HumanSeal distinguishes your real customers from automated bots — silently, without captchas, without friction. Integrates in less than 10 minutes.
From silent traffic analysis to strict API protection, our SaaS adapts. It authenticates humans, blocks automation, manages quotas, and gives you full visibility without ever storing personal data.
Free trial without a credit card. Upgrade when you are ready.
All plans: No credit card required to start (card required only after the trial) · Zero personal data stored · Technical support included
No server configuration. No dependencies. Just JavaScript.
pk_live_...) for your frontend, and a Secret Key (sk_live_...) for your backend server. The free trial for your plan is activated immediately.await window.HG_V2.verify() before your "Buy" button. If there is a doubt, biometrics are triggered.// Step 1: Configure your API key (before loading the SDK) <script> window.HG_CONFIG = { apiKey: "pk_live_YOUR-PUBLIC-KEY-HERE" // Use your PUBLIC key (pk_live_...) here — safe for the browser. // Your SECRET key (sk_live_...) must ONLY be used server-side. // No code change needed when you upgrade plans. }; </script> // Step 2: Load the universal SDK (one line, once, forever) <script type="module" src="https://app.humanseal.emkaylabs.tech/hg-client.js"> </script> // That's it. The SDK auto-configures for your plan: // window.HG_Monitor → HS Insight — silent passive analysis // window.HG_V2 → HS Sentinel — behavioral engine activated // window.HumanSeal → HS Vault — FIDO2 biometric modal injected
Everything you need to know about HumanSeal.
HumanSeal is a trust infrastructure that distinguishes real human users from automated bots — without ever asking your visitors to solve a CAPTCHA or perform a manual action. It works by combining three complementary signals: a unique hardware identifier (IDH) derived from the physical characteristics of the device, a passive behavioral analysis of micro-movements (mouse, keyboard, screen touch), and — for high-security plans — a cryptographic biometric attestation performed directly on the device's secure chip. All of this runs silently in the background in milliseconds.
No. The SDK is loaded asynchronously — it never blocks the rendering of your page. The behavioral analysis runs entirely in the background. For verified trusted users, the check completes in under 10ms and is completely transparent to the visitor. The SDK is lightweight (<20KB) and has no impact on your Lighthouse score or SEO.
Integration takes under 10 minutes and requires only 2 lines of code added to your HTML page. Step 1: declare your API key in a window.HG_CONFIG object. Step 2: load the universal SDK script. That's it — the SDK automatically detects your active plan server-side and configures itself accordingly. There is nothing to change in your code when you upgrade your plan. A full integration guide with copy-paste code examples is available in the "How it works" tab.
A verification is counted each time HumanSeal performs a full security analysis for a unique device (IDH) on a given protected event or page. This count applies regardless of the outcome — whether the device is identified as a trusted human, suspicious, or a bot — and regardless of whether the visitor completes a purchase or not. The security analysis is delivered the moment the device accesses the protected resource, and that is when it is counted.
Your service is never interrupted. Once the included monthly quota is exhausted, each additional verified device is billed individually on a usage basis (from $0.02 to $0.08 per verification depending on your plan). Your administration console at app.humanseal.emkaylabs.tech/dashboard lets you monitor your consumption in real time via the /api/usage/stats endpoint, and you receive a preventive alert before reaching your limit.
HumanSeal stores zero biometric data and zero readable personal information. Email addresses are immediately transformed into a SHA-256 cryptographic hash before any recording — it is mathematically impossible to reconstruct the original email from this hash. Biometric signals (fingerprint, FaceID) never leave the user's device; only a signed cryptographic attestation is transmitted. The only identifier persisted server-side is the anonymous hardware device hash (IDH). HumanSeal is GDPR-native by design.
The false positive rate is extremely low by design. On the HS Insight plan (100% passive), users are never blocked — the system only observes silently. On HS Sentinel, a transparent challenge is only triggered in genuinely ambiguous situations (less than 0.1% of legitimate traffic) and legitimate users are cleared in under 1.5 seconds. On HS Vault, the FIDO2 biometric enrollment is a one-time action — all subsequent visits and validations are instant, transparent, and frictionless, preserving your user conversion rates.
HS Insight ($49/mo) is the silent observer. It audits and scores all traffic invisibly without ever interrupting a visitor. Ideal for measuring the real financial impact of bots before committing to active protection.
