Security & privacy.
What the service actually does — what is stored, for how long, what is never collected — and the scenarios on-chain mixing alone doesn't address.
What we don't collect
No accounts. No identity. No tracking.
There's no signup, no profile, no questionnaire. The only required input is a Bitcoin receiving address.
No KYC documents
No ID, passport, or proof of address ever requested.
No email or phone
No account system at all. Nothing to fill in.
No IP logging
Connections aren't logged at the application layer.
No third-party trackers
No Google Analytics, no Facebook Pixel, no ad tags.
Log retention
24 hours, then deleted.
Operational records associated with a transaction are kept for no longer than 24 hours after completion. The window exists for one practical reason: if a user contacts support, the operator needs the relevant identifiers to respond.
Past that window, the data is no longer useful and is removed.
Network privacy
Reachable over Tor.
CoinJoin obscures the link between addresses on the Bitcoin chain, but it doesn't hide where your connection to the service originates. For network-level privacy, use the dedicated .onion hidden service.
Verify the current Tor address on the official site directly — phishing clones of mixer onion services are common.
Two layers of privacy
On-chain: CoinJoin breaks the deterministic link between input and output.
Network: Tor hides your IP from the mixer's domain and any intermediaries.
Using both addresses two different categories of the threat model.
Honest threat model
What we protect against, and what we don't.
Privacy claims in this category tend to be overstated. Here's the picture without softening.
✓ What the service addresses
- Passive chain observers. A reader of the public Bitcoin blockchain can't reliably link your receiving address to your sending address through the CoinJoin transaction itself.
- Standard chain analysis heuristics. Common-input ownership, change address identification, and simple value matching are degraded by the joint transaction structure.
- Long-term records. The deposit-to-output mapping isn't retained past 24 hours. A subpoena served after that targets data that no longer exists.
⚠ What we don't address
- Coercive access to live state. During the active window, the operator holds the deposit↔receiving mapping. Wallet-based CoinJoin doesn't have this exposure.
- Network-level identification. Without Tor, your IP is visible to your ISP and intermediaries connecting to the mixer.
- Sender or recipient mistakes. Pre-mix history follows the coins; post-mix consolidation with non-mixed coins reintroduces links.
Operational hygiene
Mixing is most effective as one layer.
Practices that materially improve the privacy outcome.
Connect via Tor
Use the .onion address whenever possible. Removes a whole category of network-layer identification.
Fresh receiving wallet
Use addresses in a wallet separate from the one you deposited from. A freshly generated wallet is cleanest.
Don't consolidate
Avoid mixing mixed outputs with non-mixed coins in subsequent transactions. Treat them as separate UTXOs.
Split large amounts
For larger sums, prefer several smaller mixes spread over time to one large mix. Stronger privacy at modest extra cost.
Consider delays
Delayed mixing at busier times captures larger anonymity sets. Trade-off is a few hours of waiting.
Output splitting
Split deliveries across multiple receiving addresses with custom percentages. Reduces value-based correlation.
Legal note
Mixing legality varies by jurisdiction.
Several enforcement actions in 2022–2024 (Tornado Cash, Samourai Wallet) have changed the legal landscape significantly. Anyone considering a mixer should understand the rules where they live and to the funds in question. This site does not provide legal advice.
Privacy without overstatement.
No KYC, no IP logs, 24h retention. Use Whir with Tor for the strongest setup.