In this paper, we introduce Zupply, a framework designed for anonymous and decentralized maintenance of directed acyclic graphs (DAGs) structured authentic data records. We present an authentication token scheme employing zeroknowledge proofs to ensure both the anonymity of data contributors and the authenticity of the data. It operates on a permissionless, smart contract-enabled blockchain platform, offering a trustless and decentralized framework. We also present an authentication token ownership transferring protocol that ensures unlinkability between senders and recipients. Additionally, authentication tokens can be merged or divided while maintaining no traceable link to the original tokens. Moreover, the framework facilitates authentic off-chain data uploading, mitigating the high storage costs typically associated with permissionless blockchains. We have implemented Zupply using C++ and Solidity, validating its computational and cost efficiencies. This development demonstrates the framework's viability for practical, real-world applications. Importantly, our implementation is not confined to a single application, so it can serve as a foundational layer for various applications with an enforced privacy requirement. The DAG finds broad applications, notably in maintaining product histories within supply chains. We demonstrate that Zupply offers practical, cost-efficient, and privacy-preserving functionalities for decentralized supply chain management (SCM).