Type of allocator:
What is your overall diligence process? Automated (programmatic), Market-based, or Manual (human-in-the-loop at some phase). Initial allocations to these pathways will be capped.
Manual
Amount of DataCap Requested for allocator for 12 months:
180 PiB
Is your allocator providing a unique, new, or diverse pathway to DataCap? How does this allocator differentiate itself from other applicants, new or existing?
Our strategy centered on attracting established companies possessing substantial data assets, in addition to targeting owners of smaller datasets from small and medium-sized businesses. Some of our clients are:
As a member in the Filecoin Community, I acknowledge that I must adhere to the Community Code of Conduct, as well other End User License Agreements for accessing various tools and services, such as GitHub and Slack.
Additionally, I will adhere to all local & regional laws & regulations that may relate to my role as a business partner, organization, notary, or other operating entity. *
You can read the Filecoin Code of Conduct here: https://github.com/filecoin-project/community/blob/master/CODE_OF_CONDUCT.md
Acknowledgment: Acknowledge
Cient Diligence Section:
This section pertains to client diligence processes.
Who are your target clients?
Small-scale developers or data owners,Enterprise Data Clients
Describe in as much detail as possible how you will perform due diligence on clients.
Our methodology involves a hands-on, manual approach. During the initial consultation phase, we perform comprehensive KYC procedures as part of our due diligence process.
Initial Client Engagement Assessment: We begin by assessing the client's initial request. This involves collecting fundamental information about their business operations, data storage requirements, and primary goals, aiding in the early stage analysis and background understanding of the client.
In-depth Requirement Evaluation: We then focus on thoroughly understanding the client's specific data storage needs, which includes analyzing the data's volume and nature (like sensitivity or regulatory compliance needs), and their particular service requirements, to gauge the intricacy and associated risks of their data storage demands.
Business Verification and Background Analysis: A detailed background verification of the client's business is carried out, including validation of their business registration, analysis of their ownership structure, and investigation of any historical legal disputes or controversies. Financial stability is also assessed via their financial records and credit reports. These are all covered by our Risk and Compliance Team.
Compliance and Legal Verification: We ensure the client and the storage providers adhere to all relevant legal and regulatory requirements, particularly those related to data management, privacy, and security, which is vital for clients handling sensitive or regulated data.
Risk Evaluation: We assess the potential risks of engaging with the client, including risks related to data security, legal and compliance issues, and reputation. This assessment guides our risk mitigation strategy formulation. We have 3 levels of security to this, documented in our policies, where the first line of defense will be our business unit, the second line of defense will be the legal, risk and compliance team. After both of these teams have signed off, a approving officer will sign off the onboarding of the client / storage provider partnership.
Reference Verification: Where necessary, we reach out to the client's past or present partners or service providers for references, to better understand their business ethics and standing in the industry.
Meetings and Discussions: We engage in direct, detailed discussions with the client’s key representatives, either virtually or in person. This helps in evaluating the authenticity and seriousness of their requirements, and aids in relationship building.
Review of Documentation and Agreements: Prior to finalizing any partnership, we meticulously examine all legal documents and agreements to confirm they meet our service standards and legal obligations.
Continuous Monitoring: Post client onboarding, we undertake regular reviews and monitoring to ensure sustained compliance and to swiftly manage any arising concerns.
Please specify how many questions you'll ask, and provide a brief overview of the questions.
At present, our questionnaire comprises 20+ detailed questions. These questions are crafted for our clients to supply essential information, enabling us to comprehensively address the areas previously outlined. Please refer to documents sent via Slack DM.
Will you use a 3rd-party "Know your client" (KYC) service?
Our organization possesses a dedicated Compliance Department and an internal KYC Process. Following the submission of our detailed questionnaire, this department is responsible for carrying out the due diligence process. For instance, we might utilize tools such as namescan.io in our due diligence assessments. During this process, we examine various aspects, including the nature of the data being stored, compliance with relevant jurisdictional laws, and the validity of business licenses. We also scrutinize the beneficiaries and key stakeholders of the company. Upon successful completion of the due diligence, we will move forward with technical integration and provide support to clients for data transfer.
Can any client apply to your pathway, or will you be closed to only your own internal clients? (eg: bizdev or self-referral)
Any client can apply.
How do you plan to track the rate at which DataCap is being distributed to your clients?
Our approach for tracking the allocation rate of DataCap to clients involves deploying an automated tracking mechanism. This mechanism will be responsible for collecting data pertaining to each client's DataCap usage and consolidating this information on a user-friendly dashboard for continuous monitoring.
Data Diligence
This section will cover the types of data that you expect to notarize.
As a reminder: The Filecoin Plus program defines quality data is all content that meets local regulatory requirements AND
• the data owner wants to see on the network, including private/encrypted data
• or is open and retrievable
• or demonstrates proof of concept or utility of the network, such as efforts to improve onboarding
As an operating entity in the Filecoin Community, you are required to follow all local & regional regulations relating to any data, digital and otherwise. This may include PII and data deletion requirements, as well as the storing, transmitting, or accessing of data.
Acknowledgement: Acknowledge
What type(s) of data would be applicable for your pathway?
Private Non-Profit/Social Impact,Private Commercial/Enterprise,Public Open Commercial/Enterprise,Public Open Dataset (Research/Non-Profit)
How will you verify a client's data ownership? Will you use 3rd-party KYB (know your business) service to verify enterprise clients?
Our approach to verifying a client's data ownership is both detailed and multifaceted, designed to ensure comprehensive validation while upholding the confidentiality and data protection laws. Our verification procedure consists of several key phases:
Initial Verification of Data Ownership:
We ask our clients to submit proof of ownership or legal rights to their data, such as acquisition contracts, licenses, or legal attestations.
For internally generated data, we request documents like organizational charts or process descriptions that demonstrate how the data is produced and utilized within their business.
