it's been a while since i thought about it, but basically the client would derive a key based on a random tweak for the sender to send money to. Regarding notifying the receiver (so he doesn't face the same headache of the standard Bitcoin SP), either an automatic operation happens where the client would listen for an incoming transaction and once it gets confirmed then a ephemeral key would giftwrap send (new kind) with the nip44 encryption to the receiver the mentioning the address they received money on with the used random tweak (and for what i mean, the chain used). For a manual operation the user would need to click something like 'yes i've sent the transaction' (because there'd be no chain listening) and then it does the same steps. So in terms of privacy, the public knows (ish) that you're receiving money, but not from who or what or what amount. Only downside is if that automatic operation or manual never happens (technical or UX failure), then it would be assumed as if the sender sent it to the void, however, i did think of a optional fallback recovery hint, adding some info in op_return (squizing it to 40 bytes) where it would then start behaving like Bitcoin SP but only for recovery purposes. There can probably be better ways to recover from notification failure that can be thought of.