Security meets Convenience

For us, security also includes the special protection of personal and, above all, sensitive data, such as details of purchased items when cash register receipts are transmitted. While we are often offered this security and the associated protection in our communication in modern messengers (WhatsApp, Signal, Threema, etc.), it is not yet the case at the checkout or in customer loyalty programs (point of sale). That’s why we offer you wunderbon, your confidential and end-to-end encrypted assistant for the point of sale.

Don’t worry, even without understanding all the details, wunderbon is usable for you. Everything simply runs in the background. Without having to do a thing. You will get more details below.

End-to-end encryption

Let’s first take a look at what is meant by end-to-end encryption:

End-to-end encryption (E2EE) is the encryption of transmitted data across all transmission stations. Only the communication partners (the respective end points of the communication) can decrypt the message.
Source: Wikipedia

This diagram shows asymmetric encryption at wunderbon. — **Asymmetric encryption** at wunderbon

This ensures, among other things, that confidentiality, authenticity and integrity are maintained. Specifically, this means the following:

Protection of Confidentiality

The messages or data can be read or heard clearly in plain text only by the person for whom it is intended.

Protection of Authenticity

The authenticity of the sender is verified. The sender is really the person who is specified as the sender.

Protection of Integrity

The message cannot be changed unnoticed by third parties on its way from the sender to the recipient.

This ensures that only you and your favorite retailer can see the data of your purchase. We at wunderbon have neither the ability to see this data nor the intention to do so. The following diagram shows the end-to-end encryption process:

This diagram shows the rough flow of end-to-end encryption between merchant and end customer via wunderbon. — **End-to-end encryption** between merchant and end customer via wunderbon

What will be encrypted

All data that are part of the purchase and exclusively concern you, are transmitted end-to-end encrypted. This includes the entire shopping cart including the number of products and all other details such as item numbers and prices. This ensures that your purchases are transferred confidentially and securely, regardless of the retailer (grocery store, pharmacy, parking garage, coffee shop, etc.). Of course, this protects not only you, but also the dealer.

Handling metadata

We ensure that authenticity is maintained for both sides of the transaction. This includes a certain set of data, called metadata. This includes:

Date and time
Branch-Id
POS-Id
Reference of the transaction (this can also be found in the blockchain)
Clearing(i.e. all payment data for fraud prevention).

This data is encrypted, but not transmitted end-to-end.

Key-Management

We ensure that your merchant always receives the correct public key randomly chosen by your device and encrypts your data accordingly with this key before transmitting your receipt (or other services and data) to your wunderbon app.

This diagram shows multi-key pooling at wunderbon. — **Multi Key Pooling** at wunderbon

Data storage

All data is always stored in encrypted form and thus always protected from unauthorized access. While we encrypt a large part of the metadata we collect, we also ensure that your data is protected from unauthorized access. The data that is not stored in encrypted form is, for example, internal references or part of the aforementioned metadata, which must also be available to the merchant for verification (accounting, internal processes, auditing, cash register security ordinance, etc.) and is also already available today for card payments, is stored in a readable form for us in the process.

An example may make it easier:

While end-to-end encryption ensures that only the merchant, and you know what was purchased, there is a portion of data (such as merchant, store, point-of-sale, amount, payment method, among others – you can find a full list here) that is not transmitted end-to-end encrypted. This is technically necessary to provide the merchant and you with proof of a correct transaction. But also in order to enable, for example, an exchange and the associated recall of a digital till receipt (revocation process) and to be able to display the transaction status of a till receipt in the app and also in the merchant dashboard at any time, parts of the metadata are not end-to-end encrypted. However, all data is stored encrypted in the data center.

Blockchain and NFT’s

Each individual transaction is persisted within the blockchain and anchored there for public viewing. We would like to briefly explain what this means for you. By anchoring it to the blockchain, a unique checksum that can be generated at any time from the data of a cash receipt is made publicly available. Without knowing the associated document, you can’t do much with this checksum. However, with knowledge of the document content, this checksum can be easily retrieved. Thus, the status of a known document can be checked at any time and the contents are safely protected from the reverse. The process is shown for you in the following diagram:

This diagram shows the blockchain NFT output at wunderbon as a public record of the transaction. — Blockchain **NFT issue** at wunderbon as public proof of transaction

Durch das Persistieren in der Blockchain besteht eine externe und nicht unter der Verwaltung von wunderbon liegende, darüber hinaus nicht manipulierbare (das Konzept der Blockchain / Ledger) Prüfsumme der Transaktion inklusive derer Inhalte. By persisting in the blockchain, there is an external and not under the management of wunderbon, moreover, not manipulable (the concept of blockchain / ledger) checksum of the transaction including its contents. All steps within the wunderbon network are digitally signed. This means that every request for a digital receipt, as well as every issuance and also storage by us, is provided with a digital signature. The result is then anchored in the blockchain. It’s that simple. This ensures that the transaction between you and your merchant via the wunderbon platform is not only fundamentally confidential, but also cannot be manipulated from any side. That’s why our digital receipts are also forgery-proof.

Cookie	Duration	Description
__gads	13 months	Some cookies help Google display advertisements on third-party websites. These cookies are set in the domain of the website you visit. For example, "_gads" cookies allow websites to display advertising from Google, including personalized advertising.
__hssrc	session	Whenever the HubSpot software changes the session cookie, this cookie is also set. This determines whether the visitor has restarted the browser. If this cookie is not present when HubSpot manages cookies, it is considered a new session. It contains the value "1" if present.
__hstc	13 months	These are non-essential cookies that are controlled by the cookie banner. If you are a visitor to a HubSpot-supported website, you can opt out of these cookies by not providing consent. The main visitor tracking cookie. It contains the domain, the user token (utk), the first timestamp (of the first visit), the last timestamp (of the last visit), the current timestamp (for this visit), and the session count (increases with each subsequent session).
_fbp	3 months	Facebook Ads / Ads. Facebook does not provide a description of the cookie.
_ga	24 months	This cookie is used to collect information about how you use our site. We use the information to generate reports and improve the site. The cookie collects information in a way that does not directly identify you. This information includes, for example, the number of visitors to our site, where visitors came to our site from, and which sub-pages they visited.
_gcl_au	13 months	Google Adsense cookie to store and track conversions. Used by Google AdSense to adjust advertising efficiency on the websites that use our services. This is the first-party cookie for the "Conversion Linker" feature. It takes information in ad clicks and stores it in a first-party cookie so that conversions can be attributed outside the landing page.
_gid	session	Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.
hubspotutk	13 months	This cookie tracks the identity of a visitor. This cookie is passed to HubSpot software when a form is submitted and is used when de-duplicating contacts. It contains an opaque GUID to represent the current visitor.
sib_cuid	12 months	Collects information about your navigation and preferences on our site. This is used to send potential newsletters based on this information.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	11 months	The cookie is used to store the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is used to store the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	The cookie is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Others".
cookielawinfo-checkbox-performance	11 months	The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	12 months	This Cookie stores the state of whether the Cookie notice was shown.
wp-wpml_current_language	session	This Cookie stores the current detected or chosen language preference of the user visiting the website.