In-House KYB Process for Enterprise Clients:
Our internal Compliance Department conducts KYB checks to verify the business's legitimacy and their lawful rights to the data.
This includes a thorough check of legal status, ownership, compliance with regulations, and reputation.
Our KYB evaluation includes risk assessments such as checks on global sanctions lists, PEP lists, and adverse media screenings.
Data Provenance Analysis:
We perform checks on the data's origin, trajectory, and lifecycle, including an examination of the client's data management history and transfer agreements.
Additional evidence is required for sensitive or regulated data to ensure compliance with laws like GDPR or HIPAA.
Client Interaction and Review:
We engage in direct discussions and meetings with clients to gain deeper insights into their data practices and resolve any uncertainties from the provided documents.
Regular Monitoring and Compliance Audits:
Continuous audits and reviews are conducted post-client onboarding to ensure ongoing adherence to data ownership and legitimacy standards.
How will you ensure the data meets local & regional legal requirements?
Our approach to ensuring data compliance with local and regional laws starts with the on-site KYB process and the completion of a KYC form, overseen by our in-house Compliance Department. Building a Compliance Framework: We perform continuous research to stay abreast of the evolving data storage, privacy, and security laws in different regions, including GDPR, CCPA, and other global data protection laws. Our team works closely with data law specialists for accurate interpretation and implementation of these regulations. Tailored compliance strategies are developed for each region, aligning our data storage solutions with specific legal standards in those areas. We provide comprehensive compliance advice for clients operating internationally, ensuring their practices are lawful in multiple jurisdictions. Educating and Consulting Clients: We proactively educate our clients on relevant legal requirements through workshops and training, supplemented by detailed compliance guides. Personalized consultation services are available for addressing complex legal compliance issues. Agreements and Audits: Our data processing and transfer agreements are robust, clearly defining responsibilities and obligations in line with local and regional laws. Regular audits and assessments are conducted to maintain compliance, with immediate rectification of any identified issues. Legal Oversight: A Data Protection Officer and a dedicated legal team oversee compliance with data-related regulations. This team also addresses any legal inquiries from clients, ensuring our policies are always up-to-date with current legal standards. By adhering to these protocols, we guarantee full compliance of client-managed data with all pertinent local and regional legal requirements, thereby protecting both our clients and our organization from legal risks. Here is our reference sheet for geographical data law. Please refer to the documents in the DM: https://docs.google.com/spreadsheets/d/1iFDTipSjd2AMn_pllor7tT44rr3njxUevYzwaPEMwCA/edit?usp=sharing
What types of data preparation will you support or require?
We offer comprehensive technical support to our clients, encompassing both integration and data preparation services. For clients handling Big Data, we provide specialized services for the physical transfer of data onto our devices. In the case of smaller clients or individual users, we facilitate data transfers through an accessible API.
What tools or methodology will you use to sample and verify the data aligns with your pathway?
Our methodology for data verification involves randomly choosing a single record to scrutinize. This process aids in confirming that the data corresponds with the client's claims regarding its type and preparation. We will also progressively allocate DataCap to the client, contingent on our verification of both the data and its efficient use of space, thereby mitigating the risk of sector-size abuse like sector padding.
Data Distribution
This section covers deal-making and data distribution.
As a reminder, the Filecoin Plus program currently defines distributed onboarding as multiple physical locations AND multiple storage provider entities to serve client requirements.
How many replicas will you require to meet programmatic requirements for distribution?
5+
What geographic or regional distribution will you require?
North America, Asia Pacific
How many Storage Provider owner/operators will you require to meet programmatic requirements for distribution?
5+
Do you require equal percentage distribution for your clients to their chosen SPs? Will you require preliminary SP distribution plans from the client before allocating any DataCap?
It is flexible and based on client's perferences, discovered through our questionaire. This question is answered in an open-ended question in our CDD form. Please refer to the document on slack.
What tooling will you use to verify client deal-making distribution?
We will use datacapstats.io
How will clients meet SP distribution requirements?
We will provide a straightforward API/SDK that enables clients to seamlessly transfer their data to a specified storage provider.
As an allocator, do you support clients that engage in deal-making with SPs utilizing a VPN?
We employ external platforms to determine if storage providers are utilizing VPN services. A key tool in this process is IPQualityScore's VPN/IP Address Check, accessible at https://www.ipqualityscore.com/vpn-ip-address-check. Additionally, we also use tools like MaxMind (https://www.maxmind.com) for enhanced verification.
DataCap Allocation Strategy
In this section, you will explain your client DataCap allocation strategy.
Keep in mind the program principle over Limited Trust Over Time. Parties, such as clients, start with a limited amount of trust and power.
Additional trust and power need to be earned over time through good-faith execution of their responsibilities and transparency of their actions.
Will you use standardized DataCap allocations to clients?
Will you use programmatic or software based allocations?
No, manually calculated & determined
What tooling will you use to construct messages and send allocations to clients?
At this stage, we are opting for personal interaction with our clients, predominantly using Slack as the platform. This will involve manually drafting messages and subsequently distributing DataCap allocations to each client.
Describe the process for granting additional DataCap to previously verified clients.
There are no plans at the moment.
Tooling & Bookkeeping
This program relies on many software tools in order to function. The Filecoin Foundation and PL have invested in many different elements of this end-to-end process, and will continue to make those tools open-sourced. Our goal is to increase adoption, and we will balance customization with efficiency.
This section will cover the various UX/UI tools for your pathway. You should think high-level (GitHub repo architecture) as well as tactical (specific bots and API endoints).
Describe in as much detail as possible the tools used for:
• client discoverability & applications
• due diligence & investigation
• bookkeeping
• on-chain message construction
• client deal-making behavior
• tracking overall allocator health
• dispute discussion & resolution
• community updates & comms
Discovering Clients & Managing Applications:
We leverage our Website and GitHub for discovery, and Discord is used extensively for managing the application workflow.
