The most secure global workspace built around a native E-signature system


DOWNLOAD

 Financially supported in part by POR FESR Sardegna 2014-2020

pursuant to the administrative act adopted by the General Director no. 1180 on December 22, 2021

CUP 65842443543435344 for the development of the application (Bridge Project)


Deveesoo S.r.l. è una startup innovativa che intende proporre sul mercato un sistema di firma elettronica con procedimento non ripudiabile tramite prova decentralizzata, anonimizzata, con data certa, verificabile in ogni tempo senza necessità di un servizio fiduciario qualificato.


Il progetto ha avuto ad oggetto lo sviluppo di un MVP (“Minimum Viable Product”) che consente di far effettivamente corso alla firma di un documento, con conseguente marcatura temporale del processo di firma sulla Blockchain Bitcoin.

 

Provvedimento concessione: Determinazione del D.G di SR n 1180 del 22/12/2021

 

TITOLO PROGETTO: DEVEESOO

 

CUP: G29J21015290006

 

IMPORTO TOTALE DEL PROGETTO: 15.000,00 €

 

IMPORTO FINANZIATO: 13.500,00 €

 

FONTE: POR-FESR SARDEGNA 2014-2020

 

DATE: Data di avvio 26/01/2022 – Data di conclusione 19/10/2022


Sign with a short video and audio message


Deveesoo is the only E-signature system allowing you to electronically sign any E-document with a short video and audio message which is automatically encrypted, archived on IPFS and timestamped on the Bitcoin Blockchain together with the E-document

Your signature is bound with the E-document through an innovative hashing mechanism and then archived on IPFS and time-stamped on the Bitcoin Blockchain, giving you maximum security and total privacy. The system is resilient to deep-fakes and provides any selected Signatory and any selected Recipient with a mathematical certification on the author of the signature (Proof-of-Signature) verifiable for the eternity.


Your face and voice cannot lie!


Fully valid and effective

an

Deveesoo is a valid and fully effective E-signature  in accordance with eIDAS Regulation for EU countries and the E-SIGN Act and the Uniform Electronic Transactions Act (UETA) for the US

While other E-signatures, such as Digital Signatures pursuant to eIDAS Regulation in the EU countries or pursuant to the ESIGN Act in the US, share the same legal status of a handwritten signature, they still may be easily repudiated and disavowed as any handwritten signature. Deveesoo is more reliable than a handwritten signature and is the only E-signature system giving users total confidence on the author of the signature (Proof-of-Signature) avoiding any risk of repudiation or disavowal, since it’s so easy to determine who is the author of a signature just by verifying the video and audio message through which the signature is made


Based on Blockchain technology & IPFS


Deveesoo is the only E-signature system based on Blockchain technology, with no trusted third party intermediary operating as a Certifying Authority
While any other E-signature system on the market is based on trust (you need to rely on a trusted third party intermediary certifying what E-document was signed as well as who made the E-signature and when), Deveesoo does not need to operate as a Certifying Authority.
It’s the Blockchain doing the work, providing you with a mathematical certification and a conclusive and eternal evidence on the following data:

·   Who makes the signature

·   When the signature is made

·   What E-document is signed


Don't Trust, Verify!


Tamper-free & full protection of personal data


No need of a Certifying Authority means avoiding any risk of malicious attacks or frauds. Moreover, your data are finally fully protected, with no one having access to any of the E-document you may sign, send and receive through the platform

We never have access to the content of any E-document users sign, send and receive. We just don’t need to! Moreover, E-documents are fully protected by end-to-end encryption based on asymmetric cryptography. The content of the E-document and any information on the connected E-signatures shall be only accessible by default to the selected Signatories and the selected Recipients.


Deveesoo is privacy compliant by design!


Self Sovereign Identity

Deveesoo adopts the Self Sovereign Identity principle: each user decides and may modify at any time if and when any personal data on his profile may be visible to any other user and to whom of them

You can share the personal data of your profile with every other user, only with the users you specifically select or with no one else. 

Deveesoo does not use any of such personal data for any reason whatsoever other than providing its services

Build your verified digital ID

A decentralized ID verification system, allowing users to build a digital identity by interacting with each other. No readable smart card, digital key or any other special equipment to sign. No previous personal identification before a Certification Authority. Just download our app and get access to the most secure global workspace built around a native E-signature system

Deveesoo is easily accessible to anyone and does not need a previous verification of your ID. Verification of users ID is rather left upon them when they interact with each other within or outside the platform. If you wish to, you may also enter into a Network of users founded by any user having the authority to confirm your ID by virtue of law/contract (such as a Bank or any other Financial Intermediary, your Insurance Company, Law Firms and Lawyers, a Public Notary, National or Local Postal Service Companies, Telecom and Public Utility Companies…). Once your identity is verified by the founder and you join the Network, your profile page will be updated and show that your ID was previously verified by a trusted third party in a KYC procedure. Moreover you may invite other user to join a Face to Face video conference and use our rating system to confirm verification of other users ID

Low-priced, simple and easy

Disintermediation and Decentralization means lower costs and lower fees with a better solution

Deveesoo is fast, simple and easy and has a flexible fees system allowing you to choose the best option for your needs, starting from our free Basic account with limited access to some of our services and a limited number of E-signatures for each month to our Business account with full access to all of our services and no limit of E-signatures. Signing procedures are fast: upload the E-document to sign, select the Signatories and the Recipients, sign and at the end of the procedure download the Zipped Signature Folder containing the E-document, with its Deveesoo Stamp, and the Signature Certificate, together with all the instructions to read and verify each E-signature

.

