Type of allocator:
What is your overall diligence process? Automated (programmatic), Market-based, or Manual (human-in-the-loop at some phase). Initial allocations to these pathways will be capped.
Manual
Amount of DataCap Requested for allocator for 12 months:
200 PiB
Is your allocator providing a unique, new, or diverse pathway to DataCap? How does this allocator differentiate itself from other applicants, new or existing?
We focussed on getting existing companies with big data assets as well as smaller dataset owners from small and medium size enterprises and even government entities. Some examples of our clients are:
As a member in the Filecoin Community, I acknowledge that I must adhere to the Community Code of Conduct, as well other End User License Agreements for accessing various tools and services, such as GitHub and Slack.
Additionally, I will adhere to all local & regional laws & regulations that may relate to my role as a business partner, organization, notary, or other operating entity. *
You can read the Filecoin Code of Conduct here: https://github.com/filecoin-project/community/blob/master/CODE_OF_CONDUCT.md
Acknowledgment: Acknowledge
Cient Diligence Section:
This section pertains to client diligence processes.
Who are your target clients?
Small-scale developers or data owners,Enterprise Data Clients
Describe in as much detail as possible how you will perform due diligence on clients.
We are going for the manual approach. During the consultancy phase KYC procedures are performed. Below is the approach to our due diligence coverage.
Initial Contact Assessment: We conduct an initial review of the client's inquiry, gathering basic information about their business, the nature of their data storage needs, and their overall objectives. This helps in preliminary filtering and understanding the client's background.
Requirement Analysis: We delve deeper into understanding the specific data storage requirements of the client, including volume, nature of data (such as whether it's sensitive or regulated), and specific service needs. This helps in assessing the complexity and risk associated with the data storage.
Business Verification and Background Check: We conduct a thorough background check on the client's business. This includes verifying business registration, understanding the ownership structure, and checking for any past legal issues or controversies. We also review their financial stability through available financial statements or credit reports.
Compliance and Legal Check: We ensure that the client is in compliance with relevant laws and regulations, especially those related to data handling, privacy, and security. This is crucial for clients dealing with sensitive or regulated data.
Risk Assessment: We evaluate potential risks associated with engaging the client. This includes data security risks, legal and compliance risks, and reputational risks. Based on this assessment, we decide on the necessary risk mitigation strategies.
Reference Check: If applicable, we contact previous or current partners or service providers of the client for references. This helps in understanding the client's business conduct and reputation in the industry.
Meeting and Discussion: We hold direct meetings (virtual or in-person) with key representatives of the client for detailed discussions. This helps in assessing the seriousness and genuineness of their requirements and in building a relationship.
Documentation and Agreement Review: Before finalizing any partnership, we thoroughly review all legal documents and agreements to ensure that they are in line with our service standards and legal requirements.
Ongoing Monitoring: After onboarding a client, we conduct regular reviews and monitoring to ensure ongoing compliance and to promptly address any emerging issues.
Please specify how many questions you'll ask, and provide a brief overview of the questions.
Currently, our form is about 23 questions long. The questions are for the clients to provide information so that we could cover the above mentioned areas.
Please refer to the provided document, sent on slack
Will you use a 3rd-party "Know your client" (KYC) service?
We have our own in-house Compliance Department and KYC Process. Upon completion of the above provided questionnaire, our compliance department will conduct the due diligence process. An example of the tools we could use would be namescan.io. In the due diligence check process, we would address the issues of the type of data stored. The business and the relevant jurisdiction laws applicable, whether the business has the appropriate licenses. The beneficiary and stakeholders of the company. Once due diligence has passed, we will proceed with technical integrations and support for the clients to transfer their data.
Can any client apply to your pathway, or will you be closed to only your own internal clients? (eg: bizdev or self-referral)
Any client can apply.
How do you plan to track the rate at which DataCap is being distributed to your clients?
We will have an automated flow to capture the data of each client and reflect them on a dashboard.
Data Diligence
This section will cover the types of data that you expect to notarize.
As a reminder: The Filecoin Plus program defines quality data is all content that meets local regulatory requirements AND
• the data owner wants to see on the network, including private/encrypted data
• or is open and retrievable
• or demonstrates proof of concept or utility of the network, such as efforts to improve onboarding
As an operating entity in the Filecoin Community, you are required to follow all local & regional regulations relating to any data, digital and otherwise. This may include PII and data deletion requirements, as well as the storing, transmitting, or accessing of data.
Acknowledgement: Acknowledge
What type(s) of data would be applicable for your pathway?
Public Open Dataset (Research/Non-Profit),Public Open Commercial/Enterprise,Private Commercial/Enterprise,Private Non-Profit/Social Impact
How will you verify a client's data ownership? Will you use 3rd-party KYB (know your business) service to verify enterprise clients?
Our process for verifying a client’s data ownership is meticulous and multi-faceted, ensuring thorough validation while respecting client confidentiality and data protection laws. Our verification process involves the following steps:
Initial Data Ownership Verification:
We request clients to provide documentation that proves their ownership or legitimate rights to the data they wish to store. This documentation may include data acquisition agreements, licenses, or legal attestations.
For data generated internally by the client, we may request organizational charts, process descriptions, or other relevant documents that illustrate how the data is generated and used within their operations.
