Xiippy is world’s first and only privacy-preserving data-rich payments provider.
We provide in-store and online payment terminals/solutions PLUS online dashboards to merchants of all sizes with a big difference: All our payments are data-rich and come with extras for different parties.
Backed by 5 patents, Xiippy smartly and inventively makes it possible to establish a two-way completely-private end-to-end encrypted communication channel between merchants and their customers to send/receive private data seamlessly through payments without the need to exchange contact details.
Smart receipts (from merchants to shoppers), loyalty/rewards card numbers/identifiers (from shoppers to merchants), catalogues, product recall notifications and COVID test recalls are all examples that Xiippy can add to and embed in a normal in-store or online payment seamlessly, all without such data being known to Xiippy or any other parties in the world!
Xiippy is a pioneer and is years ahead in data-rich payments and has successfully resolved all the barriers of adopting digital receipts at scale, i.e. retailer avoidance to share data, consumer privacy and standardisation (K. Fuchs et. al , 2019), thanks to end-to-end encryption and privacy preservation at both ends
Xiippy addresses a range of problems all together which is why it exists:
Any merchant, at any size, physical or online, is a potential Xiippy customer. However, there are some special traits our clients possess who are mostly:
End-to-end encryption (E2EE) is a paradigm with which data gets encrypted and decrypted at both ends of a data transfer transaction in such a way that it becomes impossible for the intermediary who transfers the data to know what the contents of the data are. This paradigm has been widely used (and popularized by) instant messaging products (e.g. WhatsApp and others).
For the first time in the world, Xiippy has invented systems and methods to use payments as an end-to-end encrypted data transfer tool to connect merchants and shoppers privately without the need to exchange details.
Short Answer: NO
Xiippy also comes as a Progressive Web App that can run in almost all modern browsers on all mobile operating systems and provides a strong subset of the features of the Xiippy native apps, except for the fact that you do not have to download and install an app before being able to receive your receipts, if you use the Xiippy web app.
Importantly, the user on-boarding process of Xiippy is seamless and single-tap which means you only accept the terms and don't have to fill any forms. You may add details for account recovery at a later point. Your account details are saved securely, encrypted at rest, within your web browser. Your private purchase data is NOT saved on Xiippy infrastructure.
It is obvious that for end-to-end encryption to work, there has to be two ends. In this case, one end is the merchant's POS system and the other end is the shopper's personal device running at least a non-downloadable progressive web app.
We see a future where the possibility to receive private data as part of payment becoming a feature of the operating system on your phone via Xiippy's inventions but until that time, Xiippy;s own progressive and native apps will simply do enough!
In fact, the very fact that we have made tracking the data you receive and send via your card impossible even for ourselves is the whole innovative and inventive bit which makes Xiippy so good otherwise the concept of using your payment card to receive data should have existed years ago!
This is complex, new and innovative the like of which does not exist. Without solving the privacy issues which Xiippy has successfully managed to do, it would be impossible to enrich payments with data without disclosing that extra data to unwanted parties!
A lot actually, but briefly, grow your revenue and save costs without sharing any data!
WITH YOUR BUSINESS REMAINING YOURS, WITHOUT sharing itemized sales data or customer details with Xiippy or replacing existing loyalty systems or asking customer details at the counter OR integrating with tens of banking systems, Xiippy turns payments into an engagement and private data transfer mechanism.
There is no product in the market that is even remotely close to what Xiippy is! What are you waiting for then?
Short answer: 2 weeks without requiring any upfront costs.
Short answer: Absolutely NOT.
That's the whole different Xiippy uniquely brings to the table, backed with multiple patents. Other alternatives require you to FULLY trust the data intermediary and possibly banks as well. With alternate providers, it will be like saying "Give us all your passwords and we're good people; we won't be doing anything bad with it". With Xiippy, you are assured you are not in need of trusting anyone with your data as you are not sharing anything in the first place!
Well, nice question! Simply, because the Xiippy Business Owner's Portal is a Zero-Knowledge web-based portal. This means even though YOU have access to such data in plain format, the data is actually decrypted at client side within your web browser. Your data is never maintained in plain format on Xiippy's servers and the keys to such encryption are only and only owned by you and your organisational users.
This new novel model of Software-as-a-Service (SaaS) dashboards privatise an inherently-public environment like the cloud so that you get all the benefits of using a SaaS product (e.g. high availability, no maintenance costs, no server costs etc...) WITHOUT the trust requirement that you normally have to say yes to when using a SaaS product.
In other words, in a zero-knowledge dashboard, data is encrypted and decrypted at client side with keys unknown to the SaaS product developer/operator/owner. The cloud is merely used to host encrypted data which is unreadable by any other party. This means a completely private environment, as if you were running it all on your own infrastructure, without the needs to trust the SaaS provider for your data.
Every user within your organization (who can access the Xiippy dashboard via enterprise SSO as well) will have to generate a User Master Key/certificate upon the first login. The main user who creates the organization within Xiippy also has to generate a set of Entity Master Keys. These keys are used to encrypt all dashboard data to privatise such data and protect it from Xiippy and the rest of the universe.
The end result: YOU will have access to your data but Xiippy or the rest of the universe will NOT!
This level of information protection is nowhere else seen in similar products and suites large-scale mass retail networks with high privacy needs and multi-tiered access to reporting, CRM and marketing dashboards, unique to Xiippy.
Each user in Business Owner's Portal owns a master key which is generated upon the first time they log into the portal, which we have called a 'User Master Key'. The generation of this key, which is a P-384 EC key, is carried at client side within your browser which should be a modern and secure one. Xiippy does not hold the private component of the master key! This key is used to perform end-to-end encryption for the data that Business Owner's Portal handles. In other words, using this key assures that Xiippy will not be able to know what the contents of business owner's data in Business Owner's Portal are hence assuring its Zero Knowledge over the data even for the web-based portal Business Owners use.
Xiippy uses a range of digital signatures in its operation for a range of reasons including fraud protection, tamper-resistance and non-reputability of purchase records. When a business owner issues a statement, it signs the contents of the statement using its currently-active identity key only owned by and known to the merchant. The signature assures tamper-resistance of the statement and can be used to verify the statement has genuinely been issued by the relevant business owner and that it has not been changed since the issuance. If a business owner, re-registers a POS station, the previous public key of the POS station will still remain on the server to help with the verification of previously-issued statements with older identity keys.
Xiippy uniquely uses a range of digital signatures in its operation for a range of reasons including purchase verification and rewards claims. Upon receiving a receipt or statement, the recipient also signs the transaction. This signature remains a mechanism for the recipient to prove purchase at later stages by providing the same keys used to generate the signature in an interactive way.
Xiippy has adopted the 'Secure Remote Password 6a protocol' which is a zero-knowledge password proof protocol. This makes it possible for Xiippy to avoid having to maintain any of your credentials in any form or shape (not even in hashed format). As a result of this, you can rest assured that the chance of the password you choose with your accounts in Xiippy ever being exposed is almost nil.