SirVeyor

Consumers receive nothing in exchange for their data. Worse, they rarely know their data is being traded. When they do find out and attempt to opt out, the process is fragmented — each of the hundreds of data brokers has a different opt-out procedure, most designed to be difficult to complete. SirVeyor automates this entirely, covering 29 major brokers with 90-day re-submission cycles.

Businesses purchasing third-party data face quality and consent problems. Data collected without explicit consent carries regulatory risk under GDPR, CCPA, and emerging state privacy laws. Poor data quality leads to wasted ad spend and damaged consumer trust. SirVeyor's oracle validation and on-chain attestation system gives businesses cryptographic proof of data accuracy before they pay.

Centralized data stores are prime attack targets. In 2023 alone, over 3.5 billion records were exposed in data breaches. Consumers have no visibility into which breaches have affected them or what data is now circulating on the dark web. SirVeyor's dark web monitoring via HaveIBeenPwned provides continuous visibility across 14+ billion compromised records.

SirVeyor uses email and password authentication with JWT tokens. Passwords are hashed with bcrypt; an additional PBKDF2-derived auth secret is transmitted instead of the raw password, ensuring the plaintext password never reaches the server. All accounts support optional TOTP two-factor authentication (Google Authenticator, Authy, etc.) enforced server-side via a pre-JWT TOTP token step.

The user's Cardano wallet mnemonic is generated entirely in the browser, encrypted client-side using AES-256-GCM with a PBKDF2-derived key from the user's password, and only the ciphertext (vault) is stored on the server. The plaintext mnemonic never leaves the browser and is held only in memory during the session — never in localStorage.

SirVeyor deploys two Plutus V3 smart contracts compiled with Aiken on the Cardano mainnet:

Escrow Contract — Locks SRV tokens when a business creates a data request. The contract validates the consumer's verification key hash and releases tokens to the consumer on approval (Approve redeemer) or returns them to the business on denial (Deny redeemer). A deadline mechanism allows businesses to reclaim tokens from expired requests.

Consent Registry — Creates an immutable on-chain record when a consumer approves a data request, referencing the escrow transaction hash, categories consented to, and a POSIX timestamp. This provides cryptographic proof of consent for regulatory compliance.

A Node.js/Express API hosted on Railway handles: authentication (JWT + bcrypt + TOTP), consumer profile encryption (AES-256-GCM client-side with PBKDF2 key derivation), decentralised profile replication to IPFS via Pinata, request matching, trust score computation, data delivery with anonymization, rolling in-memory API metrics, on-chain attestation submission, inbound email routing (Resend webhooks), and support ticket threading.

When an admin approves an oracle validation, the backend constructs and submits a Cardano transaction from the platform hot wallet carrying two metadata labels. Label 674 (CIP-20) provides a human-readable message. Label 7391 carries the SirVeyor attestation record: schema version, data category, confidence score (×100 as an integer), a SHA-256 privacy-preserving hash linking the record to the database row without exposing identity, a monotonically increasing sequence number, and a Unix timestamp. The resulting transaction hash is stored in the database and displayed on the public Ledger page. No personally identifiable information is ever included in on-chain metadata.

A Next.js 16 application hosted on Vercel uses Lucid Evolution for browser-side Cardano transaction building. The user's mnemonic is generated in the browser, encrypted client-side, and only the ciphertext is stored on the server. Cardano transactions are signed entirely in the browser — the server never has access to private keys.

Encrypted consumer profile blobs are replicated to IPFS via Pinata, creating a content-addressed, decentralised backup layer alongside the primary PostgreSQL database. Each profile update pins the new encrypted blob and unpins the previous version to manage storage efficiently.

IPFS provides three key properties: durability — profiles survive database failures because the encrypted blob exists on the IPFS network independently; verifiability — the CID is a cryptographic hash of the data, so any retrieval can be verified; and decentralisation — no single point of failure controls the storage layer. Because all data stored on IPFS is AES-256-GCM ciphertext, even direct access to the blob reveals nothing without the user's password.

SirVeyor implements a five-tier role system: CONSUMER (data marketplace and Privacy Shield), BUSINESS (data request creation and SRV token purchases), ADMIN (full platform control, all email addresses), CMO (email composer, blog management, support tickets), and DEVELOPER (support tickets and orphaned escrow rescue tooling). Role enforcement is applied at both the API route level and the frontend UI layer.

Businesses purchase SRV directly on the platform by sending ADA to the SirVeyor holding wallet. The backend verifies the on-chain payment via Blockfrost (with fallback transaction scanning) and distributes SRV from the holding wallet to the business's Cardano address. Purchases are capped at 100,000 SRV per transaction to ensure fair distribution and prevent market concentration. SRV is also available on decentralized exchanges (SundaeSwap, Minswap) using ADA.

Businesses lock SRV tokens directly into the Plutus escrow contract when creating a data request. That locked amount is the consumer's compensation — it is never held by SirVeyor. Tokens are released to the consumer only when they explicitly approve, or returned to the business on denial or expiry. A tiered protocol fee is charged on top of the consumer payout and flows to the SirVeyor treasury: 5% for low-sensitivity categories (browsing history, interests, social media), 10% for medium-sensitivity (location, purchase history, demographics), and 15% for high-sensitivity (health, financial). The protocol fee is additive — businesses pay it on top of the consumer payout and consumers always receive the full amount they were promised.