KYB Process:
For enterprise clients, we have our own internal compliance department that does the KYB verification on the legitimacy of their business and their lawful right to the data.
Our Legal and Compliance department specializes in comprehensive business verification, including legal status, beneficial ownership, regulatory compliance, and reputation checks.
These KYB processes also help us assess the risk level associated with the client, including checks against global sanctions lists, Politically Exposed Persons (PEP) lists, and adverse media screenings.
Data Provenance Checks:
We conduct data provenance checks to understand the origin, movement, and lifecycle of the data. This involves reviewing the client's data management practices, historical data logs, and any relevant data transfer agreements.
For sensitive or regulated data, we may require additional evidence of compliance with relevant data protection regulations (e.g., GDPR, HIPAA).
Client Interviews and Meetings:
Direct interactions with the client, such as interviews or meetings, are conducted to gather more insights about their data handling practices and to clarify any doubts or ambiguities arising from the documentation provided.
Ongoing Monitoring and Audits:
After onboarding, we implement periodic reviews and audits to ensure continued compliance with data ownership and legitimacy. Any significant changes in the client's business or data usage are subject to additional verification checks.
By integrating these steps into our client onboarding process, we ensure a robust and reliable method for verifying data ownership. We remain adaptable to evolving regulatory requirements and technological advancements in KYB services to maintain the highest standards of client verification.
How will you ensure the data meets local & regional legal requirements?
From the onsite KYB process, we will fill up a KYC form, and this will be processed by our own Compliance Department. To ensure that the data stored and managed by our clients meets local and regional legal requirements, we have implemented a comprehensive compliance framework. This framework is designed to adapt to the diverse legal landscapes in which we and our clients operate, and includes the following key components: Legal and Regulatory Research: We conduct ongoing research to stay updated on local and regional laws and regulations pertaining to data storage, privacy, and security. This includes GDPR in Europe, CCPA in California, and other relevant data protection and cybersecurity laws worldwide. We engage with legal experts and consultants who specialize in data law to help us interpret and apply these regulations effectively. Customized Compliance Strategies: Based on our understanding of various legal requirements, we develop tailored compliance strategies for each geographic region. This involves customizing our data storage solutions to meet specific local and regional legal standards. For clients operating in multiple regions, we provide multi-jurisdictional compliance advice to ensure their data management practices are lawful across all regions. Client Education and Consultation: We actively educate our clients about the legal requirements relevant to their data and provide guidance on best practices for compliance. This includes workshops, training sessions, and detailed compliance guides. For complex scenarios, we offer personalized consultation services to address specific legal compliance challenges. Data Processing and Transfer Agreements: We use robust data processing and transfer agreements that clearly outline the responsibilities and obligations of all parties involved, ensuring compliance with local and regional laws. These agreements include clauses on data sovereignty, cross-border data transfer restrictions, and data handling requirements as per applicable laws. Regular Compliance Audits and Assessments: We conduct regular audits and assessments of our infrastructure and our clients’ data practices to ensure ongoing compliance with legal requirements. Any non-compliance issues identified during these audits are promptly addressed and rectified. Data Protection Officer (DPO) and Legal Team: We have appointed a Data Protection Officer and a dedicated legal team responsible for overseeing compliance with data-related laws and regulations. The DPO and legal team also handle any legal queries or concerns from clients and ensure that our policies and procedures are always in alignment with current legal standards. Through these measures, we ensure that the data managed and stored by our clients is in full compliance with all relevant local and regional legal requirements, thus safeguarding both our clients and our business against legal risks and liabilities. Please refer to the reference sheet for geographical data governance, sent on slack:
What types of data preparation will you support or require?
We provide all technical support to our clients, including integration services and data prep services. For Big Data Clients, we do provide services that offer a physical transfer of data to our devices. For smaller individuals, we do provide an API to do data transfers.
What tools or methodology will you use to sample and verify the data aligns with your pathway?
We will request to randomly pick 1 record for verification purposes. We will do progressive release of datacap to the client upon verifying the data and space usage.
Data Distribution
This section covers deal-making and data distribution.
As a reminder, the Filecoin Plus program currently defines distributed onboarding as multiple physical locations AND multiple storage provider entities to serve client requirements.
How many replicas will you require to meet programmatic requirements for distribution?
5+
What geographic or regional distribution will you require?
North America/Hong Kong/Japan/Thailand
How many Storage Provider owner/operators will you require to meet programmatic requirements for distribution?
5+
Do you require equal percentage distribution for your clients to their chosen SPs? Will you require preliminary SP distribution plans from the client before allocating any DataCap?
This question is answered in an open-ended question in our CDD form. Refer to slack message
What tooling will you use to verify client deal-making distribution?
We will use datacapstats.io to verify the client deal-making distribution
How will clients meet SP distribution requirements?
We will have a simple API/SDK to allow clients to transfer to a designated SP.
As an allocator, do you support clients that engage in deal-making with SPs utilizing a VPN?
Currently, there's no such support. We will use 3rd party platforms to check if the SPs are using any VPN. This is one of the resources that we would use: https://www.ipqualityscore.com/vpn-ip-address-check
DataCap Allocation Strategy
In this section, you will explain your client DataCap allocation strategy.
Keep in mind the program principle over Limited Trust Over Time. Parties, such as clients, start with a limited amount of trust and power.
