[Allocator Application] <Top Value>< top-value-storage> PR #120

[martapiekarska]

Allocator Application

Application Number

recZRYxn1FgzBjyIN

Organization Name

Top Value

Organization On-chain Identity

f1tbd632f6w62glfaf7wjpimacbnjiz26poyoes2q

Allocator Pathway Name

top-value-storage

Github PR Number

120

Region of Operation

Africa,Asia minus GCR,Europe,Greater China Region,North America,Oceania,South America

GitHub ID

TVLimited

On-chain address

I have a multisig I want to provide now

Type of Allocator

Similar to existing allocator pathways

Filecoin Community Agreement

As a member in the Filecoin Community, I acknowledge that I must adhere to the Community Code of Conduct, as well other End User License Agreements for accessing various tools and services, such as GitHub and Slack. Additionally, I will adhere to all local & regional laws & regulations that may relate to my role as a business partner, organization, notary, allocator, or other operating entity Acknowledge

Type of Allocator and RFA List

RFA: Market-based - Client/SP Fees

Allocator Description

We are like a market based project. While we have existing partnerships with storage providers and may run our own storage providing services to service our clients, we mainly help to bridge and match the storage seekers with the storage providers.

Contributions to EcosystemOnboard >10PiBs of Data,Build better data onboarding pathway,Produce educational materials,Data Stewardship: Curate and provide high-quality datasets to be stored on the Filecoin network, enhancing the overall value and utility of the network.

Monetization and Fee structure

Client fees,SP fees,Client staking,Block rewards, pools.

Target Clients

Web3 developers,Nonprofit organizations,Commercial/Enterprise,Individuals,Open/Public

Client Diligence Check

3rd party Know your business (KYB) service,3rd party Know your customer (KYC) service,Client promise/attestation,NDA with additional verification,Manual verification

Description of client diligence

Without loss of generality, our methodology involving a hands-on manual approach applies to both the SPs and the clients we are onboarding. During the initial consultation phase, we perform comprehensive KYC procedures as part of our due diligence process.

Initial Client Engagement Assessment: We begin by assessing the client's initial request. This involves collecting fundamental information about their business operations, data storage requirements, and primary goals, aiding in the early stage analysis and background understanding of the client. In-depth Requirement Evaluation: We then focus on thoroughly understanding the client's specific data storage needs, which includes analyzing the data's volume and nature (like sensitivity or regulatory compliance needs), and their particular service requirements, to gauge the intricacy and associated risks of their data storage demands. Business Verification and Background Analysis: A detailed background verification of the client's business is carried out, including validation of their business registration, analysis of their ownership structure, and investigation of any historical legal disputes or controversies. Financial stability is also assessed via their financial records and credit reports. These are all covered by our Risk and Compliance Team. Compliance and Legal Verification: We ensure the client and the storage providers adhere to all relevant legal and regulatory requirements, particularly those related to data management, privacy, and security, which is vital for clients handling sensitive or regulated data. Risk Evaluation: We assess the potential risks of engaging with the client, including risks related to data security, legal and compliance issues, and reputation. This assessment guides our risk mitigation strategy formulation. We have 3 levels of security to this, documented in our policies, where the first line of defense will be our business unit, the second line of defense will be the legal, risk and compliance team. After both of these teams have signed off, a approving officer will sign off the onboarding of the client / storage provider partnership. Reference Verification: Where necessary, we reach out to the client's past or present partners or service providers for references, to better understand their business ethics and standing in the industry. Meetings and Discussions: We engage in direct, detailed discussions with the client’s key representatives, either virtually or in person. This helps in evaluating the authenticity and seriousness of their requirements, and aids in relationship building. Review of Documentation and Agreements: Prior to finalizing any partnership, we meticulously examine all legal documents and agreements to confirm they meet our service standards and legal obligations. Continuous Monitoring: Post client onboarding, we undertake regular reviews and monitoring to ensure sustained compliance and to swiftly manage any arising concerns.

In addition, we strongly encourage our clients to utilize the new KYC tools introduced by Filecoin. Clients can complete their KYC by visiting the GitHub issue and submitting their information there. While we aim to have all clients use this system, we understand that some larger, traditional web2.0 clients may find it challenging. To facilitate this, we have set up a basic KYC information section in our GitHub repository. This section contains comments and basic client information to aid in data cap allocation client diligence issues.

All employees are required to leave comments on both the KYC issue and the client application before any further actions are taken. We have established roles for checkers and signers. Signers must monitor the GitHub repository for checker's comments before taking action, while checkers need to watch for new applications or comments and respond accordingly.

Reference to KYC form: Go to https://github.com/TVLimited/top-value-storage/issues and create a new issue.