Signature authenticity verifiable by anyone for the eternity

Most of all, Deveesoo is verifiable and secure

Since Deveesoo is based on Blockchain technology, disintermediation and decentralization, our E-signatures are tamper-free. Each of them can be verified autonomously by the signatories and the selected recipients, but also by any other third party. Moreover, verification can be done at any time, potentially for the eternity, even if our platform should be for any reason shut down, just by following the our instructions. Users may verify the root of the Merkle Tree inserted in the Op_return of our Bicoin TX for the time-stamping of a block of users’ E-signatures. This root is also used to build the root of the Merkle Tree for the block of E-signatures time-stamped with the following transaction so that each of our Bitcoin transactions is cryptographically linked to the following one, creating a Blockchain of E-signatures linked to the Bitcoin Blockchain and making any tampering impossibile

01

Upload the

E-document




02

Select Signatories & Recipients



03

Sign with a short Video/Audio message



04

Download the  folder with the signed E-document


Deveesoo - T.o.S.

(Terms of service)


1. The Platform

Deveesoo is a digital platform (hereinafter the “Platform”) allowing you, as a registered user (hereinafter the “Registered User”), to:

i. electronically sign any E-document (i.e. any content stored in electronic form, in particular text or sound, visual or audiovisual recording) through a video, audio and electronic signature which is automatically and univocally bound with the E-document, encrypted, archived on the Inter-Planetary File System (IPFS) and time-stamped on the Bitcoin blockchain;

ii. search and establish a connection with other Registered Users or invite any third party to register and join your list of contacts among Registered Users;

iii. set one or more Signatories and/or Recipients among your list of contacts for any single signature procedure giving each of them a conclusive Proof-of-Signature;

iv. participate to a video conference Face to Face (F2F) with other Registered User, in order to verify their identity;

v.  create and modify your Networks, establishing which personal data the Members are required to share with the Founder of the Network and which personal data they may be required to share with other Network Members;

vi. participate to any Network founded by any other Registered User by accepting the connected invitation.

 

2. Users Registration

Deveesoo services (hereinafter the “Services”) are only provided to Registered Users. Upon registration a specific User Identifier code ("UID") is assigned to any new Registered User.

Services are provided through our Application (hereinafter the "App") for mobile or desktop and through the Platform. By downloading and installing our App you accept to act in accordance with these T.o.S.

 

Users shall register themselves by filling the registration form on the App or the Platform.

 

A specific indication is reported on the registration form on whether any information or data requested shall be deemed as mandatory and essential for the completion of the registration procedure.

 

During registration users shall select, among others, a specific “Nickname”. Since the “Nickname” is the name under which a Registered Users wishes to be identified by any other Registered User and it also serves as a search key to find and connect to other Registered Users, users shall take full be responsible on the “Nickname" they choose and such “Nickname” shall not in any way, directly or indirectly, infringe any third party right or any applicable law or regulation. A violation of such obligation shall allow Deveesoo to block the account of the Registered User responsible for any such infringement or violation.

 

The Services may include the possibility to create a multi-signature signing procedure by setting among your contact list a list of signatories (hereinafter the “Signatories”), who are invited to sign the uploaded E-document, and the recipients (hereinafter “Recipients”), who shall only have access to the downloading of the signed E-document.


In any such event the App will automatically:

-      send an invitation to any such Signatory to join the procedure and sign the uploaded E-document (whereas the user who originally uploaded such E-document is defined hereinafter as the “Promoter”);

-      send any Recipient a copy of the signed E-document.

 

As per § 4 below users have the responsibility to ascertain and verify the identity of any other User they may interact with through the Platform before selecting any such Registered User as a Signatory or a Recipient.

 

At this end the Platform provides also the possibility for Registered Users to invite and join a video conference with another Registered User.

 

At this aim Deveesoo may also allow Registered Users to connect to the Platform through specific methods, such as SPID, CIE or other alternative methods, which may give other Registered Users a stronger confidence on their identity.

 

Nothing in these T.o.S. shall be interpreted or construed as giving Deveesoo the burden to verify the identity of any Registered User and/or that the name, middle name, last name or any other personal data any Registered User may indicate during the registration procedure or after its completion is true and real.

 

Deveesoo reserves the right to establish that the information or data provided by a Registered User upon registration may not be amended once registration is completed unless such Registered User previously provides a confirmation of his identity with the instruments and means that Deveesoo may discretionally determine and implement. In this event, nothing in these T.o.S. shall be interpreted or construed as giving Deveesoo the burden to verify, with regard to any E-document such Registered User may sign and send to any other Registered User or to any third party following thereafter, that the identity used by such Registered User is true and the provision of clause 5 below shall apply.

 

3. Personal data visibility

Once registered, Registered Users may set their visibility settings for each of their personal data by selecting among three different options: “All”, to share the relevant data with any other Registered User, “None”, to block the sharing of the data with anybody, and “Somebody”, to share the data only with other selected Registered Users or Networks of Registered Users.