Additional trust and power need to be earned over time through good-faith execution of their responsibilities and transparency of their actions.
Will you use standardized DataCap allocations to clients?
Will you use programmatic or software based allocations?
No, manually calculated & determined
What tooling will you use to construct messages and send allocations to clients?
For now, we will communicate with clients, probably on discord, manually construct messages and send allocations to clients.
Describe the process for granting additional DataCap to previously verified clients.
Currently there are no concrete plans for building tools for the subsequent allocation process.
Tooling & Bookkeeping
This program relies on many software tools in order to function. The Filecoin Foundation and PL have invested in many different elements of this end-to-end process, and will continue to make those tools open-sourced. Our goal is to increase adoption, and we will balance customization with efficiency.
This section will cover the various UX/UI tools for your pathway. You should think high-level (GitHub repo architecture) as well as tactical (specific bots and API endoints).
Describe in as much detail as possible the tools used for:
• client discoverability & applications
• due diligence & investigation
• bookkeeping
• on-chain message construction
• client deal-making behavior
• tracking overall allocator health
• dispute discussion & resolution
• community updates & comms
Will you use open-source tooling from the Fil+ team?
Yes, we will use FIL+ team's Github repository.
Where will you keep your records for bookkeeping? How will you maintain transparency in your allocation decisions?
We will store our client's information on Github and private emails and our own data storage facility. Whereas for the actual bookkeeping, we have a custom programmed excel sheet that our operations keep track of.
Risk Mitigation, Auditing, Compliance
This framework ensures the responsible allocation of DataCap by conducting regular audits, enforcing strict compliance checks, and requiring allocators to maintain transparency and engage with the community. This approach safeguards the ecosystem, deters misuse, and upholds the commitment to a fair and accountable storage marketplace.
In addition to setting their own rules, each notary allocator will be responsible for managing compliance within their own pathway. You will need to audit your own clients, manage interventions (such as removing DataCap from clients and keeping records), and respond to disputes.
Describe your proposed compliance check mechanisms for your own clients.
Our compliance check mechanism for our clients is designed to ensure responsible allocation and utilization of DataCap, maintaining the integrity of the storage marketplace. Our approach includes multiple layers of checks and balances, which are outlined as follows:
Initial Due Diligence and Trust Evaluation:
For new clients, we conduct a comprehensive due diligence process to assess their credibility and the legitimacy of their data storage needs. This includes verifying business registration, financial health, and data handling practices. Any high risk clients will be flagged and require enhanced due diligence done by the management level.
A trust evaluation system is implemented, where new clients start with a lower DataCap allocation. As they demonstrate compliance and reliability, their trust score, and consequently, their DataCap allocation, can be increased. This is currently simplistic and primarily dependent on the period of collaboration with us, < 1 year, < 2 year and > 3 year or the existing reputation of the company, whether it is a well known company in their industry etc.
Regular Check-ins and Audits:
We establish a schedule of regular bi-annual check-ins and audits with our clients. These are designed to review their DataCap usage and ensure adherence to agreed terms.
Audits are conducted both remotely and, if necessary, on-site. They focus on verifying the actual data stored against the DataCap allocated and checking for any signs of misuse or non-compliance.
DataCap Distribution Tracking:
We utilize tools like datacapstats.io / CID checker bots to monitor the distribution of DataCap. This tool helps in tracking which CIDs (Content Identifiers) are being stored, ensuring that the storage aligns with the allocated DataCap.
Metrics such as allocation frequency, size of DataCap per allocation, and the frequency of client requests are closely monitored and reported and discussed on a weekly basis.
Downstream Usage Monitoring:
We track the downstream usage of our clients using tools like Retrievability Bot. This tool helps in ensuring that the data stored is retrievable and aligns with the intended purpose of the DataCap.
Reports on a quarterly basis are generated to analyze the usage patterns and detect any anomalies or deviations from normal usage.
Client Demographics and Time Metrics Analysis:
Understanding client demographics is crucial for customizing our compliance checks and interventions. We gather and analyze data about our clients’ industries, size, and storage behavior.
Time metrics such as the duration of DataCap usage and the retention period of data are monitored and reported on a weekly basis during the same meeting mentioned above to identify any unusual patterns.
Interventions and Dispute Management:
Our policy for interventions is clear and strictly enforced. In cases of non-compliance, we are prepared to take actions such as removing DataCap and keeping detailed records of such incidents.
We have a defined process for handling disputes, ensuring timely and fair resolution. This process involves a thorough investigation and engagement with all relevant parties. Disputes are to be picked up and handled in 120 hours.
Transparency and Community Engagement:
We maintain transparency in our operations and decisions regarding DataCap allocations. Regular updates and summaries of our activities are shared with the community, on channels such as Github.
We actively engage with the community to gather feedback and insights, which helps in continuously improving our compliance mechanisms. Our public relations team holds weekly meetings to discuss, measure and brainstorm new engagement ideas.
Our tolerance level for non-compliance is minimal, especially for new clients, as we are committed to upholding the highest standards of responsibility and fairness in the storage marketplace. This comprehensive compliance check mechanism mentioned ensures effective management and monitoring of DataCap distribution and utilization, safeguarding the ecosystem from misuse.
Describe your process for handling disputes. Highlight response times, transparency, and accountability mechanisms.
