Platform

Overview

How It Works

Beneficiary Identity

Policy Corridors

Deterministic Finality

Architecture

Security Model

Governance

Integration
Solutions

Corridors Overview

Institutional Overview

Pricing

All Scenarios

Humanitarian Impact Fund
Assurance

Technical Assurance

Verify Receipt

Receipt Example
Developers

Documentation

APIs & Bridges

Architecture Docs

Glossary

BID API
Company

About

Team

Partners

Roadmap

Investors

Contact

Blog

All Documentation
Schedule Consultation
← Back to Documentation
Secure Document Vault All Documentation →

Secure Document Vault

Self-Custody Encrypted Document Storage with @Handle Sharing and On-Chain Provenance

Technical SpecificationJIL SovereignFebruary 2026

Executive Summary

Secure Document Vault (SDV) is a native feature of the JIL wallet that allows users to upload, store, and share confidential documents, entirely within their self-custody environment. Each document is encrypted client-side, stored off-chain in decentralized storage, and represented on-chain as a zero-value ERC-721 token that serves as the document's identity, access control record, and tamper-proof provenance trail.

Sharing is native: a user can send a document to any @handle on the JIL network, @joshua.jil can view my LLC agreement, and revoke access at any time. The document never leaves encrypted storage. The recipient gets a read-only decryption key, not a copy.

Core Value Proposition: Your wallet already protects your money. Now it protects everything else. Upload confidential documents, share them by @handle, and maintain full self-custody, no cloud provider, no third party, no trust required. Every document is encrypted, timestamped, and tamper-evident.

The Problem

People store their most sensitive documents in the least secure places. Tax returns live in email inboxes. Passports sit in phone camera rolls. Wills are in filing cabinets. Corporate formation docs scatter across Google Drive, Dropbox, and email threads between lawyers.

Cloud providers encrypt at rest, but they hold the keys. They can be compelled by court order, suffer breaches, and scan contents. Once a document is shared via email or link, it's copied, cached, and forwarded beyond the sender's control. There is no audit trail, no revocation, and no proof of integrity.

SDV gives every wallet holder true self-custody (only you hold keys), native @handle sharing (with on-chain audit trail and instant revocation), and immutable provenance (block-level timestamps and tamper evidence).

Document Lifecycle

Upload: AES-256 encryption on-device. Plaintext never leaves your wallet.

Store: Encrypted blob goes to IPFS (mutable) or Arweave (permanent). Not JIL servers.

Mint: Zero-value ERC-721 minted with CID, content hash, timestamp, and encrypted key ref.

Share: Recipient's @handle - public key lookup - encrypted key-share. Revocable anytime.

On-Chain Token: DocumentNFT

FieldTypePurpose
storageCIDstringIPFS/Arweave content identifier pointing to encrypted blob
contentHashbytes32SHA-256 of original plaintext, integrity verification, reveals nothing
documentTypestringLabel ("passport", "will", "contract") or generic for stealth mode
createdAtuint256Block timestamp, immutable provenance, cannot be backdated
updatedAtuint256Last modification time (for versioned documents on IPFS)
encKeyRefbytesDocument encryption key, encrypted to owner's public key
isArchivedboolPermanent (Arweave) vs. mutable (IPFS)

Tokens are soulbound by default (non-transferable), though the owner can unlock transfer for estate planning or account migration. Key functions: mintDocument(), shareWith(), revokeShare(), updateDocument(), and getShareHistory().

Encryption Stack

LayerAlgorithmPurpose
Document EncryptionAES-256-GCMSymmetric encryption of content; unique key per document
Key Wrapping (Owner)X25519Owner's public key encrypts document key
Key Wrapping (Share)X25519Recipient's public key encrypts read-only key copy
Content IntegritySHA-256Hash stored on-chain for tamper detection
Key StorageSelf-custody vaultSame infrastructure protecting token private keys

Sharing Model

Share by @handle: "Share my LLC agreement with @joshua.jil", wallet resolves handle - encrypts key-share - records on-chain - recipient sees it in "Shared With Me."

View-Only: Decrypt and view in-wallet. Cannot download. For IDs, medical records.

View + Download: View and download decrypted copy. For working documents, contracts.

View + Comment: View and attach on-chain annotations. For legal review.

Temporary: Expires after set time or view count. For due diligence.

On-Chain Audit Trail

Every share generates an immutable on-chain event recording: who received access (@handle + address), when the share was created, what type (view/download/comment/temporary), when revoked (if applicable), and when the recipient actually viewed the document. This has legal weight, cryptographic proof of document sharing at a specific time to a specific party.

