Xiippy is world’s first and only end-to-end encrypted tamper-resistant smart receipts and anonymously-individualized loyalty management & marketing platform backed with multiple patents (awarded in Australia with international patents pending). Secure Receipt Wallet includes a suite of products for different stakeholders involved in the issuance and reception of receipts in an anonymous and secure manner, facilitating full GDPR and CCPA compliance for you and your business.
At Xiippy, we exist because we LOVE trees and we hate to see millions of them being killed and turned into paper receipts every year. However, we also LOVE humans and especially, we LOVE to protect OUR privacy and anonymity.
Any business or entity issuing receipts or trying to run effective loyalty management and marketing can use Xiippy to reach their sales/marketing goals while also contributing to the higher goal of saving trees from being turned into paper receipts.
Through our suite of products, our end users who use our mobile apps to receive their receipts and their individualized offers enjoy unmatched security, privacy and anonymity, just like paper receipts knowing that they will not provide any details when receiving receipts and that their purchase history remains available ONLY to them, not even to Xiippy, nor to the sellers thanks to the end-to-end encrypted transfer and storage of receipts.
End-to-end encryption (E2EE) is a paradigm with which data gets encrypted and decrypted at both ends of a data transfer transaction in such a way that it becomes impossible for the intermediary who transfers the data to know what the contents of the data are. This paradigm has been widely used (and popularized by) instant messaging products (e.g. WhatsApp and others). For the first time in the world, Xiippy has designed an end-to-end encryption and transfer protocol and anonymous digital signatures for receipts that brings the end-to-end encryption paradigm to the world of smart digital receipts.
The short answer is NO.
Xiippy also comes as a Progressive Web App that can run in almost all modern browsers on all mobile operating systems and provides a strong subset of the features of Secure Receipt Wallet native apps, except for the fact that you do not have to download and install an app before being able to receive your receipts, if you use the Xiippy web app.
Each user in Business Owner's Portal owns a master key which is generated upon the first time they log into the portal, which we have called a 'Master Key'. The generation of this key, which is a 2048-bit RSA key, is carried at client side. Xiippy does not hold the private component of the master key! This key is used to perform end-to-end encryption for the data that Business Owner's Portal handles. In other words, using this key assures that Xiippy will not be able to know what the contents of business owner's data in Business Owner's Portal are hence assuring its Zero Knowledge over the data even for the web-based portal Business Owners use.
Xiippy uses a range of digital signatures in its operation for a range of reasons. When a business owner issues a receipt, it signs the contents of the receipt using its currently-active identity key (whose ID is also included in each receipt under Digital Signature Key ID). The signature assures tamper-resistance of the receipt and can be used to verify the receipt has genuinely been issued by the relevant business owner. If a business owner, re-registers a POS station, the previous public key of the POS station will still remain on the server to help with the verification of previously-issued receipts with older identity keys.
Xiippy uses a range of digital signatures in its operation for a range of reasons. Upon receiving a receipt, the recipient also signs the receipt. This signature remains the only mechanism for the recipient to prove purchase at later stages by providing the same keys used to generate the signature in an interactive way.
Xiippy has adopted the 'Secure Remote Password 6a protocol' which is a zero-knowledge password proof protocol. This makes it possible for Xiippy to avoid having to maintain any of your credentials in any form or shape (not even in hashed format). As a result of this, you can rest assured that the chance of the password you choose with your accounts in Xiippy ever being exposed is almost nil.