Initial Assessment and Response Time:
Upon receiving a dispute notification, we conduct an initial assessment within 120 hours. This initial step helps in understanding the nature of the dispute, whether it's over DataCap distribution, data compliance, or execution of storage deals.
We acknowledge the dispute with all involved parties and inform them about the estimated timeline for resolution.
Information Gathering and Analysis:
Our team collects all relevant information and documentation related to the dispute. This includes communication logs, DataCap allocation records, storage deal agreements, and any other pertinent data.
We analyze this information to identify the root cause of the dispute and to assess the validity of the claims made by each party.
Dispute Resolution Meetings:
We schedule meetings with the involved parties to discuss the dispute. For internal disputes (between ourselves and our client), these meetings aim to understand each party's perspective and to find a mutually acceptable solution.
For external disputes (involving another notary or the Fil+ Governance Team), we prepare a detailed defense of our decisions, ensuring that all our actions were in compliance with the established guidelines and were transparently documented.
Mediation and Conflict Resolution:
If needed, we engage in mediation to facilitate a resolution. This involves an impartial third-party mediator who helps in negotiating a solution acceptable to all parties.
Our goal is to resolve disputes amicably while upholding the principles of fairness and adherence to Filecoin network's rules and standards.
Transparency and Documentation:
Throughout the dispute resolution process, we maintain high levels of transparency. All decisions, discussions, and outcomes are documented and shared with the relevant parties and non-sensitive data will also be shared publically on github.
We also keep records of all disputes and their resolutions as part of our internal audit and compliance process.
Accountability and Review:
If the dispute resolution results in identifying any faults or errors on our part, we take full responsibility and implement corrective actions promptly.
We also review our policies and procedures post-dispute to learn and improve our processes, preventing similar issues in the future.
Community and Governance Engagement:
In cases involving the broader Filecoin community or the Fil+ Governance Team, we actively engage with the community to explain our stance and to gather feedback.
We respect the decisions made by the Fil+ Governance Team and comply with any directives issued as part of the dispute resolution.
Our dispute resolution process aims to address issues efficiently and fairly, ensuring that all parties are heard and that resolutions are in line with the overarching goals and rules of the Filecoin network.
Detail how you will announce updates to tooling, pathway guidelines, parameters, and process alterations.
We have no such detailed plans at the moment. But they will probably be announced to our Discord / Website.
How long will you allow the community to provide feedback before implementing changes?
We will allow open online communications to our media channels, Github / Discord.
Regarding security, how will you structure and secure the on-chain notary address? If you will utilize a multisig, how will it be structured? Who will have administrative & signatory rights?
We will use the Safe Wallet for Multi-Signature within our framework. This is Work in Progress and it needs to be battle tested before launch. However, there are business considerations that allow us to handle everything for the client and have a settlement off-chain.
Will you deploy smart contracts for program or policy procedures? If so, how will you track and fund them?
We will deploy smart contracts. It will probably be a case where there is a pooled set-up from the client's side. And then a multisignature integration with the allocated SPs.
Monetization
While the Filecoin Foundation and PL will continue to make investments into developing the program and open-sourcing tools, we are also striving to expand and encourage high levels of service and professionalism through these new Notary Allocator pathways. These pathways require increasingly complex tooling and auditing platforms, and we understand that Notaries (and the teams and organizations responsible) are making investments into building effective systems.
It is reasonable for teams building services in this marketplace to include monetization structures. Our primary guiding principles in this regard are transparency and equity. We require these monetization pathways to be clear, consistent, and auditable.
Outline your monetization models for the services you provide as a notary allocator pathway.
Our business model is centered on a commission-based approach for our notary allocator services in market matching. In addition to this, we will also be introducing lending and borrowing services as new sources of income. Our pricing strategy for various offerings, such as application handling, data management, distribution through our data clearinghouse, and auditing services, is designed to be competitive with industry norms, ensuring that our clients receive both quality and value.
Describe your organization's structure, such as the legal entity and other business & market ventures.
We aspire to be a DAO organizational structure eventually for a marketplace for storage space and possibly an all rounded system provider for the growing AI community. But currently we will just start off with an individual entity, origin storage.
Where will accounting for fees be maintained?
It will be maintained on-chain.
If you've received DataCap allocation privileges before, please link to prior notary applications.
Notary Allocator Pathway Name:
Future Storage
Organization:
Origin Storage
Allocator's On-chain addresss:
f1yi7cv6evxqzgtsqab234h24qdhheasiwy2zjsfq
Country of Operation:
Singapore
Region(s) of operation:
North America,Asia minus GCR,Japan
Type of allocator: What is your overall diligence process? Automated (programmatic), Market-based, or Manual (human-in-the-loop at some phase). Initial allocations to these pathways will be capped.
Manual
Amount of DataCap Requested for allocator for 12 months:
200 PiB
Is your allocator providing a unique, new, or diverse pathway to DataCap? How does this allocator differentiate itself from other applicants, new or existing?
