Frabric entities use an opt-in identity management schema to provide regulators with some information about an investor; but are not required to invest in Frabric Asset entities. This information is used instead to provide voting power to an individual investor, whom otherwise would not be permitted to vote on asset issues.
Open Questions
- How will we determine "geographic proximity" between a location defined in the voting power table, and a particular asset contract?
- How will we remove data to comply with GDPR (if necessary)?
- Where will that data live, and how will it be connected to our on-chain smart contracts?
- How will we deal with indirect personal data leakage?
- For instance, if someone provides us with rental confirmation, and their voting power is 2x for a property; external monitors could imply that the individual currently rents in that location
Data we collect
Personal Identifying Information is crucial for understanding where and who our investors are, which for compliance purposes is important. Even though we don't issue or list securities, we want to ensure that our managed assets are secure and safe from outside interference.
The Types of data we might collect are as follows:
- Government Issued ID (Passport, Drivers License, etc)
- We collect this to uniquely identify an individual, and discern nationality
- We require this kind of ID to be provided to enable voting, once provided your account is active globally
- This data must be unique; if a duplicate identification is detected, we will request another ID; and/or potentially ban a wallet address from authenticating further
- Address Information (Water bill, Bank statement, etc)
- We collect this to identify where an individual lives (approximately), or has lived recently
- If this has been provided, and is unique; the voting power of the user will be increased on assets that are geographically close to the address on file
- When we mean geographically close we mean:
- Same Country
- Same City
- Same Neighbourhood
- This may exist as an oracle with google maps, or it may alternatively be converted into a geohash by the front-end, which is then used to determine proximity
- Voting power will decrease over time, or after a certain amount of time has passed since the last identification
- Rental Information
- This is a special piece of information that will be used only for verifying an individual rents the property contained within a specific asset contract
- If this has been provided, and is up-to-date (with yearly lease, we'll ask for a new one t+1Y)
- We'll maximise the voting power of the user (2x multiplier) for the specific asset that this is linked to
- This will be manually verified, the user will need to provide us the asset contract they wish to tie this to; which will simplify the job of the verifier
- This is unique in that this "switch" is asset contract specific, and will need to be defined separately in our voting power list
Where it's stored
- Our entire platform is decentralized, there is no single point of failure - and that includes PII data storage.
- We'll be storing Personal Identifying Information (PII) data doubly encrypted in a decentralized file storage solution
- one key will be owned by us (Fractional Finance); with another being held in custody by a trusted third party (like https://gnosis-safe.io/)
- The data will be held in trust on-chain if LE or regional regulators require, however we will need to be able to remove or disable the encrypted data on demand by the user. The user can also request their PII data if they verify they own the wallet.