filecoin-project / notary-governance

114 stars 58 forks source link

v5 Notary Allocator Application: #992

Closed Aaron01230 closed 2 weeks ago

Aaron01230 commented 7 months ago

v5 Notary Allocator Application

Notary Allocator Pathway Name: Bewell Technology Limited Fil+ Datacap Allocator (BWTDA) Organization Name: Bewell Technology Limited On-chain address for Allocator: f1mtfp6whtd2mawpezya4vcfnvjvogdpp53i45ubq Country of Operation: Hongkong, Singapore, Australia Region of Operation: Asia minus GCR, Oceania Type of Allocator, diligence process: Automated and Market based DataCap requested for allocator for 12 months of activity: 100 PiB

2. Access allocator application (download to save answers)

Click link below to access a Google doc version of the allocator application that can be used to save your answers if you are not prepared to fully submit the application in Step 3. https://docs.google.com/document/d/1-Ze8bo7ZlIJe8qX0YSFNPTka4CMprqoNB1D6V7WJJjo/copy

3. Submit allocation application

Clink link below to access full allocator questionnaire and officially submit your answers: https://airtable.com/appvyE0VHcgpAkt4Z/shrQxaAIsD693e1ns

Note: Sections of your responses WILL BE posted back into the GitHub issue tracking your application. The final section (Additional Disclosures) will NOT be posted to GitHub, and will be maintained by the Filecoin Foundation. Application information for notaries not accepted and ratified in this round will be deleted.

Kevin-FF-USA commented 7 months ago

Hi @Aaron01230 and Bewell team,

Thanks. Wanted to send you a friendly note confirming receipt of this application.

Should you have any issues or questions in the process - please tag me in here and I'll be happy to help.

-Kevin

ghost commented 6 months ago

Providing the information shared in Application for Public Review/Comment.

Basic Info

1. Pathway Name: Bewell Technology Limited Fil+ Datacap Allocator (BWTDA)

2. Organization: Bewell Technology Limited

3. Allocator's On-chain addresss: f1mtfp6whtd2mawpezya4vcfnvjvogdpp53i45ubq

4. Country of Operation: Hongkong, Singapore, Australia

5. Region(s) of operation: Asia minus GCR,Oceania

6. Type of allocator: What is your overall diligence process? Automated (programmatic), Market-based, or Manual (human-in-the-loop at some phase). Initial allocations to these pathways will be capped. Manual

7. Amount of DataCap Requested for allocator for 12 months: 50-100pib

8. Is your allocator providing a unique, new, or diverse pathway to DataCap? How does this allocator differentiate itself from other applicants, new or existing? We will ask customers to provide information about their previous DataCap storage transactions, including the type of data stored, node information, etc., to verify that node information is not spread across multiple providers and to assess whether there is any misuse of data. We also require customers to be open and transparent and commit to share their DataCap allocation publicly so that we can regularly check and audit user DataCap usage.

9. As a member in the Filecoin Community, I acknowledge that I must adhere to the Community Code of Conduct, as well other End User License Agreements for accessing various tools and services, such as GitHub and Slack. Additionally, I will adhere to all local & regional laws & regulations that may relate to my role as a business partner, organization, notary, or other operating entity.  You can read the Filecoin Code of Conduct here: https://github.com/filecoin-project/community/blob/master/CODE_OF_CONDUCT.md

Acknowledgment: Acknowledge

ghost commented 6 months ago

10. Who are your target clients? Enterprise Data Clients

11. Describe in as much detail as possible how you will perform due diligence on clients. • we will do online or offline verification, depending on the client's situation. • For institutional customers, we will review the customer's company business license, business status, official website, business scope, business scale, storage plan, content and source of stored data, etc. • We plan to make our audit records public through Github, including all communication records with customers during the audit process.