 

Please be aware that by accepting an invitation to a Network of Registered Users your personal data will automatically become visible to the Founder of such Network and/or, as the case may be, also to the members of the Network in accordance with the rules set by the Founder which will be indicated in the invitation to the Network so as to allow Users to express their free and informed consent while expressing an agreement to such rules.

 

Furthermore, upon the acceptance of an invitation to a Network of Registered Users the visibility settings set by the Registered User that received the invitation will be automatically amended in accordance with the rules set by the Founder of such Network.

 

Please check our Privacy Policy for more information regarding treatment of your personal data.

 

4. Authentication – identity of Registered Users

Deveesoo may provide several authentication methods for Registered Users to avoid that any unauthorized third party may access to their account.

 

Deveesoo, nevertheless, does not require Registered Users, upon registration, to prove their identity. Verification of the identity of Registered Users is rather left upon Registered Users when they interact with each other within or outside the Platform.

 

Registered Users have the responsibility to ascertain and verify the identity of any other Registered User they may interact with through the Platform before selecting any such Registered User as a Signatory or a Recipient.

 

At this end the Platform provides also the possibility for Registered Users to invite and join a video conference with another Registered User.

 

At this aim Deveesoo may allow Registered Users to connect to the Platform through specific methods, such as SPID, CIE or other alternative methods, which may give other Registered Users a stronger confidence on their identity.

 

Nothing in these T.o.S. shall be interpreted or construed as giving Deveesoo the burden to verify the identity of any Registered User and/or that the name, middle name, last name or any other personal data any Registered User may indicate during the registration procedure or after its completion is true and real.

 

It is up to you to determine the level of confidence which satisfies your needs regarding the identity of the Registered Users you connect to through the Platform.

 

In any event, nothing in these T.o.S. shall be interpreted or construed as giving Deveesoo the burden to verify that the Registered Users you connect to are the person they declare to be.

 

Deveesoo strongly suggests not to establish a connection with a Registered User who did connect to the Platform through a method which does not give sufficient confidence on his or her real identity, unless such Registered User is known outside the Platform or at least accepts to identify himself or herself through a Face to Face video conference and by showing a valid ID during such video conference.

 

In any event, by accepting these T.o.S. or by using the Services, Register Users accept that Deveesoo is not and may not become in any way responsible for the proper identification of Registered Users neither upon registration, nor following such registration, nor it may in any way be deemed responsible for their proper authentication of Registered Users whenever they fail to adopt the minimum security measures requested in order to avoid any abusive access to their account by any unauthorized third party.

 

5. The E-signature

Deveesoo E-signatures either represent a non-reputable signature or are manifestly non-authentic, ineffective and null. Putting it in simple terms, it’s either you signing the E-document with your face and your voice or not and in the latter it would just be impossible to say that that would be your signature!

 

Therefore, by receiving any E-document signed by any other Registered User you connected to, you have the burden to autonomously verify the video and audio signature of the E-document.

 

For each signature procedure Deveesoo automatically provides any selected Signatory and any selected Recipient with a full copy of any connected data and file as per § 6 below and an interactive guide to a trustless verification of the E-signature of each Signatory.

 

The interactive guide contains the instructions and a link to a IPFS gateway and a link to a Bitcoin Blockchain Explorer for the verification of the integrity of and the date of each E-signature.

 

Deveesoo signatures fall within the definition of Electronic Signatures pursuant to articles 3, n. 11, and 26 of EU Regulation No 910/2014 (eIDAS-regulation) on electronic identification and trust services for electronic transactions in the European Single Market and in accordance with US Electronic Signatures in Global and National Commerce (ESIGN) Act of 2000, which established that are legal in every state and U.S. territory where federal law applies and have the same legal status of handwritten signatures, as well as with the Uniform Electronic Transaction ACT (UETA) of 1999 and the regulation adopted in the states of New York and Illinois on the matter. 

 

6. The Zipped Folders

At the beginning of the signature procedure you will be asked to select the Signatories and  the Recipients from your contact list.

 

Once the signature procedure is completed all the Signatories and the Recipients shall have access to a Zipped Folder (file.zip) denominated as in the following example:

“DVS-YYYY.MM.DD_000000000_SIGNATURE.zip” (hereinafter the “SIGNATURE Folder”), whereas:

- “DVS” is the code assigned by Deveesoo to any file which is put at the beginning of the name of the file;

- "YYYY", "MM", "DD" respectively indicate the year, the month and the day of the E-signature;

- "000000000" indicate the 9 digit number automatically assigned by Deveesoo to any signature procedure completed during each day by any and all selected Signatories starting from “000000001” to “999999999”;

- “SIGNATURE” indicates that the Zipped Folder contains the data regarding any and all E-signatures referred to a single specific E-document uploaded by the Promoter..

