Business Model (SKUs · Pricing · GTM)

Target Customers & Value
• Enterprises (merchants/suppliers): standardized settlement data, automated reconciliation, RVA issuance → shorter underwriting lead times; improved internal risk control.
• LFPs (licensed finance partners): machine-readable trust signals (RVA + oracle events) → automated conditional prepayment decisions; fewer false positives.
• PG/ERP/ISV partners: lower integration costs via standard schemas/SDKs/validators; “RVA Ready” certification for referenceability.

Product & Pricing SKUs (Intent)

• Managed Oracle: fully-operated oracle gateway option (includes availability/latency targets).
• Private Subgraph / BYO-VPC: dedicated indexing; deployment into customer VPC.

Revenue Levers (Intent)
• Subscription + usage mix: base monthly fee + per-API/event charges.
• Capacity reservations / priority: enterprise reservations + peak-time prioritization.
• Partner certification/listing: certification, listing, and joint-pilot programs.
• Optional services: Managed Oracle; dedicated indexing/report add-ons.

Unit Economics Frame (illustrative formulas)
CM_per_RVA = Price_issue + (avg_updates × Price_update) + (reads/1k × Price_read_1k) − (L2_gas + OCR/inference + storage + oracle_ops_share)
LTV = ARPA × Gross_Margin × Avg_Retention_Period
• CAC path: partner channels > webinars/content > direct enterprise sales.

GTM & Sales Motions (Intent)
• Land-and-expand: land with “auto-recon + RVA issuance” for one team → expand via LFP integrations / pre-approval routing.
• Partner channels: PG/ERP connectors + RVA Ready certification create multiple entry points.
• Reference verticals: start with convenience/pharma → expand to franchise/logistics.
• Content/community: developer portal, Postman, synthetic-data demos, early public status page.

Core KPIs (Intent)
• RVA: issuances/updates, average issuance latency, recon consistency rate.
• Adoption: active enterprises/partners, number of connectors, LFP integrations.
• Quality: oracle commit latency p95, failure rate, SLA adherence.
• Business: ARPA, Net Revenue Retention, CAC Payback.

Cost Structure (Intent)
• Variable: L2 gas; RPC/subgraph; storage (I/O & KMS); inference (model serving); notifications/webhooks.
• Fixed: engineering; security/audits; partnerships; support; legal/compliance; observability/SRE.

Risk Management

Risk Taxonomy
Managed across: data (consistency/availability/confidentiality), oracle & on-chain, AI/model, fraud/behavior, operations & cloud security, smart contracts, governance, legal & compliance, counterparty & dependencies, and BCP/DR.

Data Layer Risks
Problem scenarios: PG/ERP schema changes; missing/late data; duplicates/out-of-order timestamps; tampering/fabrication; unclear provenance; overexposure of personal/sensitive data.
Responses (intent): m-of-n source signatures + request signing/timestamp/nonce; schema versioning & strong typing; idempotency keys; multi-source reconciliation (PG ↔ settlement bank ↔ ERP snapshots); data minimization; off-chain encryption/tokenization; ABAC/RBAC.

Oracle & On-chain Risks
Problem scenarios: webhook spoofing/replay; delays/holdbacks; equivocation (double commits); L2 reorgs; RPC outages.
Responses (intent): m-of-n signature verification (keys in HSM/KMS); nonces & replay protection; mTLS between servers; SLA-based delay alarms (p95 commit latency); fallback routes; finality policy (L2 confirmations + observe L1 settlement events); multi-RPC/indexer failover; Merkle-root anchoring for batch commits.

AI / Model Risks
Problem scenarios: data/concept drift; overfitting; lack of explainability; bias/unfairness; adversarial patterns (wash sales, refund inflation).
Responses (intent): MLOps standards (offline backtests, challenge sets, A/B, canary); drift monitoring (PSI/KS), threshold guardrails & human-in-the-loop; XAI reports (e.g., SHAP) with rationale logging; fast rollback/snapshots; adversarial rules (velocity, time-of-day, refund rate, sales cycles) with labeling QA.