12. Please specify how many questions you'll ask, and provide a brief overview of the questions. To ensure that customers can make use of the data in correct way, we will ask the potential users the following questions: • What is the purpose of your DataCap application? • What is your region and country of residence? • What is the main source of the DataCap data you are applying for? • What are the main types of data stored in the DataCap you are applying for? • How many DataCap do you plan to request and what are the planned storage area and backup quantity requirements? • How long do you plan to store? • Are you willing to pay for the storage service? • How often do you need to retrieve the stored data?

13. Will you use a 3rd-party "Know your client" (KYC) service? Legal Assessment and Regular Audits: We conduct thorough legal assessments to understand and stay current with local and regional data protection laws. Regular audits are performed to ensure ongoing compliance with any updates or changes in regulations. Data Classification and Localization: We classify data based on its sensitivity and applicability to different jurisdictions. This allows us to apply specific measures and controls based on the legal requirements of each region. Incorporation of Privacy by Design: Our data systems are designed with privacy in mind from the outset. We follow privacy by design principles, integrating legal requirements into the architecture of our systems and processes. Data Encryption and Security Protocols: Robust data encryption and security protocols are employed to safeguard data during transmission and storage. These measures align with local and regional encryption standards and guidelines. User Consent and Transparency: We prioritize obtaining clear and informed consent from users before collecting and processing their data. Transparent communication is maintained regarding the purpose, scope, and duration of data processing, ensuring compliance with local privacy laws. Data Residency and Hosting Compliance: Data residency and hosting locations are carefully chosen to align with local and regional regulations. We partner with hosting providers that comply with legal requirements to ensure data sovereignty. Legal Expertise and Collaboration: We maintain a legal team with expertise in data protection and privacy laws relevant to our operations. Continuous collaboration with legal experts and consultants ensures that our practices align with the evolving legal landscape. Employee Training and Awareness: Our staff undergoes regular training to stay informed about local and regional legal requirements. This ensures that every team member understands their role in maintaining compliance throughout our data processes. Incident Response and Reporting: In the event of a data breach or incident, we have established incident response procedures that comply with local and regional reporting obligations. This includes prompt notification to relevant authorities and affected individuals as required by law.

14. Can any client apply to your pathway, or will you be closed to only your own internal clients? (eg: bizdev or self-referral) any client

15. How do you plan to track the rate at which DataCap is being distributed to your clients? We will conduct the following allocation strategies: Diversity: Applicants from Oceania will be prioritized because of the unbalance development of Filecoin, we will contribute to this point from perspective of balances. Applicants Classification: Applicants will be classified into tow basic groups: organization and individuals. Each group is divided into three levels ( small, medium, large)in terms of their organizational reputation, business scale or individual reputation in the community. Testing allocation: As a new notary, we will do a round of testing allocation for each client category as per the allocation strategy in the initial stage and adjust accordingly in case there is any unreasonable situation for both organizational and individual clients. Credit review: We will set up a reputation credit mechanism for applicants to encourage honest, active and qualified applicants with valid and efficient DataCap usage. Each allocation will be followed by our track and review. Rewards and punishment: For applicants with good performances, higher credit scores will be given and increased DataCap will be offered for the following DataCap application. Correspondingly, for those clients with unqualified behaviors, they will be evaluated and flagged, punished or even put into blacklist in serious conditions after investigations. Ultimate goal: good applicants will be rewarded, bad will be punished and optimized gradually to form a healthy, fair, and sustainable allocation mechanism.

ghost commented 6 months ago

Data Diligence

16. As an operating entity in the Filecoin Community, you are required to follow all local & regional regulations relating to any data, digital and otherwise. This may include PII and data deletion requirements, as well as the storing, transmitting, or accessing of data. Acknowledgement: Acknowledge

17. What type(s) of data would be applicable for your pathway? Public Open Dataset (Research/Non-Profit),Public Open Commercial/Enterprise

