paybondpaybond
Sign in

Paybond Ledger

Provenance that survives contact with production.

The Ledger is Paybond’s append-only history: signed events that tie intents, settlement attempts, operator actions, and exports into one tamper-evident graph—so verification doesn’t depend on trusting a dashboard.

Start now>Explore docs

One history, many proofs.

When provenance is canonical and append-only, exports, receipts, and selective disclosures can all agree.

  • Append-only by design

    Events are recorded as an immutable history. Corrections happen by appending new facts—not rewriting the past.

  • Signed and attributable

    Events are bound to explicit identities (tenant/operator) so downstream systems can verify origin and intent.

  • One provenance graph

    Settlement, disputes, exports, and receipts are all derived from the same canonical history.

  • Selective disclosure

    Prove specific claims with minimal disclosure: share proofs and receipts without exposing full internal telemetry.

How provenance becomes verifiable

The Ledger is the canonical event history that other surfaces summarize.

  1. Step 1

    Record lifecycle events

    As intents are created, funded, evaluated, and settled, the system appends signed lifecycle events.

  2. Step 2

    Canonicalize provenance

    Events are normalized into a consistent, queryable history keyed by intent, tenant, and operator identity.

  3. Step 3

    Derive exports and receipts

    Compliance exports and Signal receipts are derived from the same append-only graph, ensuring consistent truth across surfaces.

  4. Step 4

    Verify integrity

    Consumers verify signatures and ordering guarantees, reducing reliance on privileged database access.

  5. Step 5

    Disclose minimally

    Share targeted proofs: the minimum evidence needed to validate a claim, backed by signed provenance.

Auditability is a feature, not a report.

The Ledger exists so verification can be performed from signed history. Tenant and operator identity remain explicit, enabling safer exports and partner-facing disclosures.

Properties

  • Append-only history prevents silent rewrites.
  • Signed events enable independent integrity checks.
  • Exports and receipts derive from the same canonical provenance graph.
Explore docs

Built for audit, disputes, and verification

A canonical history keeps downstream consumers aligned.

  • Compliance & audit packets

    Generate reproducible exports backed by signed provenance—suitable for internal controls and third-party review.

  • Partner verification

    Provide selective disclosure proofs that validate settlement claims without granting database access.

  • Dispute resolution

    Preserve evidence and operator actions as part of the same history, so escalations remain attributable and reviewable.

Ledger FAQ

What the Ledger is (and isn’t), and how it stays verifiable.

Is the Ledger a blockchain?

No. The Ledger is an append-only signed event log optimized for provenance and verification within Paybond’s settlement model. The goal is tamper-evident history and attributable events, not public consensus.

How does the Ledger relate to Harbor and Signal?

Harbor uses deterministic evaluation to decide release/refund. The Ledger records the signed lifecycle that produced those outcomes. Signal derives receipts and rollups from that provenance for partner-facing standing checks.

How do you handle corrections?

Corrections are expressed as new events that clarify or supersede prior facts. The history remains append-only so reviewers can see what changed and why.

Is it multi-tenant?

Yes. Tenant identity is explicit throughout reads, writes, and exports. Cross-tenant access is treated as a severity-zero incident and defended at every boundary.