Somleng
Low-cost interactive voice response system for communities with low literacy levels
Website: https://www.somleng.org
Type of Digital Public Good
- Open content
- Open data
- ✅ Open software
- Open standard
- Open AI model
1. Is it relevant to one of the Sustainable Development Goals?
- 3. Good Health and Well-being
Link to Evidence: https://www.unicefinnovationfund.org/broadcast/updates/somleng-open-source-telephony
- 9. Industry, Innovation and Infrastructure
Link to Evidence: https://www.unicefinnovationfund.org/broadcast/updates/unicef-innovation-fund-graduate-somleng
2. Does it use an appropriate open license?
Yes, this project is licensed under the following license(s):
3. Is ownership clearly defined?
Is the ownership of the project and everything that the project produces clearly defined and documented?
Yes
If yes - please link to the relevant copyright, trademarks, or ownership documentation for the project.
4. Does the license of libraries/dependencies undermine the openess of the project?
Does this open project have mandatory dependencies (i.e. libraries, hardware) that create more restrictions than the original license?
No
If yes - are the open source components able to demonstrate independence from the closed component(s) and/or are there functional, open alternatives?
Not Applicable
If yes - please describe how the open source components are independent and/or list the open alternatives for the closed component:
Not Applicable
5. Is there documentation?
Does some documentation exist of the source code, use cases, and/or functional requirements. For software projects, this should be present as technical documentation that would allow a technical person unfamiliar with the project to launch and run the software. For datasets and data projects, this should be present as documentation that describes all the fields in the set, and provides context on how the data was collected and how it should be interpreted. For content collections, this should indicate any relevant compatible apps, software, hardware required to access the content and any instructions about how to use it.
Yes
If yes - please link to the relevant documentation:
6. Is non PII data and/or content accessible?
Does this project collect or use non-personally identifiable information (non-PII) data and/or content?
Yes
If yes - is there a mechanism for extracting or importing non-personally identifiable information (non-PII) from the system in a non-proprietary format?
Yes
If yes - describe the mechanism for extracting or importing non-personally identifiable information from the system in a non-proprietary format:
The non-PII data can be accessed via an API
7. Does the project adhere to privacy and other applicable international and domestic laws?
Has this project taken steps to ensure adherence with relevant privacy, domestic, and international laws? For example, the General Data Protection Regulation (GDPR) in the European Union or the Supplementary Act A/SA.1/01/10 on Personal Data Protection for the Economic Community of West African States (ECOWAS) (yes/no)
Yes
If yes, please list some of relevant laws that the project complies with:
- To the best of our knowledge, Somleng does not store any PII for the beneficiaries. The only potential PII that we collect and store is the beneficiary phone number. As such, as an open source project, we do not think GDPR applies to Somleng.
If yes, please describe the steps this project has taken to ensure adherence (include links to terms of service, privacy policy, or other relevant documentation):
- Privacy policy - https://github.com/somleng/somleng-project/blob/master/Privacy.md
- NGOs might decide to collect PII information for their specific use-case. We strongly recommend that NGOs do not collect this information if not required.
8. Does the project adhere to standards and best practices?
Does this project support standards? (i.e. Web Content Accessibility Guidelines (WCAG) 2.1 or other standards such as those listed on W3C)
Yes
Which standards does this project support (please list)
- JSONAPI
- JWT (RFC 7519)
- TLS 1.3 (RFC 8446)
- TOTP (RFC6238)
Can you point to evidence of your support? (i.e. please link to your validator, open test suite, etc.)
- JSONAPI - https://www.somleng.org/docs/carrier_api/#create-an-account
- JWT (RFC 7519) - https://www.somleng.org/docs/carrier_api/#webhooks
- TLS 1.3 (RFC 8446) - https://www.ssllabs.com/ssltest/analyze.html?d=somleng.org&s=13.35.122.35&latest
- TOTP (RFC6238) - https://github.com/somleng/somleng/blob/develop/spec/system/dashboard/authentication_spec.rb#L4
Was this project built and developed according to or in adherence with any design, technical and/or sector best practices or principles? i.e. the Principles for Digital Development?
