Frequently asked questions
Everything you need to know about how Human Sender works.
Can AI generate a fake Human Sender code?
No. Every code is minted by a real, identity-verified Verify account — and minting requires a biometric confirmation (Face ID or fingerprint) on a registered device. An AI has no device and no biometric. Even if someone stole your account credentials, they would still need physical access to your phone to generate a code.
Does the recipient need a Human Sender account to verify a message?
No. Recipients never need to sign up to verify a message. Clicking the badge link takes them to a public page that shows who signed the message, when, and (in strong mode) confirms the exact message content matches. Signing up is only needed to send verified messages yourself.
What exactly does the badge prove?
Depending on the verification level of the sender, the badge proves one or more of: (1) a real, registered email address is behind this account; (2) a live human face was confirmed via liveness check at signup; (3) a government-issued ID matches the face; (4) the sender's employer has confirmed their role. In strong mode, the code is also bound to the exact message body — so any alteration of the message after signing breaks the verification.
What happens if the message is altered after it was signed?
If the sender used content binding (the default for email), we store a cryptographic hash of the message body at the moment of signing. If a recipient is shown a different version of the message, the hash will not match and the verification page will display a clear warning. This defeats man-in-the-middle message tampering.
Is Human Sender GDPR compliant?
Yes. Human Sender is operated by Blustrix OÜ, an Estonian company. All data is stored in the EU (Supabase Frankfurt). We process only the minimum data necessary: email address, phone number, and optionally a photo and identity document for higher verification levels. You can read the full details in our Privacy Policy.
What channels does Human Sender work on?
Any channel where you can include a short URL or a 6-character code in your message. This covers email (link in signature), LinkedIn (link in message), SMS (short code to type into humansender.com), plain text, and live phone or video calls (4-digit rotating code valid for 2 minutes).
How long are codes valid?
Message codes are valid for 30 days from when they are created. Live call codes expire after 2 minutes — this is intentional, since a fresh code proves the person is on the call right now. Both types of codes can be used once before they are marked as previously verified.
How is this different from a digital signature like S/MIME or PGP?
S/MIME and PGP sign the email at the protocol level and require both sender and recipient to have compatible email clients and manage certificates. Verify is channel-agnostic — a link or short code works in any email client, SMS app, or messaging platform without any software installation. It also adds identity verification (who the person actually is) on top of cryptographic signing, and the public verification page is designed for non-technical recipients.
What if I lose my phone?
You can log in to Human Sender from another device and remotely revoke your registered device. Once revoked, that device can no longer mint new codes. Any codes already sent remain valid until their expiry date, but no new codes can be generated from the old device.
Still have questions?
Reach us at legal@humansender.com and we will get back to you within one business day.