101 lines
6.4 KiB
Markdown
101 lines
6.4 KiB
Markdown
|
|
# tryst-verification.screen
|
||
|
|
|
||
|
|
Tryst Sumsub KYC re-up + verification status dashboard. Implements [surface-tryst.brief.md §6](./surface-tryst.brief.md). **Sensitive — deadname risk handling is central.** Reached from a Tryst-flagged re-verify approval card or from settings → Safety → Verifications. Voice: **plain**.
|
||
|
|
|
||
|
|
## Layout (full-screen sheet)
|
||
|
|
|
||
|
|
```
|
||
|
|
┌─────────────────────────────────────────────────┐
|
||
|
|
│ ◄ Back Verification │ 56pt
|
||
|
|
├─────────────────────────────────────────────────┤
|
||
|
|
│ │
|
||
|
|
│ ─── Status ─── │
|
||
|
|
│ Verified ✓ — expires 2027-03-04 │
|
||
|
|
│ Last verified: 2026-03-04 │
|
||
|
|
│ Method: Sumsub (govt ID + selfie + liveness) │
|
||
|
|
│ │
|
||
|
|
│ ─── If you need to re-verify ─── │
|
||
|
|
│ Tryst will prompt automatically when needed. │
|
||
|
|
│ Cocotte will surface it here when that happens. │
|
||
|
|
│ [ Start re-verification → ] │ manual trigger if needed
|
||
|
|
│ │
|
||
|
|
│ ─── About your records ─── │ privacy section
|
||
|
|
│ Tryst stores: govt ID image + face scan + │
|
||
|
|
│ liveness check + expiration date. │
|
||
|
|
│ Cocotte stores: verification status + expires │
|
||
|
|
│ date. **NOT** the ID image or your gov-name. │
|
||
|
|
│ Sumsub stores: per their privacy policy. │
|
||
|
|
│ │
|
||
|
|
│ ─── Deadname / gov-name handling ─── │
|
||
|
|
│ Your gov-name from your ID is **never** shown │
|
||
|
|
│ to clients on Tryst. Tryst's compliance team │
|
||
|
|
│ sees it; Cocotte never logs it visibly; no │
|
||
|
|
│ agent reads it. │
|
||
|
|
│ [ Read the full policy → ] │
|
||
|
|
│ │
|
||
|
|
└─────────────────────────────────────────────────┘
|
||
|
|
```
|
||
|
|
|
||
|
|
## Status states
|
||
|
|
|
||
|
|
1. **Verified, healthy** (>30d to expire) — green status.
|
||
|
|
2. **Expiring soon** (≤30d) — amber; copy: "Re-verify within {N} days to keep your listing live."
|
||
|
|
3. **Expiring this week** (≤7d) — pulses amber + nudge banner.
|
||
|
|
4. **Expired** — red status + high-stakes interrupt: "Verification expired. Your listing is hidden on Tryst. Re-verify to recover."
|
||
|
|
5. **In progress** (Quinn started re-verify on Sumsub but hasn't completed) — chip: "Awaiting Sumsub. Open the email Sumsub sent."
|
||
|
|
6. **Failed** (Sumsub rejected ID / face / liveness) — banner with reason + retry route.
|
||
|
|
7. **Cocotte has stale data** (lost connection per brief M) — chip: "Status may be stale; last refreshed {time}. [Refresh]"
|
||
|
|
8. **Re-verify started but Quinn abandoned** — Sumsub session times out; chip: "Last attempt timed out. Start again?"
|
||
|
|
9. **VoiceOver** — status block read first; privacy section explicitly announced.
|
||
|
|
|
||
|
|
## Privacy mechanics (this screen is the disclosure point)
|
||
|
|
|
||
|
|
The screen exists to **make the privacy boundary visible**:
|
||
|
|
|
||
|
|
- Cocotte **never** stores Quinn's ID image or gov-name.
