| title | Biometric Verify |
|---|---|
| emoji | 🟣 |
| colorFrom | indigo |
| colorTo | purple |
| sdk | docker |
| app_port | 7860 |
| pinned | false |
| short_description | Contactless face & palm identity — offline, on any phone |
Confirm a person's identity using nothing but a phone or tablet camera — by their face or the palm of their hand. No fingerprint scanner. No plastic cards. No internet required.
Think of it as a universal "prove it's really you" button that any organisation or app can use. Point a camera at a person and it either confirms they are who they claim to be, or tells you who they are — in a second or two, on the cheap phones people already own, and it keeps working when the internet is down.
This page explains, in plain language, everything the system can do and exactly how to do it — no technical knowledge needed. If you build software, jump to For software teams; to run your own copy, see Running your own copy.
- Why it exists (the problem it solves)
- Who it's for
- Why it's different from everything else
- Everything you can do — and how
- Register a person (enrolment)
- Check a person (verify & identify)
- Let people register themselves with a link (invites)
- Give someone a portable ID card that works offline (credentials) ⭐
- Check someone's ID card — anywhere, offline
- Accept another organisation's cards (shared trust)
- Identify people continuously in a crowd (Glance)
- Cancel and reset biometrics like a password (reissue)
- Run your organisation (admin console & portal)
- Use it on phones — including fully offline (the app)
- See the proof (Trust Center)
- Remove a person or erase everything (privacy)
- The places you'll use it (pages at a glance)
- How your privacy is protected
- For software teams
- Running your own copy
- Full documentation
Most identity systems rely on fingerprint scanners, which have two big problems:
- They leave people out. Farmers, cleaners, builders, traders and the elderly often have worn or damaged fingerprints that scanners can't read — so they get turned away from their own wages, benefits, SIM cards or exams. This is a real, documented failure of large fingerprint programmes.
- They cost money and break. Every scanner is hardware to buy, install, clean and maintain.
Biometric Verify fixes both:
- Nobody is excluded — if your palm won't read, your face will (and the other way round). A match is a match.
- No special hardware — it uses the camera already in every phone.
- Contactless and hygienic — nothing to touch.
- Works fully offline — for rural clinics, remote sites and field work with no signal.
- Private by design — it never keeps your photo, only a scrambled mathematical signature that cannot be turned back into a face, and can be wiped on request.
Anyone who needs to answer "is this the right person?" — cheaply, at scale, without leaving anyone out:
| Who | What they get |
|---|---|
| Employers (factories, farms, schools) | Stop "buddy-punching" on attendance where fingerprint clocks fail on manual workers |
| Governments & NGOs (cash transfers, welfare) | Remove ghost/duplicate beneficiaries and pay people without excluding worn-fingerprint citizens |
| Exam boards & universities | Stop candidates sitting exams for one another |
| Clinics & hospitals | Find a patient's record instantly when the card is lost; avoid duplicate records |
| Banks, microfinance, mobile-money agents | Verify members and stop multi-branch fraud, even in villages with no connectivity |
| Events, sites, checkpoints | Give people a printed or on-phone pass that any staff member can check on the spot, offline |
| Software teams | Add trustworthy identity to their product with a couple of instructions — no biometric expertise of their own |
There are four small, ready-made example products in examples/
(attendance, exams, welfare, clinics) that show it fitting into real workflows.
Parts of this exist elsewhere — but nobody combines them for these people and places, and the most common existing tool (fingerprints) is the problem we solve:
| Other approaches | What they're missing |
|---|---|
| Fingerprint / national-ID scanners | Exclude worn fingerprints; need hardware everywhere |
| Cloud face services (AWS, Azure, Face++) | Need constant internet; costly; no palm option; your data lives in someone else's cloud |
| Palm-payment (e.g. Amazon One) | Needs special infra-red scanners — not a phone |
| Digital onboarding (Smile ID, Onfido, Jumio) | One-time online sign-up — not repeated, offline, in-the-field checks |
Biometric Verify is the only option that is camera-only, face-or-palm, offline, and private — and it goes further with portable ID cards that verify with no database at all, cancelable biometrics, and published proof of how it performs.
Each section says what it does in plain terms and how to do it. Most things are done from a web page in your browser — no installation.
What it does: teaches the system to recognise someone, by capturing their face and/or palm a few times. Their photo is never kept — only a protected mathematical signature.
How (with an operator present):
- Open the admin console at
/adminand sign in. - Go to the Enrol tab, type the person's name or ID.
- Point the camera at their face and tap Capture three times (or hold up an open palm — the system detects which and works with either).
- Done — they can now be recognised.
Other ways to register:
- From existing photos: on the Enrol tab, choose "enrol from photos" and pick clear images instead of using the live camera.
- From an ID card or passport: just show the ID document to the camera — the system notices it's a printed document, reads the photo on it, and registers from that. (It'll suggest adding a live capture too, for best accuracy.)
- Many people at once: an operator can bulk-import a folder of labelled photos.
Good to know: the system quietly keeps up with people as they age or change appearance over months and years, so they keep being recognised without re-registering. It also refuses to register the same face under two different names by mistake.
