How the five components fit together: architecture, verification flows, proof types, and the security model behind Breach-Nullification.
The SELA Ecosystem inverts the traditional identity architecture. Personal data lives exclusively on the user's device, encrypted with keys only the user holds. The server relays encrypted payloads it cannot read, and the blockchain anchors cryptographic hashes—never data.
Documents, credentials, and private keys are generated and stored on-device. OCR, MRZ parsing, and ZKP generation all run locally. Nothing leaves the device without explicit, biometric-confirmed consent.
The blind relay validates organizations, routes verification requests, and stores only encrypted blobs and cryptographic commitments. It mathematically cannot read what it holds.
Organizations trigger verifications through Connect (button/QR) and manage them through Link (verification-first CRM). They receive proofs and time-limited views—never stored copies of personal data.
Every verification event is hashed and anchored on the Polygon blockchain, creating an immutable, timestamped audit trail. Only hashes are recorded; no personal data ever touches the chain.
| Component | Role | Key Capabilities |
|---|---|---|
| SELA App | The user's identity wallet | BIP39 self-custody keys, encrypted local document storage, on-device OCR (Google ML Kit / Apple Vision), MRZ parsing, local ZKP engine, AES-256-GCM encryption, biometric authentication, field-level selective disclosure, time-based access, instant revocation, activity audit trail, seed-phrase recovery. |
| SELA Link | B2B verification CRM | Lead lifecycle management, "Doc or Proof" requests, zero data liability, blockchain-anchored audit trail, privacy-masked calls (PBX Click-to-Dial) and DID-based email relay, organization gatekeeping, RESTful API and webhooks for Salesforce, HubSpot, or custom stacks. |
| SELA Server | The blind relay | Handshake orchestration, organization validation, zero-knowledge storage of encrypted blobs, blockchain anchoring on Polygon. Holds no decryption keys and no plaintext—a breach yields only ciphertext and routing metadata. |
| SELA Connect | Verification entry point | "Connect with SELA" web button and QR-code onboarding, ~30-second lead-to-verified flow, zero server-side PII, insider-threat elimination, 5-minute secured document viewers, AML / GDPR / MiFID II / FATF-aligned compliance posture. |
| SELA Vault | Self-custody credential store | Hardware-backed keys (Secure Enclave / Android Keystore), AES-256 encryption at rest, biometric-gated access, MPC-based threshold recovery, consent-scoped release of proofs, MRZ extracts, or time-limited document views. |
User clicks "Connect with SELA" or scans a QR code (SELA Connect)
SELA Server validates the organization is active and authorized
User reviews the exact request in the SELA App and confirms biometrically
Vault releases a ZKP, MRZ extract, or timed document view; the event is anchored on-chain
Confirms a fact (e.g., over 18, valid passport) without revealing any underlying data. Computed locally on the device and returned as a signed boolean result.
Shares only the structured Machine Readable Zone fields of a travel document—name, nationality, document number—without the document image itself.
For full KYC/AML: a signed URL opens a secure viewer valid for 5 minutes. No download, no right-click; the temporary key is destroyed when the session ends.
Private keys derive from a BIP39 seed phrase generated on-device; no custodian, no cloud key backup
Server-side backups are encrypted blobs; decryption keys never leave the user's device
Only cryptographic hashes are anchored on Polygon—no personal data on-chain, ever
Every share and vault access is gated by Face ID, Touch ID, or device biometrics
Access grants expire automatically (1 hour to 1 year) and can be revoked instantly by the user
Seed-phrase regeneration plus MPC threshold recovery restore access without any central party holding the full key