Team Vaults (Institutional)

Shared document collections with role-based access: Admin (full control, manage members), Editor (upload, update), Viewer (read-only), Auditor (read-only + full audit export). Ideal for board documents, cap tables, investor data rooms, and compliance archives.

Tiered Access

Free ($0): 5 documents, 50 MB. View-only sharing, 2 recipients per doc, basic audit trail, no versioning.

Verified (BPoH, $0 + BPoH): 25 documents, 500 MB. View-only, 10 recipients, full access timestamps, 5 versions per doc, 3 permanent (Arweave).

Premium ($10/mo): 200 documents, 5 GB. View + download sharing, unlimited recipients, unlimited versions, 20 permanent archives, expiring shares, document templates.

Institutional ($100/mo): Unlimited docs, 50 GB. View/download/comment, team vaults + RBAC, compliance reporting, unlimited archival, audit trail API + export, form filling + templates.

Use Cases

Estate Planning

Upload will, trust, and insurance documents. Share view-only with spouse and attorney. Archive on Arweave permanently. Beneficiaries access via their JIL wallets, no probate court needed to locate documents.

Startup Data Room

Store corporate docs in a team vault. Grant investors 14-day temporary access: @investor.jil can view data room for 14 days. Auto-revoke after close. Full audit trail of every document accessed.

Regulatory Compliance

Share audit reports and KYC documentation with regulators via @handle. On-chain audit trail proves when documents were shared and accessed, stronger provenance than email or file transfer.

Cross-Border Identity

Store passport, visa, vaccination records. Share temporary view-only copies at border checkpoints or hotels, 1 hour, 1 view. Integrity verified against on-chain hash. Auto-revoked after expiry.

IP Timestamping

Upload a technical specification before filing a patent. Block-level timestamp proves document existed at a specific time. Content hash proves no modifications. Prior art evidence if disputed.

Humanitarian Fund Transparency

NGOs store impact documentation, receipts, audit reports, beneficiary records, in team vaults shared with JIL's humanitarian governance committee. Tamper-proof proof of fund usage.

Ecosystem Integration

BPoH

Sharing requires BPoH verification for the sender, preventing bots from spamming @handles with unsolicited document shares. Recipients don't need BPoH to receive, but verified recipients display a trust badge.

ZKC

Instead of sharing a full tax return, share a ZK proof: "this return shows income above $200K", without revealing actual figures. Zero-knowledge document verification for compliance-sensitive materials.

AATM

AI agents can request view access to tax documents for portfolio optimization. User explicitly approves; access event recorded on-chain. The agent can calibrate tax-loss harvesting without the user manually entering data.

Self-Custody Zones

Document encryption keys inherit the security of JIL's self-custody infrastructure, hardware security modules, secure enclaves, the same protection that guards token private keys.

Privacy and Security

What Is On-Chain (Public)

The ERC-721 token's existence, the document type label, sharing events (who + when), and the content hash. What is NOT on-chain: the document content, the decryption key, the filename, the file size. Nothing about the document's actual content is ever visible through the chain.

Stealth Mode

For maximum privacy: all type labels replaced with generic identifiers, sharing events use stealth addresses, document count obscured via ZK proofs.

Right to Be Forgotten

IPFS documents: Encrypted blob deleted from JIL pinning nodes. Even if cached elsewhere, useless without key. Token can be burned. Arweave documents: Blob persists by design, but destroying the key renders it permanently unreadable. Users warned at upload.

Competitive Landscape

PlatformSelf-CustodyOn-Chain Provenance@Handle ShareAudit TrailJIL Advantage
Google DriveNoNoNoBasicFull self-custody, on-chain proof
DropboxNoNoNoBasicSelf-custody, native sharing
TresoritPartialNoNoGoodOn-chain provenance, @handle
DocuSignNoPartialNoSigning onlyFull lifecycle, not just signing
Raw IPFSYesNoNoNoIdentity, sharing, UI, audit

Implementation Roadmap

Phase 1 (Months 1-3) - Core Vault: DocumentNFT contract, client-side AES-256 encryption, IPFS upload/retrieval, basic wallet UI (upload, view, delete), Free tier limits. Target: < 3s round-trip for 10 MB doc.

Phase 2 (Months 3-5) - Sharing: @handle sharing, key-share encryption, on-chain share/revoke events, "Shared With Me" UI, view-only and download share types. Revocation within 1 block.

Phase 3 (Months 5-7) - Tiers & Archival: Tiered limits enforced, Arweave permanent archival, document versioning, Premium features (expiring shares, templates).

Phase 4 (Months 7-10) - Institutional & Mainnet: Team vaults with RBAC, compliance reporting, audit export, ZKC integration, stealth mode, mainnet deployment. 2+ institutional pilots.