General Terms and Conditions of neosfer GmbH
for the
self-sovereign identity management application "Lissi”
as of 22. April 2022
1. Validity of the general terms and conditions

1.1 These General Terms and Conditions ("GTC") apply to the use of the ";Lissi" identity management application ("Lissi” App"). The GTC can be accessed and viewed at any time on the website of "www.lissi.id


1.2 Both the use of the „Lissi“ App and related services and the provision of all services and benefits associated with the „Lissi“ App are subject to the provisions of these GTC.


1.3 neosfer GmbH enables users to access self-sovereign identity networks via the „Lissi“ App in accordance with the provisions of these GTC.


1.4 Other general terms and conditions, in particular those of the user, do not apply, even if this is desired by the user, if the validity of general terms and conditions of the user are assumed by the user and if neosfer GmbH makes the „Lissi“ App available in consideration hereof or provides services and/or benefits to the user without reservation in that respect.


1.5 Should a provision of these GTC be or become invalid, the validity of the remaining provisions of these GTC shall not be affected. neosfer GmbH and the user undertake to agree on a new provision by way of negotiation, which comes as close as possible to the purpose of the invalid provision, but at the same time takes into account the reasons why it is invalid.

1.6 The same (Section 1.5) applies in the event of contractual gaps.

2. Object of performance and scope of the „Lissi“ App


2.1. The „Lissi“ App is an application that has not yet been fully developed and tested, and which use is only permitted within the framework of test scenarios. The „Lissi“ App is thus aimed specifically at software developers who are familiar with the potential risks of test software.  Due to the nature of the „Lissi“ App as test software, its use in productive environments is not permitted, which excludes both direct use in productive environments and indirect use with connection to such productive environments.

In addition, when using the „Lissi“ App as permitted, i.e. in particular when using it in test environments, the user must take into account that the „Lissi“ App is at a stage of development and has not yet been fully tested, so that it is particularly necessary to take suitable precautions and safety measures to prevent damage from occurring in the event that the „Lissi“ App does not function at all or functions incorrectly.


2.2. In accordance with the provisions of Section 2.1, the „Lissi“ App is intended for the digital identification and authentication of natural persons. Via the „Lissi“ App, natural persons can obtain identity information about themselves from other participants and store it in the „Lissi“ App and share it with other participants if required. Identity information can be legitimation data, creditworthiness data, payment transaction data, registration data and any information that can be stored in text form.

The app "Lissi" connects to identity networks for self-sovereign identities. Via the identity network, so-called peer-to-peer connections to other participants of the identity network can be established. Through the established connections encrypted messages can be exchanged between the user and other participants. In particular, other participants can send identity information (so-called "verifiable credentials") to the user via the peer-to-peer connections. The user can store and manage the identity information in the „Lissi“ App. Other participants can request identity information (so-called "proof requests") from the user via the peer-to-peer connection, which the user answers with the identity information already stored. Identity requests answered by the user are recorded in the „Lissi“ App and displayed to the user as a history of interactions. 

The app is connected to a digital mailbox service ("Mediation Agent") operated by neosfer GmbH. Messages from participants of the network to users of the „Lissi“ App are sent by the participants to the mailbox service in encrypted form and forwarded by the mailbox service to the user's app. After successful delivery of the messages to the app, the messages are deleted by the mailbox service. If the user's mobile phone cannot be reached, the messages are stored on the mailbox service until the messages have been delivered to the user's app. Since the messages are encrypted, neosfer GmbH has no access to the content of the messages at any time. 

For the use of the mailbox service, an installation ID of the user is stored. An inference to the user is not possible by neosfer GmbH, unless the installation ID of the user has been made public. The installation ID is only valid for the duration of one installation of the „Lissi“ App and loses its validity when the app is uninstalled from the user's device.


2.3 A use of the „Lissi“ App by persons who have not yet reached the age of 18 or who are not
fully contractually capable due to other circumstances is not permitted.

3. Application and functionality of the „Lissi“ App


When starting the „Lissi“ App on his mobile phone, the user is first asked to protect access to the app by entering a six-digit number combination (PIN).


3.1 Tab menu
The central functions of the "Lissi" app are located in the tab menu at the top of the app. Here the user will find two tabs "Wallet" and "Contacts". When the user opens the app, the tab "Wallet" is displayed by default. The "Wallet" tab shows the identity information stored on the app in the form of individual card icons. If the user presses a card icon, detailed information about the stored identity attributes and the issuer are displayed under "Info". Under "Activities", information on the use of the identity attributes is displayed. Here, the user can always see with whom identity information has been shared. If the user receives new identity information, this information will be displayed as the first upper card in the wallet tab and the user has the option to accept (store it in his app) or reject the identity information.

The "Contacts" tab shows the user all existing peer-to-peer connections to other participants/institutions and related information. If the user selects a contact, additional information about the information shared with the participant is displayed. New contact requests from participants are always displayed in the top. It is possible to accept new contact requests (a peer-to-peer connection between user and participant is created) or reject them (the contact request is ignored).


3.2 Scan Button
The Scan button at the bottom right of the app gives the user access to a QR Code scanner, which allows the user to open and accept connection requests from other users in the form of a QR Code. The app requires access to the phone's camera.


