Can visitors check in without a smartphone?

Yes. The VEP supports mDL tap (digital ID) and physical document scan (OCR + MRZ). Both feed into the same face matching, NDA, and credential provisioning flow.

Can the VEP work without internet?

Yes. VEP Local caches everything needed for the core check-in flow. Calendar sync and notifications queue locally and deliver on reconnection.

What PACS platforms does the VEP integrate with?

Mercury LP/MP controllers via OSDP v2.2. At launch: LenelS2, Genetec, Acre, RS2, and Access It.

How long does deployment take?

Under 2 hours per station. No server installation, no network infrastructure.

The Visitor Experience Platform.

Pre-registration. Identity verification. Face matching. NDA automation. Credential provisioning. Host notifications. Compliance audit. All orchestrated.

Book a Demo See the Visitor Management Solution

3Architecture Layers

2Operating Modes

< 2sFace Matching

< 2 hrsSingle-Station Deploy

Platform Architecture

Three layers. One orchestrated flow.

The VEP turns the KeyShare Puck from a check-in terminal into a complete visitor management platform. Every capability — identity verification, face matching, NDA automation, credential provisioning — is orchestrated across three integrated layers.

VEP Cloud

Cloud-hosted (regional deployment available)

Configuration, analytics, calendar sync, admin dashboard, branding management, compliance reporting, and station management across all sites.

HTTPS + WebSocket

VEP Local

On-premise — Electron app on local PC

Real-time orchestration between Puck, PACS, and notification channels. Offline-first — caches visitor records, NDA documents, and configuration locally. Check-in works without cloud connectivity.

USB-C

Puck

Visitor-facing hardware terminal

NFC reader (mDL tap) · Camera (face matching) · Touchscreen · Document scanner (physical IDs) · LED ring (visual feedback).

Offline-first: Core check-in flow works without cloud connectivity. Calendar sync and notifications resume on reconnection.

See the Puck Hardware

Operating Modes

Same hardware. Two modes. Your choice.

The Puck operates in two modes — configurable per station, switchable at any time. One lobby can run reception mode at the front desk and self-service kiosk mode at a secondary entrance.

	Reception Mode	Self-Service Kiosk
Designed for	Staffed reception desks	Unstaffed lobbies, after-hours entries
Operator	Receptionist manages flow via VEP Local UI	Visitor self-serves; Puck guides the experience
Queue management	Receptionist sees queue with priorities	Sequential processing
Manual overrides	Skip steps, add NDA, change access level	Automated — escalation chain handles exceptions
Escalation	Receptionist handles directly	5-min host → 10-min co-host → 15-min alert
Multi-station	VEP Local coordinates multiple Pucks	Each station operates independently
Accessibility	Receptionist assists visitors	WCAG 2.1 AA, multilingual, screen reader

The operational advantage

Reception mode gives your front desk team superpowers — identity-verified check-in with queue management and multi-station coordination. Kiosk mode extends visitor management to every entrance without adding staff. Most enterprises deploy both.

V1.0 Features

Everything the platform does.

BASE

Calendar Integration

Auto-detect visitors from Google Calendar and Microsoft Outlook. Name matching and pre-visit email triggers.

BASE

Pre-Visit Communication

Automated emails with check-in instructions, building directions, NDA notice, and pre-registration link.

BASE

Identity Verification

Cryptographic verification via mDL tap (ISO 18013-5) or physical document scan (OCR + MRZ). Government-issued ID.

BASE

Multi-Recipient Notifications

Host + all participants notified via Slack, Microsoft Teams, and email. Arrival details and action buttons.

BASE

Escalation Chain

5-min host reminder → 10-min co-host prompt → 15-min receptionist alert. No visitor left waiting.

BASE

Compliance Audit Trail

Every visit logged with verified identity, NDA status, credential issued, and timestamps. Exportable. SIEM integration.

BASE

Deep Branding

Three tiers: logo/colors (no-code), per-screen copy editor, custom CSS with font upload. Full visual control.

BASE

Offline Operation

VEP Local caches everything. Full check-in without cloud connectivity. Syncs on reconnection.

BASE

Self-Service Kiosk

Unattended check-in with LED feedback, step-by-step guidance, automatic escalation, and accessibility compliance.

BASE

Pre-Registration Portal

Web-based portal for inviters and visitors. Pre-sign NDAs, provide ID details in advance. Mobile-responsive.

BASE

Reception Queue Management

Queue view with visitor states, priorities, hold reasons, and multi-station awareness. Manual overrides for any step.

BASE

Directory Integration

Active Directory / Azure AD / Entra ID for host lookup and notification routing. SCIM provisioning.

BASE

Event Webhook

Configurable webhook for custom integrations. Every visitor event fires a structured JSON payload. SIEM, ServiceNow, CRM.

SECURITY MODULE

SECURITY

Face Matching

1:1 comparison between ID photo and live person. On-device CPU. NIST-evaluated. Liveness detection. Under 2 seconds. Zero retention.

SECURITY

NDA Capture

Per-invite or per-policy NDA with electronic signature linked to verified identity. ESIGN Act / eIDAS compliant. Four trigger mechanisms.

SECURITY

Watchlist Screening

Screen visitors against your denied-party list at check-in. Configurable: block, alert, or flag for manual review.

SECURITY

Foreign National Detection

Flag non-US nationality documents. Designed for ITAR compliance with automatic escort requirement flagging.

SECURITY

Overstay Detection

Alert when visitors exceed scheduled duration. Notification, forced credential expiry, or security alert.

SECURITY

Duress Alert

Silent alert triggered by receptionist in emergencies. Configurable alert recipients and escalation chain.

ACCESS MODULE

ACCESS

Credential Provisioning

Mobile wallet key, physical badge encoding, or direct PACS authorization. Real building access credentials at check-in.

On the Roadmap

Coming next.

PLANNED

Arrival Board

Lobby display with privacy-filtered visitor status. Standard, Quiet, or Disabled modes.

PLANNED

Multi-Tenant CRE

Property-admin and tenant-admin roles. Full data isolation. Cross-tenant visitor handling. Per-tenant branding.

PLANNED

Advanced Watchlist

OFAC SDN and BIS Entity List integration for automated sanctions screening beyond internal lists.

Modular Platform

Start with what you need. Add modules as you grow.

Per-station subscription. No per-visitor fees. Whether you check in 10 visitors a day or 1,000, the cost is the same.

BASE PLATFORM

Every deployment starts here

Calendar integration
Identity verification
Pre-visit communication
Multi-recipient notifications
Deep branding
Offline operation
Compliance audit trail
Self-service kiosk mode

Recommended

+ SECURITY MODULE

Biometrics, NDAs, screening

Face matching (zero retention)
NDA capture (4 triggers)
Watchlist screening
Foreign national detection
Overstay detection
Duress alert

+ ACCESS MODULE

Real building credentials

Mobile wallet key provisioning
Physical badge encoding
Direct PACS authorization
Mercury LP/MP controllers
Credential lifecycle management

Request Pricing

Branding

Your visitors see your brand. Not ours.

Every touchpoint carries your brand — from the pre-visit email to the check-in screen to the NDA signature page.

Tier	What You Customize	Setup Time
Tier 1: Basic	Logo, brand colors, welcome message. No code required.	5 minutes
Tier 2: Advanced	Per-screen copy editor. Customize every screen. Tone-of-voice templates: Professional, Friendly, Minimal.	30 minutes
Tier 3: Custom CSS	Full visual control. Upload brand fonts. Override any element. Live preview with accessibility guardrails.	1–2 hours

Privacy & Compliance

Built for compliance. Designed for privacy officers.

The VEP is designed for biometric privacy compliance, data minimization, and regulatory audit readiness.

Biometric Ephemerality

Face matching data follows a strict lifecycle: captured in RAM on the Puck, processed for 1:1 comparison, and immediately discarded. Zero seconds of retention. No disk writes. No cloud transmission. No template storage. This is an architectural constraint — the Puck has no write path to persistent storage for biometric data.

Jurisdiction-Aware Consent

Jurisdiction	Law	VEP Implementation
Illinois	BIPA	Written consent before capture. Purpose, retention (0s), and destruction policy disclosed.
EU	GDPR Art. 9	Explicit consent for biometric processing. Pre-filled DPIA template provided.
Texas	CUBI	Informed consent before capture. Purpose and duration disclosed.
Washington	HB 1493	Notice and consent before enrollment in biometric system.

Data Retention Schedule

Data Category	Retention	Location
Biometric face data	0 seconds	Puck RAM only
Consent records	7 years (configurable)	VEP Cloud
Visitor identity records	2 years (configurable)	VEP Cloud
Signed NDAs	7 years (configurable)	VEP Cloud
Access event logs	2 years (configurable)	VEP Cloud
System logs	90 days	VEP Cloud

Regulatory Alignment

Framework	VEP Capability
BIPA	Consent before capture; zero retention; written policy; auditable consent records
GDPR	Explicit consent (Art. 9); data minimization; DPIA template; right to erasure; regional data residency
HIPAA	Identity-verified access; audit logging; data minimization; no biometric data at rest
ITAR	Foreign national detection; identity-verified access; complete audit trail; escort flagging
SOX	Audit logging of all access events; non-transferable identity binding; tamper-evident records

Download the Compliance Guide

Admin Dashboard

Configure everything. Monitor everything.

The VEP Cloud admin dashboard is where you configure deployment, monitor stations, review analytics, manage branding, and run compliance reports.

Site Configuration

Branding, NDA docs, notification channels, credential output, visitor types — per site.

Station Management

Puck health, connection status, firmware version, uptime. Remote configuration push.

Branding Editor

Three-tier branding. Live preview. Accessibility guardrails.

Analytics

Volume by site, day, hour. Check-in rates. Average duration. NDA signing rates.

Privacy Dashboard

Retention settings. Active DSARs. Deletion log. Jurisdiction-specific consent config.

User Management

Role-based access: site admin, receptionist, analyst, compliance officer. SSO integration.

See the Dashboard in a Live Demo

For System Integrators

Deploy in hours. Build recurring revenue per station.

Same-day installation, centralized configuration, and a recurring revenue model per station.

Single-Station Deployment

Phase	Duration	What You Do
1	15 min	Provision host PC (Windows 10+ or Linux, 8GB RAM). Install VEP Local.
2	10 min	Connect Puck via USB-C. Auto-commission — device certificate validates.
3	30 min	Configure site in VEP Cloud: branding, NDAs, notifications, calendar, credentials.
4	30 min	PACS integration — map credential rules, access schedules, restricted areas.
5	15 min	Test check-ins in demo mode. Verify everything. Switch to production.
Total: under 2 hours per station.

Recurring Revenue

Per-station subscription — not one-time hardware margin. Industry-leading channel margins.

Demo Mode

Run live demos in any prospect's conference room with simulated visitors and test data. No internet required.

Certification

Online training. Priority support. Deal registration. MDF eligibility. Co-marketing.

Apply to the Partner Program

Technical Specifications

Under the hood.

For technical evaluators and solutions architects.

Platform Architecture

Cloud ↔ LocalHTTPS + WebSocket

Local ↔ PuckUSB-C

Encryption at restAES-256

Encryption in transitTLS 1.3

AuthenticationOAuth 2.0 / device certs

Identity Verification

Digital IDISO 18013-5 (mDL)

Physical IDOCR + MRZ

Face matching1:1, on-device, < 2s

Biometric retention0 seconds

LivenessAnti-spoofing

Host PC Requirements

OSWindows 10+ or Linux

RAM8 GB minimum

Storage5 GB recommended

DependenciesNone — self-contained

Integrations (V1.0)

CalendarGoogle, Outlook (OAuth 2.0)

NotificationsSlack, Teams, Email

DirectoryAD / Azure AD / Entra ID

PACSMercury LP/MP (OSDP v2.2)

Built on Standards

Trusted across verticals.

ISO 18013-5Identity Standard

FIPS 140-2Cryptography

ESIGN / eIDASDigital Signatures

WCAG 2.1Accessibility

NIST FRVTFace Matching

PatentProtected

FAQ

Frequently asked questions.

The VEP orchestrates the entire visitor management experience — pre-registration, calendar integration, identity verification, face matching, NDA automation, credential provisioning, host notifications, and compliance audit. It runs across three layers: VEP Cloud, VEP Local, and the Puck. The Puck is the terminal; the VEP is everything that makes it intelligent, automated, and compliant.

Yes. The VEP supports mDL tap (digital ID) and physical document scan (OCR + MRZ). Visitors without a smartphone use the document scan path. Both feed into the same face matching, NDA, and credential provisioning flow.