Investigation and Due Diligence:
For VPN detection, we rely on IPQualityScore (https://www.ipqualityscore.com/vpn-ip-address-check). For comprehensive checks, we also leverage MaxMind's services (https://www.maxmind.com) and Namescan.io supports our compliance verification process.
Maintaining Financial Records:
We use a custom-developed Excel sheet, programmed to suit our bookkeeping requirements.
Building On-Chain Messages:
A bespoke SDK is utilized for on-chain message construction.
Monitoring Client Dealings:
Filecoin Boost is used to track client deal-making behaviors, along with tools like Glassnode for blockchain analytics.
Overall Health Monitoring of Allocators:
A specialized Dashboard, designed in-house, helps us trace and oversee allocation activities.
Resolving Disputes:
Discord and GitHub serve as the main forums for dispute discussions and resolutions.
Community Engagement & Updates:
For community engagement and updates, we use Discord and GitHub, with an additional channel through Substack for sending out newsletters and updates.
Will you use open-source tooling from the Fil+ team?
We will use FIL+ team's Github repository.
Where will you keep your records for bookkeeping? How will you maintain transparency in your allocation decisions?
For record-keeping, our approach is to store client information on both GitHub and private email systems, as well as in our dedicated data storage facility. In terms of bookkeeping, we utilize a custom-programmed Excel sheet which is meticulously managed by our operations team. As for maintaining transparency, we plan to make a portion of the information publicly available on GitHub for community oversight and auditing purposes. The rest of the information, which is stored privately, will be accessible to the Fil+ Governance team upon request for dispute resolution or audit purposes. To request additional information, stakeholders can contact us through designated email channels.
Risk Mitigation, Auditing, Compliance
This framework ensures the responsible allocation of DataCap by conducting regular audits, enforcing strict compliance checks, and requiring allocators to maintain transparency and engage with the community. This approach safeguards the ecosystem, deters misuse, and upholds the commitment to a fair and accountable storage marketplace.
In addition to setting their own rules, each notary allocator will be responsible for managing compliance within their own pathway. You will need to audit your own clients, manage interventions (such as removing DataCap from clients and keeping records), and respond to disputes.
Describe your proposed compliance check mechanisms for your own clients.
Our client compliance strategy for DataCap allocation and monitoring is designed to uphold the highest standards of integrity in the storage marketplace. The approach encompasses:
Initial Verification and Trust Assessment:
We initiate our relationship with new clients by conducting extensive due diligence, examining their business validity, financial health, and data handling methods.
A risk-based evaluation model is utilized, where new clients receive limited DataCap that can be increased based on their compliance track record and company profile.
Routine Audits and Regular Monitoring:
We establish a regimen of check-ins and audits to oversee clients' adherence to DataCap usage rules.
Audits, whether remote or physical, aim to confirm the correlation between the data stored and the DataCap provided, and to detect any potential abuse. Audits are done once for each project undertaken and if the projects exceed 1 year time period, then the audits are done on an annual basis.
DataCap Allocation Oversight:
For monitoring DataCap distribution, we use tools like datacapstats.io and CID checker bots, keeping an eye on storage identifiers and allocation patterns.
Allocation frequency, the amount of DataCap per allocation, and client request patterns are meticulously tracked. These are monitored on a daily basis and reported in our weekly meetings.
Observing Downstream Client Activities:
Tools like the Retrievability Bot are deployed to ensure clients' data usage aligns with their allocated DataCap.
We produce regular analyses and reports during our weekly meetings to identify any abnormal or non-standard usage behaviors.
Demographic Analysis and Time-Based Metrics:
We analyze client demographics and storage patterns to personalize our compliance interventions.
We monitor the length of time clients use DataCap and their data retention practices for irregularities . These are also reported and discussed during our weekly meetings.
Intervention and Dispute Handling:
Our policy for managing non-compliance is robust, with clear protocols for remedial actions and documentation.
We have a systematic approach to dispute resolution, focused on fair and prompt settlements. Each party is given 4 weeks to complete any submission of evidence and a conclusion will be drawn by our team after all submissions have been made.
Community Transparency and Engagement:
Transparency is key in our operations, with regular community briefings on our allocation decisions.
We actively incorporate community feedback for continuous improvement of our compliance processes.
With minimal tolerance for non-compliance, especially for newer clients, our approach ensures diligent management and surveillance of DataCap distribution, effectively protecting the ecosystem from exploitation.
Describe your process for handling disputes. Highlight response times, transparency, and accountability mechanisms.
Our protocol for resolving disputes related to DataCap allocation encompasses both internal and external conflicts, focusing on efficiency, fairness, and transparency.
Initial Assessment and Response Time:
Upon receiving a dispute notification, we conduct an initial assessment within 72 hours. This initial step helps in understanding the nature of the dispute, whether it's over DataCap distribution, data compliance, or execution of storage deals.
We acknowledge the dispute with all involved parties and inform them about the estimated timeline for resolution, default to 4 weeks for each involved party to provide all supporting evidence / documents.
Information Gathering and Analysis:
Our team collects all relevant information and documentation related to the dispute. This includes communication logs, DataCap allocation records, storage deal agreements, and any other pertinent data.
We analyze this information to identify the root cause of the dispute and to assess the validity of the claims made by each party.
Dispute Resolution Meetings:
We schedule meetings with the involved parties to discuss the dispute. For internal disputes (between ourselves and our client), these meetings aim to understand each party's perspective and to find a mutually acceptable solution.
For external disputes (involving another notary or the Fil+ Governance Team), we prepare a detailed defense of our decisions, ensuring that all our actions were in compliance with the established guidelines and were transparently documented.
All these are also discussed in our weekly meetings internally.
Mediation and Conflict Resolution:
If needed, we engage in mediation to facilitate a resolution. This involves an impartial third-party mediator who helps in negotiating a solution acceptable to all parties.