Fraud & Behavior Risks (merchant/insider)
Problem scenarios: fake sales/bypassed terminals; split-payment/cancel abuse; distorted location/hours patterns; insider–outsider collusion.
Responses (intent): device–merchant link graphs; device/location fingerprinting; time/day/holiday vectors; surge/drop & overnight cluster anomaly detection; refund/chargeback weighting; sanctions/blacklists; OCR cross-checks for KYC/KYB.

perations & Cloud Security
Problem scenarios: key leakage; IAM over-privilege; third-party/supply-chain vulnerabilities; DDoS; logging gaps.
Responses (intent): KMS/HSM key mgmt & rotation; least-privilege (IAM/IRSA); image signing (cosign)/SBOM; vuln scans & patch SLOs; mTLS + request signing + WAF/rate limits; private network boundaries; immutable audit logs (hash anchoring); centralized SIEM/OTel.

Smart-contract Risks
Problem scenarios: access-control/upgrade misuse; reentrancy/integer bugs; event/indexing mismatches.
Responses (intent): ≥2 independent audits + formal specs for critical paths; role-based perms & timelocks; emergency-pause guard (pause → RCA → restore); bug bounty; invariance/state-transition guards; redundant subgraphs.

Governance Risks
Problem scenarios: low participation/whale capture; parameter griefing (extremes); malicious proposals.
Responses (intent): quorum/support thresholds; parameter guardrails (min/max; rate-of-change caps); 48–72h timelock + transparent notices; time-bound safety council (explicit sunset); simulations/shadow voting.

Legal & Compliance
Problem scenarios: data-protection/cross-border transfer issues; KYC/AML (via partners); sector/securities regulation changes.
Responses (intent): data minimization, pseudonymization, retention policies; DPIA/LIAs as appropriate; KYC/AML via partner layer; automated sanctions screening. Depending on jurisdiction, public offers/listing/advertising/utility-token offerings may be prohibited or require filings/exemptions; absent such requirements being met, geofencing and feature restrictions apply; U.S. persons, sanctioned parties, and minors are ineligible.

7.10 Counterparty & Dependencies
Problem scenarios: single dependency on a PG/ERP, RPC, or L2; IPFS pinning failures; domain/cert expiry.
Responses (intent): multi-vendor strategy (PG/ERP connectors, RPCs, indexers); separate L2/L1 observers; redundant pinning (multi-gateway); expiry alerts/redundancy for certs/domains; SLA/SLO contracts and incident propagation channels.

7.11 BCP/DR & Incident Response
Principles (intent): RTO/RPO targets (e.g., RTO 1h, RPO 15m); cross-region replication/snapshots; severity classes (SEV1–SEV4); on-call/escalation matrix; public status page; postmortem template with action tracking; regular game days/chaos tests.

Operational Metrics (SLO) — Examples
RVA issuance latency p95; oracle commit latency p95; data lag; anomaly-detection precision/recall; API error rate; monthly availability; slashing counts/reasons.

Testing & Assurance (Activity)
Fraud simulation catalog (fake sales, refund loops, time-of-day spoofing, terminal spoofing); performance/scalability (queue backlog, bursts); regression suite; audit-trail reproducibility (data lineage → on-chain hash cross-check).

Standard Control Map (Example)
• Preventive: least privilege; mTLS/request signing; schema versioning; bonding requirements; parameter guardrails.
• Detective: SLA monitors; drift/anomaly alerts; integrity checksums; double-commit detection.
• Corrective: rollback/re-commit; re-verify/re-issue; key rollover; pause → resume.

Sample Risk Register (Condensed)

BridgTime intends to run a phased risk framework that closes the loop across prevention → real-time detection → post-incident correction, anchored by multi-source signatures, standardization, oracle quorum, model-operations guardrails, and BCP/DR.