About Xiippy.ai

Xiippy is world’s first and only privacy-preserving data-rich payments provider.

We provide in-store and online payment terminals/solutions PLUS online dashboards to merchants of all sizes with a big difference: All our payments are data-rich and come with extras for different parties.

Backed by 5 patents, Xiippy smartly and inventively makes it possible to establish a two-way completely-private end-to-end encrypted communication channel between merchants and their customers to send/receive private data seamlessly through payments without the need to exchange contact details.

Smart receipts (from merchants to shoppers), loyalty/rewards card numbers/identifiers (from shoppers to merchants), catalogues, product recall notifications and COVID test recalls are all examples that Xiippy can add to and embed in a normal in-store or online payment seamlessly, all without such data being known to Xiippy or any other parties in the world!

Accordingly:

• For Consumers
  Xiippy payments are 1-step payments that come with seamless no-upfront-app-needed no-personal-details-needed end-to-end encrypted receipts & rewards for ALL cards
• For Merchants
  Xiippy payments come with growth-generating advanced analytics, engagement, rewards & marketing dashboards to reach out to and engage all paying customers without the need to collect personal details at the counter
• For Franchises
  Xiippy payments come with all-of-chain marketing, reporting, and CRM dashboards plus instant settlement and collection of franchise fees as part of daily sales
• For Acquirers:
  A limited number of elite acquiring partners get to take their payments to the next level via our unique methods of turning payments into data-rich payments to carry receipts and rewards seamlessly
• For Card Issuers: A limited number of our elite card issuing partners can get to enable their consumer apps with privacy-preserving smart receipts and rewards
• For POS developers:
  Our POS partners enjoy a revenue sharing model via our partners programs and get to enable their product offering to the next level via smart receipts, seamless 99.9% coverage of rewards programs for all payers, as well as privacy-preserving customer identification via payments

The Xiippy Business Owner's Portal/Dashboard

The Xiippy Business Owner's Portal/Dashboard is a web-based zero-knowledge Software-As-A-Service (SaaS) dashboard that provides single-store merchants, multi-store merchants, and large-scale franchise merchants with never-seen-before unique capabilities.

Being a zero-knowledge Software-As-A-Service (SaaS) dashboard means despite authorized users being able to interact with and access their private enterprise data (e.g. itemized sales data), such data remains unknown to Xiippy even though Xiippy builds and operates the dashboard. This means Xiippy does not maintain your data in plain format on its infrastructure. Data only gets decrypted in your browsers by providing private personal keys/certificates that help decrypt the data at client side.

Xiippy heavily uses WebCrypto API and Crypto Keys (p384 in specific) for the client-side cryptography used in its dashboard.

This translates into absolute protection of your private enterprise data despite utilizing these unique features, as if you have extended your private computing zone all the way to the cloud without in-taking the hassles of maintaining your infrastructure! This is next-gen SaaS, the zero-knowledge SaaS.

The Xiippy Business Owner's Portal/Dashboard is a full-blown enterprise-grade dashboard with hierarchical access control to data (i.e. single store, multi-store and all-of-franchise access to data).

Some of the key features of the dashboard include the followings

1. Customer Relationship Management

   This is a never-seen-before CRM for retail. Customers pay and go and magically your CRM gets populated with data without you having to go thru the hassles of personal data collection and storage!

2. Customer Engagement

   You can engage customers post purchase for urgent matters like product recalls, lost items or even COVID-19 tests via of push notifications. The dashboard enables marketing and loyalty inherently without the use of push notifications!

3. Customer Loyalty and Rewards Management

   Design complex item-level loyalty and rewards campaigns and broadcast to all customers at ease and for free, saving you THOUSANDS on digital and physical marketing costs!

4. Advanced reports and analytics

   Access advanced reports and analytics that help you design rewards and marketing campaigns like never before. Connect previously-disconnected transactions (thanks to privacy-preserving card identification) and empower the engine of growth for your business.

5. User and Permission Management

   Create accounts or your staff or even federate identity with your own SSO provider!

The Problem: The Individualization-Privacy Paradox

The need for digital smart receipts has been sensed for many many years and there are a few attempts to solve this issue by other companies. However, with the thought and the idea of a 3rd party intermediary between the seller and buyer to inevitably know what buyers are buying and what sellers are selling has a significant weight to it that no other company active in the space have talked about or are even considering as an “issue”.

The idea of saving trees and money and time via digitalizing receipts, wantedly or unwantedly, is associated with an intermediately body to somehow sit between buyers and sellers transferring receipt data in digital form and inevitably, the intermediary will be in a position to know what buyers are buying, hence resulting in buyers losing their anonymity and privacy, at least to the intermediary.

Another case of loss of privacy and anonymity when receiving receipts can be simply viewed in cases of retailers who are asking for customer details (e.g. phone numbers or email addresses) to send them a digital copy of their receipts. Irrespective of the poor experience and lack of centralized access to all receipts (e.g. in a wallet), the underlying issue in this case is that the seller (and other parties for that matter like banks or even the intermediary) have a significant stake in knowing who the buyers are what they are buying. Purchasing behaviour modelling has significant marketing value and can be used to bring customers back to stores by personalized campaigns which is what gets banks quite excited about the data.

