SafeSpeak

This project is a secure feedback application designed for organizations and schools. It leverages Zero-Knowledge Proofs to verify that a user belongs to a specific whitelist before they can post.

Comment

Inspiration

  • Corporate whistleblowing is broken because it forces you to trust the very company you're reporting.
  • Even if an HR portal claims to be anonymous, your IP address, writing style, or specific details can easily expose you to management.
  • Most platforms promise privacy, but they don't actually protect you from retaliation if someone decides to look at the server logs.
  • SafeSpeak fixes this. You type out what happened, our system scrubs your identity, and mathematically proves you work there without ever revealing who you are.

What it does

SafeSpeak uses a dual-layered privacy system powered by AI and Zero-Knowledge cryptography: AI Sanitization Engine:

  • Reads raw, emotional incident reports.
  • Strips out names, dates, and identifiable writing styles.
  • Outputs a sterile, actionable corporate summary. Midnight ZK Verification: -Checks your private key against the company's employee whitelist. -Generates a unique Nullifier ID to prevent spamming. -Submits the report gas-free using enterprise-funded shielded DUST. The Result:
  • A clean dashboard that generates a public, cryptographically verified ledger where actionable reports are visible, but the authors remain completely anonymous.

How we built it

  • Built a modern React frontend that connects directly to the Lace Midnight wallet extension.
  • Routed the raw text through Google's Gemini API, which acts as our privacy filter to contextually clean the data.
  • Executed a local Zero-Knowledge circuit written in Midnight's Compact language directly in the browser once the text is safe.
  • Verified the user against the company's Merkle tree whitelist and submitted the report to the blockchain without exposing any underlying user data to the server.

Challenges we ran into

-Figuring out how to safely bridge a Web2 AI with a Web3 Zero-Knowledge network. -Ensuring that the raw, unsanitized text never accidentally leaked into the public state of the blockchain. -Maintaining a strict boundary between Midnight's private local execution and the public ledger. -Balancing fast ZK proof generation while making sure the user interface didn't overwhelm the person submitting the report.

Accomplishments that we're proud of

  • We successfully wrote, compiled, and deployed custom smart contracts using Midnight's native Compact language, mastering its unique state separation models in a high-pressure, 48-hour sprint. ## What we learned
  • Good privacy tools come from understanding the user's actual fears (retaliation), not from trying to overbuild the blockchain elements.
  • Dividing the frontend and smart contract work allowed us to move quickly and deliver a better MVP.

What's next for SafeSpeak

  • Expanding the Gemini prompt engineering to handle specific regulatory environments like HIPAA and GDPR.
  • Adding secure, anonymous two-way messaging so HR can ask follow-up questions without breaking the ZK proof.
  • Preparing the dApp architecture and smart contracts for Midnight's upcoming Mainnet launch.

Built With

Share this project:

Updates