PrivaPaid Stream is an open-source content platform with AES-256-GCM encryption, Lightning payment integration, and a delivery architecture where the server never sees the content it serves. It is MIT-licensed. You can fork it, brand it, deploy it on your own infrastructure, and run a content business where you control the margin, the experience, and the architecture. The repo is on GitHub.
This post is about what you can build with it — and how the pieces fit together.
The Agency Opportunity
If you manage creators, you already know the problem. The platforms that host and sell content also control the payment flow, set the fees, dictate content policies, and own the customer relationship. An agency operating on OnlyFans, Patreon, or Gumroad is renting someone else's infrastructure at 10–20% of every sale — and can be shut down at any time.
PrivaPaid Stream gives you a different option: deploy your own branded content platform. You control the storefront, the creator onboarding, the pricing, and the customer experience. The payment infrastructure runs underneath through SatsRail (the payment rail underneath PrivaPaid), which handles invoices, payment confirmation, product keys, and settlement. You never touch payment logic. SatsRail never sees your content.
Your platform. Your brand. Your margins.
What PrivaPaid Stream Does
Stream is the content layer. It handles everything between "a creator uploads content" and "a buyer sees it in their browser." Here is what it manages:
- Encrypted content hosting. Content is AES-256-GCM encrypted before storage. The server stores only encrypted blobs. Plaintext URLs are accessible only to admin staff, never to viewers.
- Client-side decryption. After a buyer pays, the decryption key arrives in their browser via the payment rail. The Web Crypto API decrypts the content client-side. The server never sees the plaintext.
- Channels and categories. Organize content by creator channels, with categories and tags. Each channel can have its own branding and content structure.
- Creator management. Two modes — managed creators whose content is handled by the platform operator, and independent creators with their own SatsRail API keys where payments go directly to their wallet.
- Pseudonymous accounts. Buyer accounts require only a nickname and password. No email. No phone number. No real name. Or disable accounts entirely for pure anonymous purchases.
- White-label theming. CSS variables allow complete restyling without touching the codebase. Your brand, not PrivaPaid's.
What SatsRail Handles
SatsRail is the payment rail underneath PrivaPaid. It handles the parts that require cryptographic precision and financial infrastructure:
- Product registration. Each piece of content becomes a SatsRail product with a price and a unique AES-256-GCM encryption key.
- Checkout sessions. SatsRail generates Lightning invoices and manages the checkout flow.
- Payment confirmation. When a Lightning payment settles, SatsRail confirms it and issues a product key.
- Key delivery. The wrapped product key travels from SatsRail to the buyer's browser. The content encryption key is unwrapped client-side.
- Access verification. Macaroon-based access tokens (HMAC-SHA256, signed, expirable) let buyers re-access purchased content without re-paying.
- Settlement. Sats move directly from the buyer's wallet to the creator's wallet. SatsRail does not hold funds.
The Separation
This is the architectural foundation. SatsRail never sees content. PrivaPaid Stream never touches payments. No single layer in the stack has a complete picture of any transaction.
| Layer | Stores | Cannot Access |
|---|---|---|
| SatsRail (payment rail) | Product name, price, SKU. AES-256-GCM encryption keys. Invoice records. Payment confirmations. | Content files. Content descriptions or categories. Buyer identity. What the key actually unlocks. |
| PrivaPaid Stream (content layer) | Channels, categories, media metadata. Encrypted content blobs. Plaintext URLs (admin-only). | Encryption keys (held by SatsRail). Payment amounts. Customer real identity. |
| Browser (client) | Access token in localStorage. Decrypted content in memory only. | Nothing persists beyond the session. Close the tab, it is gone. |
This is not a policy. It is a structural constraint. The separation is enforced by architecture, not by agreement.
What the Operator Controls
As an agency or platform operator deploying PrivaPaid Stream, you control:
- Margins. Set your own take rate. SatsRail charges a flat API fee — the rest is yours. No 20% platform cut.
- Creator onboarding. You decide who gets a channel, what categories exist, and how content is organized. You are the platform.
- Branding. CSS variables, logo, colors, typography. The storefront looks like your brand, not ours.
- Infrastructure. Deploy on your own servers, your own cloud, your own domain. Docker Compose gets you running in minutes. Or deploy on Vercel, bare metal, whatever fits your ops.
- Content policies. You set the rules for what content is accepted. The payment rail does not impose content restrictions.
- Privacy level. Choose between pseudonymous buyer accounts or fully anonymous purchases. The architecture supports both.
The Tech Stack
For developers evaluating a deployment:
| Component | Technology | Why |
|---|---|---|
| Framework | Next.js 15, App Router | Server components for encrypted blob delivery, API routes for checkout flow |
| Language | TypeScript (strict mode) | Type safety across the encryption and payment layers |
| Database | MongoDB + Mongoose | Document model fits content and channel schema. Works with Atlas or self-hosted. |
| Encryption | AES-256-GCM via Web Crypto API | Browser-native, zero dependencies, authenticated encryption |
| Styling | Tailwind CSS v4 | CSS variables for white-label theming per instance |
| Payments | SatsRail API | Non-custodial Lightning. Product keys, checkout sessions, access verification. |
| Access Control | Macaroons (HMAC-SHA256) | Signed, expirable, verifiable without server-side session state |
| Deployment | Docker / Vercel / bare metal | docker compose up -d gets you running in minutes |
Why Open Source
Open-sourcing the content platform does two things.
First, it makes the architecture auditable. Anyone can read the encryption flow, verify that the server never sees decrypted content, and confirm that buyer identity is structurally excluded from the data model. "Trust us" is not a privacy architecture. "Read the code" is.
Second, it lowers the barrier for agencies. You do not need to build an encrypted content platform from scratch. You do not need to implement the cryptographic flow or the payment integration. Fork the repo, brand it, deploy it. The encryption and payment layers are already built and tested.
SatsRail's business model is payment infrastructure — API subscriptions, not content platform revenue. The more platforms that deploy Stream and consume SatsRail's API, the more the infrastructure grows. Open-sourcing the content layer is how we get there.
What This Doesn't Solve
Some honest constraints:
- Plaintext URLs exist in the admin database. MongoDB stores the original source URLs for admin access and re-encryption. Viewer-facing pages only receive the encrypted blob. But if the MongoDB instance itself is compromised, an attacker gets the source URLs. The encryption protects content as served to viewers, not at rest in the admin database.
- The operator still controls the platform. You choose what categories exist, what content is uploaded, and who gets a channel. This is editorial control, not payment censorship. The payment rail does not restrict content — but you, as the operator, decide what your platform offers.
- Lightning adoption is still early. Your buyers need a Lightning wallet. The audience is growing, but it is not mainstream yet. This is infrastructure for the builders who want to be ready.
Get Started
The repo is at github.com/SatsRail/media. MIT license. Clone it, deploy it, build something on it. The only thing it needs from SatsRail is an API key for the payment rail.
The rest is yours.
PrivaPaid Stream is the open-source content layer. SatsRail is the payment rail underneath. Together: encrypted content delivery, non-custodial Lightning payments, and a platform you own. Learn what this means for agencies or start building.