18. How will you verify a client's data ownership? Will you use 3rd-party KYB (know your business) service to verify enterprise clients? Documentary Verification: Clients are required to submit official documents, including government-issued IDs, business licenses, and other relevant legal documentation. Digital Signatures and Authentication: We utilize advanced digital signature and authentication methods to confirm the authenticity and origin of submitted documents. Biometric Verification: For enhanced security, we may incorporate biometric verification, such as fingerprint or facial recognition, to validate client identity. Internal Database Cross-Checking: Our internal databases are used to cross-verify provided information, ensuring consistency and identifying any potential discrepancies. Email and Phone Verification: Confirmation codes and automated calls are utilized to verify the accuracy of provided email addresses and phone numbers. Third-Party KYB Services: When applicable, we leverage a trusted third-party KYB service specializing in verifying business details, financial stability, and legal compliance. The specific KYB service provider we use is chosen based on their reputation, compliance with data protection regulations, and the comprehensiveness of their verification capabilities. Data Security and Privacy: Throughout the verification process, we prioritize the security and privacy of client information. All measures are taken to safeguard sensitive data, and we ensure that our practices comply with relevant data protection regulations. Our goal is to establish a robust and secure process for verifying client data ownership, combining the strengths of internal processes and third-party services to provide a trustworthy and efficient experience for our clients.

19. How will you ensure the data meets local & regional legal requirements? Legal Assessment and Continuous Monitoring: We conduct thorough assessments of local and regional data protection laws to understand the specific requirements and any updates. Regular monitoring ensures that our practices remain aligned with evolving legal landscapes. Data Classification and Localization: We classify data based on its sensitivity and the legal requirements of different jurisdictions. This enables us to apply appropriate safeguards and controls to meet the specific legal standards of each region. Privacy by Design Principles: Our systems and processes are designed with privacy by design principles. Legal requirements are integrated into the architecture, ensuring that compliance is an inherent part of our operations. Data Encryption and Security Measures: Robust data encryption and security protocols are implemented to protect data during transmission and storage, adhering to local and regional encryption standards and guidelines. User Consent and Transparent Communication: We prioritize obtaining informed and explicit consent from users before collecting and processing their data. Transparent communication ensures that users are aware of the purpose, scope, and duration of data processing, in compliance with local privacy laws. Data Residency and Hosting Compliance: Our data residency and hosting decisions are made carefully to align with local and regional regulations. We partner with hosting providers that comply with legal requirements, ensuring data sovereignty. Legal Expertise and Collaboration: We maintain a dedicated legal team with expertise in data protection and privacy laws relevant to each region of operation. Collaborating with legal experts ensures our practices are up-to-date and legally sound. Employee Training and Awareness: Regular training programs are conducted for our staff to keep them informed about local and regional legal requirements. This ensures that our team members understand their role in maintaining compliance throughout data processing. Incident Response and Reporting: In the event of a data breach or incident, we have established incident response procedures that comply with local and regional reporting obligations. This includes prompt notification to relevant authorities and affected individuals as required by law.

20. What types of data preparation will you support or require? Big data, enterprise data, public information data， etc

21. What tools or methodology will you use to sample and verify the data aligns with your pathway? We do robotic and human audits on a daily and weekly basis

ghost commented 6 months ago

Data Distribution

22. How many replicas will you require to meet programmatic requirements for distribution? 3+

23. What geographic or regional distribution will you require? Asia minus GCR, Oceania

24. How many Storage Provider owner/operators will you require to meet programmatic requirements for distribution? 3+

25. Do you require equal percentage distribution for your clients to their chosen SPs? Will you require preliminary SP distribution plans from the client before allocating any DataCap? Yes, we do will use template form to collect

