Our use case is private too, but in many places the regulator could care less about any private/public distinction. We looked at locking down a mint to a private group via various means, but lock it down too much and you've made the blind signature aspect irrelevant, lock it down too little and then all the AML stuff. (Actually all the AML stuff often regardless.)
Discussion
I'm totally fine with having an AUTH mint that knows I'm in the group, but not who I am. This is possible.
That was our first approach—you know everyone in the wider transaction pool but can't associate any individual transaction with any individual person. Doing that, however, ties the mint, the community, and the client all together in a certain critical regulatory sense. So if we had a Nostr client that was an EU entity then that entity would be a potential enabler of all activity on all mints in all communities (public and private) created in or accessed via that client. Same for many other places. That's the tricky part.
I don't see that issue at all for us.
1) Zapchat will have no clue about what private groups are using it
2) The payments by the mint are lightning payments, the mint being one node in the system. So only the group members know anything about the mint. (Or is it this part I'm getting terribly wrong?)
I dunno how you plan to structure it, but we found the issue can be both.
The mint needs the URL, the server, the associated LN node, and whatever basis for AUTH (database or other). A community member could spin all that up independently, and manage access independently, so not asking Zapchat to assist with any of it, nor letting Zapchat know the URL or any other details of the mint in a formal-input sense, or of the mint transactions—it's all discussed in MLS e2e encrypted messages and all transactions done outside the client.
That would be no different that a bunch of people spontaneously agreeing to do all that with each other in a Signal group chat. Then Signal itself can legit say "we can't know anything about that".
But for the mint to actually be a basis for fun features then a bunch of data on the mint, the users and the transactions will have to pass through Zapchat's servers, of those of whatever other client, no getting around.
Yup, the goal is that make that spontaneous stuff, actually spontaneous.
And have the hosting provider not be the app. External service that should know as little as possible about what is being hosted.