← Back to Home
MVP ARCHITECTURE
Proof of You - Technical Blueprint
System architecture, API specification, data flow, and tech stack for the Proof of You minimum viable product.
System Overview
CLIENT LAYER
+------------------+ +------------------+ +------------------+
| Mobile App | | Browser Ext. | | 3rd Party Apps |
| (Enrollment + | | (Dead Internet | | (API Consumers) |
| Verification) | | Firewall) | | |
+--------+---------+ +--------+---------+ +--------+---------+
| | |
v v v
API GATEWAY (Rate Limiting, Auth, Routing)
+--------------------------------------------------------------------------+
| API GATEWAY (Cloudflare) |
+-----+----------------+----------------+----------------+--------+-------+
| | | |
v v v v
CORE SERVICES
+-----------+ +-----------+ +-----------+ +-----------+
| Identity | | Content | | Trust | | Brand |
| Service | | Stamping | | Score | | Monitor |
+-----------+ +-----------+ +-----------+ +-----------+
| | | |
v v v v
DATA LAYER
+--------------------------------------------------------------------------+
| PostgreSQL (metadata) | Redis (cache) | S3 (hashes) | Kafka (events) |
+--------------------------------------------------------------------------+
Core Services (MVP)
1. Identity Service
Handles enrollment, verification, and identity token management. The biometric hash is generated on-device and only the hash is transmitted - never raw biometric data.
- Enrollment Flow: Device captures face + voice + liveness challenge. On-device ML generates a 512-dimensional embedding, hashed with SHA-256. Hash is sent to Identity Service, checked for uniqueness against existing hashes (prevents double enrollment). A PoY token (UUID + cryptographic signature) is issued.
- Verification Flow: User initiates a liveness check. New hash is generated on-device and compared to stored hash. If match > 99.7% similarity, verification is confirmed. Token is refreshed.
- Privacy Model: Zero-knowledge proof architecture. We never see your face or voice - only a mathematical representation that cannot be reverse-engineered.
2. Content Stamping Service
Generates and verifies cryptographic stamps for human-created content.
- Stamp Generation: Content is hashed (SHA-256). Hash is signed with the user's PoY private key. Signature + metadata (timestamp, PoY ID, content type) is bundled as a stamp.
- Stamp Verification: Given content + stamp, verify the signature matches, the PoY ID is valid, and the content hash matches.
- Invisible Watermarking: For images/video, an optional steganographic watermark embeds the stamp data directly in the media file.
3. Trust Score Engine
Calculates and maintains a portable reputation score.
- Inputs: Verification age, verification frequency, content stamp volume, dispute rate, cross-platform signals (via API partners).
- Algorithm: Weighted scoring model (0-100 scale). Higher weight given to verification consistency and low dispute rates. Score is public; underlying signals are private.
- Decay: Score gradually decays without regular verification (encourages active use).
4. Brand Monitor Service
Scans the web for unauthorized use of verified identities and brands.
- Image Similarity: Perceptual hashing + face embedding comparison across indexed web content.
- Text/Name Matching: NLP-based name and brand mention detection with context analysis (is this impersonation or legitimate mention?).
- Automated Takedown: Generates DMCA/platform-specific takedown requests when impersonation confidence > 95%.
API Specification (v1)
RESTful API with JSON payloads. All endpoints require API key authentication via Authorization: Bearer {api_key} header.
Identity Endpoints
| Method | Endpoint | Description | Rate Limit |
| POST |
/v1/identity/enroll |
Submit biometric hash for new enrollment. Returns PoY token. |
1/user/day |
| POST |
/v1/identity/verify |
Verify a user's liveness against stored hash. Returns verification result + trust score. |
100/min |
| GET |
/v1/identity/{poy_id} |
Get public profile for a PoY ID (verification status, trust score, since date). |
1000/min |
| GET |
/v1/identity/{poy_id}/check |
Simple boolean: is this PoY ID a verified human? Fastest endpoint. |
5000/min |
Content Stamping Endpoints
| Method | Endpoint | Description | Rate Limit |
| POST |
/v1/stamp/create |
Generate a PoY stamp for content. Accepts content hash + PoY token. |
500/min |
| POST |
/v1/stamp/verify |
Verify a stamp is authentic. Accepts content hash + stamp data. |
2000/min |
| GET |
/v1/stamp/{stamp_id} |
Get stamp metadata (author PoY ID, timestamp, content type). |
2000/min |
Trust Score Endpoints
| Method | Endpoint | Description | Rate Limit |
| GET |
/v1/trust/{poy_id} |
Get current trust score (0-100) and breakdown. |
2000/min |
| GET |
/v1/trust/{poy_id}/history |
Get trust score history over time. |
100/min |
Brand Shield Endpoints
| Method | Endpoint | Description | Rate Limit |
| POST |
/v1/brand/register |
Register a name/face/brand for monitoring. |
10/day |
| GET |
/v1/brand/{brand_id}/alerts |
Get impersonation alerts for a registered brand. |
100/min |
| POST |
/v1/brand/{brand_id}/takedown |
Initiate automated takedown for a detected impersonation. |
50/day |
Webhooks
| Method | Endpoint | Description | Rate Limit |
| POST |
/v1/webhooks/register |
Register a webhook URL for real-time event notifications. |
10/day |
| DELETE |
/v1/webhooks/{webhook_id} |
Remove a registered webhook. |
10/day |
Tech Stack (MVP)
API LAYER
Node.js + Hono (lightweight, edge-ready). Deployed on Cloudflare Workers for global low-latency. API Gateway handles rate limiting, auth, and routing.
