Skip to main content

System Overview

PayWithZ combines on-chain speed with off-chain guardrails to create a compliant stablecoin infrastructure.
PayWithZ uses a three-layer architecture:
  1. On-Chain Programs - Solana programs enforce compliance
  2. Backend API - REST API for operations
  3. Client Applications - Admin dashboard and mobile wallet
Compliance is enforced at the blockchain protocol level using our policy smart contract. This makes it impossible to bypass compliance checks.
No PII stored on-chain. Only KYC hashes are stored. Full KYC data remains in secure database with regulator access.

Architecture Diagram

Core Components

1. Solana Programs

Three Anchor programs deployed on Solana:

Compliance Hook

Enforces KYC on every transfer. Automatically called on each transaction.

SBT Manager

Issues and manages KYC Soulbound Tokens. Non-transferable identity proof.

Issuer

Mints and redeems stablecoins. Manages supply under authority control.

2. Transfer Hook Technology

How Transfer Hooks Work:
  1. User initiates transfer
  2. Solana automatically calls Compliance Hook program
  3. Program verifies:
    • ✅ Sender has valid SBT
    • ✅ Receiver has valid SBT
    • ✅ Not on blacklist
    • ✅ Passes velocity limits
  4. Transfer proceeds only if all checks pass
This cannot be bypassed - Transfer hooks are enforced by Solana at the protocol level. No transaction can complete without going through the compliance check.

3. Backend API

RESTful API providing:
  • Wallet creation and management
  • KYC submission and processing
  • Stablecoin operations (mint, transfer, redeem)
  • Compliance policy management
  • Transaction logging

4. Database Layer

Secure storage for:
  • User accounts and KYC data
  • Transaction history
  • Compliance policies
  • Audit logs
Privacy: Full KYC data stored here, not on-chain.

Data Flow

KYC Submission Flow

Transfer Flow

Security Architecture

On-Chain Security

  • Program Upgradability: Controlled by admin multisig
  • Authority Control: Mint and freeze authorities managed securely
  • Transfer Hooks: Enforced at protocol level, cannot be bypassed
  • SBT Non-Transferability: Enforced by token program

Off-Chain Security

  • API Authentication: Secure endpoint access
  • Database Security: Row-level security policies
  • Wallet Storage: Encrypted keypair storage
  • Audit Logging: All actions logged with timestamps

Compliance Architecture

Privacy by Design

  • No PII on-chain: Only KYC hashes stored
  • Private Database: Full KYC data in secure database
  • Regulator Access: Separate API for regulators

Audit Trail

  • All transactions logged: On-chain and in database
  • Compliance reasons: Stored for every blocked transfer
  • User actions: Full audit log of admin actions

Scalability

Current Capacity

  • Transactions: 1000+ TPS (Solana network limit)
  • Users: Designed for 100K+ users
  • API: Can handle 10K+ requests/second

Network

  • Testnet: Currently deployed on Solana Testnet
  • Mainnet Ready: Architecture supports mainnet deployment

Next Steps

Features

Explore all platform features

How It Works

See the complete flow in action