Don't Trust Us.
Verify.
The first consent platform where every choice is enforced by your browser, anchored on a blockchain, and verifiable by anyone.
The Problem
Cookie Banners Are Theater
The consent infrastructure the internet relies on is fundamentally broken.
Banners Lie
You click "Refuse All" but the tracking scripts run anyway. The banner is cosmetic. Nothing enforces your choice.
No Proof
Nobody can prove what was actually consented to. Not the user. Not the regulator. Not even the company collecting the data.
You Get Nothing
5 billion people click "Accept All" every day. That generates billions in ad revenue, yet the person clicking gets zero.
GDPR Is Broken
Regulators can't audit what they can't verify. Companies store consent in private databases. Delete requests are unverifiable.
The Fix
Consent with Teeth
Five steps. Every one enforced, recorded, and independently verifiable.
User Arrives
Cookie banner shows data categories with transparent Myps pricing
Choose & Hash
Choices hashed with keccak256: salt + domain + categories + policy version
CSP Locks Down
Browser Content Security Policy blocks all non-consented tracking scripts
On-Chain Proof
Hash anchored on PhynSeal Avalanche L1 with zero PII, immutable record
Anyone Checks
Regulators, auditors, data buyers verify independently. No trust needed
User Sovereignty
Your Data, Your Control
Real ownership means you decide what to share, your browser enforces it, and you can revoke anytime. No exceptions.
User Visits Site
A first-party domain triggers the PayPS consent layer
Cookie Banner Appears
Categories displayed with real-time Myps rates, no dark patterns
Myps Rate Card - Monthly Earnings
User Selects Categories
Toggle on/off per category. Each choice updates potential Myps earnings.
keccak256 Hash Computed
Zero PII. Salt + domain + categories + policy version hashed into a single fingerprint.
Anchored On-Chain
Hash written to PhynSeal Avalanche L1. Immutable, timestamped, public.
Proof Card Displayed
User sees their consent proof with tx hash, timestamp, and earning status.
Consented Categories
User approved: Analytics, Marketing. Declined: Social, Functional.
Domain Mapping Registry
CSP Meta Tag Generated
A Content-Security-Policy header is injected into the page, whitelisting only consented domains.
Browser Engine Enforces
The browser's rendering engine blocks any script not in the CSP whitelist. No JavaScript workaround can bypass this.
Click Revoke
User presses the revoke button for any consent record from their dashboard.
Confirmation Dialog
Clear explanation: revoking stops Myps earnings for this consent but keeps already-earned tokens.
Salt Deleted from DB
The off-chain salt is permanently erased. Without it, the hash can never be re-derived.
CSP Re-Locked
Previously whitelisted domains are removed from the Content Security Policy. Scripts blocked immediately.
Hash Becomes Tombstone
The on-chain record is marked revoked. The hash remains as unforgeable proof that consent once existed and was withdrawn.
Myps Earning Stops
Future rewards for this consent cease. Already-earned Myps are yours forever, soulbound and non-revocable.
Article 7(3) - Right to withdraw consent at any time.
Article 17 - Right to erasure. Salt deletion makes re-identification cryptographically impossible.
Verification & Provenance
Trust No One - Verify Everything
Every consent is anchored on-chain, witnessed by two independent parties, and verifiable by anyone. No trust assumptions. Just math and cryptography.
Consent Choices
User selects cookie categories: analytics, marketing, personalization
keccak256 Hashing
Consent data hashed client-side with salt + domain + categories + policy version
PhynSeal API
Receives hash, validates schema, prepares on-chain transaction via ERC-4337
Avalanche L1 Transaction
ConsentAnchor.sol stores the hash immutably on PhynSeal's Avalanche L1
Anyone can verify this transaction on any Avalanche explorer.
Public Verification
Paste the hash, verify independently. No login. No API key. No trust required.
