Privacy Policy

How Torzon protects your data, communications, and anonymity through cryptographic verification and zero-log infrastructure

Our Commitment to Privacy

Torzon Market operates on a fundamental principle: user privacy is non-negotiable. Every component of our infrastructure — from Tor network onion routing to PGP-encrypted messaging — is designed to minimize data exposure and protect user anonymity. This privacy policy documents the specific measures we implement to safeguard your information when interacting with our platform and this verification portal.

We encourage all users to also review our Disclaimer for important information about how we verify onion routing endpoints and our non-endorsement policies.

Data Collection Practices

What We Do Not Collect

Torzon Market follows a strict zero-log policy across all infrastructure components. We do not collect, store, or process:

  • IP addresses — All connections route through the Tor network, and our servers do not log source or exit node addresses
  • Browsing activity — No session tracking, page view logging, or behavioral analytics are implemented
  • Personal identifiers — Registration does not require email addresses, phone numbers, or real names
  • Transaction metadata — Cryptocurrency transaction records are purged after escrow completion and dispute window closure
  • Message content — All communications are PGP-encrypted end-to-end; server-side storage contains only encrypted ciphertext

Minimal Operational Data

The following data is retained temporarily for platform functionality:

  • Account credentials — Usernames and salted password hashes for authentication
  • PGP public keys — Stored for signature validation and message encryption; users control their own private keys
  • Escrow transaction states — Held only during active transactions and purged after completion
  • Session tokens — Temporary authentication tokens with automatic expiration and deletion

Cryptographic Protection

All data at rest and in transit is protected through multiple layers of cryptographic verification:

  • PGP encryption — All user-to-user and user-to-vendor messages are encrypted with PGP keys. Even if servers were compromised, message content would remain unreadable without the recipient's private key
  • Tor onion routing — All marketplace traffic passes through the Tor network's multi-hop encrypted circuit architecture, preventing traffic analysis and endpoint correlation
  • Cold storage wallets — Cryptocurrency holdings are stored in air-gapped, multi-signature cold wallets isolated from network-connected infrastructure
  • Automatic data purging — Server logs are automatically deleted on a rotating cycle: temporary files within 24 hours, session data within 1 hour, cached data immediately upon session termination

Phishing Protection and Link Verification

One of the most significant privacy threats facing darknet marketplace users is phishing — credential theft through clone sites that impersonate legitimate platforms. Torzon Market addresses this threat through:

  • PGP-signed onion addresses — All official .onion URLs are signed with our PGP key, allowing users to verify authenticity before connecting
  • Canary monitoring — We maintain a warrant canary and signed status page to provide transparency
  • Mirror uptime monitoring — Our infrastructure team monitors all official mirrors 24/7 and flags unauthorized endpoints or clone sites
  • Endpoint integrity checks — Each onion routing endpoint undergoes cryptographic verification to confirm it connects to authentic Torzon infrastructure

Users should always verify .onion addresses against PGP signatures published on our official links page to avoid phishing clones.

Two-Factor Authentication and Account Security

Torzon Market supports PGP-based two-factor authentication, which is significantly more secure than SMS or TOTP-based methods. When 2FA is enabled, login requires decrypting a PGP challenge — making account takeover virtually impossible without the user's private key. We recommend all users enable 2FA immediately upon registration. See our security documentation for setup instructions.

Cookies and Tracking

This clearnet verification portal uses no third-party tracking cookies, analytics scripts, or behavioral monitoring tools. Essential session cookies may be used solely for navigation functionality. No advertising networks, social media trackers, or fingerprinting scripts are loaded on any page.

Data Retention and Deletion

All operational data follows a strict retention schedule designed to minimize exposure:

  • Temporary files — deleted within 24 hours
  • Server cache — purged within 1 hour
  • Session tokens — expire and auto-delete after 30 minutes of inactivity
  • Escrow records — purged 14 days after transaction finalization
  • Account data — permanently deleted upon user-initiated account closure

Changes to This Policy

This privacy policy may be updated periodically. All updates will be documented on this page. Users are encouraged to review this policy regularly alongside our Disclaimer and Security documentation.

Last updated: