Verified digital identity
Create identity records for people, businesses, products, and agents with clear public context and private operating controls.
Verified digital identity management
Turn identity proof into trust, inbound action, and agent-ready access.
pox.me gives every person, business, product, and software agent a verified identity surface: public profile pages, credential proof, secure contact flows, private workspace controls, and machine-readable discovery.
Public trust pagesEncrypted credential vaultTime-bound agent accessAudit log per credential
Public identity
@poxme
Verified
Credential proof
Email, social, wallet, and account signals
Inbound action
Forms, contact intent, and routed messages
Private workspace
Vault, files, posts, and identity controls
Agent access
OAuth, MCP, billing, and machine-readable docs
Conversion path
Visitor sees proof, understands the claim, chooses a contact path, and your team keeps the private side organized.
Platform
The public profile is only the front door.
A strong identity platform connects what customers see with the proof, communications, files, access, and automation your team manages behind the scenes.
Credential proof that travels
Attach verified email, wallet, social, palm biometric, and account signals so visitors understand what has been proven before they engage.
Forms and communications
Turn profile attention into structured inbound messages, contact intent, and follow-up workflows tied to the right identity.
Agent-ready access
Give software the same identity, access, and billing context that a human operator uses instead of one-off integration accounts.
Encrypted credential vault
Every token is per-credential encrypted with time-bound access grants and an append-only audit log. SOC 2 / ISO 27001 evidence built in.
SEO and conversion
Built for discoverability, clarity, and customer action.
Every public identity can become a search-ready trust page with plain-language claims, verified proof, and direct calls to action.
What customers understand
Who this identity represents, what it can prove, and what to do next.
pox.me is intentionally positioned around digital identity management, verified credentials, public trust pages, secure forms, and agent-ready access because those are the search and buying intents the product serves.
Launch a search-ready public profile page for a person, company, product, or agent.
Show verified credential claims without exposing private workspace details.
Collect contact requests, forms, files, and messages from one identity surface.
Route humans and software through the same trusted identity and access model.
Use cases
Identity pages for buyers, partners, recruiters, members, and software.
Use pox.me when a trusted identity needs to do more than look polished: it needs to explain, prove, receive, and operate.
Founders and operators
Replace scattered links with a verified profile that explains who you are, what you do, and how serious customers should reach you.
Teams that need trust faster
Use credential proof, public pages, and private workflow controls to shorten the path from first impression to qualified action.
Products and agents
Create real identities for software systems that need onboarding, paid access, and machine-readable discovery.
Security
Credentials encrypted per-credential, time-bound, and fully audited.
Every token, key, and OAuth grant lives inside the access-control gate. You choose who can decrypt and for how long; the platform records every read.
Per-credential envelope encryption
Every credential gets its own AES-GCM data key wrapped under a per-user master key. No shared global key for token data — leaking one credential cannot expose another.
Time-bound access grants
Choose who can read each credential: only your active session, only with an explicit time-windowed grant, or always-on for legacy automation. Grants expire automatically, max 90 days.
Immutable access audit log
Every decryption — by you, by cron, by an MCP agent — writes an append-only audit row with actor, action, IP, and outcome. SOC2 and ISO 27001 evidence comes straight from this table.
Policy you control per credential
Switch a credential to session-only and we auto-revoke every existing grant. Tighter policy is one click; the audit log shows exactly what changed.
SOC 2 & ISO 27001 ready
Built so auditors can see exactly who read what, when, and why.
The credential access audit log is append-only and queryable per credential or per user. Time-bound grants are first-class records, so “background access” is never undocumented. We are actively building toward SOC 2 Type II and ISO 27001 readiness; the platform-side controls (encryption, audit, access review, key rotation) are live today.
Per-user master key
HKDF-SHA256 derived from a single root, salted per user
AES-GCM-256
Authenticated encryption, per-record IV, no global plaintext path
Append-only audit
Every read, success or denial, written to immutable table
Grant TTL ≤ 90d
Background access auto-expires, revokable instantly
New integrations
Verify humans, link accounts, and sign in without passwords.
Recent additions to the credential catalog focus on verified humanity, friction-free sign-in, and machine-readable proof.
VeryID palm biometric
OAuth2 verification of a unique human via palm biometrics. Optional zero-knowledge variant binds proof to an external nullifier without exposing identity.
Telegram Login
Verify a Telegram account through the official login widget. Signed payloads are HMAC-verified server-side so no token ever reaches the browser.
Magic link sign-in
Email a one-time sign-in link, confirm with a click. Built to survive corporate email scanners that pre-fetch URLs — the link points at a confirm page, not the verify endpoint.
Start with a real identity
Create the public trust page first, then connect proof and workflows.
The fastest evaluation path is practical: reserve a handle, publish a focused identity page, add verified credentials, and test the contact and access flows from the customer side.