Skip to main content

Compliant privacy

This page covers how encrypted and public balances affect your daily work. For an introduction to the two balance types and why privacy matters, see Product overview.

How it affects operations

For public-layer data, you can still use a block explorer to verify transactions and balances independently — everything is visible on-chain as with any standard ERC-20.

For the encrypted layer, the backoffice handles all decryption transparently. In the backoffice you will have access to:

  • Decrypted encrypted supply, public supply, and total supply
  • All mints and burns shown as decrypted plaintext amounts, whether they were public or encrypted
  • Layer indicator on every transaction and balance — you can always see which layer (public or encrypted) a transaction or balance belongs to

The encrypted supply is trackable on-chain (it is updated with every mint, burn, and cross-layer transfer), but only the backoffice holds the key to decrypt it. From an operational perspective, you work with plaintext numbers in the backoffice regardless of the layer. Public-layer data is also independently verifiable on-chain by anyone, while encrypted-layer data is only readable through the backoffice.

Freeze enforcement

Freezing assets works across both balance types. When an address is frozen:

  • Public balances are blocked — the address cannot send or receive public transfers, and cannot move tokens into encrypted balances.
  • Encrypted balances are blocked — the address cannot send private transfers, and cannot move tokens back to public balances.

Public and encrypted accounts are independent addresses, as any other two on-chain accounts. To block all of a holder's addresses, they need to be provided separately.

Anonymity revoking

When a regulatory authority, law enforcement agency, or court order requires disclosure of encrypted on-chain data, we can decrypt the requested information. This is how we meet regulatory obligations while offering encrypted balances.

Trigger: A formal request — regulatory inquiry, law enforcement order, court order, or internal compliance need — requiring visibility into encrypted data (transaction amounts, balances, or other on-chain activity).

Committee approval: Decryption is not unilateral. A committee composed of independent external law firms must reach quorum agreement before any decryption occurs. No single party — not the issuer, not any individual law firm — can decrypt on their own.

Decryption properties:

  • Decryption is scoped to what is requested — it does not expose unrelated users or transactions.
  • All data that is not subject to the request remains encrypted and private.

This means encrypted balances are private by default but never beyond the reach of lawful process. We can always respond to a valid request with the specific data needed, without compromising the privacy of unrelated parties.