Trusted Codes

Product

One platform.
Four layers of trust.

Connections, Beacons, Guest Codes, and Stamping are four independent primitives that together cover every surface where AI-powered fraud can strike — voice calls, video meetings, physical access, and documents.

For individuals, families & teams

Connections

Mutual identity codes for people you know.

A Connection is a mutual encrypted secret shared between two people — established once, in person. Each morning, each person's app derives three unique words from that secret. When a call comes in, you ask "What's your code?" and the words either match or they don't. AI voice clones, deepfakes, and imposters cannot know today's words.

How it works

  1. 1Meet in person and scan each other's QR code (or share a secure invite link).
  2. 2An end-to-end encrypted secret is exchanged — neither party's server ever sees the plaintext.
  3. 3Each morning, both apps derive the same three words from the shared secret and the current date.
  4. 4On any call, ask for the code. If the three words match — it's really them.

Use cases

  • Elderly parents verifying their children before sending money
  • Colleagues confirming executive instructions before wire transfers
  • Business partners verifying each other before discussing sensitive matters
  • Family members staying safe from grandparent scams and emergency fraud

Key properties

  • Zero-knowledge — the server never sees decrypted secrets or codes
  • Offline-first — works in airplane mode, remote areas, emergencies
  • Automatic daily rotation — codes change every 24 hours without any action
  • Free forever for up to 10 connections
For banks, IT teams, healthcare, government

Beacons

Verified caller identity for organisations at scale.

A Beacon is an organisation-level verification layer. The organisation registers once; every outbound-calling employee is assigned a Beacon identity tied to their staff account. When they call a customer or colleague, they can show a Beacon code that proves they genuinely work for that organisation — like a daily-rotating digital badge that any recipient can verify, with or without an app.

How it works

  1. 1Organisation registers its Beacon and onboards calling staff via the admin portal.
  2. 2Each staff member's app generates a daily Beacon code tied to their identity and the organisation's key.
  3. 3When a caller claims to be from the organisation, the recipient asks for the Beacon code.
  4. 4Verification works via the Trusted Codes app or a free web check — no account required for the recipient.

Use cases

  • Bank fraud teams calling customers about suspicious activity
  • IT helpdesk staff requesting credential resets or remote access
  • Healthcare providers calling patients to confirm appointments or prescriptions
  • Government agencies making outbound compliance or benefit calls
  • Insurance adjusters calling policyholders after claims
  • Utility companies calling about outages or scheduled maintenance

Key properties

  • No app required for recipients — web verification is free and instant
  • Codes rotate daily and are revocable per employee instantly
  • Works alongside existing caller ID — adds cryptographic proof caller ID cannot provide
  • Admin portal shows which staff codes have been verified and when
For deliveries, contractors & temporary access

Guest Codes

One-time verification for anyone — no account needed.

A Guest Code is a short-lived challenge-response pair you generate for any person who needs to verify their identity without having a Trusted Codes account. You create the code, share it with the expected visitor through a trusted channel, and ask for it at the door. Only the person you gave it to can answer.

How it works

  1. 1You generate a Guest Code in the app — takes under 10 seconds.
  2. 2Share the code via a channel you trust: a known phone number, email, or booking confirmation.
  3. 3When the person arrives, ask: "What's the code?" They show or say the words.
  4. 4If it matches — they're who you arranged to meet. If not, they're not.

Use cases

  • Verifying delivery drivers at your home or building
  • Confirming the identity of an expected tradesperson or contractor
  • One-time access verification for temporary workers
  • Clients attending a first meeting where no prior connection exists
  • Service engineers visiting a business premises

Key properties

  • Single-use by default — code is invalidated after first verification
  • Configurable to multi-use for service providers making regular calls
  • Configurable expiry — from 1 hour to 30 days
  • No account or app installation required for the recipient
For invoices, contracts & official communications

Stamping

Prove a message or document came from you and has not been changed.

A Stamp is a cryptographic signature you attach to any document, invoice, message, or file. It proves two things simultaneously: that the content originated from your verified identity, and that nothing has been changed since you stamped it. Any recipient can verify a stamp in seconds. A modified document — even one character changed — fails verification.

How it works

  1. 1You stamp a document or message from the app or via the API.
  2. 2A cryptographic signature is generated from your private key and the document content.
  3. 3The stamp (a short code or QR) travels with the document.
  4. 4Recipient runs a 3-second verification — the stamp either passes or fails. No pass = do not act.

