Being identical twins, we’ve spent our whole lives dealing with identity confusion, so it is a bit of irony that we ended up building a company to solve it for the internet.
Growing up in Barcelona, we spent years working on products where identity issues were a massive pain. We eventually realized that for most engineering teams, "global identity" is a fiction—in reality it is a fragmented mess. You end up stitching together one provider for US driver's licenses, another for NFC chip extraction in Europe, a third for AML screening, a fourth for government database validation in Brazil, a fifth for liveness detection on low-end Android devices, and yet another for biometric authentication and age estimation. Orchestrating these into a cohesive flow while adapting to localized regulations like GDPR or CCPA is a nightmare that makes no sense for most teams to be working on.
When we looked at the existing "enterprise" solutions, we were baffled. Most require a three-week sales cycle just to see a single page of documentation. Pricing is hidden behind "Contact Us" buttons, and the products themselves are often bloated legacy systems with high latency and abysmal accuracy.
We also noticed a recurring pattern: these tools are frequently optimized only for the latest iOS hardware, performing poorly on the mid-range or older Android devices that make up a huge percentage of the market. This results in a "leaky" funnel where legitimate users drop off due to technical friction and fraud goes undetected because data points are spread across disparate systems. Also, these systems are expensive, often requiring massive annual commits that price out early-stage startups.
We wanted to build a system that is accessible to everyone—a tool that works like Stripe for identity, where you can get a sandbox key in thirty seconds and start running real verifications with world-class UX and transparent pricing.
To solve this, we took the "delusional" path of full vertical integration. Rather than just wrapping existing APIs, we built our own ID verification and biometric AI models—from classification and fraud detection to OCR models for almost every language. This vertical integration is fundamental to how we handle user data. Because we own the entire stack, we control the flow of sensitive information from end-to-end. Your users' data doesn't get bounced around through a chain of third-party black boxes or regional middle-men. This allows us to provide a level of security and privacy that is impossible when you are just an orchestration layer for other people's APIs.
We believe that identity verification is one of the most critical problems on the internet, and must be solved correctly and ethically. Many people are rightfully skeptical, especially given recent news about projects that have turned identity into a tool for mass data collection or surveillance. We don’t do anything of the sort, but we also don’t want to be coerced in the future, so we facilitate data minimization on the customer side. Instead of a business asking for a full ID scan, we allow them to simply verify a specific attribute—like "is this person over 18?"—without ever seeing the document itself. Our goal is to move the industry away from data hoarding and toward zero knowledge, or at least minimal knowledge, verification.
The result of our all-in-one approach is a platform that increases onboarding rates while lowering identity costs. We’ve focused on building a high-confidence automated loop that reduces the need for manual review by up to 90%, catching sophisticated deepfakes and spoofing attempts that standard vision models miss. Our SDK is optimized for low bandwidth connections, ensuring it works on spotty 3G networks where legacy providers usually fail.
We are fully live, and you can jump into the dashboard at https://business.didit.me to see the workflow orchestration immediately. Our pricing is transparent and success-based; we don’t believe in hiding costs behind a sales call.
We’re here all day to answer any question—whether it’s about how we handle NFC verification, our approach to deepfake detection, the general ethics behind biometric data retention, or how we think about the future of identity. We’d love your brutal HN feedback on our APIs, platform, and integration flow!
If I could make one giant request, it's around giving (properly authorized) humans the ability to override the system when needed. When you make a simple API, it's all too common for a company integrating the solution to rely entirely on the identity service's yes-no outcome. But all too commonly, there's no way to override a decision, or bypass the need for identification.
In the travel space, I've seen situations, especially with luxury and celebrity clients, where there's human levels of trust across the board, all parties are agreed at senior levels that they'd like to fulfill with a one-off exception to identity verification... but the technology refuses to let them proceed without going through the full verification flow, and if they're integrated in the simplest way, there's no "escape hatch" on the integration's side.
And similarly, if a person happens to trigger false negatives on video matches (say, due to medical reasons) giving support teams an ability to build exceptions is key. Having a way to tell the system "for this transaction/account ID, when they get to this node in the flow, let them through as if checks proceeded, or treat them as pre-authorized" would set you apart.
(Obviously, for things involving KYC, there's a lot of considerations around permissioning - but for many use cases, you want to empower senior support teams.)
We also built a case management system so support teams can manually review cases, approve/decline them, or override decisions when needed. Automation handles most cases, but humans can step in for the edge cases.
Instead, this should be handled not by fudging identity verification but by skipping it and maybe tagging the skip event with some verified identities of the people authorizing the skip.
This. Left unchecked, an entourage around a fake "celebrity" can get pretty far.
Given all the privacy breaches already in this space, what auditing are you planning to ensure that PII is not held anywhere in the stack after KYC/AML/ID confirmation?
This goes beyond ISO27K/HIPAA/SOC2 etc to an actual code/storage audit that confirms that PII is only held ephemerally and completely encrypted at rest otherwise, unavailable to anyone, including internal access and/or law enforcement etc.
A couple questions:
1. Given that one of your offerings is a wallet for identity, how do you handle storing user biometric data and documents
2. I’m surprised AI age detection based on faces is accurate enough to be used for account decisions. Is there any specific standard your models are held too and why would someone prefer it over an ID document proving age?
The idea is that users control their identity. They create a Didit account where they can verify themselves, add credentials, revoke connections, or delete everything at any time. We don’t store raw biometrics or documents in the wallet layer — only derived attributes like estimated_age, is_human, is_unique, or a face embedding used for matching.
Services request specific scopes (similar to “Sign in with X”), like is_over_18 or is_human, and the user explicitly approves what gets shared.
On age detection: it’s mainly for low-risk age-gating (social, gaming, adult content, etc.), where asking every user for an ID kills conversion. For higher-risk cases you’d still use full ID verification.
This is an interesting concept but the identity space is extremely crowded. It’s hard to find a specific niche and aggressively scale it unless you already have a strong end-user persona in mind, precisely because interacting with “the real world” is super nuanced and complicated at any appreciable scale.
it is crowded yes, but you can always do a better product take market share, expand TAM, and eventually create new markets (eg identity wallet ..)
I don’t need to chat with you where you do a q&a where you decide what the correct amount of money to extract out of me is. Price your service accurately and accordingly instead and you’ll get my business