Our goal is to resolve disputes amicably while upholding the principles of fairness and adherence to Filecoin network's rules and standards.
Transparency and Documentation:
Throughout the dispute resolution process, we maintain high levels of transparency. All decisions, discussions, and outcomes are documented and shared with the relevant parties and non-sensitive data will also be shared publically on github.
We also keep records of all disputes and their resolutions as part of our internal audit and compliance process.
Accountability and Review:
If the dispute resolution results in identifying any faults or errors on our part, we take full responsibility and implement corrective actions promptly.
We also review our policies and procedures post-dispute to learn and improve our processes, preventing similar issues in the future.
Community and Governance Engagement:
In cases involving the broader Filecoin community or the Fil+ Governance Team, we actively engage with the community to explain our stance and to gather feedback.
We respect the decisions made by the Fil+ Governance Team and comply with any directives issued as part of the dispute resolution.
Our dispute resolution process aims to address issues efficiently and fairly, ensuring that all parties are heard and that resolutions are in line with the overarching goals and rules of the Filecoin network.
Detail how you will announce updates to tooling, pathway guidelines, parameters, and process alterations.
At this stage, we do not have an exhaustive plan for the announcement of updates regarding our tools, pathway guidelines, or process changes. Nevertheless, we intend to make such announcements through our Discord community and on our website. This method will allow us to effectively keep all relevant parties updated on any important modifications or enhancements.
How long will you allow the community to provide feedback before implementing changes?
We plan to facilitate open online interactions through our communication channels, specifically GitHub and Discord. These platforms will be utilized to engage with the community, allowing a reasonable period for feedback before any changes are implemented. We will provide moderation and facilitation on these platforms to ensure constructive and relevant discussions, while carefully considering the feedback received to guide our decision-making process.
Regarding security, how will you structure and secure the on-chain notary address? If you will utilize a multisig, how will it be structured? Who will have administrative & signatory rights?
For our on-chain notary address, we are currently developing a security framework that involves the use of Safe Wallet for implementing a Multi-Signature system. This system is still a work in progress and requires thorough testing to ensure its robustness prior to launch. In addition to this, we're exploring business models that would permit us to automate and manage all client-related activities and conduct settlements off-chain, thereby enhancing security and operational efficiency.
Will you deploy smart contracts for program or policy procedures? If so, how will you track and fund them?
Our strategy includes the deployment of smart contracts for managing certain programmatic and policy aspects. We anticipate establishing a client-side pooled fund as the basis for these contracts. Furthermore, these contracts will be integrated with a multi-signature setup in conjunction with the designated Storage Providers. This approach is aimed at providing a secure and streamlined process for contract management.
Monetization
While the Filecoin Foundation and PL will continue to make investments into developing the program and open-sourcing tools, we are also striving to expand and encourage high levels of service and professionalism through these new Notary Allocator pathways. These pathways require increasingly complex tooling and auditing platforms, and we understand that Notaries (and the teams and organizations responsible) are making investments into building effective systems.
It is reasonable for teams building services in this marketplace to include monetization structures. Our primary guiding principles in this regard are transparency and equity. We require these monetization pathways to be clear, consistent, and auditable.
Outline your monetization models for the services you provide as a notary allocator pathway.
Our monetization strategy as a notary allocator pathway revolves around a commission-based service for market matching. Additionally, we're exploring revenue generation through lending and borrowing channels. In terms of pricing, our fees are structured to be competitive and reflective of the end-to-end services we provide, which include application review, data preparation, distribution through our data clearinghouse, and comprehensive auditing.Our long-term goal is to evolve into a market place, where people could care less about the underlying mechnism and just have an abstract layer of user experience to determine the type of storage they'd want to choose. However, as we embark on this journey, we are currently established as an individual legal entity known as Top Value. This structure allows us to effectively manage our business operations and market ventures as we transition towards a market place.
Describe your organization's structure, such as the legal entity and other business & market ventures.
Our long-term goal is to evolve into a market place, where people could care less about the underlying mechnism and just have an abstract layer of user experience to determine the type of storage they'd want to choose. However, as we embark on this journey, we are currently established as an individual legal entity known as Top Value. This structure allows us to effectively manage our business operations and market ventures as we transition towards a market place.
Where will accounting for fees be maintained?
All accounting related to our fees, including mechanisms for staking, burning, or releasing funds, will be meticulously maintained on-chain. This approach ensures transparency and allows the Fil+ Governance and other stakeholders to easily audit our monetization processes, adhering to the principles of open and accountable financial management.
If you've received DataCap allocation privileges before, please link to prior notary applications.
How are you connected to the Filecoin ecosystem? Describe your (or your organization's) Filecoin relationships, investments, or ownership.
Top Value Finance has been actively participating in FIL mining and investment since its establishment in 2021. We believe in Filecoin as an indispensable part of the next-generation Internet in storage. We went in for mining and currently hold a scale of 170 PiB (Please find details via the following link: https://1drv.ms/x/s!AqjwJGQA5GYrhEgsxPxf0JyoBpRD?e=ufpPg1). Besides that we partnered with Huobi Asset Management (Hong Kong) successfully launched an IPFS infrastructure mining fund this year,ethusiastically to make our contribution in calling on more professional investors to join the Filcoin Network developing progress. We are presently in the progress of corporating with Protocol Labs to enhance our participation in Filecoin community.
How are you estimating your client demand and pathway usage? Do you have existing clients and an onboarding funnel?
Notary Allocator Pathway Name:
Top Value Storage
Organization:
Top Value
Allocator's On-chain addresss:
f1idj2ubpu4gl7cvz7yr63gypcyzhsyg6sigk723a
Country of Operation:
Singapore
Region(s) of operation:
North America,Japan,Asia minus GCR,Greater China
Type of allocator: What is your overall diligence process? Automated (programmatic), Market-based, or Manual (human-in-the-loop at some phase). Initial allocations to these pathways will be capped.
