Data and Payment Privacy

Data flow

Raw user data never reaches the model directly. Sieve intercepts it first, stripping personally identifiable information and replacing it with opaque tokens. After the model processes the anonymised input, Sieve rehydrates the result with the original values before returning it to the user. The model only ever sees clean data.

The token map (the mapping from tokens back to original values) is held in memory only. It is never written to disk, never transmitted, and discarded after rehydration. No PII persists in the processing pipeline.

Multi-tier NER pipeline: PII detection

Named-entity recognition (NER) is the process of identifying and classifying entities in text. A single NER model is insufficient for production PII detection because different models have different strengths.

• ML detection: runs first as the primary layer. Context-aware: understands that a number in a conversational context is a phone number even without a country code. Covers names, emails, phones, credit cards, IBAN codes, and national IDs.
• Pattern detection: runs second to catch structured identifiers the primary layer missed. Stronger on formats with deterministic structure: account numbers, reference codes, domain-specific identifiers.
• Regex: runs last as a fallback for deterministic patterns that neither prior layer handles: custom ID formats, internal reference numbers, domain-specific codes.

Where spans overlap, the highest-confidence detection wins. The result is entity coverage that no single approach achieves alone. All three tiers run entirely on the local machine - no text is sent to a classification API.

Payment flow

When an agent authorises a payment, Specter generates a Pedersen commitment to the amount. A range proof shows the amount is within policy limits without revealing the value. The ETH-signed authorisation is submitted to the counterparty, who can verify solvency without learning the amount. Nullifiers prevent the same authorisation from being used twice.

Pedersen commitments: payment amount privacy

A Pedersen commitment allows a prover to commit to a value without revealing it. The commitment is binding (the prover cannot later claim a different value) and hiding (the commitment reveals nothing about the underlying amount).

Specter uses Pedersen commitments over an elliptic curve: C = r·G + v·H

• v - the payment amount (hidden)
• r - a random blinding factor known only to the payer
• G and H - independent generators (nothing-up-my-sleeve points)

A range proof alongside the commitment demonstrates 0 <= v <= limit without disclosing v. The processor receives proof of solvency and policy compliance, not the amount itself.

Phase 1 vs Phase 2

• Phase 1 (current). Amount hidden via Pedersen commitment and range proof. ETH address visible to processor. Payments from the same agent are linkable by address.
• Phase 2 (roadmap). Full address hiding via shielded address scheme. Neither the amount nor the payer address is disclosed to the processor. The nullifier and commitment scheme carry forward unchanged.