Crypto-only, by construction
There is no card processor in the loop — not disabled, not hidden: the integration does not exist. 21 coins and network variants are accepted for top-ups, and nothing else is.
SP·00 — NO-KYC POLICY
We sell compute, not your identity.
No name, no document scan, no address, no phone, no card — at sign-up or ever after. This page is the complete inventory: what we never ask, what our disks actually hold, and the rules that still apply.
No identity checks
Crypto-only
14-day log rotation
What we never ask for
If a field never exists, its contents can never leak, be sold, or be subpoenaed. So the fields do not exist.
-
Legal name
An account is a handle and a password. Any pseudonym works; we never ask who holds it.
-
Government ID
No upload form exists in the codebase. There is no "verification tier" to unlock later.
-
Postal address
Nothing to ship, nothing to bill by mail — so there is no address field anywhere.
-
Phone number
No SMS codes, no callback verification. Two-factor is TOTP, generated on your own device.
-
Card or bank details
Crypto-only checkout. A card form does not exist, so card data cannot exist here either.
-
Verified email
An email can be your handle if you like, but it is never verified and never written to. Recovery codes replace reset emails.
What we technically hold
No-KYC does not mean zero data — an account that holds money needs state. Here is all of it, with lifetimes.
| Record | Form on disk | Why it exists | Lifetime |
|---|---|---|---|
| Handle | The pseudonym or email you chose; account files are keyed by a SHA-1 hash of it | Signing you in; rendering your panel | Life of the account |
| Password | argon2id hash only — the plaintext never touches disk | Authentication | Until you change it |
| Recovery codes | SHA-256 hashes of 8 codes; plaintext shown once at issue | Password resets without email | Until burned or regenerated |
| TOTP secret | Only if you enable two-factor | Verifying 6-digit codes at sign-in | Until you disable 2FA |
| Balance & ledger | USD balance plus one line per credit and debit | It is your money — the arithmetic stays auditable | Life of the account |
| Orders | Plan, location, OS, period, add-ons, hostname, status, top-up txids — and the IP that created the order | Provisioning, support, abuse forensics | Life of the account; unpaid orders purge after 48 h |
| Access logs | nginx access/error logs including connecting IPs | Debugging and abuse triage | Rotated; deleted after 14 days |
What we never run
No analytics, no ad pixels, no third-party JavaScript, no CDN-hosted fonts. The Content-Security-Policy on every response allows our own origin only — open your dev tools and check.
A balance, not a billing profile
Money movement is where most "anonymous" services quietly leak. Ours cannot: there is no processor to leak through.
Prepaid balance, nothing on file
You top up between $30.00 and $5,000.00, we credit a USD balance, servers debit it. Crypto invoices exist solely for top-ups — buying a server never creates one, and no payment instrument is "kept on file" because none is ever seen.
Monero first-class
XMR leads the coin grid at identical pricing — no surcharge, no review tier. Pay with a transparent chain instead and the only artefact we keep is the deposit txid, data that is already public on that chain.
No-KYC is not no-rules
We do not know who you are. We still decide what runs on our hardware.
The acceptable-use policy is short and enforced. An anonymous customer gets exactly one sanction from us — removal — and we use it. Spam runs, malware command-and-control, denial-of-service launchpads and phishing end the relationship immediately; CSAM is the one case where we go beyond removal and report.
DMCA notices are not processed — the DMCA is a US statute with no force in our jurisdictions, and notices sent to us are not answered. The only paper we act on is a binding order from a court with jurisdiction over the specific server, and the inventory above is everything it can yield. We protect privacy, not crime.
Abuse reports go through the contact form and are read by the same engineers who run the fleet — there is no outsourced trust-and-safety queue between you and a decision.
Removed on sight
- Spam runs and mass-mailing infrastructure
- CSAM — terminated and reported, no refund
- Malware C2, botnets, DoS launchpads
- Phishing and credential harvesting
Questions we get about no-KYC
Can I really register without an email address?
Yes. The handle is any pseudonym of 3–63 characters; it only has to be unique. Password resets burn one of the 8 recovery codes issued at registration, so email is never part of the loop. Lose the password and all 8 codes and the account is gone — we cannot bypass our own design, and that is the point.
What would a subpoena actually get?
The inventory table above, in full: a handle, an argon2id password hash, a balance with its ledger, order specifications and at most 14 days of access logs. There is no name, address, phone or card on file to produce. We answer valid legal process from the jurisdiction the hardware sits in — each location page states its posture.
Why keep access logs at all?
Operations. Without short-lived logs we cannot debug routing faults or triage an abuse report. Fourteen days is the shortest window that still lets us do that; after rotation the data no longer exists. If connecting IPs matter to your threat model, use a VPN or Tor — checkout and the panel work through both.
Is Monero actually first-class, or just listed?
First-class. XMR sits at the top of the coin grid and settles at the same price as every other coin — no surcharge, no extra confirmation theatre, no manual review tier. On transparent chains the only artefact we keep is the deposit txid, which is already public on that chain; with Monero, even that reveals nothing.
More answers — ordering, technical, SLA — in the full FAQ.
Deploy without the dossier.
Top up from $30.00 in 21 coins and networks — a VPS is online in 15 min.