 

The SIGNATURE Folder contains:

i. the E-document in a pdf. format with its original name ("Uploaded document name.pdf");

ii. a copy of the E-document with the Deveesoo stamp on it named with the original name of such E-document and the additional indication “SIGNED” ("Uploaded document name-SIGNED.pdf");

iii. a copy of each video and audio E-signature for each selected Signatory in a .mp4 format named as in the following example:

“VIDEO-SIG_000000000_XXXXX.mp4” whereas:

- “VIDEO-SIG” is the code assigned by Deveesoo to each E-signature of a single Signatory;

- "000000000" indicate the 9 digit number automatically assigned by Deveesoo to any signature procedure completed during each day by a single Signatory, starting from “000000001” to “999999999”;

- “XXXXX” indicates the UID assigned by Deveesoo to the Promoter (i.e. the Registered User who originally uploaded the E-document and started the signature procedure selecting Signatories and Recipients);

iv. a Deveesoo Signature Certificate in three different extensions (.html, .txt, .yaml), with all the information and data regarding each E-signature, named as in the following example;

“DVS-YYYY.MM.DD_SIG-DATA_XXXXXXXX” whereas:

- “DVS” is the code assigned by Deveesoo to any file, which is put at the beginning of the name of the file;

- "YYYY", "MM", "DD" respectively indicate the year, the month and the day of the E-signature to which such certificate refers to;

- "SIG-DATA” is the code assigned by Deveesoo to any Deveesoo Signature Certificate;

- “XXXXXXXX” represent the R.S.S. Code assigned to the E-document signed by the selected Signatories, which is uniquely and cryptographically linked to such E-document.

v. an interactive guide to a trustless verification of the E-signature of each Signatory named  “DVS-SIG-VERIFY” with the instructions and link to a IPFS gateway and a link to a Bitcoin Blockchain Explorer for the verification of the integrity of and the date of each E-signature.


Each SIGNATURE Folder is simultaneously associated with a corresponding node (“SIG-NODE”) ​​published on IPFS containing its cryptographic proof (hash SHA256).

 

Cyclically (every "n" minutes) a "SIG-ROOT" data structure is published on IPFS containing any SIG-NODE previously published on IPFS during such time frame (previous “n” minutes)

 

The data structure of the SIG-ROOT, as well as each SIG-NODE, is identified by a Content ID (CID) which is a hash that uniquely identifies its content and works as a label to point to a material in IPFS.

 

Upon making the SIGNATURE Folder available for download by the selected Signatories and selected Recipients, Deveesoo shall automatically notify such Users and make available to each of them in the “Sign” section of the App and the relevant subsection, depending on whether you acted as a Promoter, a Signatory or just a Recipient, dedicated to the E-document of your interest, the connected (CID) that uniquely identifies the corresponding SIG-NODE on IPFS.

 

Once the timestamp on the Deveesoo shall send a confirmation message, together with an additional Zipped Folder denominated as in the following example:

“DVS-YYYY.MM.DD_000000000_SIG-TIMESTAMP.zip” (hereinafter the “SIG-TIMESTAMP Folder”), whereas:

- “DVS” is the code assigned by Deveesoo to any file which is put at the beginning of the name of the file;

- "YYYY", "MM", "DD" respectively indicate the year, the month and the day of the E-signature;

- "000000000" indicate the same 9 digit number automatically assigned by Deveesoo to the signature procedure of the corresponding SIGNATURE Folder

 

The SIG-TIMESTAMP Folder contains:

i. the corresponding SIGNATURE Folder;

ii. a Deveesoo Certificate in three different extensions (.html, .txt, .yaml), with the cryptographic proof of the publication of the SIG-NODE corresponding to such SIGNATURE Folder and other data needed for the verification of the E-signatures, named as in the following example:

“DVS-2021.08.23_000000000_SIG-PROOF”, whereas:

- “DVS” is the code assigned by Deveesoo to any file which is put at the beginning of the name of the file;

- "YYYY", "MM", "DD" respectively indicate the year, the month and the day of the E-signature;

- "000000000" indicate the same 9 digit number automatically assigned by Deveesoo to the signature procedure of the corresponding SIGNATURE Folder;

iii. a Deveesoo Timestamp Certificate in a html format with the cryptographic proof of the publication of the SIG-ROOT and of the SIG-NODE corresponding to such SIGNATURE Folder, the link to explore such nodes the SIG-ROOT and the connected SIG-NODEs through an IPFS gateway and a link to a Bitcoin Blockchain Explorer to verify the timestamp of the CID referred to the SIG-ROOT on the Bitcoin Blockchain in the Op_return space of a single Bitcoin transaction.

 

Upon making the TIMESTAMP Folder available for download by the selected Signatories and selected Recipients, Deveesoo shall automatically notify such Users and make available to each of them in the “Sign” section of the App and the relevant subsection, depending on whether you acted as a Promoter, a Signatory or just a Recipient, dedicated to the E-document of your interest, the connected (CID) that uniquely identifies the corresponding SIG-ROOT on IPFS.

 

Timestamp on the Bitcoin Blockchain shall be made by Deveesoo on a periodic basis as indicated in the Platform.

 

7. Verifying Deveesoo signatures

You may always verify any Signature on the E-document you received by a Registered User you connected to autonomously and without needing Deveesoo, just by following the instructions indicated in the corresponding file of the Zipped Folder.


To verify a signature follow the steps indicated in the interactive guide to a trustless verification of the E-signature named “DVS-SIG-VERIFY” and in the Deveesoo Signature Certificate.

 

8. Storage of signed E-documents

As a Registered User you have the burden to download, keep, archive and duly protect the signed E-document you received.

 

Deveesoo does not provide any conservation or archive save for a 24 hours time period following the upload. Registered Users shall receive a notification through the Platform whenever a Zipped Folder is available for downloading.

 

9. Data protection

Deveesoo shall process any personal data of the users in accordance with the Privacy Policy published on the Platform.

