Decot Master FAQ
Fifty of the most-asked questions—answered in one place. Jump around or read top to bottom to become a Decot pro.
1 · General Questions
1. What is Decot in one sentence?
Decot is a privacy-preserving web app that lets multiple parties draft, negotiate, sign, audit, and even NFT-notarise contracts—anchored on the Sui blockchain while your documents stay encrypted off-chain.
2. Who is Decot built for?
Primarily legal, procurement and sales teams that need airtight audit trails but don’t want to expose sensitive terms on a vendor’s servers—plus tech-savvy SMEs modernising contract ops.
3. Do I need crypto knowledge to use it?
No. Decot custom ZK login hides cryptographic complexity behind a familiar sign-in experience. You can use the platform without managing wallet extensions or seed phrases.
4. Is Decot open-source?
Not yet. Core smart-contract modules remain proprietary (with third-party audits); integration SDKs may be released under permissive licences later.
5. Where are Decot’s servers located?
Front-end and API nodes run in EU & US clouds. Encrypted contract files reside on Walrus—a decentralised object-storage network distributed across multiple operators—so a single data-centre outage can’t bring you down.
2 · Getting Started
6. How do I create my first account?
Use the 3-step onboarding flow: choose login method, complete secure ZK verification, and enter your workspace.
7. Do I need to install a browser extension?
No. Browser wallet extensions are not required for standard onboarding and usage.
8. Can I import an existing Sui wallet?
Not required for normal use. Decot provisions secure signing identity during onboarding. Advanced enterprise integrations can be reviewed with support.
9. What file types can I upload?
PDF is recommended for signing. DOCX, ODT, XLSX, PPTX and common image formats are accepted during drafting or as attachments.
10. How big can a single file be?
Up to 25 MB on Personal/Team and 150 MB on Business/Enterprise by default; larger blobs on request.
3 · Contract Lifecycle & Workflow
11. What does “Create Contract” actually do?
It encrypts your document in-browser, stores the ciphertext on Walrus, then mints a Sui “contract object” that points to that file hash.
12. Can multiple people edit the same draft?
Yes—owners grant Commenter or Editor rights; each save creates a new hashed version, so you always know who changed what.
13. How are approvals routed?
Through flexible sequential or parallel steps in the Workflow Builder (e.g. Legal → Finance → CEO → Counter-party).
14. What happens if a signer rejects?
Status reverts to Rejected; address comments, upload a new encrypted version, and resubmit.
15. What is NFT notarisation?
After execution you can mint an ERC-721-style NFT object on Sui containing the final file hash. Only contract-party wallets receive the token—no public exposure.
16. Can I void or terminate a contract later?
Yes—if allowed by your governance rules, execute a Terminate transaction; a new immutable state is appended for audit.
4 · Security & Privacy
17. What encryption is used on files?
AES-256-GCM (256-bit keys) in the browser via WebCrypto; keys are wrapped with SEAL’s threshold encryption and split across multiple Sui validators.
18. Can Decot staff read my contracts?
No—encryption keys never touch Decot servers; Walrus ciphertext is undecipherable without them.
19. How is key recovery handled?
Through Decot account recovery using verified identity checks and configured recovery methods.
20. What about insider threats?
Every edit/signature requires a wallet signature; even privileged admins can’t silently alter a contract—Sui rejects unsigned transactions.
21. Are smart contracts audited?
Yes—independent Move auditors run static analysis and formal verification; reports are shared with Enterprise customers under NDA.
22. Is two-factor authentication available?
Yes. You can enable TOTP or passkeys for stronger account protection.
5 · Blockchain & Tech Stack
23. Why Sui instead of Ethereum or Solana?
Sui’s object model maps one-to-one with contracts, supports parallel execution and keeps gas fees at fractions of a cent.
24. What gas or mint fees do I pay?
None. Decot covers on-chain gas and NFT-mint costs for actions performed in the app.
25. Is Walrus really “off-chain”?
The bytes live off-ledger, but Walrus nodes settle proofs/payments on Sui. Data = off-chain; metadata = on-chain.
26. Where are hashes stored?
Inside each contract object on Sui: SHA-256 hash for the file plus version hashes.
27. Which ZKP system do you use?
Groth16 circuits compiled with Circom 2 (Plonkish upgrades on the roadmap).
28. Can I view transactions on a public explorer?
Yes—every action has a TxID; click View on Explorer in the UI.
6 · Pricing & Subscription Plans
29. Is there a free tier?
Not currently. While Decot is in its pilot phase, the way to try it is a scoped pilot (8–12 weeks) or a read-only demo — pricing is contact-based.
30. How is contract volume counted?
A contract counts once it leaves Draft; archiving frees quota.
31. What happens if I exceed storage?
Uploads pause; upgrade or delete unused files. Enterprise clients can negotiate higher limits.
32. Are NFT mints extra?
No—Decot pays the mint fee as part of your subscription.
33. Do you offer on-prem or private-cloud?
Not today. Decot is SaaS-only; Enterprise clients may pin Walrus replicas to their own S3 buckets if required.
7 · Administration & Roles
34. What user roles exist?
Owner, Admin, Editor, Commenter, Viewer and API Service (for bots).
35. Can I enforce SSO?
Yes—SAML 2.0/OIDC enterprise connectors are available on Business tier and up.
36. How do I set mandatory approval rules?
Use the visual Workflow Builder (e.g. “If Total > €100 k → Legal approval required”).
37. Can I revoke a user’s decryption rights?
Yes—trigger Key Rotation in SEAL; old keys are tomb-stoned, new ciphertext is re-wrapped for remaining users.
8 · Integrations & API
38. Is there a REST API?
Not yet. API integrations are currently under development and marked as coming soon.
39. Do you support Zapier or Make.com?
Not yet. Zapier and Make.com support will be announced once the API launch is live.
40. How do I link with Salesforce?
Salesforce integration is coming soon and not available in the current release.
41. Can I push signed PDFs to SharePoint?
This integration is coming soon and currently unavailable.
42. Is GraphQL available?
Not currently. GraphQL is planned for a future release.
9 · Compliance & Legal
43. Are on-chain records eIDAS-compliant?
They meet key “qualified ledger” criteria (Reg. (EU) 2024/1183); formal certification is planned for 2026.
44. How does GDPR ‘right to erasure’ work?
We delete the Walrus blob and tomb-stone its key; the on-chain hash then points to undecipherable data.
45. Do Decot signatures meet ESIGN/UETA?
Yes—wallet signatures are legal electronic signatures under ESIGN/UETA, and the immutable audit trail proves intent and attribution. For EU eIDAS, Decot also issues Qualified Electronic Signatures (QES) via DigiCert, which validate as trusted in Adobe Acrobat.
46. Where is your DPA?
Email [email protected] for our Data Processing Addendum.
47. Has Decot completed a SOC-2 audit?
SOC-2 Type I is underway; Type II is targeted for Q1 2026.
10 · Troubleshooting & Support
48. My transaction is stuck—what do I do?
Check Sui Explorer for Pending status. Decot auto-re-broadcasts after 60 s; contact support if pending > 5 min.
49. I lost my social-login account. Can I recover my wallet?
Use Decot recovery with your verified email and recovery setup, then contact support if extra verification is required.
50. How do I report a security vulnerability?
Email [email protected] or submit via our HackerOne program—please include reproduction steps.
Still stuck? Email [email protected] and our team will help.