The VEP is targeting availability in Q3 2026. Book a demo for a live walkthrough, deployment timeline discussion, and priority access.

Nowhere. Face data is processed in RAM on the Puck — never written to disk, stored in a database, or transmitted to the cloud. The 1:1 comparison takes under two seconds, then the data is discarded. Zero retention. Architectural constraint, not a configuration option.

Jurisdiction-aware consent. BIPA: written consent before capture with purpose, retention (0s), and destruction disclosure. GDPR: explicit consent per Article 9 with DPIA template. Texas CUBI and Washington HB 1493 flows also supported. Visitors who decline biometric consent can still check in via document-only verification.

Yes. VEP Local caches everything needed for the core check-in flow: identity verification, face matching, NDA signature, and credential provisioning (badge or PACS). Calendar sync and notifications queue locally and deliver on reconnection. No pre-set offline time limit.

Mercury LP/MP controllers via OSDP v2.2 over RS-485. At launch: LenelS2, Genetec, Acre, RS2, and Access It. Additional platforms targeting 2026. Same architecture as KeyShare Building Access.

No. Every deployment starts with the Base Platform — identity verification, calendar, notifications, branding, offline operation, and audit. Add Security for face matching, NDA, watchlist, and overstay. Add Access for PACS credential provisioning. Start with what you need.

One KeyShare Puck per station and one host PC (Windows 10+, 8GB RAM, USB port). Puck connects via USB-C. No server infrastructure. See the Puck product page for full hardware specifications.

Yes — three tiers. Tier 1: logo and colors (5 min, no code). Tier 2: per-screen copy with tone-of-voice templates. Tier 3: custom CSS, brand fonts, full visual control with live preview and accessibility guardrails.

Under 2 hours per station: provision PC (15 min), connect Puck (10 min), configure VEP Cloud (30 min), PACS integration (30 min), test (15 min). No server installation, no network infrastructure.

Biometric data: on-device only (never transmitted to cloud). Non-biometric records: VEP Cloud with configurable data residency (US, EU, UK, or custom). DPA available for GDPR-covered deployments.

See the Visitor Experience Platform.

Pre-registration to credential provisioning. Identity-verified. Compliance-ready. Offline-capable. Book a live walkthrough.

Book a Demo See the Visitor Management Solution

Download Compliance Guide · Become a Partner · Request Pricing

The Visitor Experience Platform.

Three layers. One orchestrated flow.

VEP Cloud

VEP Local

Puck

Same hardware. Two modes. Your choice.

The operational advantage

Everything the platform does.

Calendar Integration

Pre-Visit Communication

Identity Verification

Multi-Recipient Notifications

Escalation Chain

Compliance Audit Trail

Deep Branding

Offline Operation

Self-Service Kiosk

Pre-Registration Portal

Reception Queue Management

Directory Integration

Event Webhook

Face Matching

NDA Capture

Watchlist Screening

Foreign National Detection

Overstay Detection

Duress Alert

Credential Provisioning

Coming next.

Arrival Board

Multi-Tenant CRE

Advanced Watchlist

Start with what you need. Add modules as you grow.

Every deployment starts here

Biometrics, NDAs, screening

Real building credentials

Your visitors see your brand. Not ours.

Built for compliance. Designed for privacy officers.

Biometric Ephemerality

Jurisdiction-Aware Consent

Data Retention Schedule

Regulatory Alignment

Configure everything. Monitor everything.

Site Configuration

Station Management

Branding Editor

Analytics

Privacy Dashboard

User Management

Deploy in hours. Build recurring revenue per station.

Single-Station Deployment

Recurring Revenue

Demo Mode

Certification

Under the hood.

Platform Architecture

Identity Verification

Host PC Requirements

Integrations (V1.0)

Trusted across verticals.

Frequently asked questions.

What is the Visitor Experience Platform?

Can visitors check in without a smartphone?

Is the VEP available now?

Where does biometric face data go?

What about BIPA, GDPR, and other biometric privacy laws?

Can the VEP work without internet?

What PACS platforms does the VEP integrate with?

Do we need the Security Module for every deployment?

What hardware do we need?

Can we brand the visitor experience?

How long does deployment take?

Where is visitor data stored?

See the Visitor Experience Platform.