Zarv
Zarv SmartFlow

Verify identity. Inside your own site.

An embeddable KYC funnel that captures, verifies, and clears customers — on your site, in your brand, or over chat and WhatsApp.

Long forms, redirects to a stranger's page, and manual document review. Good customers drop off while fraudsters slip through.

Zarv SmartFlow — Chat capture
WhatsApp Web chat
Let's set up your account. What's your full name?
Marina Alves
Now send a selfie for liveness.
Photo sent
Identity verified · license read
0
Redirects
<3min
To Onboard
2 lines
To Integrate
100%
Isolated

What Zarv SmartFlow Does

The Stripe Checkout model for identity.

Embeddable Verification Funnel

Drop a loader script and a mount point into your page; SmartFlow renders the signup, liveness, and document steps in a secure iframe hosted by Zarv. Full-screen steps promote to a modal without reloading. Sensitive data never touches your servers.

You get bank-grade KYC without ever handling the camera, verification codes, or personal data yourself — and without sending the customer to another site.

Embedded on your site
yoursite.com
Basic data
Email
Liveness
License
Secure iframe · your brand
Onboarding as a conversation.

Capture via Chat — Web & WhatsApp

Run the same verified funnel through a web chat widget or WhatsApp Business. The customer answers, sends a selfie for liveness, and photographs their license — all in the thread. SmartFlow reads the documents and clears identity conversationally.

Most of your customers already live in WhatsApp. Meeting them there — with the same anti-fraud checks — turns a form into a conversation and lifts completion.

Capture over chat
WhatsApp Web
Send a selfie for liveness 📸
Photo sent
Verified ✓
Block fraud before contracting.

Liveness & Document Verification

Facial biometry with liveness detection, ID/driver's-license/passport reading, deepfake and tampered-document detection, plus PEP and Zarv Restricted Profiles screening. Synthetic identities are rejected up front.

Fraud caught at onboarding costs a fraction of fraud caught after a contract exists. SmartFlow stops it before any bond is formed.

Liveness & document
Liveness passed
Document read
No deepfake
Your brand. Your rules.

Per-Campaign Customization

Primary color, background, logo, custom domain, required steps, and custom fields are all configured per campaign. Single-screen mode can request just one step — for example only liveness or only the license — when you already have the rest.

Marketing launches a new funnel by changing configuration, not code — and the flow always looks like your product, never like a third party.

Per-campaign setup
Liveness
License
Address
Verified data, delivered to your backend.

Signed Webhooks & Simple Integration

Per-step and final events (submitted, approved, rejected) are pushed as HMAC-signed webhooks with automatic retries. Correlate each lead to your own system with an externalId. Public key on the page; security comes from the authorized-origins list.

On-page callbacks are for UX; the signed webhooks are the source of truth — so approvals and rejections reach your systems reliably and tamper-evident.

Signed webhooks
lead.submitted200
lead.face.completed200
lead.approved200
HMAC-SHA256 · externalId

In Practice

Vehicle Rental

Onboarding a renter before handing over the keys

Renter is redirected to a generic form, uploads a blurry license, and waits for manual review. Drop-off is high and a forged document can pass unseen.

SmartFlow embeds in the rental site → renter completes signup and liveness in-brand → license read and identity cleared in minutes → signed webhook approves the reservation before pickup.

Lending & Finance

KYC over WhatsApp for a credit application

Applicant abandons a long web form. The lender chases documents by email and re-keys data by hand, delaying the decision for days.

Applicant opens WhatsApp → SmartFlow runs the funnel in the chat, capturing data, selfie, and document → identity verified and PEP-screened → lead handed to underwriting with an externalId already matched to the CRM.

Insurance

Verifying a policyholder at claim intake

Claimant identity is confirmed by phone and scanned paperwork. Fraudulent or third-party identities slip through and inflate loss.

A single-screen SmartFlow link runs liveness and license capture in the web chat → deepfake and tampering checks run automatically → verified identity attached to the claim file before payout.

What SmartFlow Delivers

Embedded Experience

The full signup and verification flow lives inside your site via a secure iframe — your brand, your domain, zero redirects.

Capture Over Chat

Run the same verified onboarding conversationally through a web chat widget or WhatsApp — meet customers where they already are.

Fraud Blocked at the Source

Liveness, document and deepfake detection, and PEP/restricted-list screening reject synthetic and stolen identities before contracting.

Configured per Campaign

Colors, brand, domain, and which steps to require are set per flow — no code changes to launch a new campaign.

Authoritative Results

Signed server-to-server webhooks confirm each outcome, so your systems act on verified data, not a browser callback.

Integration & Architecture

Loader script + mount point (SDK) — embeds in any site
Secure iframe with frame-ancestors allowlist per campaign (anti-clickjacking)
Web chat widget and WhatsApp Business API capture channels
HMAC-SHA256 signed webhooks with automatic retries; externalId correlation
Single-screen mode: face, cnh, address, email, phone

Zarv hosts the sensitive flow on its own domain; the partner only embeds. Camera, liveness, OTP, and personal data are isolated from the partner's site by design — the Stripe Checkout security model applied to identity.

Security & Compliance

Sensitive Steps, Isolated by Design

Origin isolation — camera, liveness, OTP, and personal data run only on Zarv's domain
Authorized-origins allowlist (frame-ancestors) per campaign
HMAC-SHA256 signed webhook deliveries with retry and auto-disable
Public key is safe on the page — security comes from the origins allowlist, not secrecy
Configurable payload — personal data and files excluded by default
Audit log never stores full personal data
Liveness and deepfake detection against synthetic identities
Encryption in transit and at rest

See risk before it costs you.

GDPR & CCPA Compliant · No commitment · Integration in days