Dear Satoshi Labs team,
I have a somewhat unusual request. I have no issues with your Trezor product itself, but I do have a serious problem with the payment processor Confirmo, which, if I am not mistaken, you use for Bitcoin payments. I am not sure whether you are aware of this, but around January 5, 2026, Confirmo changed its payment process.
These changes are now likely to cause an extremely negative user experience for people paying with Bitcoin or via the Bitcoin Lightning Network. It appears that Confirmo has decided to comply with regulatory requirements as strictly as possible, significantly complicating things for users. What is even worse, the payment flow itself is designed in a way that further amplifies these negative aspects.
Specifically: first, a Bitcoin or Lightning Network payment is accepted as usual, but after the payment is made, instead of receiving a confirmation that everything is settled, the user is redirected to a page where they are asked to provide two types of information. The first question is whether they are a private individual or a business entity, and the second is whether they are paying from a personal wallet or, for example, from an exchange wallet.
At first glance, it may seem that this is where it ends, but in reality, it does not. An email then follows, stating that in order to complete the payment, the user must fill out a form. Even for very small amounts, this form requires the following information: last name, first name, residential address, city, country, as well as date and place of birth.
The message also states that if this form is not completed within 12 or 24 hours (I no longer remember the exact timeframe), the payment will be canceled. In practice, this means that until the user provides these details, you as the merchant will not receive the funds. However, if the user refuses to provide personal information, they will not receive their money back either. A refund is only possible through a complicated process involving contacting support, where the user must prove ownership of the wallet by providing screenshots and additional information.
I have personally also encountered cases where, instead of a form requesting date of birth and similar details, users were presented with a form requiring them to upload identity documents, photos, and even a selfie via a third-party service. I believe I do not need to explain how repulsive this is for people who are used to paying with Bitcoin or via the Lightning Network in everyday situations.
I contacted Confirmo and explained that I do not consider it acceptable to first accept a payment and only afterward confront the user with the requirement to submit personal data. However, they made it very clear to me that they have no intention of changing this setup. They stated that this approach was implemented to comply with the so-called Travel Rule, which, incidentally, has existed for many years. Why they decided to start enforcing it in this particular way only now remains unclear to me. If personal data were requested before the payment, I would simply choose not to pay and would have no objections. In its current form, however, the process feels like coercion aimed at extracting personal information, which provokes strong frustration and anger in me.
Moreover, this involves personal data that can later be linked to the payer’s Bitcoin addresses using clustering methods, making it possible to estimate how much cryptocurrency a person roughly owns. Given the number of violent attacks in Europe targeting people in order to obtain their cryptocurrencies, it is not difficult to imagine how dangerous this is. For example, there was a recent case where an employee of the Binance exchange sold user data to hackers for a small sum, and this data was later abused to plan targeted attacks on specific individuals. There is no guarantee that something similar could not happen at Confirmo, whether through malicious insiders or as a result of a hacking incident leading to a data breach.
The fact that Confirmo, in some cases, collects selfies and photos of identity documents via third-party services multiplies these risks even further. As you can imagine, until this setup is replaced with a self-custodial solution, many people will simply refuse to pay with Bitcoin within your products or services.
At the same time, nothing prevents you from deploying, on your own servers, solutions such as BTCPay Server, an open-source project, running your own Bitcoin node and Lightning Network node, and processing payments independently. Since you are neither an exchange nor a payment processor, you are not required to comply with these, in my opinion, nonsensical regulatory demands. This is a solution I sincerely recommend.
Alternatively, if you do not wish to implement your own payment infrastructure, it would likely be wiser to disable Bitcoin payments via Confirmo entirely. Otherwise, you risk provoking significant user dissatisfaction, as users may effectively find themselves in a situation resembling extortion: being forced to hand over personal data in exchange for paying even a very small amount.
Sincerely,
Perlover