NFT-Based Advisor Access

A key innovation in TaxChain is its NFT-Based Advisor Access System — a decentralized permissions layer that allows crypto users to securely and selectively share their tax data with third parties, such as tax advisors, auditors, accountants, or compliance professionals. Unlike traditional platforms that require users to export sensitive financial information into centralized portals, spreadsheets, or third-party apps, TaxChain introduces a non-custodial, on-chain, tokenized access framework built around Permission NFTs (pNFTs).

This module ensures that users retain full control over who can see their data, when, for how long, and to what extent— all while maintaining end-to-end encryption and immutable access audit trails.

1. Conceptual Model

At the heart of this system is a new ERC-721-compatible token standard called pNFT (Permission NFT). Each pNFT acts as a time-bound, scope-limited, non-transferable access token that grants a third party the ability to read a user’s TaxChain data in a granular and privacy-preserving way.

Entity
Role

User Wallet

Issues and revokes pNFTs; owns tax data

Advisor Wallet

Holds pNFT and gains scoped access

Access Gateway

Middleware that enforces pNFT scope

2. pNFT Structure and Metadata

Every pNFT is a non-transferable token (non-tradable, non-approvable) that encodes all access rights in its metadata. The standard used is based on [ERC-721 + EIP-5192 (Soulbound)] and extended with encrypted metadata using EIP-5528.

Example Metadata Structure:

{
  "owner_wallet": "0xUser...",
  "advisor_wallet": "0xAdvisor...",
  "scope": {
    "read_only": true,
    "export_permission": false,
    "report_range": ["2024-01", "2025-03"],
    "jurisdictions": ["DE", "CH"]
  },
  "expires_at": "2025-04-30T23:59:59Z",
  "created_at": "2025-01-15T12:00:00Z",
  "revocable": true,
  "data_root_hash": "0xf17a..."
}

Each pNFT is cryptographically linked to the snapshot Merkle root of the tax data it references. This ensures that the data the advisor accesses cannot be tampered with, retroactively changed, or mismatched.

3. Lifecycle of a pNFT

Step
Description

Issuance

User signs an on-chain transaction to mint a pNFT to the advisor's address, specifying access parameters.

Activation

On the next block, the advisor wallet can query the TaxChain Gateway to decrypt and view the granted data.

Usage

The advisor fetches monthly reports, filtered transaction logs, or gain/loss records, depending on scope.

Expiration

After the expires_at timestamp, the pNFT becomes invalid and automatically loses access.

Revocation

The user can burn the pNFT at any time, immediately halting advisor access.

Audit Trail

All actions (issue, read, export, revoke) are hashed and appended to the user’s Tax Graph.

4. Access Gateway Enforcement

To ensure secure and scoped access, the TaxChain protocol employs an off-chain access gateway that runs a verifiable WASM sandbox. This layer performs the following functions:

  • Decryption – Advisor submits pNFT + signature → Gateway validates and derives symmetric keys to decrypt relevant reports.

  • Scope filtering – Enforces jurisdiction, date range, and read/export flags.

  • Rate limiting – Prevents brute-force or abusive querying of high-frequency endpoints.

  • Audit logging – Writes a pNFT_Accessed event to the Tax Graph each time the advisor fetches data.

All of this is verifiable by the user at any time, and the user can download a full access audit log including timestamps, IP metadata (if enabled), and datasets accessed.

5. Granular Scoping Features

TaxChain’s pNFT standard supports fine-grained access control via encoded metadata. Examples include:

  • Temporal Scope: e.g., “Grant access to all reports from Jan 2023 to Dec 2024”

  • Jurisdictional Scope: e.g., “Only allow viewing of data categorized under CH (Switzerland)”

  • Functional Scope:

    • read_only: true → advisor can only view reports in browser

    • export_permission: true → advisor can download PDF/JSON copies

  • Report Type Scope:

    • reports_only: true → advisor sees monthly summaries

    • transactions_allowed: true → advisor sees underlying cATU events

This gives users full sovereignty over their data, similar to OAuth scopes in Web2 but implemented in a decentralized, tamper-proof, and transparent way.

6. Security and Privacy Guarantees

The NFT-based access system is engineered for zero-knowledge alignment with user privacy:

Feature
Mechanism

Encryption

Reports stored encrypted with AES-256-GCM; keys derived using user private key + access policy hash

Data Integrity

All shared data linked to the Tax Graph via Merkle roots; no mutable data exists

Non-transferability

pNFTs are soulbound (ERC-5192); cannot be sold, transferred, or reassigned

Auditability

All access actions logged in append-only ledger; advisors are accountable

Selective Disclosure

Users can issue multiple pNFTs to different advisors with different scopes

7. Use Cases

  • Retail Clients & Accountants – Alice mints a pNFT for her tax advisor, valid for DE jurisdiction from 2023–2025, with read-only rights.

  • Institutional Reporting – A crypto hedge fund grants temporary pNFTs to their Big Four auditors during a due diligence audit, which automatically expire after 30 days.

  • Cross-Border Users – A user who moved between France and Switzerland can issue two pNFTs: one to a French tax expert (FR 2023) and one to a Swiss advisor (CH 2024).

  • DAO Governance – A DAO treasury can issue a limited pNFT to a compliance oracle that verifies its DeFi activity is tax-neutral under its foundation's jurisdiction.

8. Compliance and Legal Alignment

  • GDPR & Data Minimization: Advisors only see what is necessary. No raw blockchain history or off-scope metadata is exposed.

  • Audit-Readiness: All pNFTs can be linked to signatures, timestamps, and data proofs compatible with legal documentation requirements.

  • Enterprise Integration: pNFTs can be mapped to enterprise identity systems (e.g., DID, ENS, GLEIF) to track access on an organizational level.

9. Planned Extensions

  1. pNFT Revocation API – Automatic revocation when advisor’s public key is compromised or flagged.

  2. Multi-sig pNFTs – Require multiple signatures (e.g., user + compliance officer) before granting access.

  3. Proof-of-Access ZK Circuits – Allow users to prove that “only advisor X saw reports Y” without revealing report content.

  4. KYC-Linked Advisor Registry – Optional DAO-curated list of licensed professionals who can be assigned pNFTs via alias (e.g., @taxpro.eth).

The NFT-Based Advisor Access system offers a decentralized, programmable, and privacy-respecting alternative to the flawed status quo of tax data sharing. With granular control, strong cryptographic guarantees, and seamless user experience, it redefines how professionals interact with sensitive financial data in a Web3-native world.

PreviousMonthly Tax ReportingNextProtocol Design

Last updated