What Agreely is

Agreely is a consent-accountability protocol. Think of it as a driver's license for data access: before your code uses a piece of personal data for a purpose, it checks whether the person actually licensed that use, and the answer is a single, authoritative yes or no. When the person revokes, the license is torn up and the very next check says no.

Underneath the one-call API is a small, deliberate set of cryptographic primitives. Every grant produces a signed receipt that anyone can verify offline, the record of what happened is anchored on-chain so it cannot be quietly rewritten, and erasure is a crypto-shred rather than a promise. The result is consent you can prove, not consent you merely logged.

The Loi 25 problem

Quebec's Law 25 (Loi 25) turned consent accountability into a legal obligation. It is no longer enough to collect a checkbox; an organization must be able to show, after the fact, that consent was given, exactly what it covered, that it was honored while active, and that it stopped being honored the moment it was withdrawn. Most teams can collect consent. Very few can prove it in a way that survives a regulator or an auditor.

The gap is structural. Consent usually lives as a boolean in an application database: easy to write, easy to overwrite, impossible to prove was not edited after the fact, and disconnected from the code paths that actually touch the data. Agreely closes that gap with verifiable receipts, an on-chain anchor, and a synchronous check your code calls inline.

The one-call mental model

There is one question Agreely answers, synchronously, on every data use:

Has this customer granted this category of data for this purpose, right now?

import { Agreely } from "@agreely/sdk";

const agreely = new Agreely({ apiKey: process.env.AGREELY_API_KEY! });

if (await agreely.check("cust_8812", "Phone number", "Billing")) {
  // ...you may use the phone number for billing
}

check() returns a boolean. allow is the only true. A revoked, expired, erased, or never-granted cell is false. The check reads a single indexed enforcement record, so it is fast, and it is fail-closed: if Agreely cannot be reached, the default answer is deny.

Two sides, one protocol

Agreely runs as two apps over a single protocol, plus a server-to-server API.

  • The company app (agreely.ca) is the dashboard where an organization declares its catalog, issues consent requests, watches enforcement, and reads audit trails. See the company guide.
  • The citizen portal (my.agreely.ca) is where a person approves, reviews, and withdraws consent with a passkey. It has no tenant and never sees a company's customer IDs. See the citizen portal.
  • The /v1 API is the synchronous, server-to-server surface your code calls, with TypeScript and PHP SDKs and an agent-native CLI.

The two apps are separate processes that never share a customer identifier. What connects a citizen's approval to a company's enforcement record is one opaque, per-cell reference, which is why the two sides cannot be trivially joined. See unlinkability.

What Agreely is NOT

Agreely never holds your customer data

Agreely is not a data vault, a CDP, or a customer database. It never stores the phone number, the email, or the record itself. It stores the proof of consent for a (customer, category, purpose) cell and the cryptographic artifacts that let anyone verify that proof. Your data stays in your systems; Agreely proves what the person agreed to.

It is also not:

  • A cache to read once and trust. Every check() is a fresh, authoritative call. Caching an allow while a revoke lands is a correctness failure.
  • A consent CMP / cookie banner. Those collect a signal; Agreely makes the signal provable, revocable, and enforceable at the point of use.
  • A blockchain product. The chain is the tamper-evidence layer, never the read path. The synchronous check never touches it.

A 60-second quickstart

The fastest path from zero to a working gate is the quickstart: install an SDK, set one environment variable, and wrap a data use in a single check().

Where to go next

  • Quickstart gates a feature in under a minute.
  • Core concepts is the mental model: catalogs, the (category, purpose) grid, the check, revoke, and erasure.
  • Company guide is the operator's tour of the dashboard, from catalog to consent requests to audit.
  • Citizen portal is how a person approves and withdraws consent with a passkey.
  • The protocol is the centerpiece: did:agreely, canonicalization, keccak256 commitments, the Merkle construction, the signature suites, and the on-chain registry.
  • API reference and the interactive /v1 spec.