Visbir (rhymes with whisper) · powered by PHIM
Experimental — early access

The Visbir Wallet. Money that knows your face.

Say nothing. Be seen.

Visbir is a face-gated, non-custodial USDC wallet and identity studio. Your face identifies you; a passkey — Face ID, Windows Hello — authorizes you. Lose every device, and your face gets your wallet back. Photos, landmarks, and embeddings never leave your device.

The journey

Five steps. One invariant.

Every step keeps the same promise: raw biometric data never crosses the wire.

1 · Enroll

Become the key

Sign up with a passkey. Build your identity profile from photos, entirely in the browser — a live camera match binds it to you, and only you.

2 · Hold

Own your money

Enrollment creates a non-custodial smart-account wallet on Base. Top up with USDC from anywhere via your personal deposit address.

3 · Earn

Put it to work

Optional one-tap deposit from your own account into a blue-chip lending pool. The app never pools or touches your funds.

4 · Create

Generate yourself

Constrained portrait generation from your identity profile — every candidate scored client-side against your own measurements.

5 · Recover

Lose everything, stay you

The flagship: every device gone, and the account is still recoverable by being you — a strict live face match, a second factor, and a time delay rotate in a new passkey.

The invariant

Raw biometric data never crosses the wire.

Photos, landmarks, embeddings, and templates stay on your device. The server sees signed match attestations — a nonce, a template hash, a score — never the biometric source. Even recovery returns your encrypted profile to your new device for on-device matching; nothing is ever matched server-side.

Client-side landmark processing Text prompts only — never photos On-device face matching Signed attestations, not biometrics Delete means delete
Design principles

Faces identify. Secrets authorize.

A face is a username, not a password

No key material is ever derived from biometrics. A face is public and unrotatable — it can identify and bind, but only secrets (passkeys) authorize.

Platform biometrics gate keys — they never expose data

Face ID and Windows Hello can't hand any app a biometric hash, by design. Visbir consumes them the only way possible: as passkey unlock.

Non-custodial by default

You own your smart account. The app holds no funds — the only pooled balance is prepaid generation credits, kept small.

Enrollment requires the enrollee

Binding a profile to an account — and thus to money and recovery — requires a live capture that matches the photo set. The person enrolled is provably the person consenting.

Face unlock is UX, not a security boundary

A camera can recognize you and pre-fill the ceremony, but a spoofed face still faces WebAuthn. Convenience fails open to plain passkey; security never rests on the camera.

Thresholds come from measurement, not hope

Recovery operating points are set from measured false-accept-rate curves on real benchmarks — not from observed maxima or optimism.

The identity studio

"Does this look like me?" becomes a number.

The studio turns curated photos into a versioned, machine-readable identity profile — then uses it to constrain and score portrait generation. All of it runs in your browser.

Curated photosnever uploaded
Face landmarksextracted in-browser
Normalized geometrypose, scale, size
Measured ratiosrepeatable, comparable
Identity profileversioned JSON + Identity Bible
Scored generationevery candidate rated against you

Constrained generation

Identity constraints are applied to the prompt server-side; your measured ratios can be embedded. Only text ever leaves the browser.

Client-side scoring

Every generated candidate is landmarked and scored against your profile on your device — likeness as a measurement, not a feeling.

Bring any generator

Score images from any source against your profile. The identity profile is portable — a canonical reference for future render systems.

The fine print, stated plainly