Don't Trust Us.
Verify.
The first consent platform where every choice is enforced by your browser, anchored on a blockchain, and verifiable by anyone.
The Problem
Cookie Banners Are Theater
The consent infrastructure the internet relies on is fundamentally broken.
Banners Lie
You click "Refuse All" but the tracking scripts run anyway. The banner is cosmetic. Nothing enforces your choice.
No Proof
Nobody can prove what was actually consented to. Not the user. Not the regulator. Not even the company collecting the data.
You Get Nothing
5 billion people click "Accept All" every day. That generates billions in ad revenue, yet the person clicking gets zero.
GDPR Is Broken
Regulators can't audit what they can't verify. Companies store consent in private databases. Delete requests are unverifiable.
The Fix
Consent with Teeth
Five steps. Every one enforced, recorded, and independently verifiable.
User Arrives
Cookie banner shows data categories with transparent Myps pricing
Choose & Hash
Choices hashed with keccak256: salt + domain + categories + policy version
CSP Locks Down
Browser Content Security Policy blocks all non-consented tracking scripts
On-Chain Proof
Hash anchored on PhynSeal Avalanche L1 with zero PII, immutable record
Anyone Checks
Regulators, auditors, data buyers verify independently. No trust needed
User Sovereignty
Your Data, Your Control
Real ownership means you decide what to share, your browser enforces it, and you can revoke anytime. No exceptions.
User Visits Site
A first-party domain triggers the PayPS consent layer
Cookie Banner Appears
Categories displayed with real-time Myps rates, no dark patterns
Myps Rate Card - Monthly Earnings
User Selects Categories
Toggle on/off per category. Each choice updates potential Myps earnings.
keccak256 Hash Computed
Zero PII. Salt + domain + categories + policy version hashed into a single fingerprint.
Anchored On-Chain
Hash written to PhynSeal Avalanche L1. Immutable, timestamped, public.
Proof Card Displayed
User sees their consent proof with tx hash, timestamp, and earning status.
Consented Categories
User approved: Analytics, Marketing. Declined: Social, Functional.
Domain Mapping Registry
CSP Meta Tag Generated
A Content-Security-Policy header is injected into the page, whitelisting only consented domains.
Browser Engine Enforces
The browser's rendering engine blocks any script not in the CSP whitelist. No JavaScript workaround can bypass this.
Click Revoke
User presses the revoke button for any consent record from their dashboard.
Confirmation Dialog
Clear explanation: revoking stops Myps earnings for this consent but keeps already-earned tokens.
Salt Deleted from DB
The off-chain salt is permanently erased. Without it, the hash can never be re-derived.
CSP Re-Locked
Previously whitelisted domains are removed from the Content Security Policy. Scripts blocked immediately.
Hash Becomes Tombstone
The on-chain record is marked revoked. The hash remains as unforgeable proof that consent once existed and was withdrawn.
Myps Earning Stops
Future rewards for this consent cease. Already-earned Myps are yours forever, soulbound and non-revocable.
Article 7(3) - Right to withdraw consent at any time.
Article 17 - Right to erasure. Salt deletion makes re-identification cryptographically impossible.
Verification & Provenance
Trust No One - Verify Everything
Every consent is anchored on-chain, witnessed by two independent parties, and verifiable by anyone. No trust assumptions. Just math and cryptography.
Consent Choices
User selects cookie categories: analytics, marketing, personalization
keccak256 Hashing
Consent data hashed client-side with salt + domain + categories + policy version
PhynSeal API
Receives hash, validates schema, prepares on-chain transaction via ERC-4337
Avalanche L1 Transaction
ConsentAnchor.sol stores the hash immutably on PhynSeal's Avalanche L1
Anyone can verify this transaction on any Avalanche explorer.
Public Verification
Paste the hash, verify independently. No login. No API key. No trust required.
Consent Anchor
The on-chain consent record - immutable proof of what the user agreed to
Browser SDK
Embedded in the website, observes what actually happens in the browser
Records Execution
Logs which cookies were set, which scripts loaded, which categories were unblocked
Collection Receipt
Hash of everything that actually happened - the browser's witness statement
Data Processor
The third-party that receives and processes the consented data
Confirms Handling
Attests to what data was received, how it was processed, what policies were applied
Attestation Hash
Hash of the processor's testimony - their independent witness statement
Cross-Verification
PhynSeal compares consent + receipt + attestation - three independent records, one truth
“Neither witness can forge both sides.”