3.3 Toolbar


Settings

The following setting options are available in the „Lissi“ App's toolbar accessible via the gear icon:

  • Via "Change language" the language of the app can be changed. 
  • Via "Use Biometrics" the user can activate the authentication (in addition to PIN and password) via biometric features (e.g. fingerprint or face recognition) of his mobile phone.
  • Via "Change Passcode" the user has the possibility to change his six-digit PIN, which the user needs to start the app.
  • The functions "Set backup" and "Restore backup" are not yet available and will be provided in future versions.
  • Via "Lissi Demo", the demonstration can be accessed and tested on the website www.lissi.id/demo.  

Search function

Using the magnifying glass icon in the toolbar, you can search for identity information in the Wallet tab and search for existing contacts in the Contacts tab.


3.4 Functionality


Create connections

To establish a peer-to-peer connection, the user receives either a QR code or a link from another participant. After the QR code has been scanned or the link has been opened, the user receives information about who sent the contact request. The "Lissi" app checks the certificates sent by the participant. If there is a valid extended organisation validation certificate and the name of the participant matches the name of the organisation within the certificate, the participant is declared as verified. If this is not the case, the participant is displayed as "Contact is not verified". This function is currently only available in the beta function of the "Lissi" app. 

Contact requests can be accepted or rejected. After accepting the contact request, a peer-to-peer connection is established.

All existing connections with other participants are displayed in the tab menu under the "Contacts" symbol. If you select an individual connection, all identity information that the user has received from or sent to the participant is displayed. 

Receiving and saving identity information

If an existing peer-to-peer connection has been established with a participant, this participant can issue identity information ("Verifiable Credentials") to the user. As described in the item "Create connection", the participant's certificates are checked, and the user is shown a corresponding verification of the participant (exclusively in the beta version of the "Lissi" app). If the user receives new identity information from a participant, this information is displayed as first card in the Wallet tab. The user has the possibility to refuse or accept the identity information. If the user accepts the identity information, it will be displayed as a new card in the Wallet tab.

Sharing identity information with other participants

Other participants can send identity requests to the user via an existing peer-to-peer connections. All identity requests are displayed in the “contacts” tab. The requested attributes are already filled out with existing identity attribute stored in the app. The user has the possibility to change this information manually (if other appropriate identity attributes available). As described in the item "Establishing a connection", the participant's certificates are checked and the user is shown a corresponding verification of the participant (exclusively in the beta version of the "Lissi" app). Given the user actively consents to send the information, the selected identity attributes are sent to the requesting participant. 

The storage of the user's data by the other participant must be regulated by the other participant, who is responsible for the legally compliant handling of the data. neosfer GmbH has no responsibilities or obligations in this regard. The „Lissi“ App is only responsible for the exchange of information between participants. If the requested identity information is not stored on the app, the user will receive a corresponding error message. An answer to the identity request is not possible at this time. The missing identity information must first be provided to the user by another participant before the request can be answered.

If the user does not want to answer the identity request, he can reject it. In this case no information will be sent to the requesting participant.

If identity requests have been answered successfully, the user will see the sent data either in the tab "Wallet" under the respective card icon in the section "Activities" or in the tab "Contacts¬" under the respective connection with the requesting participant.   

 

Network support
The “Lissi” app currently supports multiple Hyperledger Indy based networks, including the IDunion test and pilot network; the staging, builder and mainnet of Sovrin, the BCovrin Ledger as well as the Indicio network. 


4. Application/registration


No login and registration with neosfer GmbH is required to use the „Lissi“ App. neosfer GmbH only provides the user with the „Lissi“ App, which allows the user to connect to an identity network and to use the identity services of third parties.

5. Availability and changes to the „Lissi“ App and services relating to the „Lissi“ App


5.1 After installation of the „Lissi“ App, the user can use the „Lissi“ App as well as the services of neosfer GmbH associated with the „Lissi“ App in accordance with the provisions of these GTC. 

5.2 neosfer GmbH assumes no guarantee, obligation or liability with regard to the suitability of the „Lissi“ App and the services and benefits associated with the „Lissi“ App with regard to the purposes and objectives that the user pursues and intends to achieve by using the „Lissi“ App and the services and benefits associated with the „Lissi“ App. This also applies expressly with regard to the descriptions in relation to the „Lissi“ App in sections 2 and 3 of these GTC.

5.3 neosfer GmbH tries to make App "Lissi" and the services and benefits associated with it available without interruption.  However, neosfer GmbH assumes no guarantee, obligation or liability for the availability and usability of the „Lissi“ App and the services and benefits associated with it. 

5.4 Also independent of external circumstances beyond the control of neosfer GmbH, neosfer GmbH is entitled to suspend or terminate the use of the „Lissi“ App as well as the services and performances and services associated with it at any time, whereby the duration and type of suspension and the time of termination are at the discretion of neosfer GmbH, in particular not subject to judicial review, and in particular not limited to repair or maintenance work. 

