MeQR Roadmap
From a small software project to government-ready digital identity and compliant privacy-first banking.
Project Direction
Two Long-Term Missions
MeQR is starting as a focused software prototype. The long-term goal is to mature into a trusted digital ID platform that could meet public-sector requirements, and a compliant crypto banking system that protects user privacy while respecting legal, KYC, AML, and sanctions obligations.
Prototype Foundation
- QR-backed Digital ID creation and scanning.
- Password sessions, CSRF protection, and owner-only wallet APIs.
- Dynamic signed QR verification with biometric/passkey gating where supported.
- Monero-focused account view and private proof verification scaffolding.
- KYC, compliance, purchase-order, and custodial XMR database scaffolding.
Security and Trust Baseline
- External security review of authentication, QR signing, and account authorization.
- Stronger passkey/WebAuthn flow with server-verified assertions.
- Privacy controls for profile fields, photos, and wallet visibility.
- Auditable compliance events and admin review tooling.
- Formal data retention, deletion, and incident-response policies.
Government-Grade Digital ID Readiness
- Identity assurance model mapped to public-sector standards.
- Document verification, liveness checks, and duplicate-account controls.
- Issuer signatures, revocation checks, and verifiable credential support.
- Accessibility, availability, auditability, and privacy impact assessments.
- Pilot integrations with non-sensitive community or municipal use cases before any government deployment.
Monero Stagenet Banking Infrastructure
- Run `monerod` and `monero-wallet-rpc` on private VPS infrastructure.
- Create per-user stagenet XMR accounts/subaddresses.
- Build deposit watchers, confirmation tracking, and proof verification.
- Keep wallet RPC private and add hot/cold wallet operating procedures.
- Require a Monero stack compatible with FCMP++ once available on the target network.
Compliant Purchase and Swap Model
- Integrate a real KYC/KYB provider with signed webhooks.
- Add Stripe or another approved card/on-ramp provider for crypto purchases.
- Gate purchases and withdrawals behind KYC, sanctions screening, and risk checks.
- Design BTC to XMR swap flows with quotes, expiry, liquidity, refunds, and audit logs.
- Launch on stagenet/test environments before touching real funds.
Production Operations
- Legal review for money transmission, custody, consumer protection, tax, and AML obligations.
- Dedicated compliance operations and manual review queues.
- Monitoring, backups, key management, disaster recovery, and incident response.
- Independent audits for custody, wallet infrastructure, and application security.
- Careful limited beta before broad public launch.
Business Track A
Digital ID for Future Government Use
The goal is not to claim government readiness today. The path is to build toward standards, audits, privacy reviews, verifiable credentials, accessibility, uptime targets, revocation, consent, and clear governance so MeQR could eventually be evaluated for public-sector identity pilots.
Business Track B
Compliant Privacy Crypto Bank
The banking goal is privacy without lawlessness: Monero-native infrastructure, KYC-gated purchasing, strict anti-money-laundering rules, sanctions controls, audit trails, and clear terms. User privacy and legal compliance have to be designed together.
Immediate Next Milestones
- Run Monero stagenet on a VPS and connect `monero-wallet-rpc`.
- Add real server-verified passkey authentication for QR issuance.
- Add a KYC provider sandbox and webhook verification.
- Build admin review screens for KYC and compliance events.
- Keep all real-money flows disabled until legal, compliance, and security reviews are complete.
Biggest Hurdles
From Software Project to Business
Card payments, custody, BTC/XMR swaps, and Monero support require serious work around money transmission, AML/KYC, sanctions, consumer protection, tax, and licensing.
Government-grade digital ID requires audits, standards alignment, privacy reviews, accessibility, uptime, governance, revocation, and proof that user data is protected.
Holding user crypto requires hot/cold wallet separation, key management, withdrawal controls, monitoring, backups, incident response, and external security audits.
Monero privacy is a strength, but MeQR must prevent laundering, sanctions evasion, fraud, scams, and illicit use without destroying user privacy.
Card processors and on-ramp providers may be cautious around Monero. A credible compliance program is needed before serious partnerships.
Government digital ID plus crypto banking is huge. MeQR needs a smaller wedge first, such as privacy-preserving ID, XMR account management, or a niche compliance-ready identity pilot.
Running nodes, wallets, support, compliance reviews, fraud cases, KYC disputes, failed payments, and security incidents is company-level infrastructure.