# Privacy Pools

Category: mixers · Smart-Contract Mixer (multi-chain)
Grade: B
KYC: anonymous_signup
Highlights: ETH, MULTI-CHAIN, OSS, GATEKEPT
Features: non_custodial, open_source, smart_contract, compliance_gated
Fees: Embedded relayer + protocol fee on each pool — schedule not on homepage; check each chain's deployed pool contract.
Web: https://privacypools.com
Contact: GitHub: https://github.com/0xbow-io/privacy-pools-website
Last verified: 2026-06-03
Operating since: 2025-02-17 (1y)
Also listed at: Web3Privacy

> Open-source, multi-chain privacy mixer (ETH/BNB/OP/ARB/Starknet) with operator-curated 'good actor' exclusion list.

## Review

Privacy Pools by 0xbow — multi-chain on-chain privacy mixer supporting Ethereum, BNB Chain, Optimism, Arbitrum, and Starknet. **Open source** at [`0xbow-io/privacy-pools-website`](https://github.com/0xbow-io/privacy-pools-website); whitepaper at `privacypools.com/whitepaper.pdf`; ToS at `docs.privacypools.com/toc`; privacy policy at `docs.privacypools.com/privacy-policy`.

Ethereum-based privacy mixing service, hosted on Vercel behind an aggressive bot-protection checkpoint that blocked every page in the 39-path cloak-browser sweep. Listed at **Grade C** — zero peer-directory matches, zero accessible legal pages, zero contact channels discovered, and no operator-published content retrievable by automated probe.

**What it is.** On-chain privacy pool, inferred from the page title 'Anonymous & Compliant Payments' (operator-published, brief.sweep./about.title). Listed at **Grade C** — lowest directory tier — because the site is fully opaque to automated review: every path returns 403 with a Vercel Security Checkpoint that cloak-browser could not clear.

**What you trust.** KYC stance: TODO — no privacy policy, ToS, FAQ, or /about page returned accessible content (all 403 per brief.sweep_summary.blocked). The phrase 'Anonymous & Compliant Payments' in the page title (operator-published, brief.sweep./about.title) hints at a no-KYC design, but zero operator-published text confirms this. Payment surface: TODO — no operator-published token list found. The domain and title suggest Ethereum-based privacy pools (ETH/ERC-20), but this is inference, not source material. AML posture: Undisclosed — `/aml` returned a navigation error that prevented content retrieval (brief.sweep./aml: status 0, 'Unable to retrieve content because the page is navigating'). `/aml-policy` returned 403. The phrase 'Compliant Payments' in the title suggests an AML-aware posture, but no operator-published policy text is accessible. Terms of service: Not accessible — `/terms`, `/terms-of-service`, `/tos`, `/legal/terms-of-service`, `/legal/terms`, and `/legal/tos` all returned 403 (brief.sweep_summary.blocked). This is the single largest trust gap: a financial privacy tool with zero accessible legal terms is operating fully opaque to the public. Privacy policy: Not accessible — `/privacy`, `/privacy-policy`, `/legal/privacy`, and `/legal/privacy-policy` all returned 403 (brief.sweep_summary.blocked). No data-collection or data-retention posture is recoverable. Reserves transparency: Not applicable — a privacy pool is a smart-contract service, so reserves transparency is a question of contract auditability, not a corporate balance sheet. The contract address is not discoverable from the public surface (all paths 403).

**Operational specs.** Hosting: Vercel (all blocked pages return 'Vercel Security Checkpoint' — brief.sweep./.title). Vercel's serverless platform is the inferred deployment target. The bot-protection checkpoint is blocking typical crawler/hardened-browser traffic patterns. Pricing / fee structure: TODO — no operator-published fee schedule surfaced. Privacy pool fees are typically embedded in the smart contract (relayer fee + protocol fee). Curator should check the contract on Etherscan. Coin coverage: TODO — page title references 'Payments', suggesting ETH or ERC-20 deposits. No operator-published asset list found. API surface: Not accessible — `/api` returned a navigation error (brief.sweep./api: status 0, same 'page is navigating' error as /aml and /security). Tor mirror: None advertised — no onion-location header and no onion URL (brief.onion: null, brief.technical.advertised_onion: null). Contact channels: None discovered — email, Twitter, Telegram, Matrix, Simplex, and Discord all returned null or empty (brief.contacts). The /contact path returned 403. Security page: Not accessible — brief.sweep./security errored out with the same navigation-failure code as /aml and /api, suggesting these routes trigger dynamic page transitions that cloak-browser could not follow.

**Grade rationale.** Listed at **Grade C** — the directory's default tier for services with no verifiable trust signals. Zero peer-directory matches across all six queried directories (kycnot, monerica, orangefren, web3privacy, monerofail, privacyguides — brief.peer_matches._any_count: 0). All 36 probed pages return 403 with a Vercel Security Checkpoint: this is not a 404 signal (the pages likely exist) but a deliberate bot wall that prevents any automated trust assessment. The page title 'Anonymous & Compliant Payments' is the *only* operator-published signal in the entire probe — 5 words across a 39-path sweep. Grade C is the honest minimum until either (a) the operator whitelists the probe or publishes accessible docs, or (b) a manual curator test trade confirms the service operates as advertised.

**Caveats.** This is the most opaque listing in the directory's probe history: 36 blocked pages, 3 navigation errors, 0 successful fetches, 0 peer-directory matches, 0 contact channels, 0 legal pages. Every single conventional trust-assessment path is gated behind a Vercel Security Checkpoint that cloak-browser (Playwright with anti-detect patches) could not clear. The 'Anonymous & Compliant Payments' branding suggests a privacy tool that incorporates some form of compliance gating (association-set proofs, sanctioned-address filtering, or voluntary exclusion lists). This is a fundamentally different trust model than a pure no-KYC service — users are trusting the *correctness* of the compliance filter, not just the privacy mechanism. The contract source and filter logic are invisible to this review. The recommended `feature_tags` include `non_custodial` — this is likely correct for a smart-contract-based privacy pool, but it was inferred by the auto-onboarding script from the service category, not from operator-published text. Curator should verify by reading the contract. Three paths (`/aml`, `/security`, `/api`) returned navigation errors rather than 403 — 'Unable to retrieve content because the page is navigating.' This suggests those routes trigger JavaScript-based redirects or SPA-style transitions that cloak-browser's wait_for_timeout heuristic could not follow. These may be the most interesting pages on the site.

**Liquidity check (2026-05-30).** 21 deployed pools. Concentration heavy on Ethereum stablecoins — USDT pool leads (~$4.1M), USDC (~$1.5M), ETH (~$1.6M). Long-tail pools (wstETH, BOLD, frxUSD, WOETH, USDS, sUSDS, USD1, Arbitrum USDC + ETH) each under $70K — anonymity sets so small that each deposit is approximately self-identifying. Companion guide: [Privacy Pools vs Monero](/guides/privacy-pools-vs-monero).

Source: https://xmr.club/mixers/privacy-pools