Manual
Amount of DataCap Requested for allocator for 12 months:
180 PiB
Is your allocator providing a unique, new, or diverse pathway to DataCap? How does this allocator differentiate itself from other applicants, new or existing?
Our strategy centered on attracting established companies possessing substantial data assets, in addition to targeting owners of smaller datasets from small and medium-sized businesses. Some of our clients are:
NEW HUO TECHNOLOGY HOLDINGS LIMITED National Oceanic and Atmospheric Administration - https://github.com/filecoin-project/filecoin-plus-large-datasets/issues/1653 Zhejiang Nano Cloud Chain Technology Co., Ltd. - https://github.com/filecoin-project/filecoin-plus-large-datasets/issues/2103 SINOSOFT - https://github.com/filecoin-project/filecoin-plus-large-datasets/issues/1366 HASHFIN
HASHKING
As a member in the Filecoin Community, I acknowledge that I must adhere to the Community Code of Conduct, as well other End User License Agreements for accessing various tools and services, such as GitHub and Slack. Additionally, I will adhere to all local & regional laws & regulations that may relate to my role as a business partner, organization, notary, or other operating entity. * You can read the Filecoin Code of Conduct here: https://github.com/filecoin-project/community/blob/master/CODE_OF_CONDUCT.md
Acknowledgment: Acknowledge
Cient Diligence Section:
This section pertains to client diligence processes.
Who are your target clients?
Small-scale developers or data owners,Enterprise Data Clients
Describe in as much detail as possible how you will perform due diligence on clients.
Our methodology involves a hands-on, manual approach. During the initial consultation phase, we perform comprehensive KYC procedures as part of our due diligence process.
Initial Client Engagement Assessment: We begin by assessing the client's initial request. This involves collecting fundamental information about their business operations, data storage requirements, and primary goals, aiding in the early stage analysis and background understanding of the client. In-depth Requirement Evaluation: We then focus on thoroughly understanding the client's specific data storage needs, which includes analyzing the data's volume and nature (like sensitivity or regulatory compliance needs), and their particular service requirements, to gauge the intricacy and associated risks of their data storage demands. Business Verification and Background Analysis: A detailed background verification of the client's business is carried out, including validation of their business registration, analysis of their ownership structure, and investigation of any historical legal disputes or controversies. Financial stability is also assessed via their financial records and credit reports. These are all covered by our Risk and Compliance Team. Compliance and Legal Verification: We ensure the client and the storage providers adhere to all relevant legal and regulatory requirements, particularly those related to data management, privacy, and security, which is vital for clients handling sensitive or regulated data. Risk Evaluation: We assess the potential risks of engaging with the client, including risks related to data security, legal and compliance issues, and reputation. This assessment guides our risk mitigation strategy formulation. We have 3 levels of security to this, documented in our policies, where the first line of defense will be our business unit, the second line of defense will be the legal, risk and compliance team. After both of these teams have signed off, a approving officer will sign off the onboarding of the client / storage provider partnership. Reference Verification: Where necessary, we reach out to the client's past or present partners or service providers for references, to better understand their business ethics and standing in the industry. Meetings and Discussions: We engage in direct, detailed discussions with the client’s key representatives, either virtually or in person. This helps in evaluating the authenticity and seriousness of their requirements, and aids in relationship building. Review of Documentation and Agreements: Prior to finalizing any partnership, we meticulously examine all legal documents and agreements to confirm they meet our service standards and legal obligations. Continuous Monitoring: Post client onboarding, we undertake regular reviews and monitoring to ensure sustained compliance and to swiftly manage any arising concerns.
Please specify how many questions you'll ask, and provide a brief overview of the questions.
At present, our questionnaire comprises 20+ detailed questions. These questions are crafted for our clients to supply essential information, enabling us to comprehensively address the areas previously outlined. Please refer to documents sent via Slack DM.
Will you use a 3rd-party "Know your client" (KYC) service?
Our organization possesses a dedicated Compliance Department and an internal KYC Process. Following the submission of our detailed questionnaire, this department is responsible for carrying out the due diligence process. For instance, we might utilize tools such as namescan.io in our due diligence assessments. During this process, we examine various aspects, including the nature of the data being stored, compliance with relevant jurisdictional laws, and the validity of business licenses. We also scrutinize the beneficiaries and key stakeholders of the company. Upon successful completion of the due diligence, we will move forward with technical integration and provide support to clients for data transfer.
Can any client apply to your pathway, or will you be closed to only your own internal clients? (eg: bizdev or self-referral)
Any client can apply.
How do you plan to track the rate at which DataCap is being distributed to your clients?
Our approach for tracking the allocation rate of DataCap to clients involves deploying an automated tracking mechanism. This mechanism will be responsible for collecting data pertaining to each client's DataCap usage and consolidating this information on a user-friendly dashboard for continuous monitoring.
Data Diligence
This section will cover the types of data that you expect to notarize.
As a reminder: The Filecoin Plus program defines quality data is all content that meets local regulatory requirements AND • the data owner wants to see on the network, including private/encrypted data • or is open and retrievable • or demonstrates proof of concept or utility of the network, such as efforts to improve onboarding
As an operating entity in the Filecoin Community, you are required to follow all local & regional regulations relating to any data, digital and otherwise. This may include PII and data deletion requirements, as well as the storing, transmitting, or accessing of data.
Acknowledgement: Acknowledge
What type(s) of data would be applicable for your pathway?
Private Non-Profit/Social Impact,Private Commercial/Enterprise,Public Open Commercial/Enterprise,Public Open Dataset (Research/Non-Profit)
How will you verify a client's data ownership? Will you use 3rd-party KYB (know your business) service to verify enterprise clients?