Use cases

  • Invoices with bank account details — prevent payment diversion
  • Contracts and change orders — detect unauthorised modifications
  • Purchase orders and logistics instructions — prevent supply chain fraud
  • Executive communications — distinguish genuine instructions from AI-forged ones
  • Regulatory documents — prove authenticity for compliance purposes

Key properties

  • Mathematically unforgeable — requires your private key, which never leaves your device
  • Any modification — including metadata — breaks the stamp
  • Timestamp is embedded and tamper-proof
  • Works on any file type: PDF, Word, email, plain text

Verification modes

Five ways to verify. One answer.

Every context is different. Trusted Codes adapts — spoken words in a quiet room, a silent tap in a meeting, a QR scan at the door.

Three spoken words

The default mode. Ask "What's your code?" and they read three words from their app. Works offline, across all six supported languages. Nothing to memorise — open the app, read the words.

Offline · 6 languages · Free

Silent tap-to-verify

Both parties tap "Verify" at the same moment. The code is confirmed without either person saying a word — ideal for open-plan offices, public spaces, or any situation where discretion matters.

Business · No words spoken

QR code scan

Show your code as a QR, the other party scans it. Verification is instant and requires no network connection. Works at physical entrances, reception desks, or any in-person check-in.

Free · Works offline

Voice verification

Audio-based verification designed for the desktop companion app and CLI. Useful in headset-only environments and automated voice workflows. The spoken words are compared locally — no audio is transmitted.

Business · Desktop & CLI

Meeting check-in

Verify every participant at the start of a video or conference call. Each attendee checks in; a live roster shows who is verified and who is not. Unverified participants cannot join the sensitive portion of the agenda.

Business · Multi-party

Typing verification

Type the three words instead of speaking them — useful for calls where audio is unavailable or for accessibility. The typed words are matched locally; nothing is sent over the call.

Free · Accessibility-first

Connection management

Every connection on your terms.

Each connection is fully configurable — how it rotates, what language it uses, how it is named and grouped. You are never locked into defaults.

Name, label & describe

Give every connection a human-readable name, a description, and any notes you need. "Mum's iPhone" is easier to find than a user ID. Notes survive device restores and sync across your devices.

Tags & categories

Create custom tags — "Family", "Finance team", "Board members" — and assign connections to one or more tags. Filter your connection list instantly. Tags sync across all your devices.

Templates & presets

Save a set of connection settings (rotation period, language, auto-accept policy) as a named preset. Apply to any new connection in one tap. Organisations can enforce company-wide defaults via templates.

Custom code rotation

Each connection rotates independently — from every hour to once a year. High-security connections rotate every hour. Family connections that rarely change can rotate weekly. You choose per connection.

Per-connection language

Code words can be in any of six languages: English, German, Spanish, French, Italian, Dutch. If your counterpart is more comfortable in French, their code words are in French — while yours are in English.

Group & personal connections

Personal connections are private to you. Group connections are a shared vault — useful when a whole team needs to verify with a single client, or when a family member's code needs to be visible to a caregiver.

Trust scores

Each connection accumulates a trust score based on how long it has been active, how frequently it is used for verification, whether the code has been recently re-established, and other risk signals. Low-score alerts flag anomalies before fraud occurs.

Auto-accept policy

For connections where you always approve — a personal assistant, a recurring supplier — enable auto-accept. Verification passes without manual approval. Revocable instantly.

Device & session visibility

See exactly which devices each connection is active on, when they last verified, and from which session. Revoke a compromised device in one tap without losing the connection on other devices.

Business platform

Built for organisations that need more.

The Business plan adds a full organisational layer: branded portals for your customers, central administration, multi-organisation support, self-hosted deployment, and enterprise governance.

Branded customer portal (PWA)

Business

Deploy a white-labelled Progressive Web App under your own domain for your customers, contractors, or partners. They get a lightweight branded experience — daily codes, offline verification, WebAuthn biometrics — without installing anything from an app store. Configurable as a subdomain, path, or custom domain.

Self-hosted deployment

Enterprise

Run the verification infrastructure on your own servers or private cloud. The HSM-backed key derivation, portal, and API are all self-hostable. Full control over data residency — no third-party cloud dependency for verification.

Multi-organisation support

Business

One customer verified by multiple independent organisations. Each org has its own Beacon, connection pool, and admin dashboard. A bank and an insurer can each verify the same customer independently without sharing any data.

Central administration

Business

A single admin panel across all departments and subsidiaries. Manage users, Beacon identities, Guest Code quotas, connection templates, and access policies from one place. Delegate admin rights to department leads without giving them cross-org access.

Invitation management

Business

Send, track, and revoke invitations for customers and staff. Invitations carry a bootstrap blob that pre-seeds the recipient's vault on first open — no manual setup required on their side. Invitation lifecycle (pending, claimed, expired, revoked) is fully audited.

