Skip to main content

Trust & Compliance

Trust in Naba Web3 Wallet is achieved through architectural design, not custodianship or centralized control. The system is designed as infrastructure for regulated Web3 environments, providing technical capabilities that enable compliant applications without enforcing policy itself.

Design Principles

Naba Web3 Wallet is built on foundational design principles that prioritize security, privacy, and verifiability.

Privacy-by-Design

Privacy is a fundamental design constraint, not an optional feature:
  • Data minimization: System architecture minimizes data collection to what is necessary for operation
  • Cryptographic protection: Identity information is protected through zero-knowledge proofs
  • User control: Users maintain control over their identity and transaction data
  • Privacy-preserving defaults: System defaults protect privacy without requiring user configuration
Privacy considerations influence all system design decisions from the ground up.

Minimal Trust Assumptions

The architecture minimizes trust requirements by relying on verifiable systems:
  • Trust anchors: Uses established trust systems (UAE Pass, blockchain networks) rather than creating new trust
  • Verifiable logic: All validation rules are on-chain and publicly verifiable
  • No custodial trust: Users do not need to trust Naba with their assets
  • Transparent operations: System behavior is observable and auditable by third parties
By minimizing trust assumptions, the system reduces risk and increases verifiability for all stakeholders.

Deterministic Verification

Transaction validation follows deterministic, reproducible rules:
  • Predictable outcomes: Same inputs always produce same validation results
  • Reproducible logic: Validation rules can be independently verified
  • No hidden state: All validation logic is explicit and observable
  • Consistent behavior: System behavior is consistent across all instances
Deterministic verification enables independent auditing and verification by regulators, partners, and technical auditors.

Identity-Backed, Privacy-Preserving

Naba Web3 Wallet uses UAE Pass as a trust anchor to verify user identity while preserving privacy through zero-knowledge cryptography.

UAE Pass as Trust Anchor

UAE Pass provides the foundation for identity verification:
  • Government-backed verification: Official identity verification from UAE authorities
  • Widely adopted standard: Established identity system used across UAE services
  • Strong authentication: Robust authentication mechanisms
  • Regulatory framework alignment: Operates within UAE regulatory framework
This trust anchor enables the system to verify user legitimacy without requiring the system itself to become a trusted identity provider.

Zero-Knowledge for Privacy

Identity verification occurs without exposing personal information:
  • Off-chain verification: Identity verification happens outside the blockchain
  • Zero-knowledge proofs: Cryptographic proofs demonstrate verification without revealing identity data
  • No personal data on-chain: Names, IDs, and personal identifiers never appear on the blockchain
  • No identity disclosure to apps: Applications receive verification status, not identity information
The system establishes trust through verified identity while maintaining user privacy.

No Personal Data on-Chain

The blockchain contains no personal identity information:
  • Only proofs: Zero-knowledge proofs of verification status
  • Cryptographic commitments: Hash-based commitments where necessary
  • No identifiers: No names, government IDs, or personal data
  • Privacy-preserving architecture: System design prevents identity data from being stored on-chain
This architecture ensures that identity verification provides trust without compromising user privacy.

Non-Custodial by Default

Naba Web3 Wallet operates as a non-custodial system where users retain full control of their assets.

Users Retain Control

Users maintain direct control over their funds and operations:
  • User-controlled assets: Users have direct control of their funds through smart account ownership
  • No intermediary custody: The wallet does not hold, manage, or control user assets
  • Direct blockchain interaction: Transactions occur directly between user accounts and the blockchain
  • User responsibility: Users maintain responsibility for their assets and operations
The system provides tools and infrastructure; users maintain sovereignty over their assets.

No Custody of Funds

The wallet does not act as a custodian:
  • No asset holding: Naba does not hold user funds in any form
  • No recovery keys: Naba does not hold recovery keys or backup mechanisms
  • No asset management: The system does not manage or control user assets
  • Reduced custodial risk: No single point of failure for asset custody
This non-custodial design eliminates custodial risk and aligns with self-custody principles.

No Recovery Keys Held by Naba

Recovery and backup mechanisms are user-controlled:
  • User-managed recovery: Users control their own recovery mechanisms
  • No Naba-held keys: Naba does not store or have access to user recovery keys
  • User responsibility: Users are responsible for key management and recovery
  • Infrastructure support: System provides infrastructure for key management, but does not control keys
This approach maintains user sovereignty while providing infrastructure support.

Data Handling & Minimization

Naba Web3 Wallet is designed to minimize data collection and storage while maintaining functionality.

No Storage of Personal Identity Data

The system does not store personal identity information:
  • Off-chain verification: Identity verification occurs outside the wallet system
  • No identity databases: Personal identifiers are not stored in wallet infrastructure
  • Session-based authentication: Only verification status is maintained, not identity data
  • Privacy-preserving design: Architecture prevents identity data collection
Identity verification provides trust without requiring identity data storage.

