Most carbon claims in travel die in a PDF. A hotel ticks a box, a brand prints a leaf on a banner, and somewhere a spreadsheet is updated by someone you will never meet. The chain of custody, if it exists at all, is a trust exercise. What we built at IMPT.io was the opposite of that: a path from a single hotel booking through to a tonne of CO₂ being permanently retired on a public ledger, with every handoff timestamped and every claim checkable by anyone with a browser. This is the story of that path, step by step, because if you cannot describe how the carbon moves, you cannot honestly say it moved at all.

The booking is the trigger, not the marketing

When a guest searches for a room on IMPT.io — say, a weekend in Clonmel, or a city break in Dublin — they are hitting a meta-search layer that fans out to supplier APIs across roughly 1.7 million properties in 195 countries. That part is unremarkable; plenty of platforms do hotel meta-search. What matters is what happens at the point of booking confirmation. The supplier returns a confirmation payload — booking reference, property ID, room nights, total payable. Our system treats that payload as a trigger event. One confirmed booking, one tonne of CO₂ to be retired, paid for by IMPT out of the commission the supplier has already agreed.

The guest pays the room rate. They do not pay extra for the offset. There is no upsell screen, no "would you like to add £4 to your stay to plant a tree." The economics sit behind the curtain, which is where they belong. If you are asking the customer to subsidise your sustainability story, you do not have a sustainability story; you have a tip jar.

From confirmation event to credit selection

The confirmation event drops onto an internal queue. From there, our offset service takes over. Its job is narrow and specific: turn one booking into one tonne of verified, retired carbon credit, and produce evidence that this happened.

The first decision is which credit to retire. Not all carbon credits are equal — anyone who has spent ten minutes inside this market knows that. We restrict the eligible pool to credits issued under recognised standards: Verra (VCS) and Gold Standard are the two that do most of the heavy lifting in the voluntary market, alongside a small number of equivalent registries for specific project types. The selector pulls from a working inventory of credits that have already been brought on-chain via tokenisation bridges, so each token in our pool maps back to a serial number on a recognised registry.

That mapping is the whole game. A token without a registry serial is a JPEG. A registry serial without a token is a claim on a website. The bridge is what lets the two be reconciled, and the reconciliation is what lets a third party prove you are not double-counting.

The retirement transaction itself

Retirement is a specific act. It is not a transfer; it is a burn-equivalent. The credit is moved into a retirement contract whose only job is to make that credit unspendable, forever, and to write the reason for retirement into the transaction metadata. On the chains we use, that metadata includes:

• The booking reference (hashed, so the guest's PII is not exposed on a public ledger).
• The tonnage retired — in our case, one.
• The project ID and vintage of the underlying credit.
• The beneficiary — IMPT, on behalf of the named booking.
• A timestamp, which the chain enforces, not us.

The transaction hash is then written back against the booking record in our own systems. From the guest's side, this surfaces as a certificate they can pull up at any time. From a regulator's or auditor's side, this surfaces as a public transaction they can inspect without asking us for permission. That asymmetry is the point. A verifiable offset is one where the guest, the auditor, and the cynic on Twitter all see the same data.

Why the chain matters more than the marketing wants to admit

I spent twenty years engineering at Tesco, Dunnes Stores, and Oracle before starting IMPT, and the lesson that stayed with me from all three is this: if your data lives only in your own database, eventually someone will lean on you to change it. Quarterly numbers slip, a partner needs a favour, a row gets deleted "to clean up." The integrity of your records is exactly as strong as the political pressure not to touch them.

A public chain removes that conversation. Once a retirement is on-chain, no one at IMPT — not me, not the board, not a future buyer of the company — can quietly reverse it. That is the only basis on which a carbon retirement blockchain claim is worth making. If you can roll it back, it is not a retirement; it is a press release.

The same logic applies to the avoidance of double-counting, which is the original sin of voluntary carbon markets. Because each token corresponds to a registry serial that has been moved into a tokenised state, and because the retirement is a one-way operation on-chain, the credit cannot be sold again on the underlying registry without breaking the bridge — and bridge breaks are visible. You do not need to trust IMPT. You need to trust mathematics and a public ledger, both of which are easier to audit than a sustainability report.

The handoffs, listed honestly

To make this concrete, here is the full path of one booking, with each handoff named:

1. Guest → IMPT front end. Search, select, confirm. Standard hotel UX.
2. IMPT → supplier API. Availability and rate request, then booking commit. Confirmation payload returned.
3. Supplier confirmation → offset queue. Internal event bus picks up the booking and emits an offset request.
4. Offset service → on-chain credit pool. Selector chooses one tonne of eligible Verra- or Gold-Standard-backed tokens.
5. Offset service → retirement contract. Token is sent to the retirement contract; metadata is written.
6. Chain → IMPT systems. Transaction hash returned and bound to the booking record.
7. IMPT → guest. Certificate generated, with a link to the public transaction. Optional, not pushed.

Seven handoffs. None of them require the guest to do anything other than book a room they were going to book anyway. None of them rely on a future promise — the retirement happens on the booking, not on the stay, not on the calendar year-end, not on a future "true-up." If the guest cancels, that is a separate accounting event handled inside our ledger; the underlying tonne does not un-retire, because that is not a thing.

What this does not solve

I want to be careful here, because the easy thing in this market is to oversell. Retiring a tonne of CO₂ against a hotel booking does not make travel carbon-neutral in any deep sense. It does not address the embodied emissions of the building, the supply chain of the breakfast buffet, or the flight the guest took to get there. It is a specific, bounded act: one tonne, retired, against one booking, with proof. If the wider industry did even that much, consistently and verifiably, the voluntary market would be in a different place than it is now.

The other thing it does not solve is project quality at the source. A retired credit is only as good as the project that issued it. We lean on Verra and Gold Standard because those frameworks at least exist, are public, and can be challenged. They are not perfect. The honest position is that on-chain carbon offset infrastructure is a necessary condition for trust, not a sufficient one. The chain proves the retirement; the standard proves the tonne. You need both.

What to do this week

If you run a travel brand, a corporate travel programme, or a sustainability function inside a larger business, the action this week is the same one I would have given myself ten years ago at Oracle: ask your offset provider for a transaction hash. Not a certificate, not a PDF, not a logo on a slide. A hash. If they cannot give you one, you do not have a verifiable offset; you have a story. At IMPT we are pushing the whole hotel booking carbon stack toward the position where the hash is the receipt and the receipt is the hash, and where the AI-native booking agent we are bringing online next will be able to surface the retirement record as casually as it surfaces the room rate. That is the bar. Anything below it is marketing.