26. What tooling will you use to verify client deal-making distribution? Datacapstats.io and bot

27. How will clients meet SP distribution requirements? We'll use automated robots plus secondary audits

28. As an allocator, do you support clients that engage in deal-making with SPs utilizing a VPN? Allowed, but specific information needs to be disclosed

ghost commented 6 months ago

DataCap Allocation Strategy

29. Will you use standardized DataCap allocations to clients? Yes, standardized

30. Allocation Tranche Schedule to clients: Please refer to the links below to check out rubric used to evaluate client’s application and allocation rate  We will conduct the following allocation strategies: Diversity: Applicants from Oceania will be prioritized because of the unbalance development of Filecoin, we will contribute to this point from perspective of balances. Applicants Classification: Applicants will be classified into tow basic groups: organization and individuals. Each group is divided into three levels ( small, medium, large)in terms of their organizational reputation, business scale or individual reputation in the community. Testing allocation: As a new notary, we will do a round of testing allocation for each client category as per the allocation strategy in the initial stage and adjust accordingly in case there is any unreasonable situation for both organizational and individual clients. Credit review: We will set up a reputation credit mechanism for applicants to encourage honest, active and qualified applicants with valid and efficient DataCap usage. Each allocation will be followed by our track and review. Rewards and punishment: For applicants with good performances, higher credit scores will be given and increased DataCap will be offered for the following DataCap application. Correspondingly, for those clients with unqualified behaviors, they will be evaluated and flagged, punished or even put into blacklist in serious conditions after investigations. Ultimate goal: good applicants will be rewarded, bad will be punished and optimized gradually to form a healthy, fair, and sustainable allocation mechanism.

31. Will you use programmatic or software based allocations? Yes, standardized and software based

32. What tooling will you use to construct messages and send allocations to clients? Filcoin Official tools-Filecoin Plus Registry

33. Describe the process for granting additional DataCap to previously verified clients. We will ask customers to provide information about their previous DataCap storage transactions, including the type of data stored, node information, etc., to verify that node information is not spread across multiple providers and to assess whether there is any misuse of data. We also require customers to be open and transparent and commit to share their DataCap allocation publicly so that we can regularly check and audit user DataCap usage.

ghost commented 6 months ago

Tools and Bookkeeping

34. Describe in as much detail as possible the tools used for: • client discoverability & applications • due diligence & investigation • bookkeeping • on-chain message construction • client deal-making behavior • tracking overall allocator health • dispute discussion & resolution • community updates & comms Slack,Telegram,Wechat,Github Jotform:boost Filscan Manual trigger boot T&T Github,Slack

35. Will you use open-source tooling from the Fil+ team? Filecoin Plus Registry，github repo

36. Where will you keep your records for bookkeeping? How will you maintain transparency in your allocation decisions? We plan to create a list via Github to publicly record each user, including all interactions with clients during the review process. aslo, we plan to conduct all allocation decisions in public through Github.

ghost commented 6 months ago

Risk Mitigation, Auditing, Compliance

37. Describe your proposed compliance check mechanisms for your own clients. Regular Check-Ins: We will establish a schedule of regular check-ins with our clients to assess their ongoing needs, address any concerns, and ensure a clear understanding of their usage patterns.  DataCap Distribution Metrics: We will implement a robust tracking system to monitor the distribution of DataCap to individual clients. This includes monitoring allocation, utilization, and any deviations from expected patterns.  Client Demographic Analysis: Understanding the demographics of our clients is crucial for tailoring our services to their specific needs. We will conduct periodic analyses to ensure that DataCap distribution aligns with the diverse requirements of our client base.  Time Metrics: Time-based metrics will be tracked to identify usage patterns and trends over different periods. This analysis will contribute to optimizing DataCap distribution strategies and ensuring efficiency.  Trust Evaluations: We will implement trust evaluation mechanisms to assess the reliability and responsible usage of DataCap by our clients. Trust scores will be derived from factors such as adherence to usage policies and overall compliance.  Use of Specialized Tools: Tools such as CID Checker and Retrievability Bot will be integrated into our monitoring system. CID Checker will verify the integrity of Content IDs, ensuring that data distribution is secure and reliable. Retrievability Bot will assess the retrievability of stored data, contributing to our data quality control measures.  Tolerance for New Clients: In welcoming new clients, we understand the importance of a balanced approach that fosters growth while maintaining compliance. Our tolerance for new clients will be based on a thorough onboarding process that includes: Due Diligence Checks: We will conduct thorough due diligence checks to verify the legitimacy of new clients and assess their alignment with our values and policies.  Initial Compliance Assessments: New clients will undergo an initial compliance assessment to ensure their understanding of and adherence to DataCap distribution policies.  Gradual Scaling: Depending on the nature of the services requested, we may implement a gradual scaling approach for new clients to closely monitor and assess their compliance before increasing DataCap distribution.  Continuous Monitoring: Ongoing monitoring will be in place for all clients, with particular attention paid to those in their initial stages of engagement to ensure a smooth and compliant integration. By implementing these compliance check mechanisms and adopting a measured approach to onboarding new clients, we aim to maintain a high standard of data integrity, security, and responsible usage across our client base.

