Picture the last time you had to share your financial life with someone who works for you.
Maybe it was tax season, and your CPA needed a year of brokerage statements, 1099s, and bank exports. Maybe you were applying for a loan, and the banker needed to see your accounts to underwrite it. Maybe your lawyer needed your holdings for an estate plan, or an auditor needed a scoped slice for a review.
What did you actually do? You logged into six portals. You downloaded PDFs. You emailed them — to an inbox, unencrypted, forever. You screenshotted a balance. And a month later you had no idea who still had a copy, whether they could see more than you meant them to, or how to take it back.
This is not a paperwork problem. It is a protocol problem.
Work backwards from the human
Start with what the person actually wants to get done: "Let my CPA see exactly what they need to do my taxes, for as long as they need it, and not one thing more — and let me see who has what, and take it back when we are done."
Read that sentence again. It is a specification. It has scope ("exactly what they need"), duration ("as long as they need it"), least privilege ("not one thing more"), visibility ("see who has what"), and revocation ("take it back"). Every one of those is a property a protocol can guarantee — and none of them is guaranteed by emailing a PDF.
Today, the person carries all of that in their head, badly. The data, once shared, is a copy that lives forever in someone else's inbox. The "consent" was a decision made once, silently, with no receipt and no undo.
What a consent handshake changes
Now imagine the same moment, done right:
- Your CPA's software asks for a scoped read: brokerage statements and 1099s, for this tax year, for 90 days.
- You get a plain-language request — who, what, why, how long — and approve it with a tap and a fingerprint.
- A receipt is minted. Your CPA receives a sealed, time-boxed key — not your password, not a permanent copy.
- Every read is written to a log you can see.
- When taxes are filed, the key expires on its own — or you revoke it early, and it dies everywhere at once.
No PDFs. No inbox copies. No wondering. The share moved at the speed of your consent, and your consent stayed in your hands the whole time.
The opportunity, not just the relief
It is tempting to stop at "less friction." But the bigger prize is what becomes possible once consent is programmable.
When your financial health is something you can share safely in seconds, a helpful agent can do things for you that were never safe before: get you three real loan offers by giving three banks a scoped, revocable read instead of three permanent copies; keep your advisor continuously current instead of quarterly-stale; let a new fiduciary onboard you in an afternoon. Your financial network score — a picture of your standing that you own and grant — becomes something you lend, not something you leak.
That is the difference between removing a pain and creating an opportunity. We want to do both, in that order.
This is what PCHP is for
We built the Personal Consent Handshake Protocol so that this stops being a story and becomes plumbing. It defines the handshake, the receipt, the scoped key, the sealed envelope, and the log — as an open standard, so any CPA's software, any bank, any app, and any agent can honor it.
And we are giving it away. PCHP is being donated to the open-source community under the most permissive license we can offer, because a person's consent over their own data should be a shared standard, not anyone's product feature.
Read the specification, and tell us where it is unclear. We are working backwards from you.
— Manish Sainani and 🤫 Research & Intelligence Team
