When you pay a merchant, you hand over a card number, your name, billing address, sometimes email and phone. The merchant stores it. Their processor stores it. Their analytics provider sees it. When they get breached, when a subscription keeps charging, when a CRM stitches your purchases together, you’re the one exposed.

Halocard sits between you and every merchant you pay. The merchant gets a card number, a name, and a billing address that you choose. Your bank, your real identity, and your other purchases stay out of their reach. They can’t correlate you across stores. They can’t stitch you into their CRM.

If a merchant gets breached, starts charging without permission, or just feels off, you can lock the card, cancel it, or replace it in seconds. The damage stays contained to that one card. Your other cards, your funding source, and your main account stay untouched.

Visa, Mastercard, and American Express run almost every card transaction in the world. If you want a card that works at merchants, you’re inside their system. PII has to be provided, verified, and retained by financial institutions. Anyone telling you otherwise is either lying or selling you something that won’t work when you try to use it.

When you pay with any card on the planet, Visa or Mastercard sees the transaction: amount, merchant, date, location. This is true for every cardholder, everywhere. If you participate in the card system, data has to be shared. That’s the price of acceptance at 175 million merchants.

We can’t change how the networks work. We can minimise our own position in the chain, mask what merchants see, compartmentalise your spending across cards, refuse to sell or correlate your data, and delete what we’re legally allowed to delete. That’s the best privacy posture available inside a regulated card program. We deliver it.

Transaction history is called via Visa’s API, not stored on our servers. KYC details are passed through to our vendor and removed from our server once verification completes. We retain only what’s needed to manage your account: name, phone number, email.

1. name
2. address
3. date of birth
4. expected spend
5. government ID or SSN
6. a selfie

We pushed back heavily on every single one. It turns out the US Customer Identification Program for Banks regulation is extremely clear. To issue a genuine credit card we have to comply with CIP and the full set of banking laws that govern it. The minimum required is exactly what we collect.

Sumsub verifies your documents and returns a PASS or FAIL token to us. The documents themselves move on to Third National, our card issuer, and Visa, for the regulatory retention periods required of any credit card program. Sumsub is the facilitator. The long-term holders of your identity data are the bank and the network, as required by financial regulation.

• With partners who help us run the service.
• With authorities when legally required.
• With your consent, like when you connect a third-party app.

Nothing else.

• Identity data: 5 years from account closure.
• Transactions: 5 years.
• Funding details: 6 years.
• Audit logs: 3 years.

These periods come from financial regulation, not internal preference. We delete what we’re allowed to delete, when we’re allowed to delete it.

We’re a licensed Money Services Business (FinCEN BSA ID 31000317046430). Our service runs on a small set of regulated partners: Third National (cards), Rain Products with SSB (banking, FDIC-insured), Coinflow (payments), Sumsub (identity), Twilio (SMS), Supabase (database). We may be compelled to provide data to the US government or Visa at any time for compliance reasons. We push back on overreach. We don’t volunteer your data.

The Visa network can still see your transactions. We can put a privacy layer between you and your merchants, but we operate inside a regulated payment system. If you need true anonymity, cash and Monero are your only real options. Neither works at most online merchants.

If a court order, subpoena, or lawful government request reaches us, we comply with what we’re legally required to. We push back on overreach. We don’t volunteer your data. We can’t refuse a valid legal request.

We minimise what each partner sees, but if Sumsub, Rain, Third National, or any of our infrastructure providers gets breached, the data they hold is exposed. We choose partners with strong security posture (SOC 2, FDIC, audited) but no system is impenetrable.

Halocard makes this cheap and fast. Create a dedicated card for each merchant. When one is breached or starts charging without permission, only that card is exposed. The rest stay clean.

SimpleLogin, AnonAddy, ProtonMail, or a forwarding service for email. A VoIP or burner number for SMS verification where you can. The less your real contact info is correlated with your spending, the better.

Apple Pay and Google Pay generate a unique token for each transaction, so the merchant never sees your real card number even when paying in person. Every Halocard works with both. Use them.