Presumably privacy.com knows your real identity, and presumably the privacy.com credit card number you give to the merchant can be traced back to privacy.com. From there the merchant is just a court order away from getting your contact info, and if you actually do owe them money, I don't think a judge would balk at that, at least not after the merchant has filed suit against you (as John/Jane Doe).
But of course no merchant is going to go through the effort and expense to do all this, unless you owe them a decent chunk of change. A couple months of a $15/mo subscription likely doesn't clear that bar.
How does a lawyer know who to send the threatening letters to? This whole conversation exists on the assumption that you're not fully anonymous in this relationship.
You aren't fully anonymous. Privacy.com has your info. The vendor, or their bank, can easily determine you gave them a privacy.com number. A court will happily compel privacy.com to turn over your info if the vendor can show the most basics of an agreement between you and them.
It doesn't guarantee the vendor will win a final judgement but no court is going to prevent them from tracking you down.
