Sovera
Processed and stored in Zimbabwe

Sovereign identity verification, built in.

KYC, liveness and biometrics for regulated businesses. One API for face match, documents and AML screening, with a capture flow you own, not a redirect to a foreign vendor.

Capture
Hostedno foreign redirect
Liveness
Passive + activePAD and challenge
Data
In-countryprocessed in Zimbabwe

Sovera

Credential

Session
  • Consent capturedpending
  • Active livenesspending
  • Document + MRZpending
  • Decisionpending
REF · 2Zk9F4A1processed in Zimbabwe
Passive livenessActive liveness challengeFace match 1:1Document + MRZAML / PEP screeningNational-ID validationVerification sessionsSigned webhooksPassive livenessActive liveness challengeFace match 1:1Document + MRZAML / PEP screeningNational-ID validationVerification sessionsSigned webhooks

Data residency

Biometric data that is processed and stored in Zimbabwe.

Most verification stacks send a face and an ID document across a border to be checked. That is the moment the hard questions start: whose law applies, who can be compelled to hand the data over, and whether the transfer was ever lawful.

Sovera removes that moment entirely. Keeping the regulated data in-country is not a feature bolted on later. It is the reason the product is shaped the way it is.

  • No cross-border transfer to answer for

    Because capture, inference and storage happen in-country, there is no export of biometric data to a foreign processor, and so no adequacy or transfer question to resolve first.

  • The capture flow is yours

    Subjects are verified inside a flow you control, not redirected to a third-party vendor in another jurisdiction. Fewer drop-offs, and the trust stays with your brand.

  • Designed for the local framework

    Built with Zimbabwe's data-protection framework in mind, including the Cyber and Data Protection Act and SI 155 of 2024. Alignment by design, not a badge.

Sovera is not certified or endorsed by any regulator or lab. We describe alignment with the local framework as a design goal, not as accreditation. No ISO, no iBeta, no partnership is implied.

Zimbabwe

Data residency

Everything a regulated onboarding needs, composable.

07 primitives

Each check is a call. Together they make a verification session.

The differentiator

Active liveness

The oval, plus a turn-left / turn-right challenge that proves a live person is present in real time. This is the flow that replaces a redirect to a foreign vendor with capture you host yourself.

challenge · nod · turn · blink

Passive liveness

Presentation-attack detection from a single frame. Catches printouts, screens and masks.

PAD

Face match

One-to-one comparison of a captured selfie against a reference portrait.

1:1

Document and MRZ

Read a document, extract the machine-readable zone and validate its check digits.

OCR / MRZ

AML and PEP

Screen a subject against sanctions, watchlists and politically-exposed-person data.

Sanctions

National-ID

Check an identity number against the authoritative source to confirm it is real.

eGov

Sessions

A hosted flow that stitches the checks into a single decision you can act on.

Hosted
The journey

From cold start to a signed decision.

Five stations in one hosted flow, three calls in your code. The subject never leaves your brand for a foreign vendor.

  1. Consent

    Live consent record

  2. Active liveness

    Turn and blink challenge

  3. Selfie

    Framed in the oval

  4. Document

    Scan and MRZ

  5. Decision

    Signed webhook

POST /v1/sessions

Create

Open a session and choose the checks it runs. You get back a session id and a link to the hosted capture flow.

hosted capture

Verify

The subject completes the flow: liveness oval, turn challenge, document scan. Captured, run and stored in-country.

session.completed

Decide

Read the result, or receive a signed webhook the moment it resolves. One decision, with the check outcomes attached.

For developers

An API that behaves the way you expect.

No surprises in auth, errors or retries. The primitives are the boring, dependable ones you already reach for.

Bearer keys, scoped
svk_live_ and svk_test_ keys with deny-by-default scopes, so a key does exactly what you granted it and nothing more.
RFC 9457 errors
Every failure is a problem+json document with a type, a title and a request id. Predictable to parse, easy to log.
Idempotency built in
Send an Idempotency-Key and a retried request replays the original result instead of double-charging the work.
Signed webhooks
Sessions resolve to HMAC-signed webhooks with a timestamp and signature, so you can trust the payload before you act.

RoadmapClient SDKs are on the way. Until then it is plain HTTP and JSON.

# create a verification session
curl -X POST https://verify.lioncapventures.com/v1/sessions \
  -H "Authorization: Bearer svk_live_9f2a…" \
  -H "Idempotency-Key: a1f9c2b7…" \
  -H "Content-Type: application/json" \
  -d '{
    "checks": ["active_liveness", "face_match", "document"],
    "reference": "cust_8241"
  }'

# 201 Created
{
  "id": "vs_2Zk9F4A1",
  "status": "pending",
  "url": "https://verify.lioncapventures.com/s/vs_2Zk9F4A1"
}
POST → your endpointsession.completed
X-Sovera-Signature: t=1720462800,v1=9f86d081…

{
  "event": "session.completed",
  "id": "vs_2Zk9F4A1",
  "decision": "approved",
  "checks": {
    "active_liveness": "pass",
    "face_match": "pass",
    "document": "pass"
  }
}

Compliance posture

Built to be defensible, not just to pass a demo.

Data sovereignty is the theme; these are the controls that make it real. Consent first, minimal retention, encryption, and a clean path to erasure.

Written to be aware of POTRAZ, the Data Protection Authority under the Cyber and Data Protection Act. Aware is the operative word. Sovera is not endorsed, licensed or certified by POTRAZ or any other body.

  1. Consent-gated by design

    gate

    No biometric template is created without a live consent record tied to it. Consent is the spine the rest of the data hangs from.

  2. PII tokenized

    vault

    Personal data is routed through a vault and referenced by token, so raw identifiers are not scattered across the system.

  3. Templates encrypted

    at rest

    Biometric templates are encrypted at rest. They are derived data, held only as long as the purpose that justified them.

  4. Erasure on request

    API

    A data-subject can be erased through the API, removing their records and templates to satisfy a deletion request.

Pricing

Prepaid credits. Start with three free.

Buy credits up front and draw them down as you verify. No subscription and no per-seat pricing, on infrastructure where regulated data is processed and stored in Zimbabwe.

1 credit = 1 verification

FreeEvery test and sandbox key starts with 3 free credits. Live keys draw down prepaid credits.

PaymentPay by EcoCash or USD bank transfer. Credits are added once we confirm your payment.

AML and national-ID screening are included today; specialised screening may be priced separately later.

Growth · Standard
$50

200credits

$0.25 per verification

StarterPilot
$15

50credits

$0.30 per verification

ScaleVolume
$200

1,000credits

$0.20 per verification

BulkLowest rate
$500

3,000credits

$0.167 per verification

Used by

Avalon Health

Running verification for regulated onboarding in production.

Bring sovereign verification to your onboarding.

Create an account, generate test keys and make your first verification call in minutes. No sales call to start, no foreign redirect in your flow.

  • Test keys in minutes
  • Signed webhooks
  • Data processed in Zimbabwe