By CYBERVIS · UK cybersecurity

Facial authentication
for the web

Passwordless sign-in for websites & apps, powered by face recognition.

One script tag. Works with any webcam on every modern browser — and liveness detection is included on every plan, not sold separately.

Get started free Try the live demo
<5 min
To integrate
3
Liveness layers
0
Images stored
100%
UK data residency
Meet Vultus

Everything you need for face sign-in

Enroll users in seconds, authenticate them instantly, and keep the anti-spoofing layers other providers charge extra for.

Facial authentication

Instant recognition with deep-learning face matching. No passwords, no OTP codes, no security questions — and ambiguous matches are refused, never guessed.

Liveness detection, included

Passive anti-spoofing blocks photos, prints and screen replays; a randomized blink or head-turn challenge defeats recorded videos. Every plan, every authentication.

Privacy by design

Frames are processed in memory and discarded. Only an encrypted template is stored, isolated per application, with a one-call GDPR delete API.

Five-minute integration

One script tag, two calls: enroll() and authenticate(). Plain JavaScript, zero dependencies, cross-browser. Webhooks keep your backend in sync.

UK cloud or on-premise

Hosted on CYBERVIS UK infrastructure by default — or deploy the entire recognition layer inside your own network for total control over biometric data.

Server-verified trust

Every sign-in mints a short-lived signed token that your backend verifies with its application secret. The browser is never trusted on its own word.

Get up and running instantly

Simple to use, easy to implement

1

Create your application

Sign up on the Vultus Console, register your website, and get your public app ID and server secret instantly.

2

Add the widget

One script tag on your pages. No build step, no framework requirements — plain JavaScript and CSS.

3

Enroll & authenticate

Call enroll() with your own payload, then authenticate() to recognise the user and get it back.

4

Verify server-side

Exchange the returned token against our API with your app secret, then create your own session as normal.

Straightforward integration

On your site in under 5 minutes

Once implemented, you'll be able to:

  • Instantly authenticate returning users — no username, no password, just their face.
  • Enroll new users at signup with any payload you want returned on every sign-in.
  • Reduce fraud with built-in presentation-attack detection.
  • Say goodbye to bots: every session is a live human in front of a real camera.
<!-- 1. Import the widget -->
<script src="https://vultus.cybervis.co.uk/static/widget.js"></script>

// 2. Initialize with your application public ID
const vultus = new Vultus("vlt_your_app_id");

// 3. Enroll a new user (at signup)
vultus.enroll({ payload: { userId: 123 } })
  .then(info => console.log("Facial ID:", info.facialId));

// 4. Authenticate a returning user (at login)
vultus.authenticate()
  .then(user => {
    console.log(user.facialId, user.payload);
    // 5. Verify user.token on your backend:
    // GET /api/token/verify (X-App-Secret header)
  });
Plans & pricing

Simple, scalable, no hidden fees

Per account, per month. Liveness detection and encrypted template storage included on every tier — even the free one.

Free
£0
MVPs, personal projects and evaluation
  • 1 application · 50 enrolled faces
  • Full liveness detection
  • Encrypted template storage
  • Community support
Get started
Starter
£19/mo
Projects with moderate traffic
  • 3 applications · 1,000 faces each
  • Unmetered authentications
  • Webhooks & origin allowlists
  • Email support
Start free trial
Business
£79/mo
Production apps with significant traffic
  • 10 applications · 10,000 faces each
  • Unmetered authentications
  • Widget branding & customisation
  • Priority support · 99.9% SLA
Start free trial
On-premise
POA
The entire recognition layer on your infrastructure
  • Unlimited faces & applications
  • Biometric data never leaves your network
  • Deployment & hardening by CYBERVIS
  • Dedicated support
Talk to us
Trust centre

Biometric data, handled properly

Built by a UK cybersecurity company, for companies that answer to regulators. Face templates are special-category data under UK GDPR — the whole product is designed around that.

No images, ever

Camera frames are analysed in memory and discarded. The stored template cannot be reversed into a photo.

Isolated per application

A face enrolled on one customer's app can never be matched on another's. Hard sandbox, enforced server-side.

Right to be forgotten

One authenticated API call permanently deletes an enrollee's template. Opt-out is a feature, not a ticket.

UK data residency

Azure UK South by default, TLS everywhere, secrets in managed configuration — or fully on-premise.

Questions

Frequently asked

Do my users need special hardware?

No. Vultus works with regular webcams and phone front cameras on all modern browsers. No fingerprint reader, depth sensor or FIDO key required.

Can someone sign in with a photo or a video of my user?

No. Every authentication runs passive anti-spoofing that detects prints and screen replays, plus a randomized challenge (blink or head-turn) issued at that moment — a photo cannot respond, and a pre-recorded video answers the wrong challenge. Real-time deepfake injection is an industry-wide limitation; for high-risk actions we recommend combining Vultus with a second factor, which is exactly how CYBERVIS's own products use it.

What do you store about my users?

An encrypted mathematical template (not an image), the payload your site attaches, and a timestamp. Templates are AES-encrypted at rest and isolated per application.

Does Vultus replace my existing login?

Your choice. Use it as a second factor after passwords, as a passwordless primary login, or both. The token your backend verifies is the same either way.

Is it GDPR compliant?

Vultus gives you the technical controls GDPR requires for biometric data: explicit consent in the widget flow, minimal encrypted storage, per-application isolation, UK data residency and a deletion API. You remain the data controller; we act as processor — or go on-premise and biometric data never reaches us at all.

How do I get started?

Open the Vultus Console, create a free account, register your application and your keys are issued instantly. The free tier includes 50 enrolled faces with full liveness detection.

Add face sign-in to your site this week

Free tier to experiment. UK-built, liveness included, privacy by design.

Open the Vultus Console