No Centralized User Database

The system avoids centralized data storage:
  • Distributed architecture: No central database of user information
  • Blockchain state: User state is maintained on-chain through smart accounts
  • Minimal metadata: Only operational metadata necessary for functionality
  • No behavioral tracking: User behavior and patterns are not tracked or stored
This architecture reduces data exposure risk and supports privacy preservation.

Only Cryptographic Commitments

Where commitments are necessary, only cryptographic hashes are used:
  • Hash-based commitments: Cryptographic hashes for verification without revealing data
  • Zero-knowledge proofs: Proofs of properties without revealing underlying data
  • No plaintext storage: No personal data stored in plaintext
  • Cryptographic security: All commitments use cryptographically secure methods
This approach enables verification while maintaining privacy.

Auditability & Verification

Naba Web3 Wallet is designed to be auditable by regulators, partners, and technical auditors.

On-Chain Verification

Validation logic executes on-chain, providing:
  • Public verification: Validation rules are publicly visible on the blockchain
  • Network consensus: Validation decisions are confirmed by network validators
  • Immutable records: Validation history is permanently recorded
  • Independent audit: Anyone can verify validation logic and decisions
On-chain verification ensures transparency and enables independent auditing.

Deterministic Logic

System logic is deterministic and reproducible:
  • Predictable behavior: Same inputs produce same outputs
  • Reproducible validation: Validation rules can be independently verified
  • No randomness in validation: Validation decisions are deterministic
  • Consistent execution: System behavior is consistent across all instances
Deterministic logic enables reliable auditing and verification.

Verifiable Behavior

System behavior can be independently verified:
  • Open architecture: System design and components are documented
  • Verifiable code: Smart contract code is publicly available
  • Clear policies: Validation policies are explicit and documented
  • Audit-friendly design: Architecture supports third-party audits
This verifiability enables stakeholders to understand and verify system behavior independently.

Regulatory Alignment

Naba Web3 Wallet is designed to operate in regulated environments and support regulatory requirements through its technical architecture.

Designed for Regulated Environments

The system architecture considers regulatory requirements:
  • Identity verification support: Technical capabilities support identity verification requirements
  • Audit capabilities: Provides audit trails and verification records
  • Transparent operations: System behavior is observable and verifiable
  • Privacy preservation: Protects user privacy while supporting regulatory needs
The design provides technical capabilities that support regulatory requirements without enforcing policy itself.

Compatible with Jurisdiction-Based Identity

The identity layer is designed to be jurisdiction-aware:
  • UAE Pass integration: Uses UAE’s official identity system
  • Regulatory framework alignment: Operates within UAE regulatory framework
  • Extensible design: Architecture supports additional identity systems if needed
  • Jurisdiction-specific policies: Can support jurisdiction-specific validation policies
The identity layer respects jurisdictional requirements while maintaining privacy and security.

Infrastructure-Layer Approach

The system is positioned as infrastructure rather than a policy enforcer:
  • Technical capabilities: Provides technical tools and capabilities
  • Policy-agnostic: Does not enforce specific regulatory policies
  • Application enablement: Enables applications to implement their own regulatory policies
  • Neutral infrastructure: Provides infrastructure without taking policy positions
This approach positions Naba as neutral infrastructure that enables applications to meet regulatory requirements.

Enables Applications to Meet Regulatory Requirements

The infrastructure enables applications to address regulatory requirements:
  • Identity verification: Applications can verify user identity through the system
  • Audit trails: Applications can access verification records for regulatory purposes
  • Privacy-preserving approach: Applications can address requirements while preserving privacy
  • Technical support: Infrastructure supports regulatory requirements without enforcing policy
Applications built on Naba infrastructure can implement their own regulatory policies using the technical capabilities provided.

What Naba is NOT

To clarify positioning, Naba Web3 Wallet is explicitly not the following:

Not a Custodian

  • Naba does not hold, manage, or control user funds
  • Users maintain direct control of their assets
  • No custodial services are provided
  • Users bear responsibility for their assets

Not a KYC Provider

  • Naba does not perform Know Your Customer (KYC) checks
  • Identity verification is provided by UAE Pass, not Naba
  • Naba provides infrastructure for identity verification, not KYC services
  • Applications may implement their own KYC policies using the infrastructure

Not a Surveillance System

  • Naba does not track or monitor user behavior
  • No behavioral data is collected or stored
  • Privacy-preserving design prevents surveillance
  • System architecture minimizes data collection

Not a Bank

  • Naba is not a financial institution
  • No banking services are provided
  • No deposits, loans, or banking operations
  • Infrastructure for financial applications, not a bank itself

Summary

Naba Web3 Wallet is neutral infrastructure designed for trusted Web3 ecosystems. The system provides technical capabilities—identity verification, privacy-preserving architecture, non-custodial design, and auditability—that enable applications to operate in regulated environments. The infrastructure does not enforce regulatory policy, provide custodial services, or act as a financial institution. Instead, it provides the technical foundation that enables partners, developers, and institutions to build Web3 applications that can address their specific regulatory requirements while preserving user privacy and maintaining security. This infrastructure-first approach positions Naba as a technical enabler for regulated Web3 ecosystems, supporting trust through architecture rather than custodianship or policy enforcement.