Tempo's new Zones feature lets enterprises run permissioned parallel chains for confidential transactions like payroll and treasury management, but critics say the operator-controlled model amounts to a glorified database with a blockchain receipt.
Tempo, the Layer 1 blockchain built by Stripe and Paradigm, has unveiled a privacy feature called Zones that lets enterprises run permissioned parallel chains for confidential transactions, and it has immediately reignited the oldest argument in crypto: how much centralisation is acceptable in exchange for real-world adoption?
Zones are private execution environments that operate alongside Tempo's public mainnet. Each Zone is managed by a trusted operator, typically a company or institution, that can see every transaction inside its environment and enforce its own compliance rules, including suspending a user's ability to transfer or withdraw funds. The public chain never sees the raw transaction data; it receives only cryptographic proofs of the Zone's validity. Assets locked in a Zone contract on Tempo Mainnet can, according to the project's documentation, "only be withdrawn by the user owning the asset."
The target use cases are exactly what you'd expect from a payments-focused chain backed by the company that processes hundreds of billions of dollars in online transactions: payroll, treasury management, and payment settlements. These are workflows where confidentiality isn't a philosophical preference but a legal requirement. No publicly listed company is going to run its payroll on a chain where every salary is visible to anyone with a block explorer. Tempo's answer is to let companies operate in private while remaining connected to public infrastructure — technically, at least.
The architecture has a practical elegance to it. Zones maintain full interoperability with the main blockchain, with other Zones, and with deposit channels and liquidity pools. A company could conduct internal treasury operations privately while settling external payments through Tempo's public layer. Funds move between environments without manual bridging; the Zone contract handles the peg-in and peg-out mechanics automatically.
But the criticism has been swift and pointed. Because a Zone operator holds visibility into all transaction data and the power to freeze transfers, critics argue the design introduces centralised trust assumptions that are closer to a traditional exchange or bank than to anything deserving the label "blockchain." The permissioned model, where participation requires approval from the operator, is a deliberate retreat from the trustlessness that defines most decentralised networks. Tempo's own documentation frames this as pragmatism: advanced cryptographic approaches like zero-knowledge proofs and homomorphic encryption, the project argues, "introduce unnecessary operational complexity and usability tradeoffs." The translation is blunt. Yes, there are more decentralised ways to achieve privacy, but they are harder to build and slower to run.
That framing will not satisfy the segment of the industry that views any compromise on decentralisation as a category error. The whole point of a public blockchain, the argument goes, is that no single party can censor transactions or surveil users. A Zone operator who can see everything and freeze anything is, functionally, a database administrator with a cryptographic receipt. The response from Tempo's camp — that the operator "does not control the underlying assets" — draws a distinction between visibility and custody that privacy advocates find unconvincing.
The broader context matters here. The US Treasury's recent guidance under the GENIUS Act has made clear that any entity touching stablecoin flows will face bank-grade AML and sanctions obligations. Morgan Stanley's new money market fund for stablecoin issuers signals that Wall Street expects regulated stablecoin infrastructure to become a major asset class. In that world, a privacy layer that satisfies compliance teams while keeping assets on a blockchain, even a heavily permissioned one, has obvious commercial appeal.
Tempo launched its mainnet in March after Stripe's $1.1 billion acquisition of Bridge, a stablecoin payments platform, signalled the company's ambitions in programmable money. Paradigm, the crypto-native venture firm, co-developed the chain's architecture. This week the project also opened an advisory unit to work with enterprise clients on stablecoin adoption. Zones is the first major feature release since the mainnet launch, and it positions Tempo squarely in the gap between DeFi's radical transparency and traditional finance's confidentiality requirements.
Whether that gap is a market opportunity or a philosophical no-man's-land depends entirely on which side of the decentralisation debate you occupy. Tempo is betting that the enterprises writing the cheques care more about compliance and usability than about trustlessness. The on-chain purists have a different word for that bet. The enterprises, for their part, have a budget.
