Privacy Layer

Prove Compliance. Reveal Nothing.

Zero-knowledge proofs let agents prove authorization, sanctions clearance, and jurisdictional compliance — without exposing credentials or PII.

Privacy-by-Design for Agentic Commerce

Caro Del Castillo champions "Privacy-by-Design" as the architectural principle for ACK-ID. The GENIUS Act §7 explicitly enables "novel methods to detect illicit activity" — zero-knowledge proofs (ZKPs) represent the most promising pathway forward. An agent can prove:

"I am authorized by a US-licensed entity AND I am not sanctioned AND my transaction is below the Travel Rule threshold"

All of this without revealing the entity name, specific credentials, transaction amount, or beneficiary identity. The compliance framework validates truth without inspecting evidence — a radical privacy improvement over legacy KYC pipelines where credentials travel with every transaction.

Interactive Demo

Zero-Knowledge KYC Explorer

Left panel displays private data (entity name, credentials, transaction amount). Click "Generate ZK Proof" to produce a cryptographic proof. Right panel shows only what the verifier receives — compliance constraints satisfied without data exposure.

Your Identity Data
Full Name
Date of Birth
Country
Passport #
OFAC Cleared
Verifier Receives
isOver18
isNotSanctioned
kycLevelMet
jurisdiction
Proof

Protocol Integration

ZK + x402 Agent Payment Flow

Step-by-step animation showing zero-knowledge identity proof integrated with x402 payment protocol. Agent generates ZK proof via World ID, attaches proof to payment, server verifies compliance constraints and authorization before releasing service.

AI Agent
Agent requests resource
CF Worker
Server returns 402
World ID
Agent generates ZK identity proof
AI Agent
Agent attaches payment + proof
CF Worker
Server verifies both
CF Worker
Resource delivered

How ZKP Satisfies Regulation

Regulation Requirement ZKP Solution
GENIUS Act §7 Novel methods to detect illicit activity without compromising privacy ZKPs allow agents to prove sanctions clearance, AML compliance, jurisdictional authorization — without exposing credentials or transaction details. Server verifies proof without accessing private data.
GDPR Article 25 Data protection by design and default ZKPs embed privacy at the protocol level. PII never transmitted across network. Agent proves compliance directly; verifier learns only: "compliant" or "non-compliant."
FATF R.16 Travel Rule: originator and beneficiary information verified and transmitted securely ZKPs satisfy verification without transmission. Agent generates proof of originator authorization and sanctions clearance. Server accepts or rejects transaction based on proof validity, never seeing originator identity.