You are the
password
Identity from interaction, built for the agentic era.
Nothing to steal, nothing to phish, nothing to remember.
Watch yourself become a signature.
Move your cursor. Type a little. The line below is you. Your rhythm drawn live and collapsed into a print only you could make. It never leaves your browser.
SIGNATURE FORMING
MOVE YOUR CURSOR ACROSS THIS CHAMBER
SAMPLES 0
TRUST 50
Backed early.


With angels from

Three steps. One identity. Zero passwords.
Three clauses. Every figure is drawn from your session, right now.
Capture the rhythm.
As someone uses your product, the SDK reads the timing of their reactions, typing cadence, and pointer dynamics. Timings only, never content.
Collapse it into a salted print.
Those signals reduce to a small, salted vector: the behavioral signature. Raw behavior never leaves the session.
Verify continuously.
On every request the print is recomputed and scored. Accept or deny in milliseconds, with calibrated confidence your policy engine can act on.
Capture the rhythm.
As someone uses your product, the SDK reads the timing of their reactions, typing cadence, and pointer dynamics. Timings only, never content.
Collapse it into a salted print.
Those signals reduce to a small, salted vector: the behavioral signature. Raw behavior never leaves the session.
Verify continuously.
On every request the print is recomputed and scored. Accept or deny in milliseconds, with calibrated confidence your policy engine can act on.
The full demo runs the whole loop. Enrollment to verified login in about two minutes: calibration, a mock workspace that reads your behavior live, and real actions that unlock from rhythm alone. No hardware, nothing to remember.
Verification has no shortcuts.
Secrets can be phished, stuffed, and replayed. A rhythm can only be performed.
Agents inherit trust. Scoped. Revocable.
Delegation becomes a visible event with its own gates, not a shared password.
Every request scored in under 200 ms. And a spilled database is worth nothing.
Three guarantees, held on every request.
Decisions in under 200 ms.
Accept or deny on every request, with calibrated confidence attached.
How it worksZero raw biometrics stored.
Only a salted, encrypted print is kept. A spilled database hands attackers nothing.
The security modelIdentity you can rotate.
Unlike a face or a fingerprint, the template is cancelable and replaced in minutes.
The architecturePay per session. Never per seat.
One session is one user's visit to your app. Flat $0.70 a session, no subscriptions, and packs never expire until used.
Sessions never expire until used. Need 100k+, on-prem, or a custom SLA?
Deploy GrayPassThe next key isn't a password.
It's you.
Get startedFrom the spec to production.
Security
The threat model, and what a breach is worth here
Live demo
Enroll and verify yourself in about two minutes
Architecture
Raw signal to decision: the full pipeline, documented
Developers
Three calls. One identity. The integration guide.
Trust Center
Data rights, retention, and responsible disclosure
Company
Why the secret-based internet is ending
A signature onlyyou could draw.
Since your first scroll, this page has been reading rhythm: how your pointer moves, how you type, how fast you react. None of it ever left your browser. This is what it drew.
No two people have ever drawn the same one. We never asked your name.
Signals are off, so there is nothing to show: nothing was read, and nothing was drawn. Turn them back on in the chamber above and your print forms in seconds.