Security Architecture
Six parallel AI defense layers, HSM tokenization, and zero raw video retention.
FaceSign's security architecture is built on a principle: tokenize first, analyze second. All biometric data passes through HSM tokenization at the point of ingestion, before it reaches the AI analysis layer. Raw video is never stored.
Six parallel AI models
Every verification session runs six AI models simultaneously. Each model analyzes a different dimension of the interaction, and their outputs are combined into a unified risk score.
| Model | What it analyzes | What it catches |
|---|---|---|
| Interactive liveness | Facial motion, depth, temporal consistency | Deepfakes, photos, pre-recorded video, masks |
| Coercion detection | Vocal stress, gaze, micro-expressions, response timing | Duress, coaching, elder abuse, forced transactions |
| Environmental analysis | Background, lighting, audio fingerprint | Virtual backgrounds, fraud call centers, spoofed locations |
| Behavioral analysis | Interaction patterns, sentiment, deviation from baseline | Compromised accounts, behavioral anomalies |
| Predictive risk | Device fingerprint, IP, geolocation, time-of-day | Unusual devices, impossible travel, high-risk geolocations |
| Adaptive conversation | Real-time dialogue analysis, topic coherence | Scripted responses, inconsistent answers, evasion |
The models run independently and cannot influence each other's analysis. Each produces its own confidence score. The platform combines these into a final risk assessment that your application receives via webhook.
Data flow
The path from user camera to your webhook follows a strict sequence designed to minimize exposure of raw biometric data:
| Stage | What happens | Raw data present? |
|---|---|---|
| 1. Capture | User's camera and microphone stream to the FaceSign widget over TLS 1.3 | Yes (in transit only) |
| 2. HSM tokenization | Video and audio frames enter the Hardware Security Module. Biometric features are extracted and tokenized. Raw frames are discarded. | Discarded after tokenization |
| 3. AI analysis | Six models analyze the tokenized biometric features in parallel | No |
| 4. Result delivery | Risk scores, transcript, and decision are delivered to your webhook | No |
| 5. Retention | One-way biometric fingerprint stored for future recognition. All other session data follows your configured retention policy. | No |
Raw video and audio are processed in memory during the session and discarded at the tokenization stage. FaceSign never writes raw biometric media to disk or object storage.
Encryption
| Layer | Standard |
|---|---|
| In transit | TLS 1.3 for all connections between client, FaceSign servers, and your webhooks |
| At rest | AES-256 encryption for all stored data, including tokenized biometric fingerprints |
| Key management | Hardware Security Modules (HSMs) for tokenization keys and biometric feature extraction |
Data roles
FaceSign operates as a data processor under GDPR and a service provider under CCPA. Your organization is the data controller. This means:
| Responsibility | Who owns it |
|---|---|
| Deciding when to trigger a verification session | You (controller) |
| Processing biometric data during the session | FaceSign (processor) |
| Determining retention periods and deletion policies | You (controller) |
| Responding to data subject access requests | You (controller), with FaceSign support |
| Securing the processing infrastructure | FaceSign (processor) |
A Data Processing Agreement (DPA) is available on request. FaceSign also provides DPIA (Data Protection Impact Assessment) support materials for organizations that require them.
What FaceSign does not store
- Raw video or audio recordings
- Unencrypted biometric data
- Personally identifiable information beyond what you explicitly send in the session payload
- Session media after the tokenization stage
What FaceSign does store
- One-way biometric fingerprint (for future
RECOGNITIONnode matching) - Session metadata (timestamps, risk scores, node outcomes)
- AI-generated transcript of the conversation
- Tokenized biometric features used for analysis
All stored data is encrypted with AES-256 and subject to your configured retention policy. See Biometric Data Handling for retention periods.