COMPLYR LogoComplyr

How Complyr Works

Complyr has two user-facing surfaces:

  • The business interface, where payments are created, records are reviewed, and auditors are given access to the business' payment transactions.
  • The auditor portal, where an authorized external auditor runs private audit tests against the business payment transactions.

Both surfaces rely on the same onchain source of truth: the business wallet and the encrypted audit registry.

1. Business-facing flow

Wallet onboarding

The business signs in through Privy and deploys or reconnects its smart wallet. In the codebase, that wallet is an ERC-4337 account created through SmartWalletFactory.

Once deployed, the wallet becomes the treasury account used for:

  • One-off payments
  • Batch payouts
  • Internal record review
  • Auditor access management

Creating a payment

In the wallet interface, the business enters:

  • Recipient address
  • Amount
  • Reference ID
  • Jurisdiction
  • Expense category

Those fields are visible in the UI, but the sensitive audit values do not leave the browser in plaintext. The frontend encrypts the audit information (amount, jurisdiction and expense category) before submission.

Sending the payment

The payment is then submitted through the ERC-4337 client.

The current implementation supports:

  • Single and batch transfers

Plain transfer helpers are intentionally disabled and revert. This is an important product decision: in Complyr, a business payment is expected to carry audit data atomically.

Recording the audit trail

When the transfer is executed, the wallet writes an audit record into AuditRegistry.

Each record contains:

  • Transaction or intent identifier
  • Token address
  • Recipient addresses
  • Encrypted amount handles
  • Encrypted category handles
  • Encrypted jurisdiction handles
  • Plaintext reference IDs
  • Timestamp

This gives the business an immutable audit trail that lives with the payment flow rather than in a separate spreadsheet.

After payment, the business can open the Records view and load audit records directly from AuditRegistry. The records are presented to the business in a way that allows them to easily decrypt and view the audit information.

Granting Access to external Auditors

The business adds an auditor from the wallet interface. That action writes auditor approval and access level onchain through AuditRegistry.

The current contract supports two practical access levels:

  • Findings access: The auditor can create private audit tests and decrypt findings and aggregate report values.
  • Full records access: The auditor can also decrypt ledger records.

The business then shares a dedicated portal URL with the auditor: /auditors/[proxyAccount]

Note: All audit tests created are encrypted and the business can't access them. This is to prevent the business from making payments that pass the tests (e.g. dividing payments so as not to trigger a large payment test).

2. Auditor-facing flow

Entering the auditor portal

The auditor enters the link shared by the business and enters the auditor portal page. The auditor connects a wallet in the portal. The portal does not trust an offchain session. It checks authorization onchain by reading:

  • Whether the auditor is approved by the business wallet
  • What access level they were granted
  • Which audit tests and findings belong to that auditor

Creating private audit tests

The portal allows an auditor to create private checks such as:

  • Large payment limits
  • Recipient exposure limits
  • Category exposure limits
  • Jurisdiction exposure limits

The important detail is that the limits are encrypted in the browser before they are submitted. The business can approve the auditor without learning the auditor's internal limit settings.

Reading findings

As new payments are made by business, AuditRegistry evaluates active review tests against encrypted values and stores encrypted results for the auditor. Old payments that were made before the auditor was approved are also evaluated.

The auditor can then decrypt:

  • The list of transactions/payments flagged by the tests
  • Aggregate encrypted totals, if their access level allows it
  • The full ledger, if they have Full access

This lets the auditor see exactly what they are allowed to see, without turning the company's entire treasury history into public data.

3. How the two sides interact

The interaction model is deliberately asymmetric:

  • The business owns the wallet and approves access
  • The auditor owns the review logic they create
  • The contract evaluates that logic over encrypted data
  • The browser handles decryption only for authorized wallets

That structure gives both sides something they do not usually get from standard crypto payment tooling:

  • Businesses get privacy and a stronger payment record
  • Auditors get deterministic, onchain evidence instead of screenshots and spreadsheets.

4. Why this matters

For businesses, Complyr reduces reconciliation work, improves audit readiness, and makes each payment easier to defend later.

For auditors, regulators, and compliance teams, it creates a review path that is:

  • More trustworthy than offchain exports
  • More private than handing over a full ledger
  • More actionable than a raw transaction list with no business context.

On this page