Home SELA Ecosystem Happy CISO Protocol Request Demo
Documentation

SELA Ecosystem Docs

How the five components fit together: architecture, verification flows, proof types, and the security model behind Breach-Nullification.

One Principle: The Server Holds Nothing

The SELA Ecosystem inverts the traditional identity architecture. Personal data lives exclusively on the user's device, encrypted with keys only the user holds. The server relays encrypted payloads it cannot read, and the blockchain anchors cryptographic hashes—never data.

1

Device Layer — App & Vault

Documents, credentials, and private keys are generated and stored on-device. OCR, MRZ parsing, and ZKP generation all run locally. Nothing leaves the device without explicit, biometric-confirmed consent.

2

Relay Layer — Server

The blind relay validates organizations, routes verification requests, and stores only encrypted blobs and cryptographic commitments. It mathematically cannot read what it holds.

3

Organization Layer — Link & Connect

Organizations trigger verifications through Connect (button/QR) and manage them through Link (verification-first CRM). They receive proofs and time-limited views—never stored copies of personal data.

4

Anchor Layer — Blockchain

Every verification event is hashed and anchored on the Polygon blockchain, creating an immutable, timestamped audit trail. Only hashes are recorded; no personal data ever touches the chain.

The Five Components

ComponentRoleKey Capabilities
SELA App The user's identity wallet BIP39 self-custody keys, encrypted local document storage, on-device OCR (Google ML Kit / Apple Vision), MRZ parsing, local ZKP engine, AES-256-GCM encryption, biometric authentication, field-level selective disclosure, time-based access, instant revocation, activity audit trail, seed-phrase recovery.
SELA Server The blind relay Handshake orchestration, organization validation, zero-knowledge storage of encrypted blobs, blockchain anchoring on Polygon. Holds no decryption keys and no plaintext—a breach yields only ciphertext and routing metadata.
SELA Connect Verification entry point "Connect with SELA" web button and QR-code onboarding, ~30-second lead-to-verified flow, zero server-side PII, insider-threat elimination, 5-minute secured document viewers, AML / GDPR / MiFID II / FATF-aligned compliance posture.
SELA Vault Self-custody credential store Hardware-backed keys (Secure Enclave / Android Keystore), AES-256 encryption at rest, biometric-gated access, MPC-based threshold recovery, consent-scoped release of proofs, MRZ extracts, or time-limited document views.

From Request to Proof

1. Trigger

User clicks "Connect with SELA" or scans a QR code (SELA Connect)

2. Handshake

SELA Server validates the organization is active and authorized

3. Consent

User reviews the exact request in the SELA App and confirms biometrically

4. Proof

Vault releases a ZKP, MRZ extract, or timed document view; the event is anchored on-chain

Three Levels of Disclosure

Zero-Knowledge Proof

Confirms a fact (e.g., over 18, valid passport) without revealing any underlying data. Computed locally on the device and returned as a signed boolean result.

ICAO MRZ Extract

Shares only the structured Machine Readable Zone fields of a travel document—name, nationality, document number—without the document image itself.

Restricted Document View

For full KYC/AML: a signed URL opens a secure viewer valid for 5 minutes. No download, no right-click; the temporary key is destroyed when the session ends.

Guarantees by Design

Self-Custody Keys

Private keys derive from a BIP39 seed phrase generated on-device; no custodian, no cloud key backup

Zero-Knowledge Storage

Server-side backups are encrypted blobs; decryption keys never leave the user's device

Blockchain Anchoring

Only cryptographic hashes are anchored on Polygon—no personal data on-chain, ever

Biometric Consent

Every share and vault access is gated by Face ID, Touch ID, or device biometrics

Revocation & Expiry

Access grants expire automatically (1 hour to 1 year) and can be revoked instantly by the user

Recovery by Math

Seed-phrase regeneration plus MPC threshold recovery restore access without any central party holding the full key

Want to Go Deeper?

The SELA Protocol documentation covers the cryptographic layers, handshake specification, and security guarantees in detail.

Read the Protocol Talk to Our Team