Immutable
No one — not even TechnoRides — can retroactively alter a rating or a payment. The ledger is append-only; the past is sealed.
Network plane · M03 · roadmap
An immutable, verifiable record of reputation and payments.
The ledger is append-only, cryptographically signed, and validated by the network's own nodes. No one — not even TechnoRides — can retroactively alter a rating or a payment. Any node can prove an event exists and is valid. Below is the Ledger Explorer, the surface that reads it.
In build · roadmap
Ledger Explorer
Append-only · proof-of-authority · sample data, target design
Append-onlyEvent stream5 validators
14:02:110x9f2a…c41dpayment.settledTrip settlement · driver hash 0x7b…e2 · network city:sf-yellow Inclusion proof ✓
14:01:580x71c4…ee03reputation.rated5 rating recorded · driver hash 0x7b…e2 · trip hash 0x9f…c4 Inclusion proof ✓
14:01:400x4d8b…b8f1payment.payoutDriver payout · driver hash 0x3a…9c · network city:nyc-metro Inclusion proof ✓
14:01:220x2e07…aa55reputation.portedReputation carried across networks · driver hash 0x3a…9c · city:sf-yellow → city:nyc-metro Inclusion proof ✓
14:00:510x8c19…1d20payment.feeNetwork fee · network city:sf-yellow · trip hash 0x9f…c4 Inclusion proof ✓
14:00:330x6fa3…74bereputation.rated4 rating recorded · driver hash 0x9d…71 · network city:atx-rideshare Inclusion proof ✓
Validators · proof-of-authority5 signing
city:sf-yellowAuthorized network · signingSigned
city:nyc-metroAuthorized network · signingSigned
country:usFederation policy · signingSigned
company:atlas-fleetAuthorized network · signingSigned
city:atx-rideshareOnboarding · observingObserving
The validators are the networks themselves. No mining, no disproportionate energy cost — integrity without waste.
Verify an event
eventpayment.settled
in chain yes · block 1,284,907
signature valid · ed25519
alteredno — append-only
Build status. The Ledger Explorer above shows the target network-plane design — an append-only, validated ledger — and is shown with sample data, not a live settlement service. The network plane (registry, ledger, roaming, protocol) is on the roadmap; the operation plane (the Node, apps, dispatch, payments, tracking) is what ships today.
Private by design. Every value in the explorer is a hash or a minimal amount. Personal data, exact routes and card data never enter the ledger.
What it guarantees
Four properties, signed into every event.
The ledger isn't a database you trust because we say so. It's a record you can check for yourself.
Verifiable
Any node can cryptographically check that an event exists and is valid, with an inclusion proof — no need to take the operator's word.
Portable
Reputation belongs to the driver, not the company. It travels across networks and cities — their history follows them.
Private by design
Stores only hashes and minimal amounts. Personal data, routes and card data never enter the ledger.
Private by design
Hashes in. Identities out.
An auditable ledger does not have to be a surveillance ledger. The record proves that something happened and that it's valid — without exposing who, where, or which card. The explorer above shows exactly what a validator sees: hashes and minimal amounts, nothing more.
Consensus detail — the proof-of-authority signing scheme and validator set policy — is available to evaluation teams. Talk to sales.
Enters the ledger
- driver hash — a pseudonymous identifier
- trip hash — references the event, not the route
- Minimal settlement amount
- Rating value and validator signatures
Never enters
- Names or personal data
- Exact routes or locations
- Card or bank account data
- Anything that re-identifies a rider
Who it's for
One record, three kinds of trust.
The same append-only ledger answers a different question for each party — without any of them having to trust the others' word.
Audit without taking the word
Audit reputation and payments directly, with inclusion proofs — without taking the operator's word, and without ever seeing personal data.
For countriesA history that follows you
Reputation belongs to the driver, not the company. It travels across networks and cities — earned once, portable everywhere.
For driversStructural anti-fraud
Because the ledger is append-only and validated by the network, fraud isn't policed after the fact — it's structurally hard to write a fake event in the first place.
For companiesHow it's validated
Consensus among the networks themselves.
A permissioned chain with proof-of-authority: the validators are the authorized networks, not anonymous miners. No mining, no disproportionate energy cost — integrity without waste. A block is final once a quorum of network validators signs it, and any node can re-check that signature forever.
See governanceSigned block · proof-of-authority
{
"module": "M03",
"block": 1284907,
"prev": "0x8c19…1d20",
"events": [
"0x9f2a…c41d",
"0x71c4…ee03",
"0x4d8b…b8f1"
],
"consensus": "proof-of-authority",
"signatures": [
"city:sf-yellow",
"city:nyc-metro",
"country:us",
"company:atlas-fleet"
],
"quorum": "4 / 5",
"final": true
}Where it sits
The registry gates writes; the ledger records them.
M03 is the auditable memory of the network plane. The registry decides who may write to it; the protocol is how events reach it.
Network Registry M01
The directory and control plane. It gates which authorized networks are allowed to write to the ledger at all. Roadmap
See the RegistryThe Node
A single operator's live network — dispatch, payments, tracking. Its settled trips and ratings are what become events in the ledger.
See the NodeProtocol
The open interface agents and merchants enter through — and the path a signed event travels on its way into the ledger. Roadmap
Read the protocolGet started
A record nobody can quietly rewrite.
Reputation that follows the driver. Payments anyone can audit. Privacy that's structural, not promised. The ledger is how the network earns trust without asking for it.