How it works

Sign in to anything.
Hand over nothing.

A plain-English walkthrough of what an identity provider is, how Privasys ID is different, and why your data never has to leave your phone for a website to know who you are.

First, what is an identity provider?

Every time you click “Sign in with Google” or “Sign in with Apple,” you’re using an identity provider. It’s the system that vouches for who you are so the website you’re visiting doesn’t have to ask for a new password.

That’s convenient. But it comes with a hidden cost: the identity provider sees every site you sign in to, stores your name and email on its servers, and can usually read or share that data under conditions you don’t fully control.

What about OIDC and SSO?

The standard most identity providers speak is OIDC, short for OpenID Connect. It was designed for trust between corporations, not for personal sovereignty. SSO (single sign-on) is the user-facing convenience built on top: one identity, many services, no separate password to remember each time.

Privasys ID speaks the same OIDC standard, so any service that already supports “Sign in with Google” can support Privasys with minimal changes. The difference is in what the provider can see. With Google, that is everything. With us, that is nothing.

What happens when you sign in.

A real Privasys sign-in takes about three seconds. Here’s what those three seconds actually do.

1

The website asks for proof.

You see a QR code on screen, or get a push notification on your phone. No username field. No password field.

2

Your phone checks the website first.

Before anything is sent, your wallet verifies the server’s identity. When the service runs inside secure hardware, your wallet can also verify exactly what code is running on the other side. That’s called remote attestation, and it’s why we say trust flows in both directions.

3

You approve with your face or fingerprint.

Your biometrics unlock a cryptographic key stored in your phone’s security chip (Apple’s Secure Enclave or Android StrongBox). That key never leaves the device. It can’t be copied, phished, or stolen by malware.

4

You choose what to share.

Maybe the website only needs your email. Maybe it needs your name too. The wallet shows you exactly what is being requested, attribute by attribute, and you approve each piece. Nothing else is sent.

5

You’re signed in. We saw nothing.

The website receives the attributes you approved, sealed inside a standard token (a JWT) it can trust. Privasys never stored your personal data in the process. There is nothing to breach, nothing to leak, nothing to sell.

How is this different from “Sign in with Google”?

Same convenience. Different power balance.

Big-tech sign-in

  • Your name and email live on the provider’s servers, forever.
  • The provider sees every site you sign in to.
  • A server breach puts your identity in the leak.
  • One password per provider, still phishable.
  • You cannot verify what the server is actually doing.
  • Source code is closed.

Privasys ID

  • Your name and email stay in your phone’s secure chip.
  • Nobody, not even us, sees what you sign in to.
  • If our servers were breached, there would be nothing inside.
  • No passwords. Your face or fingerprint, on your device only.
  • Your phone verifies the server with hardware attestation.
  • Open source, AGPL-3.0. Audit it yourself.

The two technologies that make it possible.

You don’t need to understand them to use Privasys. But if you want to look under the hood:

Hardware-bound passkeys.

Modern phones have a tiny dedicated chip that can generate and use cryptographic keys without the rest of the system ever seeing them. Apple calls it the Secure Enclave; Android calls it StrongBox. Privasys uses the same FIDO2 / WebAuthn standard the rest of the industry uses for passkeys, so the keys that prove you’re you cannot be exported, even by us.

Confidential computing.

The Privasys identity service itself runs inside a hardware-protected enclave on the server side: an environment where even the operator (us) cannot read what’s happening inside. Your wallet verifies that enclave before it sends anything. The same technology is being adopted by Apple, Microsoft, JPMorgan and the NSA.

What we do hold, and why it’s still anonymous.

We’ve been clear about what stays on your phone: your name, your email, your verified attributes. But to run an identity service we do keep one thing on the server side, the list of permissions you’ve granted. Which services you’ve approved, what each is allowed to ask for, and when you revoke them. Without that, signing in from a new device or revoking access remotely would be impossible.

Here’s the catch we built in: those permissions are attached to a random identifier generated on your phone, never to your name, your email or anything that identifies you. We have no directory mapping that identifier back to a person. We literally do not know whose permissions we’re storing, and neither does anyone who breaks in.

The only piece that can resolve the anonymous identifier back to you is the wallet on your phone, unlocked by your biometrics. Lose the phone without a backup and the permissions stay locked forever, even from us. That’s the point.

What happens if I lose my phone?

Your data lives on your phone, so the answer matters. Privasys gives you four ways to stay in control.

1. Export your data, anytime. The wallet can export everything you’ve stored locally, your profile, your verified attributes, the services you’ve signed in to, into a single file. Your data is yours, full stop. You can take it with you whenever you want, no permission needed.

2. A 24-word recovery phrase. Personal data lives only on your device, but the permissions you’ve granted (which services may ask for what) are stored in the cloud so a new device can resume where the old one left off. The 24-word phrase (BIP39, the same standard cryptocurrency wallets use) is the only key that unlocks them. We never see it.

3. Single-use recovery codes. A small set of one-time codes you can print and stash in a drawer for emergencies, much like the backup codes most services already offer.

4. Trusted guardians. You can nominate friends or family as guardians. If you ever lose every other backup, a quorum of them (you choose how many) can collectively approve a recovery on your behalf. We just route the messages. We never see what is being recovered.

Want to add Privasys sign-in to your app?

If you already support “Sign in with Google,” the work is roughly an afternoon. Same OIDC. Same JWT. New issuer, new client ID, done.

Developer portal Documentation

Ready to take your identity back?

Download for iPhone Download for Android Back to privasys.id