5.5 neosfer GmbH is entitled to prohibit and/or prevent the use of the „Lissi“ App at any time as well as to terminate the provision of services in connection with the „Lissi“ App. This does not require any reasons and can be carried out by neosfer GmbH in particular within the scope of its own discretion, in particular in a manner that is not subject to judicial review.

5.6 neosfer GmbH is entitled to make changes to the „Lissi“ App at any time, whereby the type and scope of such changes are decided in accordance with neosfer GmbH's own discretion, particularly that which is not subject to judicial review. There is no obligation to inform the user about such changes.

5.7 neosfer GmbH is not obliged to maintain old versions of the „Lissi“ App or to provide services in relation to these.

6. Consent to the use of data and information of the user


6.1 During the installation process of the „Lissi“ App, the user declares his agreement to these GTC as a whole and thus in particular to the following points by clicking on the corresponding field:

The user's identity data stored on the app will initially only be stored on the „Lissi“ App and will not be forwarded to third parties or neosfer GmbH. The data will only be passed on with the user's consent by answering an identity request by an inquiring participant.

Within the framework of the „Lissi“ App, the user receives an overview of which identity data has been sent to which participant at what time. The forwarding of the user's identity data to other participants via the „Lissi“ App shall be regulated by the other participant and the user. The „Lissi“ App itself is only responsible for the exchange of identity information.

In order to improve the user experience, the „Lissi“ App creates automatic crash reports in the event of errors or crashes of the application. In addition to an error report containing the reason for the crash, these reports contain further data such as the date and time of the crash, the model name of the device used, the installed operating system version, the set language and the user's country.

The application uses analysis tools which, based on the use of the „Lissi“ App, collect anonymized data which enable statistical evaluation of the following features: Number of users in certain periods of time, distribution of models on which the app was installed, daily use of the application per user, country of installation, preselected language of the user and the version of the app used.

6.2 With the exception of the installation ID, neosfer GmbH does not collect any personal data of the users.

6.3 Any further use of the data is only made with the explicit consent of the user. With regard to the details, reference is made to the data protection declaration of neosfer GmbH, which the user agrees to during the installation process of the „Lissi“ App by clicking on the corresponding field of the user and which - just like the GTC - can be called up and viewed at any time on the website of "www.lissi.id".

7. Duties of the user


7.1 The user is obliged to provide only truthful and complete data and information. In particular, the user is obliged not to make any statements or use the „Lissi“ App or the services provided in relation to the „Lissi“ App in a way that simulates an identity that does not correspond to the actual identity of the user. 

7.2 The user undertakes not to make his identity generated and confirmed by the „Lissi“ App available to others for use vis-à-vis third parties and/or to enable others in his/her place to use the specifications/identity made in his/her name vis-à-vis third parties.

7.3 The User is prohibited from using the app and services and performances that relate to the „Lissi“ App in a manner that would constitute a criminal offence or regulatory offence in a criminal or participatory manner.

7.4 The user is aware that neosfer GmbH may be obligated to provide information and/or data that neosfer GmbH has collected pursuant to Section 6.2 to the relevant authorities or public-law entities upon official and/or police request, which relate to the person of the user. The user agrees to this, regardless of any existing legal regulations that legitimize the publication, so that a corresponding publication on the part of neosfer GmbH upon request is always made in a lawful manner.

8. Licence


8.1 neosfer GmbH grants the user a simple, territorially unlimited, non-exclusive, non- transferable and non-sublicensable right of use to the „Lissi“ App.


8.2 This right of use is not granted for a specific period of time and therefore indefinitely, but with the right on the part of neosfer GmbH to be able to terminate and withdraw this right at any time with immediate effect at its own discretion, in particular without judicial review, without any need for any reasons.

9. Remuneration


9.1 The identification service is provided free of charge for the user.


9.2 However, the use of the „Lissi“ App may give rise to fees and charges on the part of the user, such as connection and transmission fees, which must be borne by the user.

10. Liability


10.1   neosfer GmbH is liable for damages for which neosfer GmbH is responsible, regardless of the legal grounds, in accordance with the following provisions.

10.2.  neosfer GmbH is not liable for damages caused by negligent (but not grossly negligent) conduct. This applies in particular also to indirect damages such as lost profits, lost sales, failed expenditures as well as damages of third parties.

10.3   Limitations of any liability do not apply in cases of intent or gross negligence or in cases where injury to life, limb or health has occurred.

10.4   Furthermore, limitations of liability shall not apply to claims arising from the Product Liability Act in accordance with the regulations applicable there.

11. Place of jurisdiction


11.1 These GTC as well as all uses of the „Lissi“ App and the services and performances provided by neosfer GmbH in relation to the „Lissi“ App are subject to the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods ("C.I.S.G").


11.2 The place of performance and exclusive place of jurisdiction for all legal disputes arising from or in connection with these GTC and all uses of the „Lissi“ App as well as the services and performances rendered by neosfer GmbH in relation to the „Lissi“ App is Frankfurt am Main (Germany).

End of the GTC

Address:
Neosfer GmbH
part of Commerzbank Group

Eschersheimer Landstraße 6,
60322 Frankfurt am Main,

With made in Germany
Contact:
Tel: +49 (0)69 71913870
E-Mail: info@lissi.id