Abstractly, the PAD protocol uses a public append-only ledger to store decryption requests - this is what makes decryption accountable. In practice, it is unnecessary and unwieldy to have a single monolithic ledger for all users of PAD across all use-cases. Therefore, PAD offers a new ledger to whoever wants one: each of these ledgers is a PAD instance. For example, a developer may wish to build an application that uses PAD. They will open a new instance that serves all decryption requests made through their application.