38. Describe your process for handling disputes. Highlight response times, transparency, and accountability mechanisms. Any party involved in a dispute can initiate the resolution process by formally submitting a dispute claim. This can be done through our designated dispute resolution platform or via a dedicated communication channel. Response Times: We commit to prompt responses to internal disputes. Initial acknowledgment will be provided within [specific timeframe], and a comprehensive response or resolution plan will be communicated within [specific timeframe]. Transparency: Throughout the resolution process, we maintain transparent communication with all involved parties. Updates on the status of the dispute, investigation findings, and proposed resolutions are shared in a clear and timely manner. Accountability Mechanisms: We have established accountability mechanisms to ensure that our decisions are fair and in compliance with our DataCap distribution policies. An internal review committee will be responsible for overseeing the resolution process and ensuring adherence to established standards.

39. Detail how you will announce updates to tooling, pathway guidelines, parameters, and process alterations. We will submit the issue on github, solicit comments on the change, synthesize your comments, and if there is no agreement, we will vote

40. How long will you allow the community to provide feedback before implementing changes? We're always active on github and other community groups,, and we check and respond to messages every day. We'll have a week to discuss the controversial proposals

41. Regarding security, how will you structure and secure the on-chain notary address? If you will utilize a multisig, how will it be structured? Who will have administrative & signatory rights? We use a multi-signature wallet to operate, and we keep important information about other people confidential. The main exercise rights are held by the core personnel of the company (no more than three people)

42. Will you deploy smart contracts for program or policy procedures? If so, how will you track and fund them? No, we don't have the technical staff for smart contract development

ghost commented 6 months ago

Monetization

43. Outline your monetization models for the services you provide as a notary allocator pathway. Staking and Slashing Collateral: Clients or Storage Providers (SPs) may be required to stake collateral as a commitment to compliance with our DataCap allocation policies. This collateral serves as a security measure, aligning the interests of all parties involved. In the event of non-compliance or breaches of agreed-upon terms, slashing mechanisms may be implemented, providing additional incentives for adherence.  Application Review Fee: Clients or SPs are subject to an application review fee upon submitting a request for DataCap allocation. This fee covers the initial assessment of the application, ensuring that it meets the necessary criteria and compliance standards. The specific application review fee is [specific price point].  Data Preparation Fee: A fee is applied for the preparation of data, including the validation, formatting, and organization required for storage on the Filecoin network. This fee compensates for the resources and expertise dedicated to ensuring data compatibility and adherence to network standards. The specific data preparation fee is [specific price point].  Data Clearinghouse Distribution Fee: Clients or SPs may opt for a data clearinghouse distribution service, facilitating the efficient distribution of data across the Filecoin network. This service incurs a fee to cover the operational costs associated with managing and optimizing data distribution. The specific distribution fee is [specific price point].  Auditing Fee: To ensure ongoing compliance and adherence to DataCap allocation policies, periodic audits are conducted. Clients or SPs are subject to an auditing fee to cover the costs associated with these comprehensive reviews. The specific auditing fee is [specific price point].  End-to-End Service Packages: We offer end-to-end service packages that encompass application review, data preparation, data clearinghouse distribution, and auditing services. These packages are designed to provide a seamless experience for clients, ensuring compliance at every step of the DataCap allocation process. The specific price points for these comprehensive packages are [specific price points for each package].  Discounts and Incentives: We may introduce discounts or incentive programs for clients or SPs who consistently demonstrate compliance, contribute positively to the Filecoin ecosystem, or engage in long-term partnerships with [Your Company]. These incentives will be communicated and applied on a case-by-case basis.  Payment Terms: Payment terms are [Net X days], with invoices issued upon the completion of each service or as agreed upon in the service contract. Our monetization models are structured to provide transparency, fairness, and a clear understanding of the value delivered through our services in the notary allocator pathway.

