This is the slickest 'private' payment experience I've seen in crypto. Uses the same zk tech we built for Zcash. But private to whom? When you pay crypto address → Payy → Visa/card issuer → merchant, each step has different privacy issues and levels of safety. In more detail:

on chain: Normally everything is exposed—blockchains are Twitter for your bank account. Payy's ZK proofs, hopefully, fix this. Merchants: may get your name or a persistent ID that tracks usage. Visa/issuer: Almost certainly full card history, maybe full name. Payy: The wildcard.

Payy: May see everything. They run a "single-sequencer validium rollup"—fancy words for "we run a server." If they also generate the ZK payment proofs (likely), they see your address and balances. Unclear what they learn about your credit card transactions, but potentially a lot.

Technically, you can get onchain privacy AND, offchain, ensure Payy, Visa, and merchants only see one-time payments—think one time gift cards per payment with no linkable identity. But business rules and issuer policies make this unlikely in practice.

An interesting question is, practically, how much data you can hide from a merchant while going through visa/master card. There are various means of tokenization in these protocols, but in practice Im not sure what merchants get.

@wu_s_john @wallet_obsidian Extrapolating from what I last knew, probably similar levels of on chain privacy, no idea on everything else.

@_ArnaudS_ @wu_s_john @wallet_obsidian and to any of the zk-reply guys hanging around: yes, you can get function privacy with recursion. Thats how we did it in Zexe. Most projects (IIRC including Aztec) dropped that feature initially do to cost. You can, nominally, get it back with super-nova style proofs.