 

10. Termination

Deveesoo has the right to terminate or suspend in its discretion the contractual relationship with any registered user at any time with a 24 hours prior written notice.


11. Customer Notice

It is your responsibility to promptly inform Deveesoo of any security breach, such as loss, theft or unauthorized disclosure of your Login Details (it is understood that Deveesoo shall not be responsible for any such security breach and that users shall remain directly responsible for any unauthorized use of this site and of their Login Details).


12. Warranties, limitations and responsibilities

All links on Deveesoo website to other websites are provided for convenience only and Deveesoo shall not be responsible for the content, availability or usability of these websites.

 

Deveesoo shall use reasonable skill and care in making service always available to Registered Users.

 

However, given the nature of the Internet and the circumstance that the services are web-based services, users accept the possibility of a temporary malfunctioning or failure which may inhibit Deveesoo to provide the services to you on a continuous basis. Deveesoo shall not be held responsible for any such malfunctioning or failure in the event it has used reasonable skill and care in making service available to users.

 

Deveesoo may not be held responsible for maintaining the confidentiality of users’ Login Details.

 

In no event Deveesoo may be held liable for any loss or damage of any kind suffered by users, including any loss of profits or other damages arising from any delay in the access to the services and/or from the inability to access the services either for reasons of force majeure or electronic malfunction or for any failure or breakage which may result in the unavailability of the services.


13. Withdrawal

You have the right to withdraw from any registration to the Platform within 14 days following the date of such registration. If you want to exercise such right you shall fill in and send Deveesoo the withdrawal communication which may be downloaded at the link deveesoo.com-withdrawal.com or any other communication with an equivalent content. Withdrawal communications shall be sent by e-mail at the following address: customersupport@deveesoo.com.

 

Users who have exercised their right to withdraw from their registration to the Platform shall not receive any kind of refund.

 

14. Deveesoo’s Intellectual Property and Third parties’ rights.

By using the Services you acknowledge that Deveesoo may be able to perform such Services on the basis of Intellectual Property rights or other third parties’ rights and you undertake to use such Services without violating any such rights and with the limitation provided in accordance with the applicable laws and license and contractual provisions.

 

The App is licensed to Registered Users in accordance with these T.o.S. for their personal use only or other uses in which they do not receive any remuneration of any kind. No other license is granted in these T.o.S., by implication or otherwise. Specifically, and without limitation, no license is granted in these T.o.S. to use the App and/or the Services in connection with any commercial purpose. The license granted does not include the right to grant any further sublicense.

 

Furthermore the App may incorporate the full functionality of both one AVC Decoder and one AVC Encoder for the video and audio E-signature. As such the App may be deemed as a “Product” licensed under the AVC Patent Portfolio License for the personal use of the consumer or other uses in which does not receive remuneration to (i) encode video in compliance with the AVC Standard (“AVC VIDEO”) and/or (ii) decode AVC VIDEO that was encoded by a consumer engaged in a personal activity and/or was obtained from a Video provider licensed to provide AVC VIDEO. No license is granted or shall be implied for any other use. Additional information may be obtained from MPEG.LA, LLC. See http://www.mpegla.com

 

15. Customer care and users complaints

Any complaint regarding the services and/or any payment shall be forwarded the following address: customersupport@deveesoo.com.

 

16. Applicable law and jurisdiction

These T.o.S. shall be governed, interpreted and construed in accordance with the Italian Law.

Users irrevocably agree that (a) the Italian courts shall have exclusive jurisdiction to settle any dispute which may arise under or in connection with these T.o.S. (including a dispute relating to the existence, validity or termination of these T.o.S. or any non-contractual obligation arising out of or in connection with these T.o.S. (an “Action”)); (b) the courts of Italy are the most appropriate and convenient courts to settle Actions and accordingly no party will argue to the contrary; and (c) Sections 16 (a) and (b) are for the benefit of Deveesoo only and, as a result, Deveesoo shall not be prevented from taking proceedings relating to an Action in any other courts with jurisdiction. To the extent allowed by law, the Deveesoo may take concurrent proceedings in any number of jurisdictions.


PRIVACY POLICY

(EU Reg. no. 679/2012 – GDPR)

LAST UPDATED ON MAY 16, 2021

 

This privacy policy describes the processing of personal data carried out by DEVISOO S.R.L., a company duly registered and incorporated under the laws of Italy with VAT no. 15956901001 and whose registered office is at Via Lazzaro Spallanzani n. 6, 00161 Roma (Italy), (hereinafter also referred hereto as “Deveesoo”, “We”, or “Data Controller”) and, specifically, through its services (herenafter also referred hereto as “Services”) and through the website https://deveesoo.com/ and the related mobile application (hereinafter jointly referred to as the “Digital Platform“).

In accordance with EU Regulation 2016/679 (“GDPR“) and the applicable national legislation on the protection of personal data, Deveesoo, in its capacity as data controller as per art. 4.7 GDPR, hereby informs you that your personal data will be processed for the following purposes.

Unless otherwise indicated, the information included in this privacy policy shall be considered applicable to the personal data processed in the context of the Services and of the Digital Platform. 

For any question about this Privacy Policy, or our use of your personal information, cookies or similar technologies, please contact us by email at customersupport@deveesoo.com.

