As a merchant, how come we can view and access our itemized transaction data in Xiippy's Business Owner's Portal while Xiippy claims it has no knowledge of such data? How can that be?

Created by Xiippy Support, Modified on Mon, 5 Feb at 9:43 PM by Xiippy Support

Answer:                


Well, nice question! Simply, because the Xiippy Business Owner's Portal is a Zero-Knowledge web-based portal. This means even though YOU have access to such data in plain format, the data is actually decrypted at client side within your web browser. Your data is never maintained in plain format on Xiippy's servers and the keys to such encryption are only and only owned by you and your organisational users.

                

We have a long article about why zero-knowledge dashboards will be the thing of the future.

                

This new novel model of Software-as-a-Service (SaaS) dashboards privatise an inherently-public environment like the cloud so that you get all the benefits of using a SaaS product (e.g. high availability, no maintenance costs, no server costs etc...) WITHOUT the trust requirement that you normally have to say yes to when using a SaaS product.

                

In other words, in a zero-knowledge dashboard, data is encrypted and decrypted at client side with keys unknown to the SaaS product developer/operator/owner. The cloud is merely used to host encrypted data which is unreadable by any other party. This means a completely private environment, as if you were running it all on your own infrastructure, without the needs to trust the SaaS provider for your data.

                

Every user within your organization (who can access the Xiippy dashboard via enterprise SSO as well) will have to generate a User Master Key/certificate upon the first login. The main user who creates the organization within Xiippy also has to generate a set of Entity Master Keys. These keys are used to encrypt all dashboard data to privatise such data and protect it from Xiippy and the rest of the universe.

                

The end result: YOU will have access to your data but Xiippy or the rest of the universe will NOT!

                

This level of information protection is nowhere else seen in similar products and suites large-scale mass retail networks with high privacy needs and multi-tiered access to reporting, CRM and marketing dashboards, unique to Xiippy.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article