Security

A spilled database is worth nothing here.

We don't store raw biometrics. We don't let the same secret protect two users. Every accept or deny carries a reason a human can audit. Security is the product, not a checkbox.

Hover a node to see what survives each step.

How common attacks land here

Plain language. Each row is the shape of a real conversation with a security team.

Replay

Playback is not live cadence.

Signed, expiring challenges and server-side timing checks. Playback does not match live cadence.

Credential stuffing

No shared secret to spray.

Phishing

Nothing portable leaves the session.

Database leak

Rows are salts and projections.

Principles

Salted, not stored.

Behavior collapses into a salted print. The print is what we keep. The behavior does not persist.

Encrypted at rest.

Templates and helper data sit behind envelope encryption. A database spill gives an attacker nothing usable.

Cancelable.

If anything ever leaks, we rotate the seed. Identity stays. The template behind it is replaced in minutes.

Replay-hard.

Server-driven schedules with jittered timing. Macros and remote-takeover tools cannot fake the cadence.

Auditable.

Every decision carries calibrated confidence and a human-readable reason. Nothing is accepted or denied in silence.

Consent-led.

Raw signals are not collected by default. Opt-in research data is double-encrypted and revocable on request.

v1.0

Posture snapshot

Transport	Storage	Operations	Data rights
TLS 1.3 HSTS Per-request nonces	Encryption at rest Salted templates Helper data only	Rate limits Anomaly alerting Reason-coded decisions	Erase on request Per-user salts Consent-led research data

Want a deeper walkthrough? Email us — we'll make time.

Request a review