HS Sentinel ($149/mo) adds active governance: atomic purchase quotas (anti-scalping), and a smart behavioral challenge triggered only when needed. The right choice for standard ticketing or e-commerce platforms that need real-time protection.
HS Vault ($799/mo) is maximum-security mode. It cryptographically links each user to their physical device via a FIDO2 biometric attestation. A single enrollment, then instant authentication forever. Designed for flash sales, exclusive events, and high-value asset transactions.
HumanSeal is designed around a fail-open architecture by default: if our backend cannot be reached, the SDK gracefully steps aside and your site continues to function normally — no visitor is ever blocked because of us. For maximum-criticality events (HS Vault), administrators can optionally switch to a fail-closed mode from the console, which temporarily suspends the flow rather than opening it. Our infrastructure targets 99.9% uptime with automatic circuit breakers that isolate failures before they propagate.
Yes, completely freely. There is no long-term commitment. You can change your plan or cancel your subscription in one click from your administration console. The SDK requires zero code changes when you switch plans — it reads your current tier automatically from our servers at each page load. The change takes effect immediately.
The FIDO2/WebAuthn standard relies on each device's built-in secure hardware chip (Touch ID, Face ID, Windows Hello, or a security key). The biometric data never leaves the device — the chip performs the authentication internally and only sends a signed cryptographic proof to our server. The user experience is identical to unlocking their phone or approving a bank payment. For returning users, authentication is instant (under 200ms). It is far less intrusive than a CAPTCHA, requires no passwords, and produces no false positives for legitimate users.
Each device generates its own unique identifier (IDH) based on its hardware characteristics. A user recognized on their laptop is a distinct IDH from the same person using their phone — this is by design, for privacy. There is no cross-site tracking: a user's IDH on your platform is cryptographically isolated from that same device on any other HumanSeal client's platform. You receive a complete, isolated view of your own traffic only.
Yes, fully. HumanSeal is framework-agnostic. You load the SDK once via a standard <script> tag — it works identically in React, Vue, Angular, Next.js, Svelte, or plain HTML. In SPA contexts, simply call window.HG_V2.verify() before protected actions (form submissions, purchases) rather than on page load. The SDK persists the device session across client-side route changes without requiring a page reload.
This is the core security question — and our most robust guarantee. The Hardware Device Identifier (IDH) is derived from dozens of hardware-level signals that are extremely difficult to spoof consistently (GPU rendering, audio context, screen calibration data, and more). Unlike cookies or IP addresses, spoofing an IDH requires acquiring real hardware. On HS Vault, even a perfect IDH spoof is insufficient: the FIDO2 biometric attestation requires physical access to the specific device's secure hardware chip. There is no known software workaround for this.
Yes. Our published plans (Insight at $49/mo, Sentinel at $149/mo, Vault at $799/mo) are designed for self-service onboarding. For organizations requiring more than 500,000 monthly verifications, custom SLA guarantees, dedicated infrastructure, or contractual arrangements (escrow, SOC2 reports, legal riders), we offer custom Enterprise contracts. Contact us at humanseal@emkaylabs.tech with your estimated volume and use case and we will respond within 24 hours with a tailored proposal.
Yes. Your API keys work on any domain or localhost environment without restriction. We recommend using your trial period to fully test the integration on staging before going live. The administration console shows all verifications in real time, allowing you to inspect exactly how each device is analyzed. There are no separate sandbox keys — your production keys work universally and trial usage is clearly distinguished in your billing dashboard.
When you cancel, your premium subscription remains active until the end of the current billing period. After that, your account transitions automatically to our Free access tier or is paused. Your API keys, configurations, security settings, and historical audit logs are preserved securely on our databases indefinitely. You can return and reactivate your subscription at any time without losing your configuration or history. If you require permanent and immediate deletion of all your account data, you can request it at any time by contacting our support team.
HumanSeal is specifically built for high-tension events. Before a major sale, we recommend: (1) Pre-warming your quota by upgrading to the appropriate tier for the event window. (2) Optionally enabling Fail-Closed mode from your admin console to ensure that if our backend is unreachable, the flow is suspended rather than opened. (3) Contacting us in advance — for events exceeding 100,000 concurrent sessions, we can pre-allocate dedicated infrastructure capacity. Flash sales are our core use case; we are optimized for exactly this scenario.