What it does: two kinds of check —
- Verify ("is this really Ama?") — confirms a claimed identity.
- Identify ("who is this?") — finds the person among everyone enrolled.
How:
- Open the main app at
/on a phone or tablet. - Leave it on Verify and point the camera at the person.
- For a face check it asks for a gentle head-turn — this proves a real, live person is present and defeats someone holding up a photo or a screen.
- It shows a big green granted with the name, or a red denied.
Showing an open palm instead skips the head-turn and checks the palm — handy where faces are covered or lighting is poor.
What it does: lets a person register themselves, on their own phone, from a private link — no operator, no shared password. You decide the name in advance, so they can't register under someone else's.
How:
- In
/admin→ Invites, type the person's name and (optionally) tick "also hand them an offline ID card when they finish". - Send them the private link that appears (copy it, or download a whole list as a file for many people at once).
- They open it on their phone, follow the on-screen steps to capture their face/palm, and tap Finish.
Safety built in: each link is single-use and expires. If a link is meant to add a second method (say, add a palm to someone who already has a face on file), the person must first prove they're the existing person — so a leaked link can't attach a stranger's biometrics to a real account. If you tick the ID-card option, they get a "Get your ID card" button at the end (see next section).
This is the headline feature. A credential is a signed QR code — printed on paper or saved to a phone — that lets anyone you authorise confirm the holder's identity with no internet and no access to your database. The person carries their own proof.
What makes it safe:
- A stolen or photographed QR is useless to anyone else — it only matches the live person standing in front of the camera.
- It can be cancelled at any moment.
- It expires automatically.
- It works for people with no phone at all — a printed card is enough.
How to issue one:
- In
/admin(or the tenant/portal) → ID credentials, type the enrolled person's name, an optional display name, and how long it should stay valid. - Press Issue credential. You get a QR image and a card link.
- Give them the credential one of three ways:
- Download PNG — the plain QR image.
- Open card — a nice printable ID card (name, QR, issuer, expiry) you can print, or that they can save to their phone's photos/wallet.
- Copy card link — send it to them to open and save themselves.
That's it — the card now verifies anywhere, offline (see the next section).
What it does: confirms a QR credential is genuine and that the person presenting it is really its owner — with no network needed.
How (from any phone browser):
- Open
/verify-credential. - Scan the QR on their card or phone (or upload a photo of it).
- Capture the person live (a quick face or palm check).
- You get a clear verdict: a green Verified with the holder's name and who issued the card — or a plain-language red screen telling you exactly what's wrong (expired, revoked, not the card holder, tampered, issuer not trusted).
On the Android app it's even smoother: the "Check card" mode scans the QR with the back camera, then flips to the front camera for the live check — fully offline, demoable in airplane mode.
To cancel a card: in the ID credentials panel, press Revoke. Every checker rejects it after its next routine trust-list refresh.
What it does: lets your checkers accept credentials issued by a different organisation — with no data sharing, no integration, no import. Perfect for a venue accepting a partner's staff passes, or a district accepting cards from several clinics.
How: in the tenant /portal → Trusted organisations, add the other
organisation's ID. From then on, your verifiers accept their cards too. Remove them to
stop. (Your own cards are always accepted.)
What it does: point the camera at people walking past and their names appear in real time — like a friendly name-tag that follows whoever is in view. Great for a checkpoint, a class register, or finding a specific person quickly. It's an identification aid (a helper), not an access gate.
How:
- On a laptop or phone browser: open
/glance, press Start glancing, and point the camera at people. Names pop up as they're recognised. - On the Android app: open the Glance tab — it identifies people continuously, on the phone, in under a second, fully offline (it can even work in airplane mode once the phone has the data).
What it does: if you ever worry a copy of your biometric data has leaked, you can re-scramble everything with one action — every old copy instantly stops working, like resetting a password. Crucially, nobody has to register again.
How: in /admin or /portal → Template protection, press Reissue (type
REISSUE to confirm an organisation-wide reset, or enter one person to reset just them).
Reissuing a single person also automatically cancels any ID cards they were given.
Why it matters: ordinary biometric systems can't do this — if a fingerprint database leaks, those fingerprints are compromised forever. Here, a leaked copy is scrambled in its own private code that can't be matched anywhere else, and you can change that code whenever you like.
There are two management pages:
Admin console (/admin) — for the platform operator. From here you can:
- Enrol people, send invites, and see everyone enrolled (with CSV export).
- Create API keys for companies that connect their own software, grouped by organisation, with admin (full) or verify-only roles.
- Set each organisation's plan and limits (turn access on/off — the on/off switch is the paywall — set a key limit and a monthly usage cap).
- Manage signing keys, template protection / reissue, and ID credentials.
- See the audit trail (who did what, when) and usage this month.
- Add other operators so you're not sharing one password.
Tenant portal (/portal) — for each customer organisation to manage its own
account without seeing anyone else's: create/revoke its own API keys within the limits
you set, choose how face and palm combine, rotate its signing key, protect/reissue its
templates, issue/revoke ID credentials, and trust other organisations. You give each
tenant a portal password from the admin console.
