It would have the same due-dilligence requirements as any webshop and validate your payment method (which could be any method, like iDeal, and even credit card, where the payment processor doesn't get to see the exact order details, but a 'proxied order').
You are right about the privacy guarantee, but there is the issue of trust in any business transaction. Why am I using ProtonMail/VPN? Because they have privacy + security as their primary USP and it is reflected in their business (transparency, privacy policies, compliance, certification, etc.). They work hard to earn and keep my trust, and I pay them to do just that.
I am no expert but probably you can let your company be audited by some trusted party on adherence to privacy promises and prove that you comply.
Having that they can keep my data in storage for as long my government requires by law.
You are right about the privacy guarantee, but there is the issue of trust in any business transaction. Why am I using ProtonMail/VPN? Because they have privacy + security as their primary USP and it is reflected in their business (transparency, privacy policies, compliance, certification, etc.). They work hard to earn and keep my trust, and I pay them to do just that.
I am no expert but probably you can let your company be audited by some trusted party on adherence to privacy promises and prove that you comply.
Having that they can keep my data in storage for as long my government requires by law.
--
Edit: Because this is deeply nested and tangential to the topic I created a separate Ask HN on this idea: https://news.ycombinator.com/item?id=17884474