The browser cannot fake the processor's attestation. The processor cannot fake the browser's receipt. Even if one is compromised, the cross-verification catches the discrepancy.
Provenance Certificate
Cryptographic proof of the entire chain of custody - consent, collection, processing
Paste Certificate Hash
Anyone - regulator, auditor, journalist, user - pastes the provenance hash
Verification Engine
Reconstructs the entire provenance chain from on-chain data and runs all checks
Plain English
LiveHow It Actually Works
No jargon. No blockchain degree required.
Camera 1
Your browser watches what cookies actually get set on your device
The Vault
The blockchain timestamps everything. Nobody can edit the recording.
Camera 2
The analytics company confirms what data it actually received
Match Confirmed
If both cameras agree, you have mathematical proof that your consent was respected
You Choose
Pick which cookies you're OK with. Analytics? Marketing? None? Your call.
IRL: Like choosing which rooms of your house to show visitors
We Lock It In
Your choice gets hashed and stamped on the blockchain. Permanent. Unchangeable.
IRL: Like getting a notarized document, but digital and instant
Two Witnesses Watch
Your browser records what actually happened. The data company records what it received. Neither can see the other's notes.
IRL: Like two security cameras covering the same room from different angles
Certificate Issued
If both records match, you get a provenance certificate. Verifiable by anyone, forever.
IRL: Like a diamond's certificate of authenticity, but for your data consent
Your data, your proof
Not a promise from a company. A mathematical receipt that can't be faked.
Companies can't lie
If they collect more than you allowed, the two cameras don't match. Busted.
Check it yourself
Open the verification page. Paste a hash. No login needed. No trust required.
Technical Deep Dive
Two-Witness Deep Dive
The technical meat for those who want to understand the protocol. How two independent witnesses create a provenance chain that neither side can forge.
Consent Proof
What the user INTENDED to allow
Collection Receipt
What ACTUALLY happened in the browser
Why They're Different
A website could say “user consented to analytics only” but then load marketing scripts anyway. The consent proof records the intention. Witness 1 catches the reality. If they don't match, the certificate fails. This is the entire point of the two-witness model. You can't lie about what happened if an independent observer was watching.
1. User Consents
Selects cookie categories on the consent banner
2. Consent Anchored
keccak256 hash stored on PhynSeal Avalanche L1
3. Browser SDK Observes
Independently records: cookies set, scripts loaded, categories unblocked
4. Receipt Anchored (Witness 1)
receiptHash = sha256(cookies + scripts + categories + timestamp)
5. Data Sent to Processor
Analytics data tagged with consentId, like a shipping label on a package
6. Processor Attests (Witness 2)
attestationHash = sha256(eventBatch), the fingerprint of what was actually processed
7. PhynSeal Cross-Verifies
Compares consent + receipt + attestation for the same consentId
8. Certificate Issued
certHash anchored on-chain. Verification rate: 100%. Verifiable forever.
What PhynSeal GETS
What PhynSeal NEVER SEES
Why Neither Side Can Cheat
Key Insight
PhynSeal is a hash matchmaker, not a data processor. It proves consent → collection → processing all happened in order for the same consent event, without ever touching the actual data. The protocol sees fingerprints, never faces.
Common Questions
FAQ
The questions everyone asks. Straight answers.
Consent proof records your intention. “I agree to analytics cookies.” It’s captured at the moment you click “Accept.”
Witness 1 records reality: what actually happened in your browser after consent. Which cookies were actually set? Which scripts actually loaded?
Think of it this way: consent proof is the contract you signed. Witness 1 is the security camera footage showing whether the other party held up their end.
The client app passes it along. When your browser sends analytics data to the processor, the consentId is tagged onto that data, like a shipping label on a package.
The processor doesn’t discover the consentId on its own. It receives data with the consentId attached, hashes that data, and submits the attestation referencing the same consentId.
This is what links the three records together: consent, receipt, and attestation all share the same consentId.
No. PhynSeal never sees raw data. It only receives hashes, one-way mathematical fingerprints.
It receives:
- A hash of your consent choices
- A hash of what your browser observed
- A hash of what the processor received
It matches them by consentId, checks timestamps are in order, verifies they’re all on-chain, and issues a certificate. Zero decryption. Zero raw data. That’s the whole point.
