The compliance layer that verifies users once and unlocks every gated financial service — without storing personal data.
Every financial service repeats the same identity checks. Users submit the same documents to every provider.
Raw documents, passports, and biometric data sit in siloed provider databases — each a breach waiting to happen.
Compliance signals don't travel. A verified user at provider A remains unverified at provider B.
GDPR mandates data minimisation. Most compliance stacks are architecturally incapable of it.
A single verifiable credential unlocks every compliant service in the ecosystem — no re-verification required.
Only claim keys are persisted. No JWT payload, no PII, no biometric data — by architecture, not by policy.
W3C-standard verifiable credentials move with users. Open protocol; no lock-in to any issuer or platform.
Privacy by default — GDPR Art. 25 enforced at the data model layer, validated by independent legal review.
A trusted issuer — your KYC provider, a regulated authority, or the OHNexus platform itself — issues a W3C Verifiable Credential to the user's self-sovereign identity wallet. Cryptographically signed. Tamper-proof.
The user presents a Verifiable Presentation to any OHNexus-connected service. The protocol verifies the cryptographic proof in real time — no database lookup, no third-party call required.
Eligibility outcomes are anchored on-chain. The execution record is immutable. Service providers get compliance proof without ever seeing the user's raw credentials.
Cryptographic verification of W3C Verifiable Credentials and Presentations via a dedicated verifier service. Raw JWT payloads are never stored — only a SHA-256 hash for audit correlation. Issuer trust is validated against a permissioned registry.
Every service defines its own credential requirements — type, issuer, claim values, expiry. The eligibility engine evaluates all mandatory requirements in a single pass and writes a deterministic GRANTED or DENIED outcome. No caching. No stale state. Always a fresh evaluation at invocation time.
On AUTHORIZED, the protocol calls the publisher's provider API and optionally issues a platform-signed Verifiable Credential to the user's wallet. Execution is anchored on-chain via the ServiceRequests contract — creating an immutable compliance record. Provider endpoints receive no user credential data, no claim values, no PII.
Fintechs, asset managers, regulated data providers
Retail investors, institutional participants, regulated individuals
Full Verify–Eligibility–Execution stack implemented in Rust. AWS-free unit tests. Trait-backed architecture throughout.
Ed25519 did:key generation, OID4VCI credential issuance, OID4VP presentation — all in-browser. No custodial wallet.
ServiceRequests contract deployed and live. Every AUTHORIZED invocation anchored with a cryptographic execution ID.
End-to-end: draft wizard → validate → publish → credential-gated invocation → auto-issued VC to user wallet.
First regulated service publishers being onboarded. Credential type taxonomy being extended for MiFID use cases.
GDPR DPA registration, production AWS environment, eIDAS-aligned credential schema finalisation.
The financial system runs on trust. But trust today means handing over your passport to every gatekeeper. We built OHNexus so that proof of trust becomes portable — held by the user, verified by math, never stored by anyone.
We're onboarding a small group of regulated financial service providers and institutional participants. Tell us about your use case.
Privacy-preserving. Cryptographically verifiable. Built on open standards. OHNexus is the middleware between who you are and what you can access.
Request Early Access