HUANSENDER

Security

The technical guarantees behind every verified badge

How codes are generated, what we store, where it lives, and the layers of protection that make Human Sender codes impossible to fake at scale.

SHA-256

Content binding

Message body hash stored at moment of signing. Any edit breaks verification.

2 min

Live code window

Rotating call codes expire in 2 minutes — proving presence, not just identity.

EU only

Data residency

All data stored and processed in the European Union. No exceptions.

Code generation

Biometric-gated, one-time tokens

Every Human Sender code is generated server-side and bound to the sender's verified account. Minting requires a biometric confirmation — Face ID or fingerprint — on the user's registered mobile device.

This means no code can be created via API alone, in bulk, or without a live human physically present. Even stolen credentials are not enough without physical device access.

Message codes

Valid 30 days

Generated when signing an email, SMS, or LinkedIn message. Can be bound to the exact message body via SHA-256 hash — if the message is altered after signing, the verification page shows a mismatch warning.

Live call codes

Valid 2 minutes

4-digit rotating codes for live phone or video calls. The short expiry is intentional — a fresh code proves the person is on the call right now, not replaying a recorded token.

Anti-abuse

Six layers of protection against misuse

Biometric gate

Every code minting requires Face ID or fingerprint on a registered device. No bot or script can pass this — they have no device and no biometric.

Rate limits

All accounts are rate-capped. Pattern detection flags high-volume, low-engagement behaviour for manual review.

Badge revocation

Accounts found misusing the platform have their badge revoked immediately. All existing codes from that account are simultaneously invalidated.

Recipient binding

Codes can be bound to a specific recipient email. If anyone else tries to verify using that code, the page flags the mismatch.

Escalation guard

Verification levels can only be increased by the system after a completed step. No user can promote their own trust level via the API.

Replay defence

Each code is one-time use and also bound to message content and recipient — defeating relay and replay attacks.

Data storage

Minimal data. Maximum transparency.

We store

  • Email address
  • Phone number (encrypted at rest)
  • Display name and username
  • Profile photo (optional, EU only)
  • SHA-256 hash of signed message bodies
  • Code metadata — timestamps, expiry, recipient hint
  • Verification level and audit trail

We do not store

  • The plaintext message body

    Only the SHA-256 hash is stored.

  • Biometric data

    Processed by Didit.me — not retained on our servers.

  • Private keys (Level 4)

    Keys live only in the device secure enclave.

  • Payment details

    Handled entirely by Stripe — we never see card numbers.

  • Any data outside the EU

    All infrastructure is in EU regions.

Verification ladder

Five assurance levels, based on eIDAS and NIST 800-63

Each level is additive — you need the previous level before gaining the next. No user can self-promote their own trust level.

0

Registered

None

Email address confirmed.

1

Personal Verified

Grey checkmark

Live human face confirmed via passive liveness check — micro-movements and skin-tone pulse.

2

Identity Verified

Blue checkmark

Government-issued ID uploaded and matched to the live face.

3

Identity + Employer

Blue checkmark + employer logo

Employer confirms the user's role via SSO or admin invitation.

4

Cryptographically Bound

Gold checkmark

Private key stored in device secure enclave. Codes are signed on-device — the server never sees the key.

EU data residency

All data stays in Europe

Human Sender is operated by Blustrix OÜ, an Estonian company. All infrastructure sub-processors are EU-based. No data is transferred outside the European Union.

GDPR compliance is not a feature — it is the default. For full details, see our Privacy Policy.

Infrastructure sub-processors

Supabase

Database and file storage

EU (Frankfurt)

Vercel

Application hosting and edge

EU (Frankfurt)

Didit.me

Identity and liveness verification

EU

Resend

Transactional email

EU

Security questions or vulnerability reports?

We respond to all security enquiries within one business day.

Privacy policyGet in touch →