Not without getting caught. Here’s why:
The website controls the consent banner (Witness 1 source). But it does NOT control the processor’s attestation (Witness 2). These are submitted independently.
If the website lies about what it collected, the processor’s independent attestation won’t match. The certificate either fails or shows partial verification. Instant red flag.
And neither can fake blockchain timestamps. The chain enforces that consent came before collection, which came before processing.
The certificate gets flagged. Specifically:
A partial or failed certificate is a red flag. It means either: (a) the website collected more than consented, (b) the processor received data it shouldn’t have, or (c) timestamps don’t align.
In the current demo, PayPS acts as its own data processor. The “AcmeAnalytics” processor page is a simulator.
But here’s the important part: the architecture is not simplified for the demo. The same code paths, the same on-chain anchoring, the same cross-verification, all real. The only difference is both witnesses come from the same organization.
Adding real external processors later requires zero protocol changes. The API is the same. The verification is the same. It just needs a different entity submitting Witness 2.
Yes. Right now. No login required.
- 1Go to the verification page (
/verify) - 2Paste any certificate hash, consent ID, or payload hash
- 3See the full verification result: consent details, both witnesses, on-chain status
Every hash links to the blockchain explorer for independent verification. You don’t need to trust PayPS. You don’t need to trust PhynSeal. The math speaks for itself.
Don’t trust us. Verify.Still have questions? The best way to understand is to try it . Consent to cookies, then verify your own certificate.
Try PayPSRewards
Get Paid for Your Data
Every category you consent to earns Myps tokens daily. Your data has value - and now you capture it.
Analytics
Myps / month
Functional
Myps / month
Social Media
Myps / month
Marketing
Myps / month
Consent to all categories = 38 Myps/month
Earned passively just by browsing with active consent
Anonymous User Visits
A visitor lands on a PayPS-enabled site. No account needed.
Consents to Categories
User selects which data categories to share: analytics, marketing, functional, social.
Myps Accrue Daily
Tokens accumulate every day the consent remains active. More categories = more Myps.
Signs Up (Key Moment)
User creates an account with email. Magic Link generates a hidden blockchain wallet.
Identity Stitching
Anonymous session linked to authenticated account. All prior consent history is preserved.
Retroactive Myps Credited
All Myps earned during anonymous browsing are credited to the new account instantly.
Balance Visible on Rewards Page
Users see their total Myps balance, earning history, and active consent categories.
Redeem for Coupons
200 Myps = 5 EUR coupon. 100 Myps = 2 EUR coupon. Redeemable at partner pharmacies.
MypsToken.sol
ERC-20 token with soulbound-like restricted transfer. Your Myps, non-transferable.
On-Chain Balance Sync
Off-chain accrual syncs to on-chain balances via relayer pattern. Gasless for users.
RewardPool.sol
Businesses deposit funds to back Myps redemptions. Escrow ensures every Myps is redeemable.
SoulboundNFT (Data Passport)
Non-transferable NFT proving your consent history and data reputation. Your on-chain identity.
Estimated annual value per user: 456 Myps (~22 EUR)
Regulatory Compliance
GDPR Done Right
Not just compliant — provably compliant.
Conditions for Consent
Freely given, specific, informed, unambiguous consent with clear affirmative action.
Unchecked-by-default toggles, equal button prominence, transparent Myps pricing per category, policy version tracked on-chain.
Right to Erasure
Users can request deletion of all personal data without undue delay.
Salt deleted, domain/categories/rawPayload/anonymousId NULLed. On-chain hash remains but is permanently unlinkable without salt. The hash becomes a tombstone.
Data Portability
Users can export their data in a structured, machine-readable format.
Proof cards with consent hash, TX hash, chain status. Exportable consent history. Public verification page for independent audit.
Data Protection by Design
Privacy safeguards built into system architecture from the ground up.
Zero PII on-chain (only hashes). CSP enforcement at browser level. ERC-4337 Smart Accounts eliminate privileged admin keys.
Records of Processing
Maintain comprehensive records of all processing activities.
Two-witness provenance model. Witness 1 (browser collection receipt) + Witness 2 (processor attestation). Provenance certificates as immutable audit trail.
Data Protection Impact Assessment
Assess and mitigate risks of high-risk data processing activities.
On-chain audit trail enables real-time DPIA. Public verification allows independent assessment. Live event feed for continuous monitoring.
Traditional consent management stores proof in private databases that regulators must trust.
PayPS stores proof on a public blockchain that anyone can verify.
