What the merchant gets
Every card payment sends your card number to the merchant. Most merchants store it. Many keep it long after you have stopped using them. All of them pass it through the payment chain on the way.
The card number on its own is not the sensitive part. The pattern is. A single purchase says little. Thousands of purchases over years describe what you eat, where you go, what you read, what conditions you are being treated for, what causes you support, what you buy when you are anxious, and what you buy when you feel well.
This pattern has commercial value. Insurance pricing uses purchase histories to set premiums. Political campaigns use spending patterns to target. Data brokers aggregate transaction-derived signals and sell the resulting profiles. These are documented uses.
Some of what merchants hold is reachable through UK GDPR Articles 15 and 17, subject access and erasure exercised one merchant at a time. The records held by the payment chain itself, and by data brokers acting on derived signals, are not. Gottfried Leibbrandt, the former chief executive of SWIFT, has written that payment data is highly prized by intelligence agencies and commercial actors, and that the current restraints on its use may not hold.
How it works
Merchants get paid. They never get your real card number.
Your rules
You set the rules. Before the payment leaves your hands.
Single-use
A virtual card number that works once, then closes. For free trials, one-off purchases, or any merchant you would rather not give a reusable card to. Forget to cancel the trial? The charge fails. There is nothing to dispute.
Merchant-locked
Tied to a single merchant. Declined anywhere else. For subscriptions you want to control tightly and cancel by closing the card.
Spend-capped
A maximum charge set before you pay. The card declines anything above it. Nothing can be taken beyond what you authorised.
What we’re building
Before card payments became the default, cash was. Cash produced no record at any third party. The merchant knew you had paid. Nothing else crossed the counter. The shift from cash to card was incremental and the data consequences were not visible at the time of consent. Card numbers became persistent identifiers; transaction records became commercial assets.
There is no trade-off between privacy and security here. The card industry already uses tokenisation to protect its own infrastructure from fraud. Apple Pay and Google Pay send a token to the merchant rather than your real card number. eigin extends the same mechanism: not just protecting the card number, but issuing a different number per merchant or per purchase, which prevents the same identifier from being shared across the merchants you pay. When a merchant is breached, which happens routinely and at scale, a single-use eigin number that has already been used is expired. A merchant-locked number is declined everywhere else. The card that gets stolen is already useless.
eigin is being built to give you controls at the card-number level: which merchant gets which number, how long that number is good for, and how much it can charge. UK GDPR Articles 15 and 17 can recover some of what merchants hold. They cannot reach what the payment chain or data brokers derive from card transactions. eigin covers the card-not-present payments where cash is not an option and where rights exercises against individual merchants cannot recover the rest of the data trail.
eigin runs on EU-hosted infrastructure. No invasive analytics. Postmark, used for transactional email, is operated by a US-headquartered company and is covered by standard contractual clauses under UK GDPR. Card issuing will be provided by a regulated partner, to be disclosed at launch. The standard applied to eigin’s own infrastructure is the standard promised to yours.
Things worth knowing
Honest answers to the obvious questions
Privacy products attract scepticism. Good. Here are the direct answers.
UK launch waitlist · Pre-launch
Join the waitlist.
eigin is being built for UK launch first, with EU expansion to follow.
UK GDPR already treats financial data as restricted. The card payment infrastructure does not yet match that standard. That is the gap eigin is being built to close.
Payment privacy tools exist in other jurisdictions. Privacy.com is US-only and has been for over a decade. None of the existing options operate under UK or EU licensing. That is where eigin starts.
Everyone on this list hears before anything goes public. We will not share your email with third parties. You can unsubscribe at any time. By submitting your email you consent to us contacting you about the eigin launch. Privacy Policy.