👋 Request enthusiasts,
We wish to clarify and rectify some of the statements that were miscommunicated about how we collect, process, manage and store our users’ data during our MakerDao community call on April 23rd.
Data accessibility, immutability, transparency, and privacy is always a complex topic while developing blockchain-based services.
At Request, we deal with these topics on a daily basis at two levels:
- Request protocol: the core technology of Request Network
- Request financial Dapps: a suite of financial decentralized applications dedicated to crypto-first companies, with the first one being Request Invoicing
Encryption and Data Privacy while interacting with the Request protocol
Our protocol is encryption ready for end-to-end encrypted transactions.
When creating an invoice, the Request protocol generates a unique symmetric key (aka a “secret” or private key) out of the payee’s and payer’s openly shared public keys.
The Request protocol is then broadcasting the transaction on a public blockchain, Ethereum or xDai for example, which means that the information is transparent and publicly accessible.
However, only the issuer and the recipient can decrypt it using their private keys (which pairs with the public key used by the server to encrypt the message): this is the essence of asymmetric encryption.
No one has access to the information except the issuer and the recipient of the invoice in this case.
The diagram below illustrates the encryption scheme while interacting with Request protocol:
Encryption and Data Privacy while using Request Invoicing
Blockchain-based applications are a new paradigm, from managing wallets, public and private keys, hundreds of new tokens, or interacting with smart contracts and diving into this new technology can be highly complex for everyone.
Part of our mission at Request is to re-invent how we experience payments, rebuild trust and integrity in the financial industry and be at the forefront of financial inclusion.
In regards to financial inclusion, the willingness to abstract the complexity of blockchain-based applications and our desire to make financial applications accessible to anyone led us to make some temporary trade-offs.
Request Invoicing is providing a private key to every single user that signs up to our product. This private key’s purpose is to sign and broadcast invoices on the blockchain. It does not and will not hold access to any fund.
The asymmetric encryption mechanism remains the same except that Request Invoicing has access to its user’s private keys that are used to sign the transactions and broadcast invoices on-chain and to decrypt data.
This abstraction of private key management is a choice we made in order to provide users the most seamless experience while dealing with crypto invoicing and payments.
No one has access to the information except the issuer, the recipient of the invoice, and the Request Invoicing app. This means that the team can have access to the invoices at the moment, this is sometimes needed for product improvement and customer support purposes.