Under the Hood
Four layers. Product on top, blockchain on the bottom. Each layer is independently auditable and replaceable.
Next.js 16, React 19, Drizzle ORM, Neon Postgres
Capabilities
- Cookie consent with transparent pricing
- Myps rewards earned for data sharing
- GDPR dashboard for consent management
- Admin monitoring and analytics
Consent recording, identity stitching, provenance engine
Capabilities
- Hash-based consent anchoring with zero PII on-chain
- Cross-device identity stitching (privacy-preserving)
- Two-witness provenance attestation model
- Independent audit verification endpoints
API Endpoints
ERC-4337 Account Abstraction, Session Keys
Capabilities
- VeilAccount - Smart Account with dual-curve validation
- Passkey login (WebAuthn, P-256 on-device)
- Session keys for gasless, seamless UX
- Users never see gas fees or seed phrases
P256VERIFY precompile, TxAllowList, NativeMinter
Capabilities
- Dedicated throughput with no contention from DeFi traffic
- P256VERIFY precompile for native passkey verification
- TxAllowList restricts who can submit transactions
- NativeMinter for protocol-controlled gas tokens
Smart Contracts
Nine contracts across two ownership domains. PhynTec IP stays private; PayPS contracts are open-source.
PhynTec IP
5 contracts, private
EntryPoint v0.7
ERC-4337 entry point that validates and executes UserOperations
VeilAccountFactory
CREATE2 deterministic account deployment from passkey credentials
VeilAccount
P-256 + secp256k1 dual-curve signature validation
VerifyingPaymaster
Gas sponsorship so users never pay for transactions
ConsentAnchor
VCAP core: keccak256 hash anchoring with revocation bitmaps
PayPS
4 contracts, public
SoulboundNFT
Data Passport - non-transferable identity token (ERC-721)
MypsToken
ERC-20 reward token with restricted transfers
RewardPool
Business deposits flow to user reward distributions
CouponNFT
ERC-1155 multi-token coupons for pharmacy redemption
Don't trust us - verify on-chain.
PhynSeal's Protocol Account is a Smart Account, not a privileged admin key. Every action is an ERC-4337 UserOperation validated by the EntryPoint. No multisig override. No escape hatch. The protocol is the code.
Roadmap
What's Live & What's Next
We build in the open. The Avalanche L1 is deployed, smart contracts are live, and account abstraction is running. Here's everything that's shipped and what's coming next.
Live Now
16 features
Every consent choice is hashed (keccak256) and anchored immutably. Zero PII on-chain.
Browser-level Content Security Policy blocks non-consented tracking scripts in real time.
Independent client-side and server-side witnesses attest to every consent event.
Off-chain reward calculation and display. Users earn Myps for transparent data sharing.
Salt deletion + hash unlinking. Consent proof becomes unverifiable on demand, as required.
Anyone can independently verify a consent proof using the public explorer.
Real-time dashboard showing consent events, anchoring status, and system health.
Anonymous sessions seamlessly merge into authenticated profiles without data loss.
Passwordless login via device biometrics. Private keys never leave the hardware.
Dedicated Avalanche subnet for consent anchoring with sub-second finality.
Live ConsentAnchor.sol transactions on PhynSeal L1. No mocks, no fallbacks.
Non-transferable identity token issued at sign-up, binding wallet to consent history.
On-chain ERC-20 token contract synchronized with off-chain Myps balances.
Gasless user operations via account abstraction. Users never touch native tokens.
Modular smart account with ERC-7579 plugin support for extensible consent logic.
System-level UserOps for automated anchoring, reward distribution, and governance.
Planned
8 features
Drop-in consent banner for any website. One script tag to verifiable consent.
Native plugins for OneTrust, Cookiebot, and other CMPs. Retrofit existing banners.
Phone verification, device fingerprinting, and behavioral analysis to prevent abuse.
Time-gated redemption windows. Rewards vest over engagement periods to deter farming.
Batch consent hashes into Merkle trees for scalability at volume, with Superfluid for continuous reward streaming.
Third-party consent modules: age verification, jurisdiction-aware rules, custom logic.
Verify consent proofs from any EVM chain. Portable trust across networks.
Carry your consent preferences across sites. One configuration, every banner.
Overall Progress
Traditional cookie banners are theater. PayPS is consent with teeth.
The consent you see anchored during our demo is on PhynSeal L1 right now. Go verify it.