Architecture
Complete technical overview of PRIV Protocol's monorepo structure, 4-layer stack, and Base L2 integration.
Monorepo Structure
PRIV Protocol is organized as an npm workspace monorepo with clear separation of concerns.
priv-protocol/
├── apps/
│ ├── web/ # Main dashboard (Next.js 15, React 19)
│ ├── api/ # API service (Next.js API routes)
│ ├── landing/ # Token launch landing page
│ ├── docs/ # Documentation site (Fumadocs)
│ └── mobile/ # Mobile VPN app (React Native/Expo)
├── extensions/
│ └── chrome/ # Chrome extension (Vite, Manifest V3)
├── packages/
│ ├── contracts/ # Solidity smart contracts (Foundry)
│ ├── sdk/ # @priv/sdk - Analytics SDK (<5KB)
│ ├── types/ # @priv/types - Shared TypeScript types
│ ├── ui/ # @priv/ui - Shared React components
│ └── compliance-sdk/ # B2B GDPR compliance SDK
└── supabase/
└── functions/ # Supabase Edge FunctionsApps
User-facing applications: web dashboard, mobile app, API service, landing page, and documentation.
Packages
Shared libraries: smart contracts, SDK, TypeScript types, UI components, and compliance tools.
Extensions
Browser extensions for passive data collection with user consent.
Supabase
Edge Functions for serverless backend logic and real-time capabilities.
Technology Stack
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | Next.js 15, React 19 | Server components, App Router |
| Styling | Tailwind CSS, shadcn/ui | Design system and components |
| Backend | Supabase (PostgreSQL) | Database, Auth, Realtime |
| Cache | Upstash Redis | Rate limiting, session cache |
| Blockchain | Base L2 (OP Stack) | Token, marketplace, governance |
| Contracts | Solidity, Foundry | Smart contract development |
| Extension | Vite, Manifest V3 | Browser extension bundling |
| Mobile | React Native, Expo | Cross-platform mobile app |
| Hosting | Vercel | Edge deployment |
| Types | TypeScript (strict) | End-to-end type safety |
4-Layer Architecture
PRIV Protocol is built on a 4-layer architecture that separates concerns and enables scalability.
Layer 1: Frontend
The frontend layer consists of multiple user-facing applications:
| Application | Technology | Description |
|---|---|---|
| Web Dashboard | Next.js 15 | User earnings, consent management, staking |
| Mobile VPN | React Native | Passive mobile data collection |
| Browser Extension | Vite + MV3 | Desktop browsing data collection |
| Analytics SDK | TypeScript | Website integration for publishers |
Layer 2: API Layer
The API layer handles all business logic and data validation:
// API route structure
apps/api/src/app/api/v1/
├── analytics/ # SDK event ingestion
├── events/ # Event tracking
├── identify/ # User identification
├── billing/ # Stripe integration
├── marketplace/ # DataXchange API
└── user/ # User managementKey responsibilities:
- Request validation with Zod schemas
- Authentication via JWT and API keys
- Rate limiting via Upstash Redis
- CORS management (tiered by endpoint type)
Layer 3: Database
Supabase PostgreSQL provides the data layer:
-- Core tables
users -- User accounts and profiles
api_keys -- Hashed SDK API keys
events -- Raw analytics events
contributions -- User data contributions
consent_records -- GDPR consent tracking
earnings -- Pending/paid earningsFeatures:
- Row Level Security (RLS) for multi-tenancy
- Real-time subscriptions for live updates
- Generated TypeScript types via Supabase CLI
Layer 4: Blockchain
Smart contracts on Base L2 handle value transfer:
| Contract | Address | Purpose |
|---|---|---|
| PRIVToken | 0x... | ERC20 with voting delegation |
| PRIVStaking | 0x... | Stake for rewards and governance |
| DataXchange | 0x... | Data listing and purchasing |
| PRIVGovernor | 0x... | DAO proposal and voting |
| PRIVTimelock | 0x... | Governance execution delay |
Data Flow Diagrams
SDK Event Ingestion
Data Contribution Flow
Multi-Oracle Consensus
For high-value data transactions, PRIV uses multi-oracle consensus to ensure data quality:
How it works:
- Submission: User submits data with consent metadata
- Distribution: Data is sent to multiple independent oracles
- Validation: Each oracle scores data quality independently
- Consensus: Results are aggregated (2/3 majority required)
- Settlement: Smart contract releases payment based on quality score
Oracle criteria:
- Data authenticity (not synthetic)
- Consent validity (proper opt-in)
- Format compliance (meets schema requirements)
- Uniqueness (no duplicate submissions)
Why Base L2?
PRIV Protocol chose Base (Coinbase's Ethereum L2) for strategic reasons:
Low-Cost Transactions
Essential for high-frequency micro-payments. Gas costs are cents, not dollars.
Coinbase Integration
Direct access to 100M+ users and seamless fiat on/off ramps.
Ethereum Security
Inherits L1 security guarantees while reducing costs 100x.
EVM Equivalence
Standard Solidity tooling, Foundry, and ecosystem compatibility.
Base advantages for PRIV:
| Feature | Benefit |
|---|---|
| OP Stack | Open source, aligned with decentralization ethos |
| Fast finality | 2-second block times for responsive UX |
| Native bridging | Easy ETH/USDC bridging from mainnet |
| Growing ecosystem | Active DeFi and social protocols |
Security Architecture
PRIV implements defense-in-depth security:
Client-Side
- All sensitive data encrypted before transmission
- API keys never stored in plaintext
- Content Security Policy enforcement
API Layer
- Input validation with Zod schemas
- Rate limiting per API key
- CORS restrictions (tiered by endpoint type)
- SHA-256 API key hashing
Database
- Row Level Security (RLS) policies
- Encrypted connections (TLS 1.3)
- Regular automated backups
Smart Contracts
- Timelock for governance actions
- Multi-sig admin controls
- Audited by [Audit Firm]
- Bug bounty program
See the Security Overview for complete details.
Development Workflow
Prerequisites
# Required
node --version # 18+
npm --version # 9+
# For smart contracts
curl -L https://foundry.paradigm.xyz | bash
foundryupCommon Commands
# Install all workspace dependencies
npm install
# Run specific app in development
npm run dev --workspace=@priv/web
npm run dev --workspace=@priv/api
# Build specific package
npm run build --workspace=@priv/sdk
# Run contract tests
cd packages/contracts && forge test
# Generate Supabase types
npx supabase gen types typescript --project-id "$PROJECT_ID" > packages/types/src/database.tsTypeScript Configuration
All packages use strict TypeScript:
{
"compilerOptions": {
"strict": true,
"moduleResolution": "bundler",
"noUncheckedIndexedAccess": true
}
}