For standard behavioral detection and transaction quotas (Insight & Sentinel), HumanSeal does not use cookies; it stores an anonymous hardware-derived token locally within the user's browser (localStorage). For high-security biometric verification (Vault), a temporary first-party session cookie is utilized on your domain to secure the active biometric session. We do not use advertising, profiling, or cross-site tracking cookies. This functional usage is fully exempt from consent banners under ePrivacy rules.
Yes. Your account supports multiple domains under the same API key pair. Each domain is treated as an isolated tenant — a device trusted on site-a.com generates a completely different IDH than the same device on site-b.com, preventing cross-site correlation. Your administration console groups events and quota consumption by domain, giving you granular visibility per site. For complex multi-tenant architectures, the clientId parameter in HG_CONFIG allows further subdivision within a single domain.
Yes. Every security event (verification, quota consumption, device ban, recovery attempt, suspicious score) is written to an immutable append-only log in your administration console. You can filter by date range, device hash, trust level, or event type. Exports are available in JSON and CSV format directly from the dashboard. On HS Vault, forensic logs include the full attestation chain, making them legally admissible in dispute resolution or fraud investigations.
Technical support is available via email at humanseal@emkaylabs.tech. We guarantee a response to all technical integration and platform questions in under 24 hours, ensuring smooth deployment. All documentation, integration guides, and API references are fully maintained.
Didn't find your answer? Contact our team →
HumanSeal ensures the protection of digital platforms via advanced anonymization protocols, guaranteeing compliance with the General Data Protection Regulation (GDPR). Our priority is to ensure the security of your site while respecting user privacy.
When using the biometric authentication system (FIDO2/WebAuthn), email addresses are never stored in plain text. They are immediately transformed into SHA-256 cryptographic hashes before any recording. It is technically impossible to reconstruct the original email from this hash, guaranteeing that HumanSeal never knows the true identity of your customers.
Your data is strictly separated from other customers. The technical device identifier (IDH) is generated using a unique cryptographic "pepper" for each company. This prevents tracking a user from one site to another within the HumanSeal network: a user banned on a third-party site will never be blocked on yours, unless explicitly decided by you.
To ensure traffic security, we exclusively store:
Your data is hosted with certified, enterprise-grade cloud infrastructure providers. Databases are encrypted at rest (AES-256) and all exchanges are secured via the TLS 1.3 protocol. Our hosting partners meet the highest standards of physical and digital security.
In accordance with regulations, your users can request the deletion of their technical identifier. For any administrative request or privacy question: humanseal@emkaylabs.tech.
By using HumanSeal, you accept these contractual rules governing access to and use of our services.
HumanSeal offers three levels of protection suited to the criticality of your assets:
You receive a unique API key that you must not share. You are responsible for installing the code on your site. If we detect abusive or fraudulent use of your account, we reserve the right to suspend it to protect the integrity of the global network.
Each subscription grants a monthly volume of Security Verifications. A verification is counted as soon as the system analyzes the integrity of a unique session, whether it is identified as human or robotic. If your quota is exhausted, the service remains active and additional verifications are billed individually (Overage) according to your plan's pricing ($0.02 to $0.08 / req) until the end of the 30-day cycle.
We make every effort to provide 24/7 service. In the event of a server or third-party API failure, our fallback systems (Circuit Breakers) take over to avoid blocking your site. The availability target is 99.9%.
HumanSeal is a digital security assistance tool. Although our algorithms are constantly updated, we cannot be held liable in the event of bypassing by novel attack vectors.
Our billing policy is designed to be simple, transparent, and without surprises for our customers.
Each plan includes a free trial period to validate the service's suitability for your needs. The duration of this trial varies depending on the chosen offer: 30 days for HS Insight, 14 days for HS Sentinel, and 7 days for HS Vault. Cancellation during this period is free of charge and can be done in one click from your console.
Subscriptions are billed monthly or annually. Renewal is automatic. The customer can disable automatic renewal at any time from their dashboard; the service remains active until the end of the paid period.
In accordance with standard SaaS practices, started months are non-refundable. Unused verification volumes at the end of the month expire and cannot be credited or carried over.
In case of dissatisfaction with detection accuracy, our technical team commits to analyzing your audit logs and adjusting the sensitivity thresholds for your domain free of charge.
For any questions regarding billing or refunds: humanseal@emkaylabs.tech
A question about the plans, a demo request, or need help with integration? We answer quickly.
✉ humanseal@emkaylabs.techOr fill out the form below