FAQ
Frequently Asked Questions
Everything you need to know about Trusted Codes, from setup to security architecture.
Getting Started
Download the app, create your account, and start adding trusted contacts. When you meet someone in person—family, friends, or colleagues—add them to your vault. From then on, you can verify their identity with a simple code check whenever they contact you.
Yes, both parties need the Trusted Codes app to establish a secure vault and generate verification codes. This is what makes the system secure—both people share a cryptographic secret that only their devices can access.
Absolutely. The app is designed to be as simple as possible. Once set up, users only need to open the app and read three words. No technical knowledge required. We recommend helping elderly relatives set up their contacts in person.
If you lose your device, you can access your account from a new device using your recovery key. You should also notify your trusted contacts that your device was lost so they can be extra cautious until you confirm your new device is secure.
Security & Privacy
They could, but only within a 24-hour window before the code changes. And they would still need an existing connection to you (which you would have to approve first) or trick you into accepting them as a new connection (where the trust score would warn you). The time-limited nature of codes makes replay attacks very difficult.
At 100 connections (typical power user), the probability of a collision is less than 0.001%. If it does occur, the app shows both matching contacts and asks you to clarify which person you meant. No security breach occurs—you simply choose the right person.
Codes are based on 24-hour time windows. As long as your clock is within a few minutes of correct, codes will match. The app can also check adjacent time windows (±15 minutes) to handle slight clock drift. If your clock is very wrong, the app will show a warning.
No. Codes are generated on your device using the encrypted secret. The secret is encrypted end-to-end—only your devices can decrypt it. We never see the decrypted secret, we never see the codes (they're not transmitted), and even if we wanted to, we cannot generate your codes. This is called "zero-knowledge" architecture.
Even if our servers are completely compromised, attackers get only encrypted data they cannot decrypt. Your private keys never leave your device. Your secrets remain yours. A server breach is irrelevant to your security—this is called "data protection by design."
Currently, no. Quantum computers that can break our encryption (X25519) don't exist yet and are estimated to be 10-20 years away. We're actively monitoring post-quantum cryptography standards and will upgrade before quantum computers become a threat. The three-word code generation itself is NOT vulnerable to quantum computers.
Limitations & Honest Answers
We believe in being transparent about what Trusted Codes can and cannot do.
Trusted Codes verifies that someone is the same person you previously added. It cannot verify whether the person you originally added was telling the truth about who they are. If you add a scammer pretending to be your bank, verification will pass when that same scammer calls again. This is why you should only add people you know in person.
If someone forces you to provide codes under threat, the system cannot detect this. We're developing "duress codes" as a future feature—special codes that look valid but silently alert authorities.
If someone steals your friend's phone and bypasses their biometric lock, they could read the verification code and impersonate them. This is why verification should be combined with other checks for high-risk requests: call them back on a saved number, request a video call, or use a secret safe word.
Yes! Once you've downloaded the encrypted secrets for your connections, everything works offline. Secrets are stored in your device's secure keychain, the wordlist is bundled in the app, and code generation is purely mathematical. You can be in airplane mode and still verify.
Pricing
Yes. Protecting your family from scams shouldn't be a luxury. Personal use is free forever. We believe everyone deserves protection from impersonation fraud, regardless of their financial situation.
Yes, we offer a Pro Plan for individuals who need a higher number of connections and groups. Core verification functionality will always remain free for personal use.
We're developing solutions for businesses and organizations with specific security needs. If you're interested, please contact us to discuss your requirements.
Still have questions?
We're here to help. Reach out and we'll get back to you as soon as possible.
Ready to protect what matters?
Join thousands of families and businesses already using Trusted Codes.