Our approach to verifying a client's data ownership is both detailed and multifaceted, designed to ensure comprehensive validation while upholding the confidentiality and data protection laws. Our verification procedure consists of several key phases:
Initial Verification of Data Ownership: We ask our clients to submit proof of ownership or legal rights to their data, such as acquisition contracts, licenses, or legal attestations. For internally generated data, we request documents like organizational charts or process descriptions that demonstrate how the data is produced and utilized within their business. In-House KYB Process for Enterprise Clients: Our internal Compliance Department conducts KYB checks to verify the business's legitimacy and their lawful rights to the data. This includes a thorough check of legal status, ownership, compliance with regulations, and reputation. Our KYB evaluation includes risk assessments such as checks on global sanctions lists, PEP lists, and adverse media screenings. Data Provenance Analysis: We perform checks on the data's origin, trajectory, and lifecycle, including an examination of the client's data management history and transfer agreements. Additional evidence is required for sensitive or regulated data to ensure compliance with laws like GDPR or HIPAA. Client Interaction and Review: We engage in direct discussions and meetings with clients to gain deeper insights into their data practices and resolve any uncertainties from the provided documents. Regular Monitoring and Compliance Audits: Continuous audits and reviews are conducted post-client onboarding to ensure ongoing adherence to data ownership and legitimacy standards.
How will you ensure the data meets local & regional legal requirements?
Our approach to ensuring data compliance with local and regional laws starts with the on-site KYB process and the completion of a KYC form, overseen by our in-house Compliance Department. Building a Compliance Framework: We perform continuous research to stay abreast of the evolving data storage, privacy, and security laws in different regions, including GDPR, CCPA, and other global data protection laws. Our team works closely with data law specialists for accurate interpretation and implementation of these regulations. Tailored compliance strategies are developed for each region, aligning our data storage solutions with specific legal standards in those areas. We provide comprehensive compliance advice for clients operating internationally, ensuring their practices are lawful in multiple jurisdictions. Educating and Consulting Clients: We proactively educate our clients on relevant legal requirements through workshops and training, supplemented by detailed compliance guides. Personalized consultation services are available for addressing complex legal compliance issues. Agreements and Audits: Our data processing and transfer agreements are robust, clearly defining responsibilities and obligations in line with local and regional laws. Regular audits and assessments are conducted to maintain compliance, with immediate rectification of any identified issues. Legal Oversight: A Data Protection Officer and a dedicated legal team oversee compliance with data-related regulations. This team also addresses any legal inquiries from clients, ensuring our policies are always up-to-date with current legal standards. By adhering to these protocols, we guarantee full compliance of client-managed data with all pertinent local and regional legal requirements, thereby protecting both our clients and our organization from legal risks. Here is our reference sheet for geographical data law. Please refer to the documents in the DM: https://docs.google.com/spreadsheets/d/1iFDTipSjd2AMn_pllor7tT44rr3njxUevYzwaPEMwCA/edit?usp=sharing
What types of data preparation will you support or require?
We offer comprehensive technical support to our clients, encompassing both integration and data preparation services. For clients handling Big Data, we provide specialized services for the physical transfer of data onto our devices. In the case of smaller clients or individual users, we facilitate data transfers through an accessible API.
What tools or methodology will you use to sample and verify the data aligns with your pathway?
Our methodology for data verification involves randomly choosing a single record to scrutinize. This process aids in confirming that the data corresponds with the client's claims regarding its type and preparation. We will also progressively allocate DataCap to the client, contingent on our verification of both the data and its efficient use of space, thereby mitigating the risk of sector-size abuse like sector padding.
Data Distribution
This section covers deal-making and data distribution.
As a reminder, the Filecoin Plus program currently defines distributed onboarding as multiple physical locations AND multiple storage provider entities to serve client requirements.
Recommended Minimum: 3 locations, 4 to 5 storage providers, 5 copies
How many replicas will you require to meet programmatic requirements for distribution?
5+
What geographic or regional distribution will you require?
North America, Asia Pacific
How many Storage Provider owner/operators will you require to meet programmatic requirements for distribution?
5+
Do you require equal percentage distribution for your clients to their chosen SPs? Will you require preliminary SP distribution plans from the client before allocating any DataCap?
It is flexible and based on client's perferences, discovered through our questionaire. This question is answered in an open-ended question in our CDD form. Please refer to the document on slack.
What tooling will you use to verify client deal-making distribution?
We will use datacapstats.io
How will clients meet SP distribution requirements?
We will provide a straightforward API/SDK that enables clients to seamlessly transfer their data to a specified storage provider.
As an allocator, do you support clients that engage in deal-making with SPs utilizing a VPN?
We employ external platforms to determine if storage providers are utilizing VPN services. A key tool in this process is IPQualityScore's VPN/IP Address Check, accessible at https://www.ipqualityscore.com/vpn-ip-address-check. Additionally, we also use tools like MaxMind (https://www.maxmind.com) for enhanced verification.
DataCap Allocation Strategy
In this section, you will explain your client DataCap allocation strategy.
Keep in mind the program principle over Limited Trust Over Time. Parties, such as clients, start with a limited amount of trust and power. Additional trust and power need to be earned over time through good-faith execution of their responsibilities and transparency of their actions.
Will you use standardized DataCap allocations to clients?
No, client specific
Allocation Tranche Schedule to clients:
• First: 1 PiB • Second: 3 PiB • Third: 3 PiB • Fourth: 3 PiB • Max per client overall: 10 PiB
Will you use programmatic or software based allocations?
No, manually calculated & determined
What tooling will you use to construct messages and send allocations to clients?
At this stage, we are opting for personal interaction with our clients, predominantly using Slack as the platform. This will involve manually drafting messages and subsequently distributing DataCap allocations to each client.
Describe the process for granting additional DataCap to previously verified clients.
There are no plans at the moment.
Tooling & Bookkeeping
This program relies on many software tools in order to function. The Filecoin Foundation and PL have invested in many different elements of this end-to-end process, and will continue to make those tools open-sourced. Our goal is to increase adoption, and we will balance customization with efficiency.
