The unit takes no side. Neutrality is enforced in the architecture — not promised in a deck.
In an intermediated deal, the buyer sees a verified counterparty, the grade, and quality status — never the upstream manufacturer’s identity, never the trader’s margin. Disclosure happens only on the trader’s consent, and never automatically.
The trader is a legitimate network node, not leakage to be optimised away. Violate this and supply-side participation dies.
Anchor capital sees only what any participant or lender sees. Buyer credit data flows to lenders — and nowhere else. Every sensitive access writes an audit row: who, what, when, why.
The access-control matrix lives in the database, enforced by row-level security — not in application code, and not in a deck. It is regression-tested by a 26-assertion firewall suite on every CI run, was swept internally for leaks, and an external penetration test is scheduled.
The honesty ladder
And a wording convention we hold to everywhere: Mol provides an assurance layer — quote-lock assurance, record-and-enforce on the seller. Never a market guarantee. The legal posture is baked into every screen.
The operating backbone
Ten queues with SLA clocks — claims respond and resolve on schedule, escalation sweeps run themselves.
Ops, finance, compliance, platform admin — MFA-enforced, least-privilege, every grant audited.
Fee schedule per tier, an append-only fee ledger, invoicing, escrow reconciliation, GMV reporting.
One-click evidence packs per deal — board, lender, insurer and auditor views, each ACL-filtered.
Every LLM answer traced with its tool calls and token costs; the product funnel measured end-to-end.
An append-only event log under every surface — deals, access, staff changes, fees.