We focussed on getting existing companies with big data assets as well as smaller dataset owners from small and medium size enterprises and even government entities. Some examples of our clients are:
NOAA Rapid Refresh (RAP) - https://github.com/filecoin-project/filecoin-plus-large-datasets/issues/1607 National Oceanic and Atmospheric Administration - https://github.com/filecoin-project/filecoin-plus-large-datasets/issues/1660 UCLA Center for Climate Science - https://github.com/filecoin-project/filecoin-plus-large-datasets/issues/2225 Johns Hopkins University Applied Physics Laboratory - https://github.com/filecoin-project/filecoin-plus-large-datasets/issues/1661 Nanyang Technological University (Singapore Local University) TONG HUA HOLDINGS (Thailand Listed Company, 60 years)
As a member in the Filecoin Community, I acknowledge that I must adhere to the Community Code of Conduct, as well other End User License Agreements for accessing various tools and services, such as GitHub and Slack. Additionally, I will adhere to all local & regional laws & regulations that may relate to my role as a business partner, organization, notary, or other operating entity. * You can read the Filecoin Code of Conduct here: https://github.com/filecoin-project/community/blob/master/CODE_OF_CONDUCT.md
Acknowledgment: Acknowledge
Cient Diligence Section:
This section pertains to client diligence processes.
Who are your target clients?
Small-scale developers or data owners,Enterprise Data Clients
Describe in as much detail as possible how you will perform due diligence on clients.
We are going for the manual approach. During the consultancy phase KYC procedures are performed. Below is the approach to our due diligence coverage.
Initial Contact Assessment: We conduct an initial review of the client's inquiry, gathering basic information about their business, the nature of their data storage needs, and their overall objectives. This helps in preliminary filtering and understanding the client's background. Requirement Analysis: We delve deeper into understanding the specific data storage requirements of the client, including volume, nature of data (such as whether it's sensitive or regulated), and specific service needs. This helps in assessing the complexity and risk associated with the data storage. Business Verification and Background Check: We conduct a thorough background check on the client's business. This includes verifying business registration, understanding the ownership structure, and checking for any past legal issues or controversies. We also review their financial stability through available financial statements or credit reports. Compliance and Legal Check: We ensure that the client is in compliance with relevant laws and regulations, especially those related to data handling, privacy, and security. This is crucial for clients dealing with sensitive or regulated data. Risk Assessment: We evaluate potential risks associated with engaging the client. This includes data security risks, legal and compliance risks, and reputational risks. Based on this assessment, we decide on the necessary risk mitigation strategies. Reference Check: If applicable, we contact previous or current partners or service providers of the client for references. This helps in understanding the client's business conduct and reputation in the industry. Meeting and Discussion: We hold direct meetings (virtual or in-person) with key representatives of the client for detailed discussions. This helps in assessing the seriousness and genuineness of their requirements and in building a relationship. Documentation and Agreement Review: Before finalizing any partnership, we thoroughly review all legal documents and agreements to ensure that they are in line with our service standards and legal requirements. Ongoing Monitoring: After onboarding a client, we conduct regular reviews and monitoring to ensure ongoing compliance and to promptly address any emerging issues.
Please specify how many questions you'll ask, and provide a brief overview of the questions.
Currently, our form is about 23 questions long. The questions are for the clients to provide information so that we could cover the above mentioned areas.
Please refer to the provided document, sent on slack
Will you use a 3rd-party "Know your client" (KYC) service?
We have our own in-house Compliance Department and KYC Process. Upon completion of the above provided questionnaire, our compliance department will conduct the due diligence process. An example of the tools we could use would be namescan.io. In the due diligence check process, we would address the issues of the type of data stored. The business and the relevant jurisdiction laws applicable, whether the business has the appropriate licenses. The beneficiary and stakeholders of the company. Once due diligence has passed, we will proceed with technical integrations and support for the clients to transfer their data.
Can any client apply to your pathway, or will you be closed to only your own internal clients? (eg: bizdev or self-referral)
Any client can apply.
How do you plan to track the rate at which DataCap is being distributed to your clients?
We will have an automated flow to capture the data of each client and reflect them on a dashboard.
Data Diligence
This section will cover the types of data that you expect to notarize.
As a reminder: The Filecoin Plus program defines quality data is all content that meets local regulatory requirements AND • the data owner wants to see on the network, including private/encrypted data • or is open and retrievable • or demonstrates proof of concept or utility of the network, such as efforts to improve onboarding
As an operating entity in the Filecoin Community, you are required to follow all local & regional regulations relating to any data, digital and otherwise. This may include PII and data deletion requirements, as well as the storing, transmitting, or accessing of data.
Acknowledgement: Acknowledge
What type(s) of data would be applicable for your pathway?
Public Open Dataset (Research/Non-Profit),Public Open Commercial/Enterprise,Private Commercial/Enterprise,Private Non-Profit/Social Impact
How will you verify a client's data ownership? Will you use 3rd-party KYB (know your business) service to verify enterprise clients?
