DocumentationPreview
Privacy

Using Private Transfers

How to transact privately with UPD — shield, send, and withdraw without broadcasting your financial activity on-chain.

Tech Preview

UPP is live on Sepolia at preview.upd.io. Connect your wallet and try private transfers with test tokens.

Why Private Transfers?

UPD is a standard ERC-20. Plain transfers — like any other token — are fully visible on-chain: sender, recipient, and amount are public to anyone.

To transact privately, you shield UPD into the Universal Private Pool. Inside the pool, transfers use zero-knowledge proofs: the network verifies that balances are conserved and funds are compliant, without learning who sent what to whom.

Mint UPD           → visible on-chain (amount public)
Shield into UPP    → visible on-chain (amount enters pool)
Transfer in pool   → private (ZK proof — sender, recipient, amount hidden)
Unshield from UPP  → visible on-chain (amount leaves pool, recipient public)

The Three Steps

1. Shield

Move UPD from your public wallet into the private pool. This creates an encrypted note — your private balance record.

  • What's visible: your address transferred X UPD to the pool contract
  • What's hidden: nothing yet — shielding is a public deposit
  • What you receive: an encrypted note recording your claim to X UPD inside the pool

2. Transfer (Private Send)

Send UPD to another user inside the pool. You prove ownership of your note without revealing which note it is.

  • What's visible: a ZK proof was verified on-chain — no sender, no recipient, no amount
  • What the recipient gets: an encrypted note for the amount you sent
  • What you get: an encrypted change note for your remaining balance

Recipients share a stealth address (0zk1...) to receive funds. Each payment goes to a fresh one-time address derived from that — so even their public address never appears on-chain.

3. Unshield (Withdraw)

Move UPD from the pool back to a public address. This requires a compliance proof from an ASP (Association Set Provider) confirming your funds originate from a compliant address.

  • What's visible: X UPD transferred from the pool to the recipient address
  • What's hidden: which note you spent, your prior transaction history in the pool
  • Ragequit: if all ASPs refuse you, you can always withdraw to your original deposit address — no one can trap your funds

Viewing Keys

Every note you hold has a viewing key. Share a viewing key with an auditor or tax authority to prove a specific transaction without exposing your entire history.

You hold: 100 notes across 3 months of activity
Auditor asks: prove you received payment on March 12
You share: viewing key for that one note only
Auditor sees: amount, timestamp, proof of receipt — nothing else

Compliance

UPP isn't about evading regulators. It's about controlling who sees what, and when.

The ASP layer verifies that funds originate from compliant sources. Withdrawals require a ZK proof of compliant origin — the verifier learns "this address is in the approved set" without learning which address. See ASP Compliance for details.

Building on UPP?

If you're integrating UPP privacy into your own application or protocol, the full SDK reference lives at permissionless-technologies.com/docs/upp — including the TypeScript client, React hooks, and smart contract interfaces.

Privacy

Private transactions with UPP

System Architecture

Technical overview of Universal Private Pools

On this page

Why Private Transfers?The Three Steps1. Shield2. Transfer (Private Send)3. Unshield (Withdraw)Viewing KeysCompliance