Everything you need to know about XOOG, from security to deployment, in one place.

1. What is XooG?

XooG is an adaptable add-in built on ZenZ, offering end-to-end data encryption powered  by Web3 cryptography. Its protocol-agnostic design enables seamless integration across diverse systems, ensuring robust and reliable data security.

2. What are the USPs of XooG?

• Decentralized Key Management with Hybrid Encryption (ZES)

XooG empowers users with full control over encryption keys, using ZES for fast, secure, and decentralized data protection.

• Protocol-Agnostic Design with Seamless Interoperability

Its communication protocol-agnostic nature ensures seamless integration across Web2 and Web3 environments, maintaining robust security across platforms.

• Web3-Powered End-to-End Data Encryption

By combining ZES and endpoint-only decryption, XooG ensures unparalleled data privacy and compliance with global data protection standards.

3. What is the encryption technology used for XooG?

XooG uses ZES, a hybrid encryption scheme that combines the speed of symmetric encryption with the security of asymmetric encryption. XooG defaults to X-Salsa20 for symmetric encryption and Curve25519 for asymmetric key exchange, enabling robust cryptographic operations.

Additionally, XooG authenticates parties statelessly before starting the decryption process, ensuring secure and decentralized access to encrypted data.

4. Who all will have access to my key?

With XooG, your keys are managed securely through IOMe, a user-owned decentralized identity solution. This ensures that only you have access to your keys, maintaining complete self-sovereignty and privacy. Neither XooG nor any third party has access to your keys, thanks to IOMe’s decentralized architecture, which eliminates the risks associated with centralized key storage.

5. What information related to me will be stored in XooG?

XooG does not store any data related to the platform where it is integrated (e.g., email content or attachments). The only information persisted in XooG is a decentralized record of the list of organizations and users associated with it, securely stored on a smart contract. This ensures transparency, privacy, and adherence to decentralized principles.

6. In my mail / attachment, what level of access XooG will have?

XooG does not access or store the content of your emails or attachments. Its role is limited to encrypting and decrypting data at the endpoints. This ensures that your email and attachment content remain private and inaccessible to XooG or any third party.

7. Can I use XooG for my personal mail id ?

Theoretically, yes. However, XooG currently requires a verified legal entity to enable the Add-In in Outlook, and single-user subscriptions are not supported at this time. While its communication protocol-agnostic design allows for potential integration with platforms like Gmail, Outlook, WhatsApp, and more, current offerings are focused on organizational use. Future updates may include individual subscription options.

8. What if I use my mail service [ XooG ] from mobile? Any difference or process to be followed ?

Currently, XooG is supported on Outlook browser and desktop versions. If you access your email via mobile, XooG’s encryption and decryption features may not function directly on mobile apps. For full functionality, it’s recommended to use the desktop or browser version of Outlook where XooG is integrated. Mobile compatibility is a planned enhancement for future updates.

9. What if I delete the email ? 

If you delete an email encrypted with XooG, the email is permanently removed based on your email provider’s deletion policy. Since XooG does not store any content of your emails or attachments, once the email is deleted from your account, it cannot be recovered through XooG. Always ensure you have backups if needed before deleting critical emails.

10. What are the specific hardware and software requirements for using XooG?

XooG requires minimal hardware and software prerequisites:

• Hardware: A device capable of running modern browsers or supported email clients (e.g., Outlook). No specialized hardware is required.

• Software: Supported versions of email platforms (Outlook browser/desktop currently) and the XooG Add-In. Ensure stable internet access.

11. If any legal requirement, XooG will be able to share our information to the Governments / Courts without our concurrence or approval ?

XooG does not store email content, attachments, or user keys. However, in compliance with legal requirements, information stored in smart contracts—such as organizational associations and IOMe identities—may be shared. Audit trails are transparent but maintain anonymity for sender and receiver identities, showing only timestamps and Ix hashes. XooG adheres to self-sovereign principles, ensuring private keys and email content remain completely inaccessible.

12. What if someone accessed my mail? Should I reset XooG after resetting my email password?

If your email account is compromised, resetting your email password suffices. XooG’s security is independent of email credentials, as it relies on encryption keys securely managed via IOMe. 

13. Can I use XooG alongside my email provider’s built-in encryption?

Yes, XooG works in tandem with your email provider’s encryption. XooG adds an additional layer of end-to-end encryption, ensuring that even if your provider’s encryption is bypassed, your data remains secure.

14. I would like to buy XooG for my personal mail id. Is it possible to subscribe?

Currently, XooG is focused on organizational use and requires a verified legal entity for activation. Individual subscriptions for personal email IDs are not available at this time, but future updates may expand support to include personal use cases.

