Security & Privacy Architecture
Confidential by design, compliant by choice. Learn how VeilPay protects your payroll data while maintaining regulatory flexibility.
Confidential ≠ Anonymous
VeilPay provides privacy for payment amounts, not anonymity for participants. This critical distinction enables legitimate business operations while preventing misuse.
What's Private
- • Payment amounts (encrypted)
- • Individual compensation levels
- • Payroll totals per run
What's Visible
- • Sender wallet address
- • Recipient wallet addresses
- • Transaction timestamps
- • Token type used
Privacy Spectrum
Transparent
All data public
Confidential
Amounts private
Anonymous
All data hidden
Encryption Technology
Built on proven cryptographic primitives and Solana's native confidential transfer support
ElGamal Encryption
Payment amounts are encrypted using the ElGamal encryption scheme, which is part of Solana's Token-2022 confidential transfer standard.
- Additively homomorphic (enables balance proofs)
- Semantic security against chosen-plaintext attacks
- Well-studied, battle-tested cryptography
Zero-Knowledge Proofs
Validity is proven without revealing values. The protocol verifies sufficient balance and correct encryption without seeing actual amounts.
- Range proofs ensure non-negative amounts
- Equality proofs verify correct encryption
- Balance proofs confirm sufficient funds
Encryption Flow
Plain Amount
Recipient's Public Key
Encrypted Ciphertext
Stored On-Chain
Audited & Verified
Security is our top priority. VeilPay undergoes rigorous third-party audits and maintains an active bug bounty program.
Smart Contract Audits
Multiple independent security firms review our smart contracts before mainnet deployment.
Bug Bounty Program
Active rewards program for security researchers who responsibly disclose vulnerabilities.
Open Source
Core protocol code is open source, enabling community review and verification.
Security Status
Audit reports will be published upon completion
Compliance Framework
Privacy by default, compliance when needed. VeilPay provides tools for regulatory requirements without mandating them.
Tax Reporting
Generate disclosure proofs for tax authorities. Export payment records with verified amounts when required.
- Selective disclosure
- Verified exports
- Jurisdiction-aware
KYC/KYB Options
Optional identity verification for treasury signers and recipients. Enable compliance for regulated entities.
- Optional verification
- Partner integrations
- Privacy-preserving
Audit Trails
Complete transaction history accessible to authorized parties. Prove payments occurred without revealing amounts publicly.
- Authorized access
- Immutable records
- Cryptographic proofs
Trust Model
Understanding what VeilPay can and cannot see is essential for security assessment
What VeilPay Can See
- Organization metadata (name, settings)
- Team member wallet addresses
- Payment schedules and frequencies
- Token types used for payroll
- Transaction hashes and timestamps
What VeilPay Cannot See
- Individual payment amounts
- Total payroll run values
- Recipient private keys
- Decrypted balances
- Any data not explicitly shared
Key Principle: User Control
VeilPay is designed around user sovereignty. You control your keys, you control your data. We can facilitate payments and provide infrastructure, but we cannot access encrypted amounts without your explicit consent. Compliance features are opt-in, never forced.
Security Questions? We're Here
Join our community to learn more about VeilPay's security and get in on $VEIL early.