That is a matter of concern. We cannot detect who operates the account, but we always get the sender's wallet address. If they have exchanged coins to another coin, we have that data as well, and if they have withdrawn the newly exchanged coins, we have that wallet address too. The fact is that we have no information about who operates this account - no name, IP, or location.
Do you mean you would not have any problem confiscating funds that are coming from certain addresses, maybe sanctioned addresses? If that is it, then how exactly are you defending users privacy and how are you going to achieve all the other things you say. If you check for source of funds and you track where people's funds come from, there is nothing private about your service.
I never said that the exchange would freeze funds. I'm saying quite the opposite never to confiscate funds. I said that a sanctioned address sending money to our exchange wallet is concerning and could put me into legal issues while trying to protect user privacy. I was explaining that since we don’t track user information, we have very little info just the wallet address and the coins they exchanged. See, I’m not running a mixer or CoinJoin service. This is a CEX exchange, and I want to protect the privacy of my CEX users. But the problem arises when bad actors get involved.
One solution would be to create some sort of automated system that refunds any deposits that come from sanctioned addresses. As an entity you would document that you refused service in order to avoid any problems with authorities.
The issue with this is that you would be dealing with the process of sorting deposits and scoring them, which has always been an issue in general (as no scoring system is 100% accurate due to the general nature of bitcoin and cyptocurrency).
As others have suggested, focusing on building a decentralized exchange is probably a better focus. Fees can still be accumulated and distributed between the owners or backers, though the trade-off is that no one central party can control the platform or the funds, and it will probably lead to a reduced profit.
I've seen many users suggest the following in other posts:
1. Using a VPN to hide server logs.
2. Choosing a server provider that doesn't keep logs and accepts crypto payments.
3. Using Cloudflare to mask the server's IP address.
These are fine solutions generally though as the exchange grows and if there is no system in place to stop sanctioned funds from going in the exchange, it will probably lead to investigations and it will seem like that due to the operators are using these methods, that they are knowingly running a shady entity (not saying that is how it is but how it might be perceived).
Many people have tried the unregulated cex. It almost always ends in a shutdown. If you want to succeed in this, you will need to innovate...though I think that if it could be done, it would have already, and that you will probably need to look down the decentralized route.