Say nothing. Be seen.
Visbir is a face-gated, non-custodial USDC wallet and identity studio. Your face identifies you; a passkey — Face ID, Windows Hello — authorizes you. Lose every device, and your face gets your wallet back. Photos, landmarks, and embeddings never leave your device.
Every step keeps the same promise: raw biometric data never crosses the wire.
Sign up with a passkey. Build your identity profile from photos, entirely in the browser — a live camera match binds it to you, and only you.
Enrollment creates a non-custodial smart-account wallet on Base. Top up with USDC from anywhere via your personal deposit address.
Optional one-tap deposit from your own account into a blue-chip lending pool. The app never pools or touches your funds.
Constrained portrait generation from your identity profile — every candidate scored client-side against your own measurements.
The flagship: every device gone, and the account is still recoverable by being you — a strict live face match, a second factor, and a time delay rotate in a new passkey.
Photos, landmarks, embeddings, and templates stay on your device. The server sees signed match attestations — a nonce, a template hash, a score — never the biometric source. Even recovery returns your encrypted profile to your new device for on-device matching; nothing is ever matched server-side.
No key material is ever derived from biometrics. A face is public and unrotatable — it can identify and bind, but only secrets (passkeys) authorize.
Face ID and Windows Hello can't hand any app a biometric hash, by design. Visbir consumes them the only way possible: as passkey unlock.
You own your smart account. The app holds no funds — the only pooled balance is prepaid generation credits, kept small.
Binding a profile to an account — and thus to money and recovery — requires a live capture that matches the photo set. The person enrolled is provably the person consenting.
A camera can recognize you and pre-fill the ceremony, but a spoofed face still faces WebAuthn. Convenience fails open to plain passkey; security never rests on the camera.
Recovery operating points are set from measured false-accept-rate curves on real benchmarks — not from observed maxima or optimism.
The studio turns curated photos into a versioned, machine-readable identity profile — then uses it to constrain and score portrait generation. All of it runs in your browser.
Identity constraints are applied to the prompt server-side; your measured ratios can be embedded. Only text ever leaves the browser.
Every generated candidate is landmarked and scored against your profile on your device — likeness as a measurement, not a feeling.
Score images from any source against your profile. The identity profile is portable — a canonical reference for future render systems.