This section will cover the various UX/UI tools for your pathway. You should think high-level (GitHub repo architecture) as well as tactical (specific bots and API endoints).
Describe in as much detail as possible the tools used for: • client discoverability & applications • due diligence & investigation • bookkeeping • on-chain message construction • client deal-making behavior • tracking overall allocator health • dispute discussion & resolution • community updates & comms
Discovering Clients & Managing Applications: We leverage our Website and GitHub for discovery, and Discord is used extensively for managing the application workflow. Investigation and Due Diligence: For VPN detection, we rely on IPQualityScore (https://www.ipqualityscore.com/vpn-ip-address-check). For comprehensive checks, we also leverage MaxMind's services (https://www.maxmind.com) and Namescan.io supports our compliance verification process. Maintaining Financial Records: We use a custom-developed Excel sheet, programmed to suit our bookkeeping requirements. Building On-Chain Messages: A bespoke SDK is utilized for on-chain message construction. Monitoring Client Dealings: Filecoin Boost is used to track client deal-making behaviors, along with tools like Glassnode for blockchain analytics. Overall Health Monitoring of Allocators: A specialized Dashboard, designed in-house, helps us trace and oversee allocation activities. Resolving Disputes: Discord and GitHub serve as the main forums for dispute discussions and resolutions. Community Engagement & Updates: For community engagement and updates, we use Discord and GitHub, with an additional channel through Substack for sending out newsletters and updates.
Will you use open-source tooling from the Fil+ team?
We will use FIL+ team's Github repository.
Where will you keep your records for bookkeeping? How will you maintain transparency in your allocation decisions?
For record-keeping, our approach is to store client information on both GitHub and private email systems, as well as in our dedicated data storage facility. In terms of bookkeeping, we utilize a custom-programmed Excel sheet which is meticulously managed by our operations team. As for maintaining transparency, we plan to make a portion of the information publicly available on GitHub for community oversight and auditing purposes. The rest of the information, which is stored privately, will be accessible to the Fil+ Governance team upon request for dispute resolution or audit purposes. To request additional information, stakeholders can contact us through designated email channels.
Risk Mitigation, Auditing, Compliance
This framework ensures the responsible allocation of DataCap by conducting regular audits, enforcing strict compliance checks, and requiring allocators to maintain transparency and engage with the community. This approach safeguards the ecosystem, deters misuse, and upholds the commitment to a fair and accountable storage marketplace.
In addition to setting their own rules, each notary allocator will be responsible for managing compliance within their own pathway. You will need to audit your own clients, manage interventions (such as removing DataCap from clients and keeping records), and respond to disputes.
Describe your proposed compliance check mechanisms for your own clients.
Our client compliance strategy for DataCap allocation and monitoring is designed to uphold the highest standards of integrity in the storage marketplace. The approach encompasses:
Initial Verification and Trust Assessment: We initiate our relationship with new clients by conducting extensive due diligence, examining their business validity, financial health, and data handling methods. A risk-based evaluation model is utilized, where new clients receive limited DataCap that can be increased based on their compliance track record and company profile. Routine Audits and Regular Monitoring: We establish a regimen of check-ins and audits to oversee clients' adherence to DataCap usage rules. Audits, whether remote or physical, aim to confirm the correlation between the data stored and the DataCap provided, and to detect any potential abuse. Audits are done once for each project undertaken and if the projects exceed 1 year time period, then the audits are done on an annual basis. DataCap Allocation Oversight: For monitoring DataCap distribution, we use tools like datacapstats.io and CID checker bots, keeping an eye on storage identifiers and allocation patterns. Allocation frequency, the amount of DataCap per allocation, and client request patterns are meticulously tracked. These are monitored on a daily basis and reported in our weekly meetings. Observing Downstream Client Activities: Tools like the Retrievability Bot are deployed to ensure clients' data usage aligns with their allocated DataCap. We produce regular analyses and reports during our weekly meetings to identify any abnormal or non-standard usage behaviors. Demographic Analysis and Time-Based Metrics: We analyze client demographics and storage patterns to personalize our compliance interventions. We monitor the length of time clients use DataCap and their data retention practices for irregularities . These are also reported and discussed during our weekly meetings. Intervention and Dispute Handling: Our policy for managing non-compliance is robust, with clear protocols for remedial actions and documentation. We have a systematic approach to dispute resolution, focused on fair and prompt settlements. Each party is given 4 weeks to complete any submission of evidence and a conclusion will be drawn by our team after all submissions have been made. Community Transparency and Engagement: Transparency is key in our operations, with regular community briefings on our allocation decisions. We actively incorporate community feedback for continuous improvement of our compliance processes. With minimal tolerance for non-compliance, especially for newer clients, our approach ensures diligent management and surveillance of DataCap distribution, effectively protecting the ecosystem from exploitation.
Describe your process for handling disputes. Highlight response times, transparency, and accountability mechanisms.
Our protocol for resolving disputes related to DataCap allocation encompasses both internal and external conflicts, focusing on efficiency, fairness, and transparency.
