Key Architecture Components

Sign-up and Authenticating

Connecting to Services

Monetizing your Data

The Tech

While we at Datum believe that data should be personal, we believe code is for everyone! That’s why have you used a combination of open-source projects, web standards, microservices, and the architecture laid out by the Data Transfer Project, a multi-company effort. This both ensures that we can be transparent about how we are accessing your data while bringing you the culmination of the work of a lot of very smart people.

Proposed App Architecture

Sign-up and Authentication

With an increasing complex world, there is no longer one completely secure way to create an account and authenticate. Typically used user IDs and hashed passwords are some of the least secure ways to prevent information theft. In addition, Two-Factor authentication, which was once hailed as our savior has been deprecated by NIST (National Institute of Standards and Technology) due to multiple weaknesses. It for these reasons that we will be using a combination of Time-based one-time passwords (TOTP), email verification codes, or "magic links" depending on where you are in the authentication process. We believe this will strike a good balance of being secure while remaining consumer friendly.

Each user is assigned a randomly generated and hashed ID. Keeping with new design philosophies, all sensitive data will be encrypted and stored locally on your device. When a user successfully logs on, our end-to-end encryption will transfer all non-sensitive data and settings to the user’s device. This makes it so that users can keep their information secure, but still transfer information when switching to a new device.

Connecting to Services

Connecting Datum to third-party services to see what information they have on you is simple and secure Through Datum, a secure connection is created to the discrete app account. When a user successfully logs into the third-party service, an encrypted access token is created and stored on the local device. The access taken is used to periodically load data from these third-party services into an encrypted and temporary cache. None of your actual third-party data is stored on the device, in the application, or on our servers.  

Through the Data Transfer Project architecture, we have built the first few adapters that makes connecting to these third-party services possible. We’ve focused on popular services initially and will look to create open standards of our own so that developers can create adapters to other services in the future.

Monetizing your Data

Though not something you need to do, if you do decide to monetize your data, we’ve taken every step to ensure your identity is protected and you don’t give anything you don’t want to. Data you choose to sell will be anonymized and bundled with other users who are choosing to sell the same data. Your anonymized data will be associated with your hashed user-id so we can link payments back users that contributed to datasets. Alternatively, your anonymized data will be run through models that will create insights that companies would be interested in purchasing. If chosen by you, sensitive data might be used, but the resulting insights are not. The data graph created, not the underlying data, will be encrypted and transferred to our servers. Once the versions across server and device are resolved, the local cache on your machine will be deleted, dereferencing it from the original source.