SSO / OIDC

Enterprise

Connect to your corporate identity provider via OpenID Connect. Staff log into the Trusted Codes admin portal and business portal using existing corporate credentials. Supports per-organisation IdP configuration.

Customisable connection templates

Business

Define org-wide connection defaults — rotation period, language, auto-accept policy, naming conventions — that apply to all staff connections automatically. Override at the department or individual level when needed.

Audit logs & governance

Business

Compliance-ready append-only event log covering every verification, invitation, device registration, admin action, and API call. Filter by user, time, event type, or outcome. Export in JSON or CSV for SIEM ingestion.

Clients & platforms

Your codes, on every device you use.

Trusted Codes runs natively where you already work — phone, desktop, server, terminal, and AI assistant. Every client derives the same daily codes from the same encrypted secrets.

Mobile and desktop apps are free for individuals. CLI, REST API, and MCP access are part of the Business plan.

iPhone

The full Trusted Codes experience on iOS — daily code words, Connections, Guest Codes, silent tap-to-verify, and offline verification, protected by Face ID or Touch ID.

iOS

App Store · Free

Android

The same native app on Android. Identical codes, identical rotation — a family or team can mix iPhones and Android phones and verify each other seamlessly.

Android

Google Play · Free

Desktop companion

A lightweight companion app for Windows and Mac that lives in your system tray. Today's code words are one global hotkey away — verify mid-call without reaching for your phone.

WindowsMac

Free download

Linux server agent

A headless daemon for operations environments — no desktop dependencies. Runs on any Linux server or container and lets your backend systems verify identities in-process.

LinuxDocker

Business · Self-managed

REST API & CLI

Script verification from the shell or call it from any language. The CLI covers the full surface — codes, verification, stamping — and the REST API powers business integrations.

WindowsMacLinux

Business · Automation

MCP server

A Model Context Protocol server so AI assistants can look up and verify codes during automated workflows — before an agent acts on a request, it checks the human behind it is real.

ClaudeAny MCP client

Business · AI workflows

Integrations & platforms

Verification everywhere you work.

Trusted Codes ships on every surface — mobile, desktop, server, AI agent, and Slack — so verification fits into your existing workflow rather than replacing it.

REST API

Full programmatic access to Connections, Beacons, Guest Codes, and Stamping. Authenticate with API keys or OAuth. Rate-limited, versioned, and documented. Ideal for server-to-server verification, CRM workflows, and custom portals.

ServerAny language

MCP Server

A Model Context Protocol server that lets AI agents — Claude, ChatGPT, and any MCP-compatible client — trigger identity verification inside automated workflows. Verify a caller's identity before an AI processes a sensitive request.

ClaudeChatGPTAny MCP client

Slack Integration

Verify colleagues without leaving Slack. The Trusted Codes Slack app lets you request and confirm verifications in any channel or DM. Useful for approving sensitive requests in ops and finance channels.

Slack

CLI

A command-line interface for Windows, Mac, and Linux. Run verifications from shell scripts, CI pipelines, and infrastructure-as-code workflows. Headless mode for non-interactive environments. REPL mode for exploratory use.

WindowsMacLinux

Desktop app

A native companion app for Windows and Mac. Runs in the system tray — verify in seconds without switching apps. Includes Stamping (sign documents), voice verification, and a built-in MCP configuration panel.

WindowsMac

Linux server agent

A lightweight background agent for Linux servers. Integrates with CRM systems, ticketing platforms, and automation frameworks. Exposes a local REST API for in-process verification. Suitable for Salesforce, HubSpot, and n8n connectors.

LinuxCRM / automation

Security & privacy

Designed so we cannot help attackers even if we wanted to.

Zero-knowledge architecture

Your private keys and secrets never leave your device. We store only ciphertext we cannot decrypt.

End-to-end encrypted

Every secret is encrypted on your device before transmission. Decryption happens only on your other devices.

Offline-first

Codes are generated locally from a stored secret. No internet connection required — no signal, no problem.

GDPR compliant, EU hosted

All data is stored in the European Union. Full data-subject rights supported. DPA available on request.

Recovery keys

A master recovery key lets you restore all connections to a new device without any server involvement.

Device management

See every active device on your account. Revoke any device instantly. Compromised devices lose access immediately.

Trust scores

Every connection accumulates a risk signal. Anomalous patterns — sudden rotation changes, new devices — surface automatically.

Session management

Full visibility into active sessions. Force-expire sessions for any user from the admin panel, or from your own account settings.

Start with what matters most.

Connections and Guest Codes are free for individuals and families. Business plans unlock Beacons, Stamping, the admin portal, and integrations.