Consent Anchor
The on-chain consent record - immutable proof of what the user agreed to
Browser SDK
Embedded in the website, observes what actually happens in the browser
Records Execution
Logs which cookies were set, which scripts loaded, which categories were unblocked
Collection Receipt
Hash of everything that actually happened - the browser's witness statement
Data Processor
The third-party that receives and processes the consented data
Confirms Handling
Attests to what data was received, how it was processed, what policies were applied
Attestation Hash
Hash of the processor's testimony - their independent witness statement
Cross-Verification
PhynSeal compares consent + receipt + attestation - three independent records, one truth
“Neither witness can forge both sides.”
The browser cannot fake the processor's attestation. The processor cannot fake the browser's receipt. Even if one is compromised, the cross-verification catches the discrepancy.
Provenance Certificate
Cryptographic proof of the entire chain of custody - consent, collection, processing
Paste Certificate Hash
Anyone - regulator, auditor, journalist, user - pastes the provenance hash
Verification Engine
Reconstructs the entire provenance chain from on-chain data and runs all checks
Rewards
Get Paid for Your Data
Every category you consent to earns Myps tokens daily. Your data has value - and now you capture it.
Analytics
Myps / month
Functional
Myps / month
Social Media
Myps / month
Marketing
Myps / month
Consent to all categories = 38 Myps/month
Earned passively just by browsing with active consent
Anonymous User Visits
A visitor lands on a PayPS-enabled site. No account needed.
Consents to Categories
User selects which data categories to share: analytics, marketing, functional, social.
Myps Accrue Daily
Tokens accumulate every day the consent remains active. More categories = more Myps.
Signs Up (Key Moment)
User creates an account with email. Magic Link generates a hidden blockchain wallet.
Identity Stitching
Anonymous session linked to authenticated account. All prior consent history is preserved.
Retroactive Myps Credited
All Myps earned during anonymous browsing are credited to the new account instantly.
Balance Visible on Rewards Page
Users see their total Myps balance, earning history, and active consent categories.
Redeem for Coupons
200 Myps = 5 EUR coupon. 100 Myps = 2 EUR coupon. Redeemable at partner pharmacies.
MypsToken.sol
ERC-20 token with soulbound-like restricted transfer. Your Myps, non-transferable.
On-Chain Balance Sync
Off-chain accrual syncs to on-chain balances via relayer pattern. Gasless for users.
RewardPool.sol
Businesses deposit funds to back Myps redemptions. Escrow ensures every Myps is redeemable.
SoulboundNFT (Data Passport)
Non-transferable NFT proving your consent history and data reputation. Your on-chain identity.
Estimated annual value per user: 456 Myps (~22 EUR)
Regulatory Compliance
GDPR Done Right
Not just compliant — provably compliant.
Conditions for Consent
Freely given, specific, informed, unambiguous consent with clear affirmative action.
Unchecked-by-default toggles, equal button prominence, transparent Myps pricing per category, policy version tracked on-chain.
Right to Erasure
Users can request deletion of all personal data without undue delay.
Salt deleted, domain/categories/rawPayload/anonymousId NULLed. On-chain hash remains but is permanently unlinkable without salt. The hash becomes a tombstone.
Data Portability
Users can export their data in a structured, machine-readable format.
Proof cards with consent hash, TX hash, chain status. Exportable consent history. Public verification page for independent audit.
Data Protection by Design
Privacy safeguards built into system architecture from the ground up.
Zero PII on-chain (only hashes). CSP enforcement at browser level. ERC-4337 Smart Accounts eliminate privileged admin keys.
Records of Processing
Maintain comprehensive records of all processing activities.
Two-witness provenance model. Witness 1 (browser collection receipt) + Witness 2 (processor attestation). Provenance certificates as immutable audit trail.
Data Protection Impact Assessment
Assess and mitigate risks of high-risk data processing activities.
On-chain audit trail enables real-time DPIA. Public verification allows independent assessment. Live event feed for continuous monitoring.
Traditional consent management stores proof in private databases that regulators must trust.
PayPS stores proof on a public blockchain that anyone can verify.
Under the Hood
Four layers. Product on top, blockchain on the bottom. Each layer is independently auditable and replaceable.
