Manav.id Book a demo →
Proof-of-human infrastructure

AI can fake any human. Your systems can't tell. We can.

A deepfaked candidate. A borrowed identity on the payroll. A bot army at signup. A stand-in at the keyboard. Manav binds a real, specific, live human to your highest-stakes moments - hire, work, offboarding, checkout - with one API call. On-device, private by design, open-standard.

Book a demo → See a live verification
20 seconds: watch a deepfake get refused at the API, live.
On-device - biometrics never leave the phone Open standard - filed at OpenID Foundation & IETF 1 in 4 candidates fake by 2028 (Gartner)
The stakes

This is not theoretical. It is already on your payroll.

1 in 4
job candidates worldwide will be fake by 2028.
Gartner, 2025
300+
U.S. firms infiltrated by DPRK IT-worker operatives.
FBI / DOJ, 2024-25
89%
of departed employees retain access to sensitive apps.
Offboarding studies
$2.8B
lost annually to signup & promo fraud, top marketplaces.
Marketplace fraud reports
Where it pays off · workforce & insider integrity

The human you hired isn't always the human at the keyboard.

Remote and contract work broke the assumption that the person assessed is the person doing the job. One real identity, tied across the whole lifecycle.

hiring integrity

The bait-and-switch hire

The candidate who aced four interviews isn't who logs in on Monday - or was a live deepfake all along.

1 in 4candidate profiles fake by 2028 (Gartner)
workforce integrity

The sleeper on your payroll

A state-sponsored operative behind a laptop farm - caught by a 30-second re-verify from a real human's phone.

300+U.S. firms tied to DPRK IT-worker fraud (FBI/DOJ)
time & presence

The phantom shift

Your "full-time" hire is simultaneously logged into three other employers under the same name.

$50Kper-worker cost of remote time misrepresentation
offboarding

The last-mile kill switch

You fired them at 9am. The API token, the personal git access, the shadow-IT login are all still live.

89%of departed employees keep access to sensitive apps
third-party risk

The rotating contractor

You vetted one named senior. A rotating, unvetted bench actually sits in the seat you pay for.

30%of 2025 breaches involved a third party (Verizon)
edge fraud

Bots at the front door

Agent-submitted applications, synthetic reviews, and discount-farming accounts - refused at the API before they ever write.

73Magent-submitted job applications on Indeed, 2025
How it works · show, don't tell

One verify() call. Every high-stakes moment.

Bind a real human to an action, then re-check that the same human is present whenever the stakes are high. The signature is produced on the person's own device, with liveness - never a password, a screenshot, or a token an agent can replay.

# Gate any action on a real, live, consistent human
$ curl -X POST https://api.manav.id/v1/verify \
   -H "Authorization: Bearer $MANAV_KEY" \
   -d '{ "action": "hire.finalize", "subject": "candidate:9f2a" }'

# → signed receipt; biometrics never transmitted
{
  "human":       true,
  "assurance":   "device-bound",
  "same_person": true,        // matches the human from round 1
  "receipt":     "mnv1.eyJ…",
  "sig":         "ed25519:…"
}
01 · Bind

Enroll a human

At hire or signup, the person proves liveness once on their own device. You get a portable, public proof-of-human key - no biometrics stored.

02 · Re-verify

Check the same human

Before any high-stakes action, one call confirms a live human is present and it's the same person - across rounds, into day one, at every sensitive step.

03 · Prove

Keep the receipt

Every check returns an Ed25519-signed receipt: who, what action, when, assurance level. Audit-ready, independently verifiable, tamper-evident.

One call to integrate. We'll wire it into your highest-stakes flow on the call.

Book a demo →
Why Manav

Not "another KYC vendor." A different primitive.

🔒

Private by architecture

The face never leaves the device. We store a one-way key, the action, the time, and a presence score - never biometrics, keystrokes, or screen content. You can't leak what you never hold.

🎣

Nothing to phish

The handoff carries pure entropy, not a URL or a session token. There's no link to clone, no code to replay - the anti-phishing property is built in, not bolted on.

♻️

Continuity, not just identity

KYC checks a person once. Manav proves it's the same human across every round and into the job - the gap that catches bait-and-switch, sleepers, and proxies.

🌐

Open & portable

Open standards filed at the OpenID Foundation and IETF, Apache-2.0 reference code, receipts anyone can verify. You integrate a standard, not a black box.

Trust & compliance · pass your security review

The honest answer to "what could leak?" is "almost nothing."

Verification happens on the user's device. The server only ever sees what's safe to keep - so the highest-risk category of data is removed from your processing footprint.

What Manav stores
  • A one-way public key (the person's proof-of-human)
  • The action and timestamp
  • A presence / liveness score
  • The assurance level and a signed receipt
What Manav never stores
  • Face images or biometric templates
  • Keystrokes, screen content, or session tokens
  • Raw documents or government IDs
  • Anything an attacker could replay or resell

Assurance is a ladder you set per action: self-attesteddevice-bound (WebAuthn + platform biometric) → certified. Gate routine flows lightly and high-value actions hard. Designed for GDPR and BIPA-style biometric law: minimal data, on-device processing, explicit consent.

Become a design partner

Make "is this a real human?" a solved problem.

We're onboarding design partners across hiring, fintech, marketplaces, and security - teams for whom a faked human is a board-level risk. Bring your highest-stakes flow; on the call we wire proof-of-human into it and prove the catch on real traffic.

Book a demo →
Drop-in REST API & SDKs · signed audit receipts · enterprise SLAs & dedicated support · co-design for your flow
For your security team

The questions a reviewer will ask.

What do you actually store - is this biometric data we have to govern?

Verification runs on the user's device. The server receives a one-way public key, the action, a timestamp, a presence score, and a signed receipt - never face images, templates, keystrokes, or screen content. The design goal is that there is no biometric corpus to govern, breach, or subpoena.

How does this satisfy GDPR / CCPA / BIPA-style biometric law?

Minimal data, on-device processing, explicit per-action consent, and no retention of biometric identifiers. Because raw biometrics never reach our servers, the highest-risk category of data is removed from your processing footprint. We'll work through your DPIA with you.

Do you fingerprint or track end users across sites?

No. There's no cross-site tracking and no hidden device fingerprinting. A person holds a portable proof-of-human key they control; you check presence for a specific action, nothing more.

How accurate is it, and what about demographic bias?

Liveness and matching run on-device with a tunable assurance ladder. For high-stakes decisions you gate on device-bound assurance (hardware biometric + WebAuthn), not a soft score. We support bias auditing and pair the signal with your existing controls - Manav is a strong input, never the sole gate.

How long does integration take?

One verify() call gates an action; SDKs and a hosted verification flow mean most teams ship a first integration in an afternoon and a production rollout in days, not quarters.

What happens if a real user can't verify - and does it handle AI agents?

You define the fallback: step-up, manual review, or graceful retry, with honest assurance levels on every receipt. Agents are supported too - they inherit scoped, revocable trust delegated by a verified human, so you can refuse anonymous bots and still accept legitimate agent traffic under audit.

Book a demo →