the complete subject file Nocturne could ever produce about you — compelled, breached or bribed. It is short for a reason.

Subject file · NTC-2026 · two entries, one optional

Subject fileNTC-2026
Funding transactionon file
Email — if you gave oneon file
Legal namenot on file
Government IDnot on file
Residential addressnot on file
Biometrics · selfiesnot on file
Everything elsenever asked

End of file · nothing follows

Held vs. never held

WHAT LIVES, HOW LONG.

The whole file, annotated: what each entry is for and when it dies. Next to it, the list that never enters the building — not deleted, never created.

On file · whyLives for

Credential hash

Lets you back in — email + password or account token, stored one-way hashed

until you delete the account

Balance & card state

A prepaid card needs a ledger to authorise against

while the card lives

Card transactions

Authorisation, 3-D Secure and disputes — processed at the issuer

as card-network rules require

Deposit txids

Credits your load, answers "did it arrive?" — nothing else

90 days, then aggregates only

Never created

  • Legal name
  • Residential address
  • Phone number
  • Government ID
  • Selfie · biometrics
  • Device fingerprint
  • Browsing profile
  • Ad identifiers

If it isn't in the left column, it can't leak — we never held it.

The data's short life

01

Shown once

Card details render a single time, client-side, then are never displayed again.

02

Encrypted at rest

What must exist — the card vault — lives encrypted, isolated per channel.

03

Frozen or replaced

Freeze a card and it stops cold; mint a fresh one the moment you want a clean number — nothing to skim, nothing left behind.

All we ever hold: a funding transaction · an email — if you want receipts · nothing else

Prefer it in legal prose? The formal policy says the same thing, slower.

Privacy policy

BE NOBODY'S ENTRY.

The strongest privacy feature is a file that never existed. Open an account — bring nothing, not even a name.

Create account