Frequently Asked Questions

VerifyHuman is an app that helps you verify you are talking to the right person when voice and video can be faked. It is designed for people you already know (family, teammates, directors). You build trust once, then you can verify quickly when something feels off.

Yes. At its core, "Zero Trust" means "never trust, always verify." For VerifyHuman, this refers to the communication itself: you don't have to trust the biometric channel (voice or face), which can be deepfaked. Instead, you verify the person via unforgeable cryptographic proof (QR or OTP).

Two ways to Verify: For Family and Professional, this stays privacy-first with 1:1 trust. For Enterprise, it extends to a model where trust is established by authorized verifiers and propagated securely across the organization.

No. VerifyHuman does not try to "spot" deepfakes. Detection is an arms race and can fail in real-world conditions (bad lighting, bad audio, low bandwidth). VerifyHuman focuses on verification: a quick check that is hard to fake in real time.

No. VerifyHuman is built around a pre-established trust relationship (similar in spirit to a PGP-style key exchange). You first add someone to your trusted circle, then you can verify them during calls or urgent situations.

VerifyHuman supports three modes:

• QR verification (video calls): best when cameras are on.
• One-time codes (audio-only): best when video is off or not possible.
• Personal code word (family-only, last resort): a per-person static code visible within the trust circle, intended only as a fallback when someone can not access the app.

They solve different problems.

A digital identity wallet is typically about proving identity to services (e.g., government or regulated providers) and sharing official attributes.

VerifyHuman is about verifying a person in a live interaction (a call, a voice note, a “quick approval” message) where deepfakes and social engineering can impersonate someone you already know.

In practice: a wallet can tell you “this credential is valid,” but it does not automatically protect you from a convincing real-time impersonation on a call. VerifyHuman is designed to add a lightweight verification step right in those moments.

Typically seconds. The goal is a quick "trust check" that does not derail the conversation.

Yes. VerifyHuman works on both iPhone and Android, and verification is not device-dependent.

Yes.

If you are on camera: verify by showing/scanning the QR code.

If you are on a mobile call and can not easily scan live:

1. The person who needs to prove, shares their screen and shows the QR code in VerifyHuman.
2. The person who needs to verify, takes a screenshot.
3. Verify the QR code from the screenshot inside the app.

Note: this process needs to happen quickly, because QR codes are time-bound (60 seconds).

VerifyHuman is built to minimize data collection and keep user data private:

• Minimal registration and data collection by design.
• Zero-knowledge architecture: backups are encrypted on-device; the server stores encrypted blobs and cannot decrypt user data.
• No user-held passwords for backup recovery (to reduce risky password reuse and phishing).
• Biometric authentication + secure storage on the device.

VerifyHuman can work without any of your personal data. However, if you choose to upgrade to a paid offering, VerifyHuman stores your email address. It is used for registration of the purchased package, and serves as part of the restore flow.

For Professional (and later Enterprise), the server can also store encrypted backup data. This backup is encrypted on your device, and the server stores it as an encrypted blob. VerifyHuman cannot read or decrypt your data.

VerifyHuman supports two signature types:

• Ed25519 (modern, widely used today)
• MAYO-2 (a post-quantum signature option, currently a Round 2 of NIST Level 1 post-quantum candidate)

Each user will have both signatures available. When you verify someone, VerifyHuman can recognize which signature type is being presented and verify that specific signature.

Quantum safe is optional: in settings, you can choose whether your “proof” is Quantum safe (MAYO-2) or not (Ed25519).

To use the Quantum safe option, you need to accept the optional quantum-safe key exchange in the end of the trust establishment with each individual.

No. VerifyHuman does not require sharing your phone number or uploading your contacts.

By default, the only thing other people in your trusted circle see is the name you choose. It does not even have to be your legal name (e.g., "Dad" or "Godfather" works great for families). For board or business use though, using real names is usually the most practical.

No. VerifyHuman does not use or store biometrics. Our verification is based on cryptographic keys — not facial recognition or voice prints.

Both QR codes and one-time codes are time-bound. After a short validity window, they expire and can not be reused.

That is exactly when scammers often strike ("new number, urgent request").

Family: designed to be simple and free for up to 5 trusted people. In the loss of the phone, all trust relationships of this individual will need to be re-established.

Professional: adds centralized encrypted, privacy-preserving backup & restore, so verification can keep working even after a phone change.

That's exactly what restore is for.

Using your registration email and a secure restore QR code, you can prove it is you. Then the VerifyHuman server can serve your latest backup and get your application at its latest operation state. All your trust relationships are restored.

VerifyHuman does not require a network connection for proof or verification. It works completely offline.

Treat it like a fire alarm: pause and switch channels.

• Call back on a known number
• Ask a second trusted person to confirm
• Delay any payment/approval until verification succeeds

Do not trust verification from that compromised person. Assume this person knows all personal code words, so:

Personal code words should be treated as compromised and not used.

The rest of your circle remains secure because verification is per-person:

• QR codes are independent of any member except the one generating them.
• One-time codes remain secure because they are unique for every pair of people.

As a last resort for families and professionals, you can use the personal code word (per-person, static, visible within the trust circle). It is intentionally considered a fallback, because static secrets can be leaked or overheard.

Family (free): Up to 5 trusted people. Uses a pure 1:1, privacy-first trust model.

Professional (paid): For boards and small teams (25/100 identities). Resilient 1:1 trust with encrypted backup/restore for device changes.

Enterprise (later): Adds a server-coordinated trust propagation model. Trust is established once by authorized verifiers (like a helpdesk) and scales instantly across the whole organization.

Because it is the best fit for small-to-medium circles where people already know each other. 1:1 trust has real advantages:

• Privacy by default: verification does not require a central party being involved in the registration or verification event.
• User-controlled trust: you decide who is trusted, directly.
• Works completely offline: it can keep working even without a network connection.
• Compromise stays local: if one person is compromised, it does not automatically weaken the whole circle.
• No central point of failure: there is not a single verifier that, if down, limits the verification options.

Boards often meet infrequently (e.g., quarterly), directors rotate, and NEDs sit on multiple boards. As a result, "they look familiar" is not a reliable control.

Professional supports a wider trusted circle (25/100 identities) and keeps verification resilient across device changes via encrypted backup/restore. It does not require a centralized entity to provide registration or verification artifacts. As people potentially involved with multiple companies, board members should not limit themselves to one single company's verification.

Centralized registration management is a better fit when 1:1 trust becomes inefficient due to scale. Key benefits:

• Scales cleanly: Each person registers themselves once with an authorized verifier (e.g. the Helpdesk). This established trust then propagates securely to the rest of the organization, so everyone can verify that person instantly.
• Faster onboarding: new members can be made verifiable without coordinating trust exchanges with every participant.
• Consistent experience: verification works the same way across the organization.
• Policy-friendly: easier to enforce rules like "verify before approvals/payments."
• Central one-time-code verification: similar to typical MFA, so audio-only verification can work at enterprise scale.

Yes. For small-to-medium groups beyond a tight family circle, Professional is typically the right fit.

A simple rule that works: If money, passwords, or urgent secrecy is involved → verify first.

• Start-of-meeting: quick verification (QR if on video, one-time code if audio-only)
• Re-verify before high-risk moments (payments, approvals, sharing sensitive documents)

Two persons confirming a third person's identity should be enough, there is no reason to have everyone verify everyone else.

No. VerifyHuman is meant to reduce impersonation risk in human communication (calls, urgent requests, approvals). Traditional MFA protects logins; VerifyHuman protects the moment a human is about to trust a voice or face.