 

FOREWORD

Deveesoo is a digital platform allowing you, as a Registered User, to:

i. electronically express your agreement and consent on any E-document (i.e. any content stored in electronic form, in particular text or sound, visual or audiovisual recording) and sign any such E-document through a video, audio and electronic signature which is automatically and univocally bound with the E-document, encrypted and time-stamped on the Bitcoin blockchain;

ii. search other Registered Users and establish a connection with them or invite any third party to register and join your list of contacts among Registered Users;

iii. set one or more Signatories and Recipients among your list of contacts for a single signature procedure, giving each of them a conclusive Proof-of-Signature;

iv. participate to a video conference Face to Face (F2F) with any Registered User;

v. create and modify your Networks, establishing which personal data the members are required to share with the Founder of the Network and which personal data they are required to share with other Network members;

vi. participate to any Network founded by any other Registered User by accepting the connected invitation.

hereinafter also referred to as the “Services”.

 

For more information on how the Service of Deveesoo works, please visit our Terms of Service.

 

We strongly believe in cybersecurity, protection of ID, cryptography and libertatian prnicples expressed by Wei Dai and Satoshi Nakamoto.

 

And, for the purpose of this policy, this is the main reason why we will protect as much as we can your personal data!

 

This means that:

-      we DO NOT WANT to use your data for marketing purposes;

-      we DO NOT WANT to transfer your data to any third party for marketing purposes;

-      we HATE profiling people (whether by automatic tools or manually).

 

Basically we would avoid any personal data treatment.

HOWEVER in order to give you the possibility to use our Services and to allow us to keep contact with you, we need few personal data which we will NOT treat for marketing purposes and which we will protect as they were OUR data.


In particular we MAY need the following personal data:

-      email

-      mobile phone number

-      name, middle name, last name

-      date and/or of place of birth

-      nationality

-      nickname 


Please note that we do not have access to data contained in your E-documents, nor we require such information for providing you our Services.

 

And that’s all folks? Not at all...


GDPR imposes us to inform you about your rights and to give you a lot of details about the treatment of your data.

 

And since we strongly believe in GDPR and the protection of personal data, PLEASE don’t be a fool a read carefully this Privacy Policy!

 

DATA CONTROLLER AND CONTACT DETAILS

 

The Data Controller is: DEVEESOO S.R.L., a company duly registered and incorporated under the laws of Italy with VAT no. 15956901001 and whose registered office is at Via Lazzaro Spallanzani n. 6, 00161 Roma (Italy), email: deveesoo@pec.it

 

1. CATEGORIES OF PERSONAL DATA PROCESSED

 

First of all you need to know that the data specified above may be considered as PERSONAL DATA since they may allow us to identify (even if indirectly) a physical person (basically YOU!). That’s why Data Controller processes your personal identification (not belonging to special categories) in the context of our Services.

We may also process, exclusively in anonymous form, data relating to the use of the Digital Platform (including the overall number of downloads and the most frequently viewed screens).

 

2. PURPOSES OF THE PROCESSING AND LEGAL BASIS

 

Personal data may be processed for the following purposes and legal basis:


A) Purposes such as: 

  • to provide the Services
  • to process and accommodate user’s requests
  • to enable the user to access and use the Services and the Digital Platform or related services provided by third parties
  • to enable the use of the Digital Platform and its operational functions, including the resolution of technical problems (also using the customer support function displayed on the Digital Platform)


For the Purposes referred to in letter A) we are not required to collect  your consent. The legal basis for the processing is art. 6.1 (b) of GDPR, which  we may treat your data for service and contractual purposes when you accept our Terms and Conditions.

 

B) Purpose of fulfilment of the Data Controller’s legal obligations.

Personal data will be processed in order to ensure the compliance of the Data Controller with the obligations provided for by applicable laws, regulations or national and EU legislation or imposed by the competent authorities, without the need to collect the user’s prior consent.

 

C) Purposes related to the pursuit of a legitimate interest of the Data Controller, in particular:

  • to prevent and repress unlawful acts, as well as to exercise the Data Controllers’ rights in court and manage claims: the Data Controller’s interest lies in the constitutional right to take judicial action and, as such, is socially recognized as prevailing over the interests of the individual data subject concerned;
  • to manage and maintain the Digital Platform: the Data Controller’s interest lies in the general interest of a company to ensure its business operations, also through the operation of the Digital Platform, as well as in the implementation of possible improvements of the service offered;
  • to prevent or uncover fraudulent activities or abuse harmful to the Digital Platform (including to verify the entitlement of users acting on behalf of third-party): the interest of the Data Controller lies in the legitimate, actual and current interest not to suffer damages as a result of the unlawful conduct of third-parties;
  • to send communications by e-mail, telegram or other digital channels, relating to the Services: the interest of the Data Controller lies in the general interest of a company to promote its services and is considered legitimate because in line with the reasonable expectations of the data subjects, in light of the relationship between them and the Data Controller. Each e-mail will allow the user, by clicking on the specific link provided therein, to refuse further mailings.


For the Purposes referred to in this letter C), personal data will be processed to pursue a legitimate interest of the Data Controller, without the need to collect the user’s prior consent.

 

D) Newsletter

As said, we HATE treatment of data for commercial purposes. DON’T do to others what you DON’T want to be done to you!

However, you may be interested in some newsletter regarding future activity of Deveesoo, not directly related to the treatment in letter C (last bullet) above. Such communication REQUIRES your prior consent. So, someday it may happen that in the Digital Platform you may find some field for newsletter registration. Such registration will require your consent.