Type of data

Private encrypted with on-chain deal pricing,Public, open, and retrievable,Proof of concept, network utilities

Description of Data Diligence

Our approach to verifying a client's data ownership is both detailed and multifaceted, designed to ensure comprehensive validation while upholding the confidentiality and data protection laws. Our verification procedure consists of several key phases:

Initial Verification of Data Ownership: We ask our clients to submit proof of ownership or legal rights to their data, such as acquisition contracts, licenses, or legal attestations. For internally generated data, we request documents like organizational charts or process descriptions that demonstrate how the data is produced and utilized within their business. In-House KYB Process for Enterprise Clients: Our internal Compliance Department conducts KYB checks to verify the business's legitimacy and their lawful rights to the data. This includes a thorough check of legal status, ownership, compliance with regulations, and reputation. Our KYB evaluation includes risk assessments such as checks on global sanctions lists, PEP lists, and adverse media screenings.

We have created a KYC form: Go to https://github.com/TVLimited/top-value-storage/issues and create a new KYC issue. We have also created a KYB form for our SPs: Go to https://github.com/TVLimited/top-value-storage/issues and create a new KYB issue. This is to ensure that due diligence is performed on SPs to ensure credibility of SPs to uphold data integrity. SPs will also do their part in verifying data ownership creating a second security mechanism.

Data Provenance Analysis: We perform checks on the data's origin, trajectory, and lifecycle, including an examination of the client's data management history and transfer agreements. Additional evidence is required for sensitive or regulated data to ensure compliance with laws like GDPR or HIPAA. Client Interaction and Review: We engage in direct discussions and meetings with clients to gain deeper insights into their data practices and resolve any uncertainties from the provided documents. Regular Monitoring and Compliance Audits: Continuous audits and reviews are conducted post-client onboarding to ensure ongoing adherence to data ownership and legitimacy standards.

This comprehensive process ensures a robust verification of data ownership, adaptable to changing regulations and advancements in KYB service technology. We conduct an annual internal audit process on both our clients and the SPs, and the proof of this can be shared with the governance team. Moving forward, we will closely monitor the approval process. To ensure compliance, all employees must verify comments before signing off on any actions. We have established checker and signer roles: signers are required to monitor the GitHub repository for comments from checkers before proceeding, while checkers must keep an eye on the repository for new applications or comments and respond with their feedback.

Data Preparation

Client-provided,IPFS Kubo,Other existing ecosystem tooling,Go-CAR,Singularity,RIBS

Replicas required, verified by CID checker

4+

Distribution required

Single region of SPs

Number of Storage Providers required

4+

Retrieval Requirements

Public data highly retrievable over Spark.

Allocation Tranche Schedule TypeStandardized scaling tranche schedule.

2000

Will you use FIDL tooling, such as allocator.tech and other bots?

Yes, all available tools

GitHub Bookkeeping Repo Link

https://github.com/TVLimited/top-value-storage

Success metrics

Number of clients,Amount of data onboarded, daily & aggregate,Number of paid deals,Retrievability of data,Number of returning client customers,Speed of allocations (TTD),Ecosystem marketing/comms

Timeline to begin allocating to clients

1 week from RKH approval

Funnel: Expected DataCap usage over 12 months

200PiB

Risk mitigation strategies

Initial Verification and Trust Assessment: We initiate our relationship with new clients by conducting extensive due diligence, examining their business validity, financial health, and data handling methods. Ensuring Data Ownership and credibility. We also do KYB on our SPs to ensure that our client’s receive quality services provided by the SPs. A risk-based evaluation model is utilized, where new clients receive limited DataCap that can be increased based on their compliance track record and company profile. Routine Audits and Regular Monitoring: We establish a regimen of check-ins and audits to oversee clients' adherence to DataCap usage rules and constantly check-in with our SPs if they find anything suspicious about our clients. Audits, whether remote or physical, aim to confirm the correlation between the data stored and the DataCap provided, and to detect any potential abuse. Audits are done once for each project undertaken and if the projects exceed 1 year time period, then the audits are done on an annual basis. DataCap Allocation Oversight: For monitoring DataCap distribution, our SPs and ourselves use tools like datacapstats.io and CID checker bots, keeping an eye on storage identifiers and allocation patterns. Allocation frequency, the amount of DataCap per allocation, and client request patterns are meticulously tracked. These are monitored on a daily basis and reported in our weekly meetings. Observing Downstream Client Activities: Tools like the Retrievability Bot are deployed to ensure clients' data usage aligns with their allocated DataCap. We produce regular analyses and reports during our weekly meetings to identify any abnormal or non-standard usage behaviors. Demographic Analysis and Time-Based Metrics: We analyze client demographics and storage patterns to personalize our compliance interventions. We monitor the length of time clients use DataCap and their data retention practices for irregularities . These are also reported and discussed during our weekly meetings. Intervention and Dispute Handling: Our policy for managing non-compliance is robust, with clear protocols for remedial actions and documentation. We have a systematic approach to dispute resolution, focused on fair and prompt settlements. Each party is given 4 weeks to complete any submission of evidence and a conclusion will be drawn by our team after all submissions have been made. Community Transparency and Engagement: Transparency is key in our operations, with regular community briefings on our allocation decisions. We actively incorporate community feedback for continuous improvement of our compliance processes. With minimal tolerance for non-compliance, especially for newer clients, our approach ensures diligent management and surveillance of DataCap distribution, effectively protecting the ecosystem from exploitation. We have established distinct checker and signer roles to enhance our process. Signers are required to monitor the GitHub repository and check for comments made by checkers before initiating any actions. Checkers, on the other hand, must keep an eye on the repository for new applications or comments and provide their feedback accordingly.

Dispute Resolutions

Our protocol for resolving disputes related to DataCap allocation encompasses both internal and external conflicts, focusing on efficiency, fairness, and transparency.

Initial Assessment and Response Time: Upon receiving a dispute notification, we conduct an initial assessment within 72 hours. This initial step helps in understanding the nature of the dispute, whether it's over DataCap distribution, data compliance, or execution of storage deals. We acknowledge the dispute with all involved parties and inform them about the estimated timeline for resolution, default to 4 weeks for each involved party to provide all supporting evidence / documents. The above are the requirements and agreements we have with our SPs. Information Gathering and Analysis: Our team collects all relevant information and documentation related to the dispute. This includes communication logs, DataCap allocation records, storage deal agreements, and any other pertinent data. All SPs are required to share their information with us. We analyze this information to identify the root cause of the dispute and to assess the validity of the claims made by each party. Dispute Resolution Meetings: We schedule meetings with the involved parties to discuss the dispute. For internal disputes (between ourselves and our client), these meetings aim to understand each party's perspective and to find a mutually acceptable solution. For external disputes (involving another notary or the Fil+ Governance Team), we prepare a detailed defense of our decisions, ensuring that all our actions were in compliance with the established guidelines and were transparently documented. All these are also discussed in our weekly meetings internally. Mediation and Conflict Resolution: If needed, we engage in mediation to facilitate a resolution. This involves an impartial third-party mediator who helps in negotiating a solution acceptable to all parties. Our goal is to resolve disputes amicably while upholding the principles of fairness and adherence to Filecoin network's rules and standards. Transparency and Documentation: Throughout the dispute resolution process, we maintain high levels of transparency. All decisions, discussions, and outcomes are documented and shared with the relevant parties and non-sensitive data will also be shared publically on github. We also keep records of all disputes and their resolutions as part of our internal audit and compliance process. Accountability and Review: If the dispute resolution results in identifying any faults or errors on our part, we take full responsibility and implement corrective actions promptly. We also review our policies and procedures post-dispute to learn and improve our processes, preventing similar issues in the future. Community and Governance Engagement: In cases involving the broader Filecoin community or the Fil+ Governance Team, we actively engage with the community to explain our stance and to gather feedback. We respect the decisions made by the Fil+ Governance Team and comply with any directives issued as part of the dispute resolution. Our dispute resolution process aims to address issues efficiently and fairly, ensuring that all parties are heard and that resolutions are in line with the overarching goals and rules of the Filecoin network.

Compliance Audit Check

We will regularly perform audits and assessments of our infrastructure and clients' data practices to ensure compliance with legal requirements. Any identified non-compliance issues will be promptly addressed and rectified. Additionally, automated bots from the Filecoin project will conduct supplementary compliance checks. We will also release basic information about our clients, including summaries from our internal audit reports, in a public repository.

Compliance Report content presented for audit

Success metric: onchain data report,Contributions: Github repos with the tools developed,Contributions: Educational Materials Developed,Client Diligence: Client statements, client provided verification,Client Diligence: Legal Review documents,Client Diligence: KYC/KYB report on clients,Data Compliance: Data Samples,Data Compliance: Manual report,Compliance: CID report,Success metric: onchain report of data onboarded,Client Diligence: Financial Audits and Credit Check reports.

Connections to Filecoin Ecosystem

Previous allocator,Previous notary,Storage provider,Big data contributor,Event sponsor,Developer

Slack ID

@Top Value Finance

[Kevin-FF-USA]

Hi TVLimited, Thanks for applying to serve as an Allocator in the Filecoin Plus Program. In looking at this application, the TYPE OF ALLOCATOR is currently set to REQUEST FOR ALLOCATOR (RFA). Based on the details in application, this reads like a Manual review pathway. Can you please describe what type of Allocator pathway you wish to operate as?

For more details on the types of Allocators please check out these blogs. https://blog.allocator.tech/2024/04/allocator-tech-blog.html https://blog.allocator.tech/2024/05/who-are-allocators.html

[Kevin-FF-USA]

For MANUAL pathways, would like to make you aware that these types of applications are being processes as the network need becomes available. Currently there are ~50 pathways available for Manual reviews, so the priority for onboarding new Allocators is to pathways doing something novel to support the network.