01
Step 01
Scan the document
The user captures their ID. We validate the MRZ check digits and expiry, then extract only what the policy needs — never persisting the image.
Privacy-first age assurance
Instant age verification
Store almost nothing.
Live face check, document & MRZ verification, face matching. We keep a yes/no and an audit hash — never your biometrics.
GDPR Art. 9 by design UK Online Safety Act EU AVMSD No biometric storage
GDPR Art. 9UK Online Safety ActEU AVMSDISO 27001 alignedSOC 2 readyData minimisationActive livenessZero biometric storageGDPR Art. 9UK Online Safety ActEU AVMSDISO 27001 alignedSOC 2 readyData minimisationActive livenessZero biometric storage
0
Biometric records stored
~0s
Median check time
Art. 0
Article — GDPR by design
0
Afternoon to integrate
Data minimisation
The most secure data is the data you never keep.
What we store
- An over-the-threshold yes/no result
- A coded outcome (approved / declined)
- A salted hash of the IP — never the IP
- A tamper-evident audit hash
What we never store
- Identity document images
- Selfie or camera frames
- Face templates / embeddings
- Name, address, or raw date of birth
Three steps
From tap to verified in seconds
A guided flow your users complete in-browser — no app install, no document upload sent to a third party.
02
Step 02
Prove they're live
A randomised centre → left → right head-pose challenge runs in-browser. Anti-spoof and timing checks reject photos, videos, and masks.
03
Step 03
Match & receipt
We match the live face to the document, return an over-threshold yes/no, and write a tamper-evident audit hash. Frames are discarded.
Built for trust
Everything you need to verify — and nothing you don't keep
Active liveness
A randomised head-pose challenge with anti-spoof and timing checks defeats photos, masks, and replays.
Document + MRZ
Passport MRZ check-digit validation and expiry checks catch forged or altered documents.
Nothing to leak
Biometrics are processed in memory and discarded. There is no image database to breach.
Explicit consent
GDPR Art. 9 consent is captured and receipted before any biometric processing begins.
Built for global law
Configurable per-jurisdiction rules for UK OSA, EU GDPR/AVMSD, and US state statutes.
Drop-in widget
Embed an iframe widget or redirect to the hosted flow. Live in an afternoon.
Developer-first
Two lines to embed. One webhook to integrate.
Drop the widget into any page, or redirect to the hosted flow. We post the verified outcome to your backend — you never touch raw biometrics.
- Embeddable iframe widget or hosted redirect
- Signed webhooks with the verification result
- Live in an afternoon — no ML pipeline to build
- Your servers never store an image or template
verify.tsx
import { Verisoar } from "@verisoar/widget";
// Drop-in: mounts the hosted, privacy-first flow
<Verisoar
apiKey={process.env.VERISOAR_KEY}
policy="uk-osa-18+"
onResult={(r) => {
// r.passed → boolean, r.auditHash → string
// no image, no biometrics, ever
grantAccess(r.passed);
}}
/>; Pricing
Simple, usage-based pricing
Monthly tiers with metered overage. Start free, no card required.
Growth
Popular£99.99/mo
- 1,000 verifications / mo
- $0.15 / extra scan
- Webhooks
- Priority support
Questions, answered
No. Camera frames and document images are processed in memory and discarded immediately. We persist a coded yes/no outcome, a salted IP hash, and a tamper-evident audit hash — never images, face templates, or raw personal data.
Verify users without becoming a data-breach headline.
Start free in test mode today. Go live when you're ready — no card required.