Initial Assessment and Response Time: Upon receiving a dispute notification, we conduct an initial assessment within 72 hours. This initial step helps in understanding the nature of the dispute, whether it's over DataCap distribution, data compliance, or execution of storage deals. We acknowledge the dispute with all involved parties and inform them about the estimated timeline for resolution, default to 4 weeks for each involved party to provide all supporting evidence / documents. Information Gathering and Analysis: Our team collects all relevant information and documentation related to the dispute. This includes communication logs, DataCap allocation records, storage deal agreements, and any other pertinent data. We analyze this information to identify the root cause of the dispute and to assess the validity of the claims made by each party. Dispute Resolution Meetings: We schedule meetings with the involved parties to discuss the dispute. For internal disputes (between ourselves and our client), these meetings aim to understand each party's perspective and to find a mutually acceptable solution. For external disputes (involving another notary or the Fil+ Governance Team), we prepare a detailed defense of our decisions, ensuring that all our actions were in compliance with the established guidelines and were transparently documented. All these are also discussed in our weekly meetings internally. Mediation and Conflict Resolution: If needed, we engage in mediation to facilitate a resolution. This involves an impartial third-party mediator who helps in negotiating a solution acceptable to all parties. Our goal is to resolve disputes amicably while upholding the principles of fairness and adherence to Filecoin network's rules and standards. Transparency and Documentation: Throughout the dispute resolution process, we maintain high levels of transparency. All decisions, discussions, and outcomes are documented and shared with the relevant parties and non-sensitive data will also be shared publically on github. We also keep records of all disputes and their resolutions as part of our internal audit and compliance process. Accountability and Review: If the dispute resolution results in identifying any faults or errors on our part, we take full responsibility and implement corrective actions promptly. We also review our policies and procedures post-dispute to learn and improve our processes, preventing similar issues in the future. Community and Governance Engagement: In cases involving the broader Filecoin community or the Fil+ Governance Team, we actively engage with the community to explain our stance and to gather feedback. We respect the decisions made by the Fil+ Governance Team and comply with any directives issued as part of the dispute resolution. Our dispute resolution process aims to address issues efficiently and fairly, ensuring that all parties are heard and that resolutions are in line with the overarching goals and rules of the Filecoin network.
Detail how you will announce updates to tooling, pathway guidelines, parameters, and process alterations.
At this stage, we do not have an exhaustive plan for the announcement of updates regarding our tools, pathway guidelines, or process changes. Nevertheless, we intend to make such announcements through our Discord community and on our website. This method will allow us to effectively keep all relevant parties updated on any important modifications or enhancements.
How long will you allow the community to provide feedback before implementing changes?
We plan to facilitate open online interactions through our communication channels, specifically GitHub and Discord. These platforms will be utilized to engage with the community, allowing a reasonable period for feedback before any changes are implemented. We will provide moderation and facilitation on these platforms to ensure constructive and relevant discussions, while carefully considering the feedback received to guide our decision-making process.
Regarding security, how will you structure and secure the on-chain notary address? If you will utilize a multisig, how will it be structured? Who will have administrative & signatory rights?
For our on-chain notary address, we are currently developing a security framework that involves the use of Safe Wallet for implementing a Multi-Signature system. This system is still a work in progress and requires thorough testing to ensure its robustness prior to launch. In addition to this, we're exploring business models that would permit us to automate and manage all client-related activities and conduct settlements off-chain, thereby enhancing security and operational efficiency.
Will you deploy smart contracts for program or policy procedures? If so, how will you track and fund them?
Our strategy includes the deployment of smart contracts for managing certain programmatic and policy aspects. We anticipate establishing a client-side pooled fund as the basis for these contracts. Furthermore, these contracts will be integrated with a multi-signature setup in conjunction with the designated Storage Providers. This approach is aimed at providing a secure and streamlined process for contract management.
Monetization
While the Filecoin Foundation and PL will continue to make investments into developing the program and open-sourcing tools, we are also striving to expand and encourage high levels of service and professionalism through these new Notary Allocator pathways. These pathways require increasingly complex tooling and auditing platforms, and we understand that Notaries (and the teams and organizations responsible) are making investments into building effective systems.
It is reasonable for teams building services in this marketplace to include monetization structures. Our primary guiding principles in this regard are transparency and equity. We require these monetization pathways to be clear, consistent, and auditable.
Outline your monetization models for the services you provide as a notary allocator pathway.
Our monetization strategy as a notary allocator pathway revolves around a commission-based service for market matching. Additionally, we're exploring revenue generation through lending and borrowing channels. In terms of pricing, our fees are structured to be competitive and reflective of the end-to-end services we provide, which include application review, data preparation, distribution through our data clearinghouse, and comprehensive auditing.Our long-term goal is to evolve into a market place, where people could care less about the underlying mechnism and just have an abstract layer of user experience to determine the type of storage they'd want to choose. However, as we embark on this journey, we are currently established as an individual legal entity known as Top Value. This structure allows us to effectively manage our business operations and market ventures as we transition towards a market place.
Describe your organization's structure, such as the legal entity and other business & market ventures.
Our long-term goal is to evolve into a market place, where people could care less about the underlying mechnism and just have an abstract layer of user experience to determine the type of storage they'd want to choose. However, as we embark on this journey, we are currently established as an individual legal entity known as Top Value. This structure allows us to effectively manage our business operations and market ventures as we transition towards a market place.
Where will accounting for fees be maintained?
All accounting related to our fees, including mechanisms for staking, burning, or releasing funds, will be meticulously maintained on-chain. This approach ensures transparency and allows the Fil+ Governance and other stakeholders to easily audit our monetization processes, adhering to the principles of open and accountable financial management.
If you've received DataCap allocation privileges before, please link to prior notary applications.
https://github.com/filecoin-project/notary-governance/issues/729
How are you connected to the Filecoin ecosystem? Describe your (or your organization's) Filecoin relationships, investments, or ownership.
Top Value Finance has been actively participating in FIL mining and investment since its establishment in 2021. We believe in Filecoin as an indispensable part of the next-generation Internet in storage. We went in for mining and currently hold a scale of 170 PiB (Please find details via the following link: https://1drv.ms/x/s!AqjwJGQA5GYrhEgsxPxf0JyoBpRD?e=ufpPg1). Besides that we partnered with Huobi Asset Management (Hong Kong) successfully launched an IPFS infrastructure mining fund this year,ethusiastically to make our contribution in calling on more professional investors to join the Filcoin Network developing progress. We are presently in the progress of corporating with Protocol Labs to enhance our participation in Filecoin community.
How are you estimating your client demand and pathway usage? Do you have existing clients and an onboarding funnel?
We have existing clients