Zero-Knowledge SaaS; the Only Way SaaS Must and Will Be

Thu, 08 Apr 2021 01:53:11 GMT

Read the original article...
Go back to Xiippy Blog and News Articles

At Xiippy.ai, zero-knowledge is the foundation of all our cloud-based SaaS products, which means we maintain no knowledge of our customers’ private data (e.g. businesses’ itemized sales history or users’ purchase history). This facilitates a number of significant value-adds, including privacy, security, control, and compliance and eliminates the needs for trust. Read on to see how Xiippy stands out when it comes to payments, receipts and loyalty management.

Cloud computing models made a lot of things easier. One important improvement they brought was the way they help with ‘the right to access data anywhere, anytime’. This, however, came with a catch. You would have to trust a cloud-based product or platform to maintain your data on your behalf to provide access to it to you anywhere and anytime. This ‘trust’ requirement, at first, was framed as a legitimate cost of ‘cloud’ business and it made sense at the beginning.

More than a decade has passed now and more and more, it has become more reasonable to try to think of the high levels of trust in this model. Many organizations have started retrieving back from cloud hosting to on-premises hosting of their systems merely because of this huge level of trust requirement, causing a series of challenges for the developers of such systems who had to present and maintain two versions of these products (e.g. TFS or Jira). Even the idea of sunsetting on-premises versions of such products has not been able to force certain organizations to ‘accept’ that they have to trust cloud providers to maintain and handle their data without any protection.

It all comes down to element of ‘choice’. Forcing that ‘we have to be trusted’ is no answer for this problem.

At Xiippy.ai, we strongly believe, any SaaS product must be designed based on zero-knowledge foundations to give this confidence to their users that data is only visible and available to its real users, not to the operator/developer/builder/custodian of SaaS products. It is only then that the 100% value of cloud hosting can be realized since data owners can rest assured that their data is not available to any parties except themselves.

Xiippy.ai uses sophisticated cryptography to achieve this goal, forming the foundations of its patented design philosophy.

- Via Xiippy, which sits between retailers and their customers, data is transferred between retailers and their customers only based on end-to-end encryption and remains hidden to Xiippy.

- All online dashboards Xiippy provides retailers and/or franchisors assume cloud is not a trusted environment. Hence, all persisted data at Xiippy’s backend is encrypted with keys ONLY known to and shared between the users of such portals, not to Xiippy. All data is downloaded in encrypted format and decrypted at client with keys that are re-constructed and instantiated at client side.

- When using Xiippy SaaS dashboards, you can rest assured that the data you are working with is merely available to the authorized users of your organization, as if it was originally hosted by your organization.

At Xiippy, the same principles apply to end users too. We use the cloud to sync multiple devices with receipts and rewards data but we do not maintain such data in plain format on our infrastructure. All customer data is only available in plain format at the end users’ device using keys only known to users, not to Xiippy. Federated privacy-preserving machine learning then is employed to determine and predict users’ eligibility for deals and offers, all performed at the client, helping preserve privacy and information security.

Xiippy’s innovative use of cryptography has helped extract the most value out of cloud.

Is your current payments, receipts or rewards provider capable of matching Xiippy’s offerings?