This wizard will assist you in constructing the set of rules, also known as the Recovery Policy, which specifies under which conditions your data can be recovered. The policy has been designed with flexibility in mind in order to accommodate different use-cases and threat models.

Time Based Rules

Time based rules allow specifying during which time period the policy is active. In order to request data recovery, a policy has to be in an active state at the time the request is made to recover data. If a policy is mutable (allowed to be updated), it can also only happen while the policy is in an active state, and is done by creating a new policy which will take place of the old one. The dates are always interpreted in UTC (Coordinated Universal Time), at 12:00AM of the selected date. The two dates which are configurable, from_date and upto_date allow for the following configurations:

from_date < upto_date: makes the policy active during a time window. (e.g from_date: 2024/08/01, upto_date: 2024/09/01 would make the policy active only between those dates)
upto_date < from_date: makes the policy in-active during a time window (e.g upto_date: 2024/08/01, from_date: 2024/09/01 would make the policy in-active only between those dates)
upto_date only: makes the policy expire after the upto_date (e.g upto_date: 2027/01/01 means the policy is never active again after this date.)
from_date only: makes the policy active after the from_date (e.g from_date: 2025/01/01 means the policy is active only starting after that date)

upto_date *

from_date *

Is the policy editable (mutable) while it's active?

Remote Recovery via Cryptographic Signatures

This type of recovery makes it possible to recover data remotely by providing cryptographic signatures to show intent of recovery. We support all widely used types of signatures such as `OpenPGP`, ETH, BTC, etc.

Can recovery be authorized using threshold based cryptographic signing? *

Recovery via KYC Validation and Statement of Intent

Recovery via KYC requires that a threshold of authorized persons be KYCd in person by legal representatives of Distrust and confirm their intent to recover data. This process varies based on the jurisdiction it's being conducted in and adds time to the recovery process.

Can recovery be authorized by persons using KYC? *

What threshold would you like to use for the KYC recovery method? (2/3, 3/5, 4/7 etc)

Please select KYC data for individuals who can participate in recovery. Each person's data should be a `.toml` file. Pictures of front and back of IDs should be base64 encoded and listed in the id_images array. The supported ID types are Driver's License, Passport, National Identity Card:

                        
                        first_name = "John"
                        last_name = "Doe"
                        date_of_birth = "1990-01-01"
                        id_images = ["", "", ...]
                        country_of_birth = "US"

Data Storage

This part of the policy allows you to select wether you would like Distrust to fully back up all your data, or to only hold an encryption key in escrow, in which case you are responsible for redundantly backing up the encrypted data (learn more here)

Type of data storage *

Additional Configurations

Are both remote and KYC based recovery required? (If "No", either one can be used for recovery) *

Recovery Policy Wizard

Time Based Rules

Remote Recovery via Cryptographic Signatures

Recovery via KYC Validation and Statement of Intent

Data Storage

Additional Configurations