xBureau: Cross-Border Tax Reporting Privacy
CRS 2.0 and FATCA cross-border tax reporting with privacy-preserving aggregation via xCompute. Tax authorities verify compliance without seeing individual account details.
The Problem
CRS 2.0 and FATCA require financial institutions to report account holder data across jurisdictions, but centralized reporting creates massive PII exposure risks.
Cross-border tax reporting involves sharing account balances, income, and taxpayer identification across dozens of jurisdictions. Each data exchange creates a potential breach vector.
The aggregate data flowing between 100+ jurisdictions contains the financial details of billions of accounts. A single intermediary breach exposes an entire country’s taxpayer records.
The Old Way
The PRIVATE.ME Solution
xBureau enables cross-border tax reporting where aggregate compliance data is computed on XorIDA shares via xCompute. Individual account details are never shared in the clear.
Financial institutions split account data into XorIDA shares. Tax compliance computations (aggregate balances, threshold checks, income categorization) run on shares via xCompute. Only aggregate verdicts cross borders.
Each reporting institution is authenticated via DID identity. HMAC-chained audit trails provide tamper-evident compliance records. xRedact strips unnecessary PII before any computation.
The New Way
How It Works
xBureau combines xCompute aggregation with xRedact PII minimization and xLink M2M authentication for privacy-preserving cross-border tax reporting.
Use Cases
Comply with CRS 2.0 without sending individual account data across borders.
CRSPrivacy-preserving FATCA reporting across US-foreign bank relationships.
FATCAShare only aggregate compliance data, not individual account records.
GDPRHMAC-chained audit trail proving compliance without exposing taxpayer data.
Audit⚡ Fast Onboarding
Traditional credit bureau setup requires manual custodian configuration, storage backend provisioning, and DID generation. xBureau collapses this to 15 seconds with zero-click accept, 90 seconds with one-line CLI, and 10 minutes with deploy buttons.
Speed Tiers
| Level | Setup Time | Method | What It Does |
|---|---|---|---|
| Zero-Click | 15 seconds | Env var auto-accept | Set XBUREAU_INVITE_CODE, create bureau on first use. No manual setup. |
| CLI | 90 seconds | One-line command | npx @private.me/xbureau init generates DID, saves to .env, configures storage. |
| Deploy Button | 10 minutes | One-click templates | Vercel/Netlify/Railway buttons provision storage backends + custodian infrastructure. |
Quick Start: Zero-Click (15 seconds)
# 1. Set invite code (from bureau network onboarding email) export XBUREAU_INVITE_CODE=XBU-abc123 # 2. Create your first bureau instance (auto-accepts invite)
import { createCreditBureau } from '@private.me/xbureau'; const bureau = createCreditBureau(storage); // Auto-initializes from env
- Invite auto-accepted from XBUREAU_INVITE_CODE env var
- Bureau DID generated and saved to .env
- Custodian network auto-configured (2-of-3 default)
- Storage backends connected
- Trust registry auto-populated
- Ready to store reports
CLI Setup (90 seconds)
# Install CLI globally npm install -g @private.me/xbureau # Initialize (generates DID, configures custodians) xbureau init # Store your first credit report xbureau store \ --report ./sample-report.json \ --threshold 2 \ --total-shares 3 # Output: # ✅ Report split (2-of-3) # ✅ Shares distributed to custodians # ✅ Encrypted at rest (AES-256-GCM) # ✅ Report ID: report-abc123
Deploy Button Setup (10 minutes)
Click one button to provision storage backends + custodian infrastructure on Vercel/Netlify/Railway.
- Xstore backend (share storage with AES-256-GCM encryption)
- Custodian coordination service
- MPC score computation endpoints (Xcompute integration)
- Selective disclosure API
- Compliance audit dashboard
Environment variables auto-configured • Bureau DID auto-generated • Custodian network auto-connected • Ready to store reports immediately
Integration
import { TaxReporter } from '@private.me/xbureau'; const reporter = await TaxReporter.create({ institutionDid: bankDid, jurisdictions: ['US', 'UK', 'DE'], threshold: { k: 2, n: 3 } }); const report = await reporter.generateReport(accounts);
Security Properties
| Property | Mechanism | Guarantee |
|---|---|---|
| Account data | XorIDA split | ✓ Never shared in clear |
| Computation | xCompute aggregation | ✓ No reconstruction |
| PII | xRedact stripping | ✓ Data minimization |
| Audit | HMAC-chained log | ✓ Tamper-evident |
Verifiable Data Protection
Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.
Read the xProve white paper →
Ready to deploy xBureau?
Talk to Ren, our AI sales engineer, or book a live demo with our team.
Ship Proofs, Not Source
xBureau generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.
- Tier 1 HMAC (~0.7KB)
- Tier 2 Commit-Reveal (~0.5KB)
- Tier 3 IT-MAC (~0.3KB)
- Tier 4 KKW ZK (~0.4KB)
Use Cases
Deployment Options
SaaS Recommended
Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.
- Zero infrastructure setup
- Automatic updates
- 99.9% uptime SLA
- Enterprise SLA available
SDK Integration
Embed directly in your application. Runs in your codebase with full programmatic control.
npm install @private.me/xbureau- TypeScript/JavaScript SDK
- Full source access
- Enterprise support available
On-Premise Upon Request
Enterprise CLI for compliance, air-gap, or data residency requirements.
- Complete data sovereignty
- Air-gap capable deployment
- Custom SLA + dedicated support
- Professional services included
Enterprise On-Premise Deployment
While xBureau is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:
- Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
- Air-gapped environments — SCIF, classified networks, offline operations
- Data residency requirements — EU GDPR, China data laws, government mandates
- Custom integration needs — Embed in proprietary platforms, specialized workflows
Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.