There's a native Android app for on-the-ground use. It comes in four versions so you can pick what fits:
- Offline — no internet permission at all; everything happens on the phone. Ideal for airtight, disconnected sites.
- Hybrid — adds optional syncing with your server (pull your people down to match offline; push new sign-ups up).
- Each of the above comes in a smaller or full-size build (same accuracy).
The app does Verify, Enrol, Check card (verify a credential), and Glance (continuous identification) — all on the device. To load a lot of people onto an offline phone without internet, an operator exports an encrypted file from the server and imports it in the app's Settings (moved across by USB or cable). The offline build genuinely has no way to reach the internet — a strong guarantee for sensitive settings.
What it does: a public page that shows honest, measured evidence of how the system performs and protects data — the kind of thing a careful buyer or auditor asks for.
How: open /trust. You'll see plain-language answers to "what do you store, and
what can never leak?", a table of exactly what happens if something is compromised (and
what you do about it), and real numbers this exact system measured on itself —
accuracy, credential size, and how fast it identifies people. There's also a
compliance summary mapping the product to data-protection rules (Ghana's Data
Protection Act and the GDPR).
- Remove one person: in
/admin→ People, delete them. Their data is erased and any ID card they hold is cancelled at the same time. - See what's held about a person: an operator can export a plain summary of what's on file for someone (counts and types — never the raw biometric).
- Erase a whole organisation: "offboarding" a tenant destroys its data and its keys, so leftover copies (including backups) become permanently unreadable — a true erase, not just a delete.
Everything above happens on simple web pages. Here's the whole map:
| Page | What it's for | Who opens it |
|---|---|---|
/ |
The main app — verify or enrol with the camera | Anyone (a kiosk/phone) |
/admin |
Run everything — enrol, invites, keys, credentials, protection, audit | Your operators |
/portal |
A customer organisation manages its own account | Each customer |
/enroll?token=… |
A person registers themselves from an invite link | The invited person |
/card?d=… |
The printable / save-to-phone ID card | The card holder |
/verify-credential |
Scan and check someone's ID card, offline | Any staff member |
/glance |
Continuous "who is this?" name-tags from a browser | A checkpoint/register |
/trust |
Public proof: security story + measured performance | Anyone (buyers, auditors) |
| Android app | Verify, enrol, check cards, glance — on-device, offline | Field staff |
In everyday terms:
- No photos are ever stored. A face or palm becomes a short list of numbers (a "template"); the picture is discarded.
- Templates are scrambled and cancelable. What's stored can't be turned back into a face, can't be matched against any other system, and can be cancelled and reissued — like a password.
- Everything is encrypted, with a separate key per organisation. Erasing an organisation destroys its keys, making any leftover data permanently unreadable.
- ID cards carry their own privacy — a stolen QR is useless without the live person, and can be revoked and expired.
- Nothing phones home. The system makes no outside calls and needs no internet to do its job.
- You're accountable — every action is recorded in an audit trail (actions, not faces).
Always obtain a person's consent before registering them. Full detail:
Security & Privacy and the compliance summary at /trust.
Add identity to your own product with a simple web API — no biometric work of your own.
- Connect: send requests to
/v1/...with a headerX-API-Key: <your-key>(an operator creates keys in/admin). Keys are admin (full) or verify-only. - Ready-made libraries for Python and JavaScript are in
sdk/— a few lines to enrol, verify, identify, issue and check credentials, run Glance, and more. - Everything is documented in
openapi.yaml(import into Postman or code generators) anddocs/API.md, with a live, self-contained reference at/docson a running server.
from faceverify import FaceVerifyClient
fv = FaceVerifyClient("https://YOUR-HOST", "fk_yourkey")
fv.enroll("alice", ["a1.jpg", "a2.jpg", "a3.jpg"]) # register
if fv.verify("alice", "probe.jpg")["success"]: # check
grant_access()
cred = fv.issue_credential("alice") # portable offline ID card (QR)
fv.reissue_templates() # cancel & reset all templatesEach organisation is fully isolated, results can be cryptographically signed so your app can trust them, and every endpoint is rate-limited and audited.
You can use the hosted demo, run it on your own server, or run it offline on a single device. The quickest local start:
python -m venv venv && venv/Scripts/pip install -r requirements.txt
python app.py # opens a secure dev server on :5000Open https://<this-computer's-ip>:5000 on a phone on the same Wi-Fi, allow the camera,
and you're running. For always-on public hosting (a free cloud Space, your own server
with Docker, or a Cloudflare tunnel), and how to keep data safe across restarts, see
the Deployment and Operations sections of the guide.
Two consolidated docs live in docs/:
- System guide — architecture, security & privacy, operations, deployment, development, and direction (one technical reference).
- Integration & API reference — how other apps integrate: managed/stateless flows, SDKs, credentials, Glance, and the full error/code table. Machine-readable spec in
openapi.yaml. - Compliance mapping — Ghana DPA (Act 843) + GDPR, each obligation tied to its code path.
- What's new (Changelog) · Things that need you (manual checklist)
Built to include everyone: if the palm won't read, the face will. A match is a match — on any phone, anywhere, online or off.