REMEMBER: no consent no party! So, without your consent we cannot send you such newsletter. But we are sure you will love us so much, and you will follow us through our media channels or websites anyway.

 

3. PROCESSING METHODS

The processing of personal data is carried out, electronically and on paper, by means of the collection, recording, updating, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, restriction, erasure and destruction of personal data. Personal data are protected so as to minimize the risk of destruction, loss (including accidental loss), unauthorized access/use or use incompatible with the initial purpose for which the personal data have been collected. This is achieved through the technical and organizational security measures implemented by the Data Controller.

 

4. RETENTION OF PERSONAL DATA

The Data Controller processes the personal data for the time necessary to fulfil the purposes for which they have been collected for all the duration of the agreement between the Data Controller and the user, and in any case for not less than 10 (ten) years after the termination of the agreement. It being understood that, at the end of the period indicated above, the Data Controller will nevertheless be entitled to further retain the personal data, in whole or in part, for certain purposes, as expressly required by specific legal provisions or to exercise or defend a right within the ten-year limitation period.

 

Please consider that if you gave your consent for receiving newsletter from us as per art. 2, lett. D, above, we may retain your data until you do not revoke your consent.

Furthermore, please consider that Deveesoo does not offer custodial services for any E-document eventually uploaded by the user on the Digital Platform.


However Deveesoo, in order to perform the Services, shall upload in its server, located within the European Union, the files eventually uploaded by the users in the Digital Platform, for a maximum period of 72 hours. Afterwards the files shall be definitely deleted, without any possibility to be recovered.

 

DEVEESOO CANNOT SEE OR ACCESS YOUR E-DOCUMENT!

 

This thanks to the most updated cryptographic techniques adopted. Currently, Deveesoo secures your E-document with up to date cryptographic techniques based on a multi-hash format capable to evolve each relevant hash in accordance with technology evolution.


The server used for storing up the documents (not more than 72 hours) is Amazon Web Service located in Ireland (EU), which adopts other cryptographic techniques for further securing you E-documents.

 

If you wish to store up your E-documents and files signed through Deveesoo for a longer period than 72 hours, you need to store it in your server or through third party services, provided that Deveesoo cannot be held responsible for any issue related to storage or any custodial service in such different servers or cloud.

 

Blockchain technology offers new opportunities to store your files and documents, even in the form of Non Fungible Token (NFT) through solution such as Inter Planetary File System and File Coin.

 

The InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. IPFS uses content-addressing to uniquely identify each file in a global namespace connecting all computing devices.

 

IPFS allows users to host and receive content in a manner similar to BitTorrent. As opposed to a centrally located server, IPFS is built around a decentralized system of user-operators who hold a portion of the overall data, creating a resilient system of file storage and sharing. Any user in the network can serve a file by its content address, and other peers in the network can find and request that content from any node who has it using a distributed hash table (DHT).

 

Filecoin (⨎) is an open-source, public cryptocurrency and digital payment system intended to be a blockchain-based cooperative digital storage and data retrieval method. It is made by Protocol Labs and builds on top of IPFS. Filecoin is an open protocol and backed by a blockchain that records commitments made by the network’s participants, with transactions made using FIL, the blockchain’s native currency. The blockchain is based on both Proof-of-Replication and Proof-of-Spacetime.

 

Deveesoo will help its users to connect, through its Digital Platform, with IPFS and Filecoin because it strongly believes in privacy solution related to such architectures. However, if the user opts to store up the documents through IPFS and Filecoin, this represents an autonomous choice of the user. In this case the privacy of the user, in relation to any personal data eventually available on the documents stored-up in IPFS and Filecoin cannot be in any case guaranteed by Deveesoo, which cannot be held responsible for any damage, loss, dissemination, or other issue related to the personal data and privacy of the user.

 

5. PROVISION OF PERSONAL DATA

In the context of the use of the Digital Platform the provision of personal data for the purposes of the Digital Platform is necessary. These personal data are necessary for the relationship with the Data Controller. The user may, however, decide not to provide personal data, but in such case he/she may not be able to use the services of the Data Controller.

 

6. ACCESS TO PERSONAL DATA 

Personal data will be processed by our staff in charge for the processing of personal data and by the following categories of persons (including, but not limited to): 

employees and/or collaborators of the Data Controller in their capacity as data processors and/or persons authorized to process personal data and/or system administrators (by way of example, consultants authorized to manage the Digital Platform and to provide the relevant services in the context of the use of the Digital Platform)

third parties to whom the Data Controller outsources certain services, including processing operations, as external data processors (e. IT service providers, hosting providers, etc..)

 

7. COMMUNICATION OF PERSONAL DATA 

In the context of the use of the Digital Platform, the Data Controller may communicate the personal data of the users, without the user’s consent, to third parties in their capacity as independent data controllers for the performance of the Purposes. The user may at any time request the Data Controller, by writing to the address indicated in Section 10 (Exercise of Data Subject’s Rights) below, further information on the persons to whom his personal data may be communicated. 

It may happen that law enforcement agencies or the judiciary, financial and tax administrations, ministerial bodies and competent authorities, local authorities (regions, provinces, municipalities), require us your data. We will first carefully verify if such request is legally grounded with our legal office. Only after careful check we may provide such data only for institutional purposes and/or in accordance with the law in the context of investigations and controls.