Total supply is fixed at 100,000,000 SRV. The distribution prioritizes consumer rewards and marketplace liquidity while providing runway for ecosystem growth and long-term sustainability.

Consumers submit data category validation requests through the platform. Trained SirVeyor administrators review supporting evidence against documented standards (defined in the Oracle Validation SOP, document SRV-SOP-001) and assign a confidence score between 0.00 and 1.00. Categories include Demographics, Income, Location, Purchase Behavior, and Health. Every decision is logged with a full audit trail.

Every approval immediately triggers a Cardano transaction from the SirVeyor platform hot wallet. The transaction carries CIP-20 metadata (label 674) and a custom SirVeyor attestation payload (label 7391) containing the data category, confidence score, sequence number, timestamp, and a SHA-256 hash that cryptographically links the chain record to the database row without exposing any consumer identity. These records are permanently on the Cardano blockchain and can be queried by anyone using Blockfrost or any Cardano explorer.

SirVeyor's current oracle validation pipeline relies on trained platform administrators. As the marketplace scales, manual review becomes a bottleneck. The planned integration with Chainlink will introduce automated, trustless data validation for select categories — confirming location via geolocation APIs, validating purchase history against merchant networks, and cross-referencing demographic claims against public records, all without human intervention.

The /ledger page provides a public view of all on-chain attestations — total count, category breakdown, average confidence, and a live table with direct links to each transaction on Cardanoscan. Any investor, business partner, or regulator can independently verify SirVeyor's attestation history without needing access to the platform.

Platform administrators have access to a real-time performance dashboard showing user and consumer growth, data request volume and conversion, rolling API health metrics (request count, response times, error rates), SRV token statistics from Blockfrost, and live ADA market price from CoinGecko. The dashboard is instrumented via a 1-hour rolling in-memory metrics middleware with per-minute bucketing. CMO users have access to email composition, blog management, and support ticket handling. Developer users have access to support tickets and orphaned escrow rescue tooling.

SirVeyor integrates with the HaveIBeenPwned API — the world's largest database of known data breaches, covering 14+ billion compromised records. Users can scan their email address to determine if they've been exposed in any known breach, with detailed information about which data types were compromised and when.

SirVeyor maintains a database of 29 major data brokers and their opt-out mechanisms. With a single click, users can submit opt-out requests to all brokers simultaneously. SirVeyor tracks the status of each request, parses inbound replies automatically, and resubmits every 90 days as data brokers frequently re-add records.

Current broker coverage includes: Spokeo, WhitePages, Intelius, BeenVerified, Radaris, PeopleFinder, MyLife, Acxiom, LexisNexis, Equifax, Epsilon, Oracle Data Cloud, Experian, CoreLogic, ZoomInfo, TransUnion, and more.

All inbound emails to support@sirveyor.app are automatically routed into a threaded support ticket system. Tickets are matched to existing open threads by sender email within a 30-day window, ensuring continuous conversation history. Platform staff reply directly from the admin panel with proper email threading (In-Reply-To headers set for email client compatibility).

Data broker opt-out rights are established under CCPA (California Consumer Privacy Act), GDPR (General Data Protection Regulation), Virginia CDPA, Colorado CPA, and similar state and national privacy laws. Data brokers are legally required to honor opt-out requests within 30–45 days.

The service worker caches essential app routes and assets, enabling core functionality even with intermittent connectivity. The web app manifest enables installation on iOS (via Safari Add to Home Screen) and Android (via Chrome Install Prompt).

SirVeyor includes an integrated merch store fulfilled by Printful, shipping worldwide. Products include privacy-themed tees, hoodies, mugs, and stickers. Payments are accepted via Stripe (card) and ADA (Cardano native), making it one of the first consumer merch experiences natively integrated with a Cardano wallet.

SirVeyor is planned for distribution on the Google Play Store via Trusted Web Activity (TWA) and on the Apple App Store via WKWebView wrapper. Both approaches allow the existing PWA codebase to be distributed through official channels without maintaining separate native codebases. Target release: Q3 2026.

Each business on SirVeyor earns a trust score based on their consumer approval rate (approved requests / total resolved requests). This score determines which data sensitivity tiers they can access:

Consumer data categories that have passed oracle validation carry an on-chain attestation and a confidence score. Businesses querying the data marketplace can filter by validated categories and minimum confidence thresholds, ensuring they only pay for data that meets their accuracy requirements.

SirVeyor maintains an admin panel with role-based access for business verification, oracle validation management, email communications (scoped by role), blog management, support ticket handling, and platform monitoring. Admin users follow a formal Standard Operating Procedure (SRV-SOP-001) for all oracle validation decisions.

Planned for 2027, the SirVeyor DAO will allow SRV token holders to vote on protocol fees, treasury allocation, and platform upgrades. Staking rewards will incentivize long-term participation from consumers who regularly contribute validated data to the marketplace.