Our process for verifying a client’s data ownership is meticulous and multi-faceted, ensuring thorough validation while respecting client confidentiality and data protection laws. Our verification process involves the following steps:
Initial Data Ownership Verification: We request clients to provide documentation that proves their ownership or legitimate rights to the data they wish to store. This documentation may include data acquisition agreements, licenses, or legal attestations. For data generated internally by the client, we may request organizational charts, process descriptions, or other relevant documents that illustrate how the data is generated and used within their operations. KYB Process: For enterprise clients, we have our own internal compliance department that does the KYB verification on the legitimacy of their business and their lawful right to the data. Our Legal and Compliance department specializes in comprehensive business verification, including legal status, beneficial ownership, regulatory compliance, and reputation checks. These KYB processes also help us assess the risk level associated with the client, including checks against global sanctions lists, Politically Exposed Persons (PEP) lists, and adverse media screenings. Data Provenance Checks: We conduct data provenance checks to understand the origin, movement, and lifecycle of the data. This involves reviewing the client's data management practices, historical data logs, and any relevant data transfer agreements. For sensitive or regulated data, we may require additional evidence of compliance with relevant data protection regulations (e.g., GDPR, HIPAA). Client Interviews and Meetings: Direct interactions with the client, such as interviews or meetings, are conducted to gather more insights about their data handling practices and to clarify any doubts or ambiguities arising from the documentation provided. Ongoing Monitoring and Audits: After onboarding, we implement periodic reviews and audits to ensure continued compliance with data ownership and legitimacy. Any significant changes in the client's business or data usage are subject to additional verification checks.
By integrating these steps into our client onboarding process, we ensure a robust and reliable method for verifying data ownership. We remain adaptable to evolving regulatory requirements and technological advancements in KYB services to maintain the highest standards of client verification.
How will you ensure the data meets local & regional legal requirements?
From the onsite KYB process, we will fill up a KYC form, and this will be processed by our own Compliance Department. To ensure that the data stored and managed by our clients meets local and regional legal requirements, we have implemented a comprehensive compliance framework. This framework is designed to adapt to the diverse legal landscapes in which we and our clients operate, and includes the following key components: Legal and Regulatory Research: We conduct ongoing research to stay updated on local and regional laws and regulations pertaining to data storage, privacy, and security. This includes GDPR in Europe, CCPA in California, and other relevant data protection and cybersecurity laws worldwide. We engage with legal experts and consultants who specialize in data law to help us interpret and apply these regulations effectively. Customized Compliance Strategies: Based on our understanding of various legal requirements, we develop tailored compliance strategies for each geographic region. This involves customizing our data storage solutions to meet specific local and regional legal standards. For clients operating in multiple regions, we provide multi-jurisdictional compliance advice to ensure their data management practices are lawful across all regions. Client Education and Consultation: We actively educate our clients about the legal requirements relevant to their data and provide guidance on best practices for compliance. This includes workshops, training sessions, and detailed compliance guides. For complex scenarios, we offer personalized consultation services to address specific legal compliance challenges. Data Processing and Transfer Agreements: We use robust data processing and transfer agreements that clearly outline the responsibilities and obligations of all parties involved, ensuring compliance with local and regional laws. These agreements include clauses on data sovereignty, cross-border data transfer restrictions, and data handling requirements as per applicable laws. Regular Compliance Audits and Assessments: We conduct regular audits and assessments of our infrastructure and our clients’ data practices to ensure ongoing compliance with legal requirements. Any non-compliance issues identified during these audits are promptly addressed and rectified. Data Protection Officer (DPO) and Legal Team: We have appointed a Data Protection Officer and a dedicated legal team responsible for overseeing compliance with data-related laws and regulations. The DPO and legal team also handle any legal queries or concerns from clients and ensure that our policies and procedures are always in alignment with current legal standards. Through these measures, we ensure that the data managed and stored by our clients is in full compliance with all relevant local and regional legal requirements, thus safeguarding both our clients and our business against legal risks and liabilities. Please refer to the reference sheet for geographical data governance, sent on slack:
What types of data preparation will you support or require?
We provide all technical support to our clients, including integration services and data prep services. For Big Data Clients, we do provide services that offer a physical transfer of data to our devices. For smaller individuals, we do provide an API to do data transfers.
What tools or methodology will you use to sample and verify the data aligns with your pathway?
We will request to randomly pick 1 record for verification purposes. We will do progressive release of datacap to the client upon verifying the data and space usage.
Data Distribution
This section covers deal-making and data distribution.
As a reminder, the Filecoin Plus program currently defines distributed onboarding as multiple physical locations AND multiple storage provider entities to serve client requirements.
Recommended Minimum: 3 locations, 4 to 5 storage providers, 5 copies
How many replicas will you require to meet programmatic requirements for distribution?
5+
What geographic or regional distribution will you require?
North America/Hong Kong/Japan/Thailand
How many Storage Provider owner/operators will you require to meet programmatic requirements for distribution?
5+
Do you require equal percentage distribution for your clients to their chosen SPs? Will you require preliminary SP distribution plans from the client before allocating any DataCap?
This question is answered in an open-ended question in our CDD form. Refer to slack message
What tooling will you use to verify client deal-making distribution?
We will use datacapstats.io to verify the client deal-making distribution
How will clients meet SP distribution requirements?
We will have a simple API/SDK to allow clients to transfer to a designated SP.
As an allocator, do you support clients that engage in deal-making with SPs utilizing a VPN?
Currently, there's no such support. We will use 3rd party platforms to check if the SPs are using any VPN. This is one of the resources that we would use: https://www.ipqualityscore.com/vpn-ip-address-check
DataCap Allocation Strategy
In this section, you will explain your client DataCap allocation strategy.
Keep in mind the program principle over Limited Trust Over Time. Parties, such as clients, start with a limited amount of trust and power. Additional trust and power need to be earned over time through good-faith execution of their responsibilities and transparency of their actions.
Will you use standardized DataCap allocations to clients?
No, client specific
Allocation Tranche Schedule to clients:
• First: 1 PiB • Second: 2 PiB • Third: 2 PiB • Fourth: 2 PiB • Fifth: 2 PiB • Sixth: 2 PiB • Max per client overall: 10 PiB
Will you use programmatic or software based allocations?
No, manually calculated & determined
What tooling will you use to construct messages and send allocations to clients?
For now, we will communicate with clients, probably on discord, manually construct messages and send allocations to clients.
Describe the process for granting additional DataCap to previously verified clients.
Currently there are no concrete plans for building tools for the subsequent allocation process.
Tooling & Bookkeeping
This program relies on many software tools in order to function. The Filecoin Foundation and PL have invested in many different elements of this end-to-end process, and will continue to make those tools open-sourced. Our goal is to increase adoption, and we will balance customization with efficiency.
This section will cover the various UX/UI tools for your pathway. You should think high-level (GitHub repo architecture) as well as tactical (specific bots and API endoints).
Describe in as much detail as possible the tools used for: • client discoverability & applications • due diligence & investigation • bookkeeping • on-chain message construction • client deal-making behavior • tracking overall allocator health • dispute discussion & resolution • community updates & comms
client discoverability & applications: Website / GitHub / Discord(for application process) due diligence & investigation: VPN: https://www.ipqualityscore.com/vpn-ip-address-check Compliance Department Software: Namescan.io Bookkeeping: Customized Programmed Excel Sheet. on-chain message construction: Custom SDK client deal-making behavior: Filecoin Boost community updates & comms: Discord tracking overall allocator health: Custom Dashboard: To trace and monitor allocations. dispute discussion & resolution: Discord / Github community updates & comms: Discord / Github
Will you use open-source tooling from the Fil+ team?
Yes, we will use FIL+ team's Github repository.
Where will you keep your records for bookkeeping? How will you maintain transparency in your allocation decisions?
We will store our client's information on Github and private emails and our own data storage facility. Whereas for the actual bookkeeping, we have a custom programmed excel sheet that our operations keep track of.
Risk Mitigation, Auditing, Compliance
This framework ensures the responsible allocation of DataCap by conducting regular audits, enforcing strict compliance checks, and requiring allocators to maintain transparency and engage with the community. This approach safeguards the ecosystem, deters misuse, and upholds the commitment to a fair and accountable storage marketplace.
In addition to setting their own rules, each notary allocator will be responsible for managing compliance within their own pathway. You will need to audit your own clients, manage interventions (such as removing DataCap from clients and keeping records), and respond to disputes.
Describe your proposed compliance check mechanisms for your own clients.
Our compliance check mechanism for our clients is designed to ensure responsible allocation and utilization of DataCap, maintaining the integrity of the storage marketplace. Our approach includes multiple layers of checks and balances, which are outlined as follows: Initial Due Diligence and Trust Evaluation: For new clients, we conduct a comprehensive due diligence process to assess their credibility and the legitimacy of their data storage needs. This includes verifying business registration, financial health, and data handling practices. Any high risk clients will be flagged and require enhanced due diligence done by the management level. A trust evaluation system is implemented, where new clients start with a lower DataCap allocation. As they demonstrate compliance and reliability, their trust score, and consequently, their DataCap allocation, can be increased. This is currently simplistic and primarily dependent on the period of collaboration with us, < 1 year, < 2 year and > 3 year or the existing reputation of the company, whether it is a well known company in their industry etc. Regular Check-ins and Audits: We establish a schedule of regular bi-annual check-ins and audits with our clients. These are designed to review their DataCap usage and ensure adherence to agreed terms. Audits are conducted both remotely and, if necessary, on-site. They focus on verifying the actual data stored against the DataCap allocated and checking for any signs of misuse or non-compliance. DataCap Distribution Tracking: We utilize tools like datacapstats.io / CID checker bots to monitor the distribution of DataCap. This tool helps in tracking which CIDs (Content Identifiers) are being stored, ensuring that the storage aligns with the allocated DataCap. Metrics such as allocation frequency, size of DataCap per allocation, and the frequency of client requests are closely monitored and reported and discussed on a weekly basis. Downstream Usage Monitoring: We track the downstream usage of our clients using tools like Retrievability Bot. This tool helps in ensuring that the data stored is retrievable and aligns with the intended purpose of the DataCap. Reports on a quarterly basis are generated to analyze the usage patterns and detect any anomalies or deviations from normal usage. Client Demographics and Time Metrics Analysis: Understanding client demographics is crucial for customizing our compliance checks and interventions. We gather and analyze data about our clients’ industries, size, and storage behavior. Time metrics such as the duration of DataCap usage and the retention period of data are monitored and reported on a weekly basis during the same meeting mentioned above to identify any unusual patterns. Interventions and Dispute Management: Our policy for interventions is clear and strictly enforced. In cases of non-compliance, we are prepared to take actions such as removing DataCap and keeping detailed records of such incidents. We have a defined process for handling disputes, ensuring timely and fair resolution. This process involves a thorough investigation and engagement with all relevant parties. Disputes are to be picked up and handled in 120 hours. Transparency and Community Engagement: We maintain transparency in our operations and decisions regarding DataCap allocations. Regular updates and summaries of our activities are shared with the community, on channels such as Github. We actively engage with the community to gather feedback and insights, which helps in continuously improving our compliance mechanisms. Our public relations team holds weekly meetings to discuss, measure and brainstorm new engagement ideas. Our tolerance level for non-compliance is minimal, especially for new clients, as we are committed to upholding the highest standards of responsibility and fairness in the storage marketplace. This comprehensive compliance check mechanism mentioned ensures effective management and monitoring of DataCap distribution and utilization, safeguarding the ecosystem from misuse.