 

The updated list of the third party autonomous data controllers to which users’ personal data may be communicated is kept at the offices of the Data Controller and may be requested by contacting the address indicated in Section 10 (Exercise of Data Subject’s Rights) below.

 

8. TRANSFER OF PERSONAL DATA

In the context of the use of the Digital Platforms personal data will not be in any way disseminated or transferred to third countries located outside the European Union and/or the EEA.

 

9. PERSONAL DATA VISIBILITY

BE CAREFUL! As said, we do disseminate your data. However, as in other social network, the Digital Platform offers you the possibility to share your data with other Registered Users.


As a matter of fact, once registered, users may set their visibility settings for each of their personal data by selecting among three different options:  

-      All”, to share the relevant data with any other Registered User; 

-      None”, to block the sharing of the data with anybody; 

-      Somebody”, to share the data only with other selected registered users or Networks of registered users.

 

So, first of all, we don’t want you sharing data with anybody. That means, you may use the Digital Platform without sharing your data to anybody. However, you may find useful the tools offered by the Digital Platform and sharing data may increase the power and opportunities of our Services.

 

Your choice to share your data can be changed any time. So don’t be a fool and check in the control panel available in the Digital Platform in order to verify if the sharing status is coherent with your will.

 

Please note that any document you whish to share, shall be uploaded in our server and protected through up to date cryptographic solution. In particular we secure your documents with up to date cryptographic techniques based on a multi-hash format capable to evolve each relevant hash in accordance with technology evolution. It’s your CHOICE!

 

But remember: DON’T SHARE YOUR PERSONAL DATA with people you don’t trust. We cannot be responsible for this.

 

Please be aware that by accepting an invitation to a Network of Registered Users your personal data will automatically become visible to the Founder of such Network and to the members of the Network in accordance with the rules set by the Founder which will be indicated in the invitation to the Network so as to allow users to express their free and informed consent while expressing an agreement to such rules.

 

Furthermore, upon the acceptance of an invitation to a Network of Registered Users the visibility settings set by the Registered User that received the invitation will be automatically amended in accordance with the rules set by the Founder of such Network.

 

Please refer to our Terms of Service for more information.

 

10. DATA SUBJECT’S RIGHTS

As data subject, save for the limitations provided by law, you have the right:

  • to obtain confirmation of the existence of your personal data, even if not yet recorded, and that such data are made available to you in an intelligible form;
  • to receive indication of and, if necessary, copy: a )the origin and category of personal data; b) in case of automated processing carried out with electronic means, information about the logic involved; c) the purposes and methods of processing; d) the identity of the data controller and the data processors; e) the recipients or categories of recipients to which the personal data may be communicated or which may otherwise get to know said personal data, in particular if they are recipients located in third countries or international organizations; f) where possible, the period of retention of the personal data or the criteria used to determine that period; g) the existence of an automated decision-making and, if so, the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; h) the existence of adequate safeguards in case of transfer of the personal data to a non-EU country or to an international organization;
  • to obtain, without undue delay, the updating and rectification of inaccurate personal data or to have incomplete personal data completed;
  • to withdraw at any time, easily and without hindrance, any consents given, using, if possible, the same channels used to give such consents;
  • to obtain the cancellation, transformation into anonymous form or blocking of data: a) unlawfully processed; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) if the consent on which the processing is based has been withdrawn and if there is no other legal basis, d) if the user has objected to the processing and there is no prevailing legitimate grounds to continue processing; e) in the event of fulfilment of a legal obligation; f) in the case of data relating to minors. The Data Controller may refuse the erasure only if necessary: (1) for the exercise of the right to freedom of expression and information; (2) for the compliance with a legal obligation, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; (3) for reasons of public interest in the area of public health; (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; (5) for the establishment, exercise or defense of legal claims;
  • to obtain the limitation of the processing in the case of: a) contestation of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent their erasure; c) exercise of a right of the user in court; d) verification whether the legitimate grounds of the Data Controller override those of the data subject;
  • if the processing is carried out by automatic means, to receive the personal data concerning you without hindrance and in a structured, commonly used and machine-readable format, in order to transmit them to another data controller or – if technically feasible – to obtain direct transmission by Deveesoo to another data controller;
  • to object, in whole or in part, to the processing of personal data: a) for legitimate reasons, related to the particular situation of the user,; b) for the purpose of sending communication material, using automated calling systems without the intervention of an operator by e-mail and/or by traditional means by telephone and/or mail;
  • to lodge a complain with a supervisory authority (i.e. the Garante per la protezione dei dati personali).

 

Where necessary, in the above cases, the Data Controller will inform the recipients to whom the personal data of the user are communicated of the possible exercise of rights by the latter, except in specific cases (e.g. when this proves impossible or involves disproportionate efforts).

 

11. EXERCISE OF DATA SUBJECT’S RIGHTS

The user may at any time exercise the rights set out in the above Section 10 (Data subject’s rights):

  • by sending a registered letter to the Data Controller’s address; and/or
  • by sending an email to customersupport@deveesoo.com


Contattaci

Contacts

Deveesoo S.r.l.

Via Lazzaro Spallanzani, 6
00161 Rome, Italy
VAT no and fiscal code 15956901001

customersupport@deveesoo.com
Share by: