Recognition without surveillance

Recognised, never recorded.

HamsaID reads the living pattern of your hand in near-infrared light, and keeps nothing that could ever be turned against you.

Identity without surveillance. By design, not by promise.

Talk to us How it works →

The premise we refuse

Most biometrics build a vault. We refuse to.

Every face stored is a permanent liability. A database that can leak, be subpoenaed, be repurposed, be quietly turned into surveillance infrastructure, whatever the original intent. And a face, once taken, cannot be reissued.

HamsaID is built on the opposite premise. The thing we recognise is inside you: invisible from a distance, impossible to capture covertly, and gone the moment we have used it.

What we read

Two things only the living hand can present.

A near-infrared reading of your palm vein pattern, fused with the three-dimensional geometry of your hand. Multimodal, in proprietary hardware of our own design.

Veins require blood flow, so the reading is alive by definition. No photograph, no replica, no lifted print will pass. And because the pattern is internal, it cannot be skimmed from a surface or captured across a room. There is nothing to steal at a distance because there is nothing on the outside to see.

Camera vs HamsaID

One captures. One recognises.

The difference is not how well it sees you. It is what is left behind.

REC

Recorded.

Recognised.

Permanent
Capturable at a distance
Cannot be reissued

Internal
Requires the living hand
Reissuable

The architecture

There is nothing here to breach.

Privacy is not a setting we switch on. It is the shape of the system.

Cancelable biometrics

We never store your biometric. We store a one-way transform of it, and if it were ever compromised, we reissue a new one. Your hand never changes; its key always can.

Secret sharing

No single node ever holds your identity. It is split into shares, none of which means anything alone.

Secure multi-party computation

Recognition is computed across parties that never see the underlying data, and the computation persists nothing.

Zero-knowledge proof

We can prove it is you without revealing what “you” is.

The result: no central biometric database exists anywhere in our system. There is no honeypot to raid. A breach yields shards of noise.

The empty vault

What they store. What we store.

What they store

Honeypot

A wall of faces. One leak, one subpoena, one change of policy away from surveillance.

What we store

Nothing to raid

A one-way transform, split into shares that mean nothing alone. A breach yields shards of noise.

Enterprise ROI

The fastest gate you'll never have to insure against.

Throughput. Hands-free recognition in [sub-second / latency figure from PoC]. More people through every lane, till and gate, without queues, phones or cards.
Conversion. Frictionless authentication lifts completion at checkout. Nothing to remember, nothing to drop, nothing to fumble.
Fraud. Inherent liveness plus multimodal fusion drives spoof attempts toward zero, and chargebacks and fraud loss down with them.
Liability you simply don't carry. Because no biometric database exists to hold, you are not a high-value breach target. Your breach-cost exposure, your cyber-insurance premium and your DPIA risk profile fall accordingly.
Time to deploy. Legal review is usually where biometric projects die. Ours arrives solved. See below.

[Pull a hard number per claim from the financial model / N=300 PoC before publishing.]

The DPIA Pack

We don't hand your DPO a problem. We hand them the answer.

Every high-risk biometric deployment requires a Data Protection Impact Assessment under Article 35 GDPR. For most vendors, that assessment is your problem: months of your DPO's time, external counsel, and a stalled rollout.

With HamsaID, the DPIA arrives as part of the product.

Your DPO stops being the person who slows the project down, and becomes the person who signs it off with confidence.

DPIA Pack GDPR · Art. 35

The HamsaID DPIA Pack includes:

01 a pre-drafted DPIA, structured to your processing context;
02 full data-flow and architecture documentation, ready for review;
03 the necessity and proportionality assessment, and the Article 9 special-category reasoning;
04 a risk register in which the principal mitigations are already structural: cancelable templates, secret sharing, no central store;
05 alignment with current EDPB guidance on biometric processing [insert the exact reference standardised with counsel];
06 a working session with independent privacy counsel to adapt the pack to your jurisdiction and use case.

Proof

Already live, where it is hardest.

A HamsaID sensor is in live operation with [Polizia Postale, confirm public phrasing]. Pilots have run in [ports / airports, cleared wording]. We work with [payment and access partners cleared to name].

[Only name partners with written clearance to publish. Otherwise anonymise: “a tier-one payments network”, “a major European airport”.]

Vision

Technology should recognise the person without seizing them.

We took the part of you that is most your own, invisible, internal, alive, and built a way for you to be recognised by it without ever being captured by it.

Few things, made well. Light that reads, and lets go.

Poche cose ma belle.

Bring us your hardest gate, your busiest till, your most cautious DPO.

Start a deployment conversation