Describe your process for handling disputes. Highlight response times, transparency, and accountability mechanisms.
Initial Assessment and Response Time: Upon receiving a dispute notification, we conduct an initial assessment within 120 hours. This initial step helps in understanding the nature of the dispute, whether it's over DataCap distribution, data compliance, or execution of storage deals. We acknowledge the dispute with all involved parties and inform them about the estimated timeline for resolution. Information Gathering and Analysis: Our team collects all relevant information and documentation related to the dispute. This includes communication logs, DataCap allocation records, storage deal agreements, and any other pertinent data. We analyze this information to identify the root cause of the dispute and to assess the validity of the claims made by each party. Dispute Resolution Meetings: We schedule meetings with the involved parties to discuss the dispute. For internal disputes (between ourselves and our client), these meetings aim to understand each party's perspective and to find a mutually acceptable solution. For external disputes (involving another notary or the Fil+ Governance Team), we prepare a detailed defense of our decisions, ensuring that all our actions were in compliance with the established guidelines and were transparently documented. Mediation and Conflict Resolution: If needed, we engage in mediation to facilitate a resolution. This involves an impartial third-party mediator who helps in negotiating a solution acceptable to all parties. Our goal is to resolve disputes amicably while upholding the principles of fairness and adherence to Filecoin network's rules and standards. Transparency and Documentation: Throughout the dispute resolution process, we maintain high levels of transparency. All decisions, discussions, and outcomes are documented and shared with the relevant parties and non-sensitive data will also be shared publically on github. We also keep records of all disputes and their resolutions as part of our internal audit and compliance process. Accountability and Review: If the dispute resolution results in identifying any faults or errors on our part, we take full responsibility and implement corrective actions promptly. We also review our policies and procedures post-dispute to learn and improve our processes, preventing similar issues in the future. Community and Governance Engagement: In cases involving the broader Filecoin community or the Fil+ Governance Team, we actively engage with the community to explain our stance and to gather feedback. We respect the decisions made by the Fil+ Governance Team and comply with any directives issued as part of the dispute resolution. Our dispute resolution process aims to address issues efficiently and fairly, ensuring that all parties are heard and that resolutions are in line with the overarching goals and rules of the Filecoin network.
Detail how you will announce updates to tooling, pathway guidelines, parameters, and process alterations.
We have no such detailed plans at the moment. But they will probably be announced to our Discord / Website.
How long will you allow the community to provide feedback before implementing changes?
We will allow open online communications to our media channels, Github / Discord.
Regarding security, how will you structure and secure the on-chain notary address? If you will utilize a multisig, how will it be structured? Who will have administrative & signatory rights?
We will use the Safe Wallet for Multi-Signature within our framework. This is Work in Progress and it needs to be battle tested before launch. However, there are business considerations that allow us to handle everything for the client and have a settlement off-chain.
Will you deploy smart contracts for program or policy procedures? If so, how will you track and fund them?
We will deploy smart contracts. It will probably be a case where there is a pooled set-up from the client's side. And then a multisignature integration with the allocated SPs.
Monetization
While the Filecoin Foundation and PL will continue to make investments into developing the program and open-sourcing tools, we are also striving to expand and encourage high levels of service and professionalism through these new Notary Allocator pathways. These pathways require increasingly complex tooling and auditing platforms, and we understand that Notaries (and the teams and organizations responsible) are making investments into building effective systems.
It is reasonable for teams building services in this marketplace to include monetization structures. Our primary guiding principles in this regard are transparency and equity. We require these monetization pathways to be clear, consistent, and auditable.
Outline your monetization models for the services you provide as a notary allocator pathway.
Our business model is centered on a commission-based approach for our notary allocator services in market matching. In addition to this, we will also be introducing lending and borrowing services as new sources of income. Our pricing strategy for various offerings, such as application handling, data management, distribution through our data clearinghouse, and auditing services, is designed to be competitive with industry norms, ensuring that our clients receive both quality and value.
Describe your organization's structure, such as the legal entity and other business & market ventures.
We aspire to be a DAO organizational structure eventually for a marketplace for storage space and possibly an all rounded system provider for the growing AI community. But currently we will just start off with an individual entity, origin storage.
Where will accounting for fees be maintained?
It will be maintained on-chain.
If you've received DataCap allocation privileges before, please link to prior notary applications.
https://github.com/filecoin-project/notary-governance/issues/710 https://github.com/filecoin-project/notary-governance/issues/452
How are you connected to the Filecoin ecosystem? Describe your (or your organization's) Filecoin relationships, investments, or ownership.
We are one of the larger storage providers.
How are you estimating your client demand and pathway usage? Do you have existing clients and an onboarding funnel?
We have our existing clients