Next.js 16, React 19, Drizzle ORM, Neon Postgres
Capabilities
- Cookie consent with transparent pricing
- Myps rewards earned for data sharing
- GDPR dashboard for consent management
- Admin monitoring and analytics
Consent recording, identity stitching, provenance engine
Capabilities
- Hash-based consent anchoring with zero PII on-chain
- Cross-device identity stitching (privacy-preserving)
- Two-witness provenance attestation model
- Independent audit verification endpoints
API Endpoints
ERC-4337 Account Abstraction, Session Keys
Capabilities
- VeilAccount - Smart Account with dual-curve validation
- Passkey login (WebAuthn, P-256 on-device)
- Session keys for gasless, seamless UX
- Users never see gas fees or seed phrases
P256VERIFY precompile, TxAllowList, NativeMinter
Capabilities
- Dedicated throughput with no contention from DeFi traffic
- P256VERIFY precompile for native passkey verification
- TxAllowList restricts who can submit transactions
- NativeMinter for protocol-controlled gas tokens
Smart Contracts
Nine contracts across two ownership domains. PhynTec IP stays private; PayPS contracts are open-source.
PhynTec IP
5 contracts, private
EntryPoint v0.7
ERC-4337 entry point that validates and executes UserOperations
VeilAccountFactory
CREATE2 deterministic account deployment from passkey credentials
VeilAccount
P-256 + secp256k1 dual-curve signature validation
VerifyingPaymaster
Gas sponsorship so users never pay for transactions
ConsentAnchor
VCAP core: keccak256 hash anchoring with revocation bitmaps
PayPS
4 contracts, public
SoulboundNFT
Data Passport - non-transferable identity token (ERC-721)
MypsToken
ERC-20 reward token with restricted transfers
RewardPool
Business deposits flow to user reward distributions
CouponNFT
ERC-1155 multi-token coupons for pharmacy redemption
Don't trust us - verify on-chain.
PhynSeal's Protocol Account is a Smart Account, not a privileged admin key. Every action is an ERC-4337 UserOperation validated by the EntryPoint. No multisig override. No escape hatch. The protocol is the code.
Roadmap
What's Live & What's Next
We build in the open. The Avalanche L1 is deployed, smart contracts are live, and account abstraction is running. Here's everything that's shipped and what's coming next.
Live Now
16 features
Every consent choice is hashed (keccak256) and anchored immutably. Zero PII on-chain.
Browser-level Content Security Policy blocks non-consented tracking scripts in real time.
Independent client-side and server-side witnesses attest to every consent event.
Off-chain reward calculation and display. Users earn Myps for transparent data sharing.
Salt deletion + hash unlinking. Consent proof becomes unverifiable on demand, as required.
Anyone can independently verify a consent proof using the public explorer.
Real-time dashboard showing consent events, anchoring status, and system health.
Anonymous sessions seamlessly merge into authenticated profiles without data loss.
Passwordless login via device biometrics. Private keys never leave the hardware.
Dedicated Avalanche subnet for consent anchoring with sub-second finality.
Live ConsentAnchor.sol transactions on PhynSeal L1. No mocks, no fallbacks.
Non-transferable identity token issued at sign-up, binding wallet to consent history.
On-chain ERC-20 token contract synchronized with off-chain Myps balances.
Gasless user operations via account abstraction. Users never touch native tokens.
Modular smart account with ERC-7579 plugin support for extensible consent logic.
System-level UserOps for automated anchoring, reward distribution, and governance.
Planned
8 features
Drop-in consent banner for any website. One script tag to verifiable consent.
Native plugins for OneTrust, Cookiebot, and other CMPs. Retrofit existing banners.
Phone verification, device fingerprinting, and behavioral analysis to prevent abuse.
Time-gated redemption windows. Rewards vest over engagement periods to deter farming.
Batch consent hashes into Merkle trees for scalability at volume, with Superfluid for continuous reward streaming.
Third-party consent modules: age verification, jurisdiction-aware rules, custom logic.
Verify consent proofs from any EVM chain. Portable trust across networks.
Carry your consent preferences across sites. One configuration, every banner.
Overall Progress
Traditional cookie banners are theater. PayPS is consent with teeth.
The consent you see anchored during our demo is on PhynSeal L1 right now. Go verify it.