15. I have multiple mail ids. Is there a plan where I can buy one XooG subscription for all ?

Currently, XooG subscriptions are designed for organizations, not individual users. However, users can link multiple email IDs to a single XooG account, and each email ID can belong to multiple organizations.

16. During XooGing, the “Compute Node” which does the encryption is based out of which country ? Do I have a say on that?
    XooG performs encryption and decryption on endpoints, so no centralized compute nodes are used. Data never leaves your device unencrypted.

    
    

17. What is the involvement of validators here, if any?

Validators are involved in managing the blockchain (MOI) where smart contract information is stored. They play no role in email encryption or access to content, ensuring separation of concerns and privacy.

18. Is it possible to use any other chain for XooG?

Yes, XooG can theoretically be implemented on other blockchain networks, as its design is modular and adaptable. However, the current integration with MOI is optimized for security, performance, and participant centricity.

19. The authenticity of the block chain platform (MOI) and IOME protocol? Are there third party certifications like HIPAA, GDPR or SOC2 compliant? 

XooG and IOMe utilize Kapsul for data persistence, ensuring alignment with regulatory compliance standards such as HIPAA, GDPR, and SOC 2. Kapsul’s infrastructure is designed to meet stringent data protection requirements, providing a secure environment for sensitive information. This integration ensures that data handling within XooG adheres to industry best practices and regulatory mandates.

20. Competitive comparison / battle cards to Microsoft encryption etc.

XooG stands out with:

• Decentralized key management (self-sovereignty via IOMe).

• End-to-end encryption using ZES (blends symmetric speed and asymmetric security).

• Seamless Web2-Web3 interoperability.

Microsoft’s encryption solutions rely on centralized key storage, making XooG unique in offering full user control.

21. What will it take for someone to replicate this over another blockchain network? What will be our positioning then?

XooG’s competitive edge lies in its seamless integration with Web2 systems, ZES encryption, IOMe for identity management, and its protocol-agnostic design. Replication is technically possible, but XooG’s adaptability and existing integrations position it as a leader in secure communication solutions.

22. Are there any vendors who do mail encryption at rest? 

Yes, several email providers encrypt mail at rest (e.g., Gmail and Outlook). However, XooG enhances this with end-to-end encryption, ensuring even intermediaries (including the provider) cannot access the data.

23. Are there other vendors offering selective text encryption?

While several email encryption tools—such as Encryptomatic OpenPGP, Gpg4Win, Mailvelope, and Trustifi—provide centralized end-to-end encryption, they typically encrypt entire messages. The capability to encrypt specific sections of text within an email is uncommon among these solutions. Introducing selective text encryption could serve as a unique and powerful differentiator in the market.

24. It was mentioned that the private key gets downloaded automatically when the XooG login is done. Do we have any technical write up /certification / patent / IPR around this?

Reference Document need to be attached

25. Have we conducted a bug bounty program for the platform to prove its security?

Not yet, but we plan to conduct thorough audits and launch a bug bounty program to invite ethical hackers to test the platform’s security.

26. What is the compliance and regulatory burden that we should take on?

XooG does not bear regulatory compliance burdens, as it does not store any platform’s data. Instead, XooG ensures secure, decentralized encryption, leaving compliance responsibilities to the organizations or users managing their data.

27. Does the performance get impacted depending on the size of the email?

XooG’s encryption and decryption processes are highly efficient due to the ZES hybrid encryption scheme. While larger emails may take marginally longer, performance impact is negligible and optimized for scalability.

28. Does IOMe interface with XooG, have the “Data Subject Request”(DSR) in accordance with GDPR where the customer can choose the type of Request(Either Right to Access or Right to Erasure)?
    
    

29. Why was ZES chosen over other algorithms?
    
    

30. How is the encryption key managed? Is it shared between sender and receiver, and if so, how is it transmitted securely?
    
    

31. Does the encryption process work offline, or is an internet connection required?
    
    

32. Are there character limitations or restrictions for the text that can be encrypted?
    
    

33. Can the “Subject” of the email be encrypted?
    
    

34. What measures are in place to prevent brute force attacks or unauthorized decryption?
    
    

35. Can the encrypted text be shared across different platforms (e.g., forwarding the email), and how is security maintained in such cases?
    
    

36. How are updates to the extension handled, and how is backward compatibility ensured for older versions?
    
    

37. Is there any visual indication in the email body to alert the recipient that part of the email is encrypted?
    
    

38. Is the extension free, freemium, or subscription-based? If paid, what is the pricing model?
    
    

39. Are there plans to integrate advanced features, such as two-factor authentication for decryption or blockchain-based encryption keys?
    
    

40. How are users informed about critical updates, security patches, or feature changes?