|
||
|
|
- Cocotte **never** displays gov-name to any specialist, log, or audit row.
|
||
|
|
- Tryst's compliance team sees gov-name per their policy.
|
||
|
|
- Quinn can read the full policy via the link; it lives at cocotte.io/privacy/verification.
|
||
|
|
- Deadname risk: Quinn's gov-name on the ID may differ from her display name. Cocotte's job is to keep the gov-name compartmentalized — used for Tryst's verify, never elsewhere.
|
||
|
|
|
||
|
|
## Interactions
|
||
|
|
|
||
|
|
- **Tap "Start re-verification"** → opens an in-app browser to Sumsub's flow (Quinn does the ID + selfie + liveness step there); Cocotte detects completion via webhook and updates the status.
|
||
|
|
- **Tap "Read the full policy"** → routes to in-app privacy page (cocotte.io/privacy/verification rendered in-app).
|
||
|
|
- **Long-press status block** → "View audit trail of past verifications" (recent N audit rows of `action_type='verify_status_check'`).
|
||
|
|
|
||
|
|
## Edge cases
|
||
|
|
|
||
|
|
- **Quinn previously verified on Tryst before connecting to Cocotte** — status pulled from Tryst on connect; chip: "Verified pre-Cocotte; first-fetched from Tryst on {date}."
|
||
|
|
- **Sumsub flags the ID** (suspected fake) — Cocotte surfaces neutrally: "Sumsub couldn't verify. Tryst's compliance will contact you." No accusatory tone.
|
||
|
|
- **Multiple verifications in past 12 months** (Quinn re-verified for non-renewal reasons) — audit shows the full history.
|
||
|
|
- **iCloud / system-keychain prompts for ID image during Sumsub flow** — out-of-Cocotte; Cocotte doesn't see it.
|
||
|
|
- **Quinn declines to re-verify** — Cocotte respects: status stays "expiring"; listing eventually hides; Cocotte never coerces.
|
||
|
|
|
||
|
|
## *Generalization callout*
|
||
|
|
|
||
|
|
KYC re-up screens differ per surface:
|
||
|
|
|
||
|
|
- **TS4Rent**: same Sumsub vendor — screen reuses ~100% with surface-name swap.
|
||
|
|
- **Slixa**: different vendor (Stripe Identity? to be confirmed) — same shape, different "method" field.
|
||
|
|
- **OnlyFans**: their own verify system — screen pattern reuses; backend integration differs.
|
||
|
|
- **X / Instagram**: not applicable.
|
||
|
|
|
||
|
|
The privacy-disclosure block + status states + re-verify flow generalize fully; the vendor name + method specifics vary.
|
||
|
|
|
||
|
|
## Related
|
||
|
|
|
||
|
|
- [surface-tryst.brief.md §6](./surface-tryst.brief.md) — parent.
|
||
|
|
- [specialist-bookings-tryst.contract.md](./specialist-bookings-tryst.contract.md) — Never section: "never surfaces gov-name."
|
||
|
|
- [Brief K](./K-safety-blocklist.brief.md) — deadname / real-name handling.
|
||
|
|
- [Brief V](./V-data-portability-erasure.brief.md) — verification records as exportable / erasable data.
|
||
|
|
- [Brief I](./I-audit-trust-replay.brief.md) — every status fetch + re-verify = audit row.
|
||
|
|
- [Brief M §M3a](./M-error-degraded-modes.brief.md) — expired-verify is a high-stakes failure.
|
||
|
|
- [`voice.md` §V2c](./00-system-voice.md) — plain register throughout.
|
||
|
|
|
||
|
|
## Out of scope
|
||
|
|
|
||
|
|
- Sumsub's flow interior (it's a 3rd-party in-app web flow).
|
||
|
|
- Privacy-policy text (linked, not duplicated).
|
||
|
|
- Multi-jurisdiction verification (Quinn's gov-ID is one country; multi-country verify is a defer-to-later concern).
|