security levels

  • level 1a: email & sms (v1.0)
  • level 2a: address & passport (v1.0) - address by sending a QR code through postal mail
  • level 3a: bankaccount verification (through 1 $ deposit to our bank account) (v1.1)
  • level 4a: kyc (e.g. through paycash) (v2)
  • level 1b,2b, 2c & 2d: same 2 factor authentication enabled


step 1

  • register in organization threefold.public, require email & sms
  • auto pub/priv key generation in rogerthat (ability to write with words the priv key on paper & keep in secure location)

initial requirements

apps example

mini app 1: order box

  • user is on miniapp in RT e.g. order a TF Box
  • user does whatever to get the box

mini app 2: check status of box

  • can be people behind today

mini app 3: accept arrival of a box

  • when he accepts the arrival of box we ask him to accept the terms & conditions (send above)
  • scan QR code which links to original order
  • terms & conditions link is shown to user (for iyosee)
  • app asks if the user has read the link & accepts
  • the app submits the signature to IYO for the content already shown above

further requirements

  • ability for people to group in companies (v1.x)

notable examples of onboarding done by other apps

  • Revolut has the best signup experience I've seen so far. It's fast, seamless and painelss. Instead of video you just take a selfie (in app), load up your account using your bank card and everything works. We should really pick the best parts from their signup procedure.
  • bunq has you chat on video with a support representative and show your ID. It sounds easy but in reality they're really restrictive.
  • Leupay just has you pay 1 euro to them through the bank card and you confirm it by sending them the code that appears on your bank statement. Then they send you their card for free to verify your address.


  • can companies just sign up for an account?