44. Describe your organization's structure, such as the legal entity and other business & market ventures. We are an information technology company registered in Hong Kong, independent legal person

45. Where will accounting for fees be maintained? We have regular meetings with the authorities and the community

ghost commented 6 months ago

Past Experience, Affiliations, Reputation

46. If you've received DataCap allocation privileges before, please link to prior notary applications. filecoin-project/notary-governance#679

47. How are you connected to the Filecoin ecosystem? Describe your (or your organization's) Filecoin relationships, investments, or ownership. we was V4 notary and miner

48. How are you estimating your client demand and pathway usage? Do you have existing clients and an onboarding funnel? We will evaluate the application based on the customer's application materials and will conduct the necessary offline visits. And we have existing clients

Aaron01230 commented 5 months ago

Those are our disclosures, thank you very much

Bewelltech team

Aaron01230 commented 5 months ago

We just sent an email through the employee's email address and updated some contact information, please verify

galen-mcandrew commented 4 months ago

Datacap Request for Allocator

Address

f2dk2pgsc6fzs4fjrqv5vcquvzbmq3qhfli5khohy

Datacap Allocated

5PiB

filplus-bot commented 4 months ago

The request has been signed by a new Root Key Holder

Message sent to Filecoin Network

bafy2bzacea2ucfj2jeqhfilan7tdnx4jbga34afhp4tu676kqeo7iu6kxhspe

You can check the status of the message here: https://filfox.info/en/message/bafy2bzacea2ucfj2jeqhfilan7tdnx4jbga34afhp4tu676kqeo7iu6kxhspe

Kevin-FF-USA commented 1 month ago

Hi @Aaron01230

On the next Fil+ Allocator meeting we will be going over each refill application. Wanted to ensure you were tracking the review discussion taking place in https://github.com/filecoin-project/Allocator-Governance/issues/10

If your schedule allows, recommend coming to the May 28th meeting to answer/discuss the issues raised in the recent distributions. This will allow you to faster address - or, the issue in Allocator Governance for ongoing written discussion.

Warmly, -Kevin https://calendar.google.com/calendar/embed?src=c_k1gkfoom17g0j8c6bam6uf43j0%40group.calendar.google.com&ctz=America%2FLos_Angeles

galen-mcandrew commented 3 weeks ago

Datacap Request for Allocator

Address

f2dk2pgsc6fzs4fjrqv5vcquvzbmq3qhfli5khohy

Datacap Allocated

0PiB

filplus-bot commented 2 weeks ago

The request has been signed by a new Root Key Holder

Message sent to Filecoin Network

bafy2bzacecdyqiuocma5iovtk2x5txafnx7dvuhpx36ktg3bfhgjfqokoqa2s

You can check the status of the message here: https://filfox.info/en/message/bafy2bzacecdyqiuocma5iovtk2x5txafnx7dvuhpx36ktg3bfhgjfqokoqa2s

galen-mcandrew commented 2 weeks ago

bafy2bzacec4stkfucnptv4pvz4zxcnpr25ae44qimawksde6vhya3rbu5fqjy