There are conflicts and frictions between these two interests: buyers’ anonymity and privacy needs to be preserved but for them to receive individualized offers as a result of their unique purchasing behaviours and needs, their purchasing history needs to be somehow shared or known. Someone has to know or predict what you may need to be able to offer you that! We have called this the “Individualization-Privacy Paradox”.

The intriguing question is “how can one use purchase history data to individualize offers and deals without needing to know what the data actually is and who they belong to?”. The paradox is simple to understand but what people may need to know now, before they end up sacrificing their privacy for the sake of individualized buying experience through other solutions, is that the paradox can be resolved, which is what Xiippy.ai’s platform makes possible!

Significance

There are other companies actively trying to solve the receipt digitization problem without talking about the Individualization-Privacy Paradox and how they can address it.

2018’s General Data Protection Regulation (GDPR) and 2020’s California Consumer Privacy Act (CCPA) , despite being specific to citizens of the EU or California respectively, for almost all online services with a chance of having EU-based or Californian-based users is a mandatory requirement to conform to. GDPR enforces those who retain people’s information to cleanly and transparently disclose the purpose behind the retaining of information. It will all come down to a question of “trust” whether or not people are happy for an intermediary to know what they are buying or selling and that that party is not going to sell or share such invaluable information to 3rd parties, including the sellers and banks who have significant stake and interest in owning or having access to the information.

In the end, what buyers buy and the data related to their purchase history should be owned by the buyer, not the seller, nor any intermediary. What sellers have sold, without any identifying details from buyers, is part of the data that sellers already own. It is obvious sellers already log what they sell, however, they don’t know to “whom”.

Assuming that the intermediary party does promise not to share the data, considering all cybersecurity breaches that happen from time to time, the question is “Can that promise be kept despite being genuine?”. We believe the answer is a definite No. We also believe that such a promise, in any form or shape, is a case of an over-promise one cannot make and keep to the full extent.

While all of us are striving to save trees and the environments by eliminating paper receipts, we are trying to ensure we do not end up going backwards when digitizing receipts, especially when it comes to our privacy and anonymity.

There is a significant chance that paper receipts will become illegal in a number of jurisdictions and we urgently call for your support to ensure the process to eliminate paper receipts gets done the right way, the private way, the encrypted way.

High-Level Architecture

The high-level architecture of the Xiippy.ai platform has been illustrated in the following diagram.

The architecture of the Xiippy.ai platform encompasses the following products and components:

• Point of Sale (POS) Software Development Kits (SDKs):
  The tools and software libraries installed on a POS system that facilitate the transfer of data from POS systems to payers. These libraries can be called into by existing POS systems as an alternate mechanism of transferring data and are the necessary components to facilitate “integration” for existing or new POS systems.
  Through the transfer process, the Xiippy.ai platform uses cryptographic methods to digitally sign the data by both issuers and recipients whilst anonymously “marking” transactions for issuers in such a way that recipients will remain anonymous to issuers, to Xiippy.ai and to any likely attacker. The transaction marking process ensures that the same recipient always marks transactions for the same receipt issuer using the same transaction marker, enabling receipt issuers to dice and slice their version of anonymous data and extract important intelligence out of their sales data.
  For this goal to be achieved, these SDKs also upload an end-to-end-encrypted anonymously signed and marked copy of issuer’s receipts to the Business Owner's POrtal/Dashboard.
  The POS SDK uses Extended Triple Diffie-Hellman based on Curve25519 elliptic curve keys to send data to consumer devices and uses p384 elliptic curve keys to send private end-to-end encrypted data to the Business Owner's Dashboard. The issuers's version of the data that the POS SDK sends to the dashboard also includes privacy-preserving card identifiers or customer identifiers which help merchants dice and slice their transactions and connect transactions belonging to the same card or customer without having to identify customers at the counter!
• Application Programming Interfaces (APIs):
  Publicly or privately available back-ends providing functionality for end user or POS station registration or transfer of data between POS stations and recipients or saving end-to-end-encrypted receipt data in the cloud.
• Xiippy mobile apps:
  Software systems that payers may use to receive receipts from receipt issuers using Xiippy's Secure Statement Transfer protocol. These apps which are provided as progressive web apps (without requiring any installation) and native apps perform localized processing of purchase history and rewards eligibility calculations without sending private data out hence helping enable privacy-preserving rewards, federated machine learning and artificial intelligence without the compromise of privacy or having to share your private data!
• Real-time communication back-end:
  Cloud-based components that provide facilities for POS stations and mobile applications to communicate through the Internet network
• Business Owner's Portal
  A single-page web-based application utilizing client-side logic and cryptography to provide billing and account management, business intelligence and reporting features to analyse sales data, and design loyalty management and marketing campaigns, all based on the premise that Xiippy.ai will not have any access to their privately enterprise or customer data.

The data flow in and out of the Xiippy.ai platform has been illustrated in the following diagram.