Privacy Policy

Effective: January 1, 2021 00:00 UTC. Version 4.0


We believe privacy is a universal right, and our business is to help you secure it by protecting your digital information and your anonymity. We do not ask for your name, address or any other personally identifying information. You may create any Merlin ID you like, so long as it meets formatting rules and is not being used by someone else. We urge you to use words and phrases that are meaningful to you but which do not identify you personally. You can download, install, and run our applications anonymously, and you can use various identified or anonymous payment methods to purchase Merlin Subscriptions. Put simply...

What personal info do we collect? Nothing.

Technical Information

Data volume: We store a running total amount of the data volume that you purchase and consume by uploading or downloading files. When you use the Service, we debit the number of bytes you use from your total credit. We save only that balance as a single number.

Your data: When you use our Services, your data is encrypted on the originating device using keys known only to the sender(s) and recipient(s) and that exist only on their devices. All keys are owned exclusively by users; we have no keys and we have no ability to decrypt or access the 'plain text' versions of any data. If a recipient is not online at the time a transfer occurs, we will temporarily cache (store) the encrypted data until the recipient picks it up, or an expiration time is reached.

Cookies: We use cookies to improve our web-based Services. For example, cookies help us understand how you are interacting with our website, and help us to improve it based on that information. However, you can set your browser to not accept cookies, and this will not have a material negative impact on your ability to use the Services, but it may result in inconveniences such as having to reenter your username each time you log into web-based Services.

Device information: We collect basic device information such as the name you give your device, if any, and the amount of memory or storage available on it. This helps us to avoid sending more data to a device than it can handle. However, we do NOT collect or save any form of personally identifying information from the device or about how you use it, even if the device offers such data to us.

Error reports: If one of our products experiences an error, at your option you can use a built-in error reporting facility to send us an Error Report, along with your comments about what you were doing when it occurred. Error Reports contain the name of the program modules that were executing at the time the error occurred, as well as other technical information about the program's state and in some cases basic information about your device (such as whether you ran out of disk space or memory). Error Reports do NOT contain user data. The entire content of the data to be sent is readable in the report before you send it.

Business partners: We have carefully vetted business partners with whom we may share basic technical information in the event of various types of attack on our Services, such as penetration attempts or DDoS attacks. That data does NOT include any type of Personally Identifying Information because we don't collect any in the first place. If you specifically opt in to receive operational or service notifications, or special offers from us or our partners, we may share your publicly visible email address with those business partners who administer or deliver such information, but we do NOT share any other account or usage information because we have none.

Financial Transaction Information

We ourselves do NOT collect or record any sort of financial information about you or your transactions with us.

Like all online vendors, when you purchase our Services we temporarily pass your web session to an online card payment processor and wait for them to tell us whether or not your payment was processed. If they tell us it was approved, the only data we record and associate with your account is the product tier or data volume you have purchased, and a transaction key that can be used to reverse the credit should you later dispute your purchase or it is otherwise cancelled. No other financial information of any kind is recorded by us. However…

Although that's the entire story as far as our services are concerned, it's not the entire picture because credit card payments and bank transfers leave records. These are kept by banks, card processing companies, and many governments, and are entirely outside our control. If the existence of such records is a concern for you, click here to learn various ways to pay for our Services anonymously.

Information We Do NOT Save

Location data: We do NOT collect or save any form of location (GPS) data. If your device transmits its location to us anyway, we disregard it (and we think you should turn off such features, if your device allows you to do so).

IP addresses in our Services: We do NOT normally save the IP addresses of devices that use our websites or Services. When you use them to create or manage your account, add devices or obtain data volume we retain your IP address in memory only, and only for as long as necessary to complete your session (typically a few minutes). When that session is complete we discard the IP address, UNLESS we detect it is clearly being used as part of an attack or other form of illegal penetration attempt of our Services, in which case it will be logged and may be denied further access. It may also be subject to additional security-related analysis by us or our business partners.

Using our Services with VPNs: You may access our Web Services and use our applications and the Kahuna™ Network with VPNs without restriction. This will allow you to hide your IP address, which we permit and encourage you to do. We have successfully tested several VPN providers. Please note that depending on the VPN provider you may experience fluctuations in performance outside our control.

Pixel tags: We do NOT use pixel tags.

Cross-site tracking: We do NOT engage in any kind of cross-site tracking.

Logs: We do NOT log any information associated with the use of the Kahuna™ network, including file or other data transfers, voice or video calls, instant messages or any other use. We do NOT log any authenticated web requests. The logs generated from other web traffic do not include any identifying information, and are limited to only protocol-related errors. Our goal is to have nothing meaningful to disclose to any third party.

Information Sharing

We may share what little information we have with others under the conditions listed below:

Others working for us: We use certain trusted third parties to help us provide, improve and protect our Services. These third parties will access information only to perform tasks on our behalf and in compliance with this Privacy Policy.

Law & order: We may disclose information to third parties if we determine that such disclosure is necessary to comply with the law, protect any person from death or serious bodily injury, prevent fraud or abuse of our Services or our users, or protect property rights. If we are ordered to disclose information by legitimate legal process, the only data we can supply is that which you supplied to us when you signed up for our services, and copies of the encrypted data stream your device sent into the network, should it still be there (once data is delivered it ceases to exist in the network). User data exists in the Kahuna™ network ONLY in an encrypted form, and only the sender and recipient have decryption keys. We have absolutely no access to the content. These and related issues are discussed in further detail in the "Illegal Conduct" and "Legal Compliance" paragraphs of our "Terms of Service".

Safe Harbor: MetaLuminous complies with the EU-U.S. and Swiss-U.S. Safe Harbor ("Safe Harbor") frameworks and principles. (Compliance for us is trivial because we collect no personal data to begin with). Should you have a concern you agree to first submit such complaints directly to us at


Because we hold no meaningful information about our customers, it's unlikely that we will receive very many information requests from law enforcement agencies. However, if we do and to the maximum extent permitted by law, every 6 months we will post:

  • How many requests we received from law enforcement and government agencies worldwide.
  • How many customers this involved.
  • What agencies or organizations made the request.


We may revise this Privacy Policy from time to time, and will post the most current version on our website.


If you have questions or concerns about our Services and privacy please feel free to contact us at