DATABASE
PostgreSQL (Neon serverless) for identity metadata, stamps, and trust scores. Redis (Upstash) for caching verification results and rate limiting.
ON-DEVICE ML
TensorFlow Lite / Core ML for biometric embedding generation. Face detection + liveness via MediaPipe. All processing stays on-device.
CRYPTOGRAPHY
Ed25519 for signing. SHA-256 for content hashing. Zero-knowledge proofs via zk-SNARKs for anonymous verification mode.
MOBILE APP
React Native (Expo) for cross-platform enrollment app. Uses device biometric hardware (Face ID, depth camera, fingerprint).
BROWSER EXTENSION
Manifest V3. Vanilla JS + content scripts. Scans page content for PoY stamps and flags unverified content.
EVENTS / STREAMING
Kafka (Confluent Cloud) for event streaming. Powers real-time brand monitoring alerts and webhook delivery.
MONITORING
Grafana + Prometheus for system metrics. Sentry for error tracking. PostHog for product analytics.
Enrollment Data Flow
USER DEVICE POY API DATABASE
1. Open PoY App
2. Camera activates
3. Liveness challenge
(blink, turn, speak)
4. On-device ML generates
512-dim face embedding
5. SHA-256 hash of embedding
6. Hash sent to API --------> 7. Receive hash
8. Check uniqueness --------> 9. Query hash index
10. No collision found <-------- 11. Return: unique
12. Generate PoY token
13. Ed25519 keypair
14. Store metadata --------> 15. Write to PostgreSQL
16. Receive PoY token <-------- 17. Return token +
+ private key public key
18. Store private key
in device Keychain
19. Enrollment complete
TOTAL TIME: ~30 seconds
DATA SENT TO SERVER: 32-byte hash only
BIOMETRIC DATA RETAINED: zero
Revenue Model Architecture
REVENUE STREAMS
FREE TIER (Acquisition)
Individual verification $0
Basic badge $0
50 stamps/month $0
Trust Score (view) $0
CONSUMER SUBSCRIPTIONS (B2C)
Creator Plan $9/mo --> Target: 1M subscribers = $108M ARR
Family Shield $4.99/mo --> Target: 500K families = $30M ARR
Brand Shield (personal) $9/mo --> (included in Creator)
API USAGE (B2B)
Verify call $0.001 --> At 1B calls/mo = $12M/mo
Stamp call $0.002 --> At 500M calls/mo = $12M/mo
Trust Score query $0.001 --> At 2B calls/mo = $24M/mo
ENTERPRISE (B2B)
AI Compliance certification Custom --> Target: 10K enterprises = $100M+ ARR
Brand Shield (business) $49+/mo
Custom SLA + support Custom
MARKETPLACE (Take Rate)
Micro-Licensing transactions 2% fee --> At $500M GMV/yr = $10M ARR
YEAR 1 TARGET: $5M ARR (early adopters + dev tier)
YEAR 3 TARGET: $100M+ ARR (platform integrations at scale)
YEAR 5 TARGET: $1B+ ARR (infrastructure status achieved)
MVP Roadmap
PHASE 1: Foundation (Months 1-3)
[x] Landing page + waitlist
[ ] Identity Service API (enroll + verify)
[ ] Content Stamping API (create + verify)
[ ] Mobile enrollment app (React Native)
[ ] Basic Trust Score algorithm
[ ] Developer documentation + SDK (JavaScript)
PHASE 2: Consumer Products (Months 4-6)
[ ] Browser extension (Dead Internet Firewall)
[ ] Brand Shield (personal tier)
[ ] Reputation Passport v1
[ ] Anonymous Speech mode
[ ] Python + Go SDKs
[ ] Stripe billing integration
PHASE 3: Platform (Months 7-12)
[ ] Enterprise API tier
[ ] AI Content Label compliance suite
[ ] Micro-Licensing marketplace
[ ] Family Shield
[ ] Emergency ID partnerships
[ ] Digital Will
[ ] First platform integrations