Yes
Which principles and best practices does this project support (please list)
- JWT - Somleng's Carrier Webhooks are signed using JWT (RFC 7519). This provides a standard way for applications to verify webhooks.
- Design for Scale - Somleng is a tool which can be used across the globe. The technology can be applied to hundreds of different use-cases from mHealth projects to Early Warning Systems to Internet Banking OTP Authentication. Our vision is a world where communications is accessible to everyone. We aim to achieve this vision by giving local carriers and individuals the technology to provide their own cloud communication stacks across the globe.
- Design With the User - Somleng is designed with feedback from our customers and partners. We add features in an incremental manner based on the feedback from our partners.
- Use Open Standards, Open Data, Open Source, and Open Innovation - Somleng's Carrier API is written according to the JSONAPI standard. By using the JSON:API standard consumers of the API can use a pre-built client which avoids the need for us to provide helper libraries for various programming languages. In addition it serves as a set of conventions for us to follow, eliminating the need for us to make some decisions on how to design the API.
- Reuse and Improve - Somleng contains a compatible open source implementation of Twilio's REST API. This API has become the the de-facto standard for Cloud Communications. By being compatible with this API, users of Twilio an easily migrate to Somleng by just updating the endpoint URL in the open source libraries. Somleng also contains an open source TwiML parser. TwiML is the de-facto markup language for controlling calls and SMS. By providing an open source TwiML parser the community can suggest or contribute support for more features and Verbs.
9. Does the project do no harm by design?
Has this project taken steps to anticipate, prevent and do no harm by design?
On the whole, does this project take steps to ensure that it anticipates, prevents and does no harm by design?
Yes
Is there any additional information you would like to share about the mechanisms, processes or policies that this project uses to avoid doing harm by design?
Somleng recommends the cloud hosting option, this is the most cost effective, reliable, and secure option. While using the cloud hosting option users are protected by our privacy policy (https://github.com/somleng/somleng-project/blob/master/Privacy.md)
9.a. Data Privacy & Security
Does this project collect or store personally identifiable information (PII) data and/or content?
Yes
If yes - please list the types of data and/or content collected and/or stored by the project:
- Phone Number
- Email Address
If yes - does this project share this data and/or content with third parties?
No
Please describe the circumstances with which this project shares data and/or content with third parties. Please add links as relevant.
Not Applicable
If yes - does the project ensure the privacy, security and integrity of this data and/or content collection and has it taken steps to prevent adverse impacts resulting from its collection, storage and distribution.
Yes
If yes - please describe the steps, and include a link to the privacy policy and/or terms of service:
While using our service, we may ask you to provide Us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to: phone, email, usage data
9.b. Inappropriate & Illegal Content
Does this project collect, store or distribute content?
No
If yes - what kinds of content does this project, collect, store or distribute? (i.e. childrens books)
Not Applicable
If yes - does this project have policies that describe what is considered innappropriate content? (i.e. child sexual abuse materials)
Not Applicable
If yes - please link to the relevant policy/guidelines/documentation.
Not Applicable
If yes - does this project have policies and processes for detecting and moderating innappropriate/illegal content?
Not Applicable
If yes - please describe the policies and processes for detecting, reporting and removing innapropriate/illegal content (Please include the average response time for assessment and/or action. Link to any policies or descriptions of how inappropriate content is handled):
Not Applicable
9.c. Protection from harassment
Does this project facilitate interactions with or between users or contributors?
No
If yes - does the project take steps to address the safety and security of underage users?
Not Applicable
If yes - please describe the steps this project takes to address risk or prevent access by underage users:
Not Applicable
If yes - does the project help users and contributors protect themselves against grief, abuse, and harassment?
Not Applicable
If yes - please describe the steps taken to help users protect themselves.
Not Applicable
Development & deployment countries
List of countries this project was developed in.
- Cambodia
List of countries this project is actively deployed in.
- Cambodia
- Somalia
- Sierra Leone
- Ghana
- India