No cross-border transfer to answer for
Because capture, inference and storage happen in-country, there is no export of biometric data to a foreign processor, and so no adequacy or transfer question to resolve first.
KYC, liveness and biometrics for regulated businesses. One API for face match, documents and AML screening, with a capture flow you own, not a redirect to a foreign vendor.
The design principle
Most verification stacks send a face and an ID document across a border to be checked. That is the moment the hard questions start: whose law applies, who can be compelled to hand the data over, and whether the transfer was ever lawful.
Sovera removes that moment entirely. Keeping the regulated data in-country is not a feature bolted on later. It is the reason the product is shaped the way it is.
Because capture, inference and storage happen in-country, there is no export of biometric data to a foreign processor, and so no adequacy or transfer question to resolve first.
Subjects are verified inside a flow you control, not redirected to a third-party vendor in another jurisdiction. Fewer drop-offs, and the trust stays with your brand.
Built with Zimbabwe's data-protection framework in mind, including the Cyber and Data Protection Act and SI 155 of 2024. Alignment by design, not a badge.
Sovera is not certified or endorsed by any regulator or lab. We describe alignment with the local framework as a design goal, not as accreditation. No ISO, no iBeta, no partnership is implied.
Capabilities
Compose the checks you need. Each one is a call; together they make a verification session.
The oval, plus a turn-left / turn-right challenge that proves a live person is present in real time. This is the flow that replaces a redirect to a foreign vendor with capture you host yourself.
Presentation-attack detection from a single frame. Catches printouts, screens and masks without asking the subject to do anything.
PADOne-to-one comparison of a captured selfie against a reference portrait, returning a similarity decision.
1:1Read an identity document, extract the machine-readable zone and validate its structure and check digits.
OCR / MRZScreen a subject against sanctions, watchlists and politically-exposed-person data as part of onboarding.
SanctionsCheck an identity number against the relevant authoritative source to confirm it is real and well-formed.
eGovA hosted capture flow that stitches the checks together, from first frame to a single decision you can act on.
Hosted flowHow it works
Call the API to open a verification session and choose the checks it should run. You get back a session id and a link to the hosted capture flow.
POST /v1/sessions
Authorization: Bearer svk_live_…
{ "checks": ["active_liveness",
"face_match",
"document"] }The subject completes the hosted flow: the liveness oval, the turn challenge, a document scan. Everything is captured, run and stored inside Zimbabwe.
→ oval framing
→ turn-right challenge ✓
→ document + MRZ ✓
→ template encryptedRead the session result, or receive a signed webhook the moment it resolves. One decision, with the underlying check outcomes attached.
event: session.completed
{ "decision": "approved",
"checks": { "liveness": "pass",
"face_match": "pass" } }For developers
No surprises in auth, errors or retries. The primitives are the boring, dependable ones you already reach for.
# request
curl -X POST https://verify.lioncapventures.com/v1/verify/liveness
-H "Authorization: Bearer svk_live_…"
-H "Idempotency-Key: a1f9…"
# 200 OK
{
"decision": "pass",
"score": 0.987,
"request_id": "req_2Zk…"
}Compliance posture
Data sovereignty is the theme, and these are the controls that make it real: consent first, minimal retention, encryption, and a clean path to erasure.
Written to be aware of POTRAZ, the Data Protection Authority under the Cyber and Data Protection Act. Aware is the operative word. Sovera is not endorsed, licensed or certified by POTRAZ or any other body.
No biometric template is created without a live consent record tied to it. Consent is the spine the rest of the data hangs from.
Personal data is routed through a vault and referenced by token, so raw identifiers are not scattered across the system.
Biometric templates are encrypted at rest. They are derived data, held only as long as the purpose that justified them.
A data-subject can be erased through the API, removing their records and templates to satisfy a deletion request.
Integrations and partners
Get started
Create an account, generate test keys and make your first verification call in minutes. No sales call to start, no foreign redirect in your flow.