paybondpaybond
Sign in

Paybond Ledger

A verifiable record for every settlement decision.

Paybond Ledger keeps the signed history behind intents, evidence, release/refund decisions, disputes, and exports so partners can check what happened without relying on a dashboard screenshot.

Start sandbox>Read Ledger docs

One record, many reviewers.

Ledger keeps settlement records, receipts, verifier packs, and dispute material aligned without giving reviewers raw database access.

  • Records decisions, not dashboard state

    Each important settlement step is preserved as signed history. Corrections happen by adding a follow-up record, not by rewriting the past.

  • Scoped to the customer

    Organization scope comes from authenticated credentials. Exports and verifier packs are limited to the current tenant and access is logged.

  • Built for reviewer handoff

    Audit bundles include manifests, file hashes, checkpoints, redaction tier, and reviewer instructions where the tenant plan enables exports.

  • Receipts stay consistent

    Harbor settlement records, dispute packets, Signal receipts, and compliance exports point back to the same signed history.

How provenance becomes verifiable

Ledger turns settlement activity into bounded review material a customer can explain outside the console.

  1. Step 1

    Capture each step

    When an intent is created, funded, updated with evidence, released, refunded, or disputed, Paybond records the step in signed history.

  2. Step 2

    Bind it to the customer

    Records carry the authenticated organization scope, the intent, and the actor involved, so review material stays tied to the right customer.

  3. Step 3

    Package review material

    Where enabled for the plan and tenant, Gateway builds signed audit bundles and can provide a tenant-scoped ledger verifier pack from that history.

  4. Step 4

    Verify the package

    Reviewers check the manifest signature, listed file hashes, ledger checkpoint, and verifier result without direct database access.

  5. Step 5

    Share only what is needed

    Standard and extended export profiles keep sensitive details bounded while still giving reviewers enough proof to validate a claim.

What reviewers receive

A Ledger-backed export is a bounded package for one tenant and one window, with the proof material needed to verify it later.

Example reviewer package

Audit export bundle

Verified

A compact package a customer can hand to an auditor, partner reviewer, or dispute desk for one tenant and one export window.

Export details

Export window
2026-05-01 00:00 UTC -> 2026-05-07 23:59 UTC
Tenant scope
acme-travel-prod
Resolved from authenticated organization credentials.
Ledger tip
seq 41,124 / tip 8f3c...a91d
Redaction tier
standard
Sensitive provider payloads and evidence links are reduced for outside review.
Manifest
manifest.json signed, 9 artifacts hashed
Verification result
verified; no digest drift

Included files

  • manifest.json

    Signed manifest with artifact digests and captured checkpoint.

  • proof/ledger_verifier_pack.json

    Continuity proof for the captured ledger tip.

  • harbor/intents/{intent_id}.json

    Intent, evidence, and settlement records for included intents.

  • signal/reputation_receipts.json

    Signed standing receipts at the same checkpoint when included.

  • VERIFICATION.txt

    Plain-language steps for checking the package offline.

Read export docsLedger docsCompare plans

Verification without raw database access.

Ledger powers tenant-scoped verifier packs and signed audit exports, not a public event firehose. Reviewers get the evidence package, manifest, proof material, and verification result they need.

Properties

  • There is no public raw ledger event stream; reviewers use Gateway audit exports, verifier packs, manifests, and verification results.
  • Audit exports are available where enabled for the plan and tenant, with standard and extended redaction profiles.
  • Every export and verification request is authenticated, tenant-scoped, and access-logged.
  • Corrections are appended as follow-up records so reviewers can see what changed and why.
Read export docs

Built for audit, disputes, and verification

A signed record keeps auditors, partners, and support desks aligned around the same settlement outcome.

  • Compliance and audit packets

    Generate reproducible exports backed by signed history for internal controls and third-party review where exports are enabled.

  • Partner verification

    Share a bounded proof package that validates settlement claims without granting database access or exposing unrelated tenant data.

  • Dispute resolution

    Preserve evidence, reviewer actions, and settlement decisions as part of one record so escalations remain attributable and reviewable.

Ledger FAQ

What Ledger is, what reviewers can verify, and where the product boundary sits.

Is the Ledger a blockchain?

No. The Ledger is an append-only signed event log optimized for provenance and verification within Paybond’s settlement model. The goal is tamper-evident history and attributable events, not public consensus.

How does the Ledger relate to Harbor and Signal?

Harbor records the agreement, evidence, and release/refund outcome. Ledger preserves the signed history behind those records. Signal uses that history to build receipts and standing views.

How do you handle corrections?

Corrections are expressed as new events that clarify or supersede prior facts. The history remains append-only so reviewers can see what changed and why.

Is it multi-tenant?

Yes. Reads, writes, exports, and verifier packs are limited to the authenticated organization. Tenant mismatches are rejected before the request reaches the underlying record, and export access is logged.

Is there a public raw ledger event stream?

No. Raw event pages are protected Harbor routes for trusted ingestion and automation. Public review happens through Gateway audit exports, tenant verifier packs, and verification routes, not a paginated event stream.

Is Ledger a legal audit opinion?

No. Ledger provides signed records and verification material. Customers, auditors, payment providers, and legal teams still decide how those records satisfy their own review or compliance obligations.