Think it's pretty clear by now to OP. You can't trust any mixer to be a good actor because they're all centralised. In the end, like every business, you hope their motivation to conduct business correctly to ensure future income is more than their motivation to run off with your funds or steal your data.
If it's fund security you're worried about, even with alternative type of mixing like CJ where you maintain custody of funds, you have to give up a degree of mixing efficacy (to me).
Really do read the posts suggested by LoyceV (the
ChipMixer articles).
However, it's hard to believe big company like BitPay reuse same address. I can't imagine the pain when user make mistake (under pay, over pay, etc.).
I've seen it with my own eyes: the address they gave me was funded half a year earlier.
But it was (is?) much worse with the instant exchanger I mentioned: they used a few different deposit address many times per day.
I can confirm the same. Was some time ago though, it was legacy address, I checked it as force of habit and saw it had 2 older txs, funded and then swept out I guess. It's not even the first time, I've seen it on other services before, and on some services I've been using for years, never once (Localbitcoins, for example, probably used hundreds in my lifetime, and they're now on bech32, but have never given a recycled address) so I know it's just negligence on the part of services who do.
And ETF, when users make a mistake, though, you don't talk to BitPay. You talk to merchant if you overpay or make a mistake who then refunds you only in fiat (and you can't underpay, Bitpay just would reject the invoice and ask you to get your refund from the merchant).
Happened to me plenty during peak congestion, when it takes too long to confirm (expire) or you use RBF (yeah, who knew) so you're forced to overpay fees in a major way with BP. Sorry, didn't meant to go on a rant.