You can't be sued for data you don't have.
Mathematically verified, zero-knowledge attestations for every regulated check.
Anchored on a public ledger. Verifiable forever. Nothing stored.
· 2 live in browser demo
MATTR static testnet
0xCB9567…4c3264
Ever.
Your KYC stack is your audit trail. It's also your breach surface.
Persona, Jumio, Onfido, Socure, Alloy — every identity vendor on the market ships you a customer file. That file is what you show your auditor. It's also your GDPR exposure, your discovery liability, and your largest unpriced operational risk. The thicker your audit trail, the larger your blast radius.
Three steps. PII stays put.
ZeroVault is the identity and attestation infrastructure for on-chain finance — built so institutions can prove compliance without re-sharing customer data. You already hold the PII you're legally required to hold. ZeroVault generates a zero-knowledge proof from the credential, mints a VRID, anchors it on-chain, and chains it into the customer's FCR Audit — a per-customer ledger with cryptographically enforced continuity. Counterparty onboarding, periodic re-KYC, auditor spot-check, regulator review — each is satisfied by a deterministic lookback across the chain. The PII never leaves your perimeter.
Credential exists
Your KYC'd customer record already exists — either as a W3C Verifiable Credential (MATTR in this demo) or as the verified identity data your platform is legally required to hold. The credential, not the underlying data, becomes the input to the proof.
Proof is generated and verified
ZeroVault generates a zero-knowledge proof from the credential and verifies it against the published verification key. The proof confirms the attribute — sanctions-clean, KYC-passed, accredited — without exposing the underlying data to anyone downstream.
VRID minted, anchored, and delivered
ZeroVault mints a VRID, anchors it to the on-chain receipt contract, and chains it into your customer's FCR Audit ledger. Your platform receives the VRID bundle and the on-chain transaction logs via API. This is the artifact your auditor verifies, your regulator spot-checks, and your counterparties accept in place of re-sharing the underlying data. Independently verifiable forever.
The attestation protocol behind every ZeroVault check. Prove a regulated check in zero knowledge, return a tamper-evident receipt, and retain none of the underlying data. The proof is deterministic, so anyone can re-verify it later and get the identical result.
Zero-knowledge proof
Noir and UltraHONK. The check is proven, the data behind it never leaves your perimeter.
Tamper-evident receipt
A VRID anchored on Base Sepolia testnet, verifiable on-chain by anyone, with no vendor in the loop.
Deterministic by design
Re-run the proof years later for an auditor and it returns the identical result.
Zero retention
No PII sits behind the receipt. Retention is zero by protocol, not by policy.
In development: a cross-rail layer on Canton that carries an attestation between institutions without re-running the check.
Watch a compliance check run, start to finish.
The demo runs MATTR-issued credentials and Noir/UltraHONK proof verification in your browser via Barretenberg WASM, on Base Sepolia testnet. Nine circuits compiled, two live in the browser demo (CR-05 KYC clearance, CR-09 sanctions non-inclusion). Production hardening, issuer-signature binding and nullifier construction, is the post-seed Noir co-founder milestone, prior to external audit. If you are a CCO, BSA officer, or head of compliance evaluating this for a fintech, start with the demo, then inquire.