Compliance-grade market data, provable to the regulator.
MiCA is in force and national regulators ask for market data in ESMA's machine-readable format. Qalypto is not a compliance service and not a CASP. It is the layer underneath one: the verifiable market-data evidence your obligations rest on, in the regulator's format, cryptographically sealed and anchored in Bitcoin, auditable by anyone without trusting us.
The regulatory moment
Since MiCA took effect, crypto-asset service providers must keep complete, ordered records of every order and transaction and be able to produce them in ESMA's ISO-20022 format on request. Crypto perpetual futures sit under MiFID II. Market-abuse surveillance and DORA vendor due diligence sit on top. All of it rests on one thing a firm can rarely prove: that its market data is complete and unaltered.
Qalypto turns those data duties into a product capability. We are not licensed and carry no CASP obligation. We give the regulated client the evidence, in the format, with the proof.
What Qalypto is, and isn't
The line is drawn on purpose. Overstating scope fails due diligence. The honesty is the product.
What Qalypto provides
- Trade, order-book, kline, ticker and liquidation data across 4 venues
- ESMA-format records with the correct market fields (price, quantity, venue, DTI)
- Cryptographic proof of integrity: Merkle roots, RFC-3161, Bitcoin anchor
- Case dossiers, a retention and recovery policy, DORA vendor answers
What stays yours
- Your CASP identity and counterparty (Buyr / Sellr) records
- The regulatory filing itself and your relationship with your regulator
- Order-lifecycle data that only your own systems hold
- The legal determination of what your obligations require
The proof chain
From the WebSocket frame to a Bitcoin block. Change one field of one row anywhere in the history and the recomputed root no longer matches the anchored one. Mathematically, without asking us.
Capture
Every raw WebSocket frame is archived with a nanosecond timestamp before anything is parsed.
wire evidenceStore
Normalised into ClickHouse with provenance columns: when produced, when consumed, honest NULLs.
provenanceSeal
Each UTC day is folded into one Merkle super-root over every canonically serialised row.
RFC-6962Anchor
The super-root is timestamped (RFC-3161, eIDAS-ready) and anchored in Bitcoin, for free, via OpenTimestamps.
RFC-3161 · BitcoinPublish
An append-only registry entry per day lands off-site in object storage, the public fixed point.
append-onlyVerify
Anyone recomputes the chain from a single row to the Bitcoin block. Offline, no Qalypto system needed.
MIT · offlineHow the data flows
Real components, not a marketing box diagram. The raw frame is archived before it is parsed, so the evidence exists independently of the database it later lands in.
How a regulator audits your data
Four commands, run by anyone, against public Bitcoin. No Qalypto system needs to be online or trusted. These are the real commands and the real output.
Recompute a single cell's root from the exported rows.
$ python3 qalypto_verify.py cell \
--rows data/trades.tsv \
--root 557267c24e797d91...4a5bb03c
rows: 1816030
computed root: 557267c24e797d91...4a5bb03c
RESULT: VALIDFold every cell into the day's super-root and match the registry.
$ python3 qalypto_verify.py day \
--registry 2026-07-05-r0.json
cells: 20
computed super-root: 15e93b0c1b510032...19a0e165
RESULT: VALIDProve one specific trade belongs to that sealed day.
$ python3 qalypto_verify.py inclusion \
--proof proof.json --registry 2026-07-05-r0.json
leaf -> cell root: ok
cell -> super root: ok
RESULT: VALIDConfirm the super-root is anchored in a real Bitcoin block.
$ python3 qalypto_verify.py ots \
--registry 2026-07-05-r0.json
Success! Bitcoin block 956970 attests
existence as of 2026-07-05What you get
Delivered through an API-key-authenticated endpoint, every delivery logged with its own content hash. Request access at info@qalypto.com.
ESMA record-keeping export
GET /esma/auth117 returns schema-valid CryptoAssetRecordKeepingReport documents built from verified trades. The Docker image cannot be built if it would emit an invalid document.
auth.117 · ISO 20022Case dossier
One symbol, one window (up to 7 days): all five channels, the exact quality-check and gap-ledger evidence of that window, and the proof-registry entries. One ZIP, ready as a STOR annex.
STOR-ready ZIPRegistry-verified DTIs
Every instrument carries its ISO 24165 Digital Token Identifier, taken only from the official DTIF registry, never guessed from the web.
ISO 24165 DTIRetention and recovery policy
A client-facing document where every promise links to ledger proof: channel start dates stated honestly, disclosure-first.
policy + proofDORA vendor answers
A searchable answer catalogue for the third-party-risk due diligence your clients run on their data vendors.
DORA 2022/2554Open-source verifier
Recompute cell roots, day super-roots, single-row inclusion proofs and the Bitcoin anchor yourself. MIT, standard library only, in Python and JavaScript. Public at github.com/Qalypto/verifier and bundled in every dossier.
Python & JS · MITThe actual output
Not a mock-up. On the left, a real ESMA auth.117 record generated from a verified trade. On the right, the contents of a case dossier. The counterparty fields carry the ISO-20022 internal placeholder (INTC) because those records are yours to complete, not ours to invent.
{
"Document": { "CrptAsstRcrdKeepgRpt": { "Tx": [{
"New": {
"TxRcrdId": "1457814345918189568",
"ExctgPty": { "AltrnId": "TEMPLATE-CASP" },
"Tx": {
"TradDt": "2026-07-05T23:59:05.742Z",
"TradgCpcty": "AOTC",
"Qty": { "Unit": "0.2" },
"Pric": { "Pric": { "MntryVal": {
"Amt": { "amt": "45.77", "Ccy": "USD" },
"Sgn": "0" } } },
"TradVn": "BITG",
"TradPlcMtchgId": "1457814345918189568"
},
"CrptAsst": { "DgtlTknIdr": { "DTI": "WTX0G7K46" } },
"Buyr": { "AcctOwnr": { "Id": { "Intl": "INTC" } } },
"Sellr": { "AcctOwnr": { "Id": { "Intl": "INTC" } } }
}
}] } }
}Validated against ESMA's official schema at Docker build time. An image that could emit an invalid document cannot be built.
qalypto-dossier-LTCUSDT-2026-07-05.zip ├── data/ │ ├── trades.csv │ ├── klines_final.csv │ ├── orderbook_top.csv │ ├── ticker.csv │ └── liquidations.csv ├── evidence/ │ ├── quality_checks.csv # this exact window │ └── data_gaps.csv # every disclosed gap ├── proofs/ │ └── registry_entries.jsonl # roots · RFC-3161 · BTC ├── dossier.json └── README.md # how to verify, yourself
One symbol, one window (up to 7 days). Every delivery is logged with its own content hash.
Why Bitcoin, not a database
A database you control can be edited, and no auditor can rule that out. A Merkle super-root anchored in Bitcoin cannot: rewriting one row changes the root, and the original root is already fixed in a block no one controls, not even us.
Bitcoin here is not a currency and not a smart contract. It is a public, append-only clock. OpenTimestamps batches thousands of roots into one transaction, so there is no wallet, no gas and no per-stamp fee. The legal timestamp (RFC-3161, qualified eIDAS on request) sits beside it: one neutral and global, one recognised in EU law.
Standards and references
Every claim on this page maps to a named regulation or technical standard. No acronym soup: the exact instrument, so your legal and technical teams can check us.
Proof, not promises. The market-data evidence your compliance obligations rest on, verifiable by anyone, from day one.
Qalypto provides market-data infrastructure and cryptographic evidence. It does not provide legal advice and is not a crypto-asset service provider. Regulatory obligations remain with the client.
