Security

Security at
every layer.

From biometric hardware to cryptographic audit trails. Every part of UIP is designed with security and privacy as the foundation — never the afterthought.

Architecture

How UIP protects your identity

Biometric-first

Every action requires fingerprint or face verification. No passwords, no SMS codes, no phishing vectors.

Secure enclave

Private cryptographic keys are stored in your device's hardware security module. They can never be extracted or copied.

Government-verified

Identity backed by live document capture and verification against official issuing authorities. Recognised across the US, UK, EU, Australia, Canada, Singapore, and more.

AES-256 encryption

All data encrypted at rest and in transit. Messages use end-to-end encryption with unique session keys.

On-device signing

Digital signatures are created locally on your device using hardware-backed keys, then verified server-side.

Tamper-proof audit

Every action returns a permanent, queryable reference ID. Immutable records of who, what, and when.

Cryptography

Signed end to end

Every API action is cryptographically secured. SHA-256 hashing, wallet-issued signatures, and an HSM-backed audit chain row over every transaction.

Hardware-backed keys

Private keys stored in the device Secure Enclave, never exposed or extractable.

SHA-256 document hashing

Every document and action is hashed for integrity verification.

On-device signing

Signatures are created locally — the private key never leaves the device.

Full audit transparency

Document hash, signature, and public key are included in every audit record.

Audit Trail

Permanent, tamper-proof records

01

Action returns ID

Every auth, signature, or message returns a unique reference ID string.

02

Store ID safely

Save the reference ID in your database or compliance systems as permanent proof.

03

Query for verification

Use the ID to retrieve timestamp, signatory, requester, and full action details.

What each reference reveals

Signatory details

Full name, government ID verification status, biometric authentication time.

Precise timestamp

Exact UTC timestamp, timezone info, and duration of the signature process.

Requester context

Business organization, authorized representative, document type, action category.

Privacy

GDPR compliant
by design

  • Users control their own identity data
  • Face templates held only with our vetted biometric processor (AWS) — never with KYC vendors or data brokers
  • Hardware-attested signatures bound to keys that never leave your device
  • Encrypted at rest and in transit, with role-scoped database access
  • Right to erasure — face template deleted before any other data on account deletion
  • GDPR, CCPA/CPRA, and Illinois BIPA compliant — see our privacy policy
Live now

Built for trust.,

Audit-chain integrity, HSM-backed signing, and tenant isolation by default. Create an account and verify your first transaction end-to-end.

Get started For businesses