DonorProof

DonorProof lets charities prove restricted donations were spent as promised in real time, using Midnight zero-knowledge proofs that protect beneficiary privacy.

Comment

About the Project

DonorProof started from a simple problem: restricted donations run on trust, but trust is a weak control. If a donor gives to food aid, medical support, or housing, they usually get a year-end report and a promise that the restriction was respected. Charities have the opposite problem: they may want to prove compliance, but the evidence they hold contains sensitive beneficiary and supplier data they cannot safely publish. That tension felt like exactly the kind of problem zero-knowledge systems should solve.

We built DonorProof on Midnight as a privacy-preserving compliance layer for charities. The core idea is that charities commit expense data as it happens, but keep the underlying records private. Later, they generate a zero-knowledge proof showing that spending rules were followed without exposing raw expense details. In practical terms, that means a donor can verify outcomes like:

$$ \frac{\text{direct aid spend}}{\text{total spend}} \ge 0.85 $$

and

$$ \frac{\text{admin spend}}{\text{total spend}} \le 0.10 $$

without seeing beneficiary identities, payment references, or internal records.

From a build perspective, the project came together in three layers. We wrote a Midnight Compact smart contract to hold campaign rules, commitments, verification state, and release logic. Then we built a TypeScript API and CLI to deploy campaigns, commit expenses, and run proofs. On top of that, we built a React frontend where donors can browse campaigns and charities can manage expenses, check compliance, and trigger verification. The result is a system where the public sees proof status and compliance metrics, while private financial evidence never leaves the charity's control.

The biggest challenge was not just technical implementation, but designing the trust model honestly. We had to be clear about what the system proves and what it does not. DonorProof can prevent retroactive manipulation and prove that committed records satisfy the campaign rules, but it cannot magically detect fraud if false data is entered from day one. Another challenge was translating zero-knowledge architecture into a user flow that still feels understandable: donors do not care about circuit design, they care about whether their money was used as promised. We had to compress a complicated privacy model into a simple product experience.

What we learned most was that privacy and accountability do not have to be opposites. We also learned that building with zero-knowledge means spending as much time on product framing and system boundaries as on code. The technical stack matters, but the harder part is deciding exactly what claim your proof makes, when that claim becomes meaningful, and how to present it in a way non-technical users can trust.

Built With

Share this project:

Updates