Everything you need to know about Snapcard. Can't find the answer you're looking for? Reach out to our support team.
QWYK ID is a privacy-first identity layer. It allows you to prove who you are to apps and websites without necessarily giving away your real email address, phone number, or personal details.
Traditional social logins often share your data across platforms and create a single point of failure. QWYK ID uses "Split-Vault" technology and email aliasing to ensure that even if one app is breached, your primary identity remains isolated and safe.
A Passkey replaces traditional passwords with biometrics (like FaceID) or your device's PIN. It is hardware-backed, meaning it cannot be phished or stolen in a server breach.
Since QWYK ID supports multi-device Passkeys and encrypted cloud backups (via Apple or Google), you can recover your identity on a new device using your provider's standard recovery flow.
Our architecture is "Zero-Knowledge." Sensitive parts of your data are encrypted on your device. We are technically "blind" to your private details; we facilitate the connection without owning the content.
When you sign up for an app, QWYK ID can generate a unique email (e.g., [email protected]). Emails sent there are forwarded to you, but the app never learns your real address.
Yes. You can "choke" or disable a specific alias at any time through your QWYK ID dashboard, instantly stopping all messages from that source.
Yes, there is a generous free tier for individuals. We offer premium features for advanced alias management and enhanced privacy controls.
Yes. Once you have created your identity, you can authorize other devices (laptop, tablet, secondary phone) using a secure cryptographic handshake.
Your data fragments are stored in isolated, high-security environments.
We are based in Austin, Texas.
No. Our architecture is built for authentication, not tracking. We do know which websites you have authenticated with using your QWYK ID. We are not in the business of profiling you based on your browsing habits.
Absolutely. You have total sovereignty over your identity. If you delete your account, your data fragments are wiped from our vaults.
Yes. Passkeys are based on public-key cryptography and are designed to resist phishing in ways that passwords and common OTP methods are not.
Some users still need compatibility and recovery options, especially across devices and edge-case environments. Many passkey deployment guides recommend a thoughtful recovery design rather than assuming passkeys can replace every scenario immediately.
No. Guidance aligned with phishing-resistant MFA distinguishes FIDO2 and WebAuthn from email OTP, SMS OTP, and other common methods that remain more exposed to phishing and interception risks.
If fallback is required, it should be multi-factor, risk-aware, and clearly treated as lower-assurance than passkey authentication. Best-practice guidance emphasizes using passkeys as the primary method and matching fallback controls to the sensitivity of the account.
The app serves as your physical "Master Key." While the identity layer works in the background of your browser, the mobile app provides a dedicated, secure environment to manage your profile, receive real-time alerts, and authorize high-security requests that should not happen without your explicit "eyes-on" approval.
The app provides a layer of security that a browser cannot. By installing the app, you turn your phone into a hardware-verified authenticator. It allows us to send you instant, encrypted push notifications for every login attempt, ensuring that you are always the gatekeeper of your own data.
We use "Physical Presence Signals" to add a geographical layer to your security. For example, if a login attempt occurs in London while your phone is physically with you in Austin, our system recognizes the "impossible travel" conflict and can automatically block the attempt before a single byte of data is exchanged.
You will get a real-time feed of your identity in motion. This includes: Login Alerts when an app or website uses your QWYK ID to sign you in; Data Requests when a service asks for a specific piece of information such as your verified age or professional title; and Alias Activity alerts if an email alias receives unusual traffic or spam.
The app monitors for patterns that suggest an account takeover attempt or bot activity. If we see multiple failed login attempts from a new IP address or a suspicious device, the app will instantly "Lock" your profile and prompt you to re-verify your identity via a cryptographic handshake that only your physical phone can perform.
No. We follow a "Privacy by Exception" model. We do not build a history of your movements; we simply use your current location as a "Pass/Fail" check during authentication events to ensure the person logging in is actually standing where the device is.
Yes. The app includes a "Kill Switch" dashboard. If you notice a specific app is sending you too many notifications, you can slide a toggle in the QWYK app to "choke" that connection instantly, without ever having to find an "unsubscribe" link.
Building auth is a distraction. QWYK ID provides "Compliance-as-a-Service," removing the risk of storing flammable PII (Personally Identifiable Information) in your own database.
It is our method of storing data in fragmented, encrypted parts across isolated environments. No single breach can reconstruct a full user profile, protecting users from a "total leak" scenario.
By not storing "Real" user data in your own database, you significantly reduce your regulatory surface area. We handle the data residency and privacy logic on your behalf.
Yes. We support standard OAuth 2.0, OpenID Connect, and SAML 2.0, making integration seamless for most modern tech stacks.
It is the security advantage you gain by not holding user data. If your app is breached, hackers find only masked aliases, not usable user information.
Using our "Plug-and-Play" SDK, most developers can implement a secure, passwordless login flow in under 15 minutes.
Yes. We have specialized support for React Native, Flutter, and native iOS/Android through our dedicated SDKs.
You send emails to the QWYK alias just like a normal address. We handle the secure routing to the user's QWYKID inbox without ever showing you their private address.
We offer flat-rate pricing based on active users, not per-request. This aligns our incentives with your growth rather than taxing your traffic.
Yes. You can request "Scopes" (e.g., verified age or professional title). The user gets a real-time toggle to approve or mask each field.
Because QWYK ID relies on hardware-backed Passkeys and device verification, bot sign-ups are effectively engineered out of the system.
We maintain high-availability infrastructure across multiple regions. Our architecture also allows for secure "failover" tokens in enterprise setups.
Yes. We provide comprehensive, real-time logs of every authentication event, allowing you to monitor security efficacy from day one.
