Whitepaper · v0.1

The Biometric Rail for Trusted Commerce

Universal identity, payments, loyalty, and agentic commerce for the physical world — built privacy-first, hardware-agnostic, and native to both human and AI-agent commerce.

Aye Global Holdings Pte. Ltd. (202532211G) · Singapore · v0.1 · 1 June 2026

Read the whitepaper ↓

IrreversibleFaces become one-way encrypted templates — never stored as images

10 regimesGDPR + APAC data-protection compliance, consent-first

LivenessISO/IEC 30107-3 Level 2 anti-spoofing on every scan

NVIDIA InceptionIn-house AI models trained on NVIDIA GPUs

Inside this paper

Twelve sections, one thesis

01Thesis: the missing primitive 02What AyeFace is 03Architecture 04Security & privacy model 05Compliance 06Market opportunity 07Business model 08Competitive landscape 09Roadmap 10Risks & disclosures 11Company & funding 12Conclusion

Abstract

Commerce is splitting into two streams that today's payment and loyalty infrastructure cannot serve at once: people, whose identity is fragmented across countless cards, apps, and loyalty programs, and AI agents, which can act on a person's behalf but have no verifiable identity. Both gaps share one root — the absence of a trust anchor that is uniquely human, consent-based, and recognizable to every party in a transaction.

AyeFace supplies that anchor: a privacy-preserving biometric identity converted into an encrypted, irreversible template — never stored as a raw image and not bound to any device. One enrolled face becomes a universal identity that works at any AyeFace checkout.

01 · Thesis

Identity is the missing primitive

The internet gave us information exchange. Mobile gave us presence. What comes next is autonomous action — and autonomous action without verified identity is chaos. Two problems share one root.

The human problem

A person's identity is scattered across systems that don't talk to each other, and the cost lands where customers feel it most: trust (re-registering and surrendering data at every merchant, who in turn can't verify who they're serving), personalization (fragmented history means even familiar merchants treat you as a stranger), and rewards (loyalty siloed, forgotten, expired, and illiquid).

The agent problem

AI agents are becoming economic actors, but the infrastructure fails them on the same fronts: no verifiable identity or audit trail (trust & accountability), no safe way to delegate bounded spend (control), and no way to carry a person's identity, loyalty, or rewards (continuity of value).

The shared root. A password can be stolen; a card can be copied; a fingerprint can be lifted. A face — liveness-checked, processed into an encrypted, irreversible template, never stored as a raw image — is the one credential that is both uniquely human and impossible to delegate to a machine without explicit authorization. That shared anchor is the primitive AyeFace builds on.

02 · Overview

What AyeFace is

AyeFace is a software layer at the point of checkout. A single face scan can apply loyalty, authorize payment, and update the customer profile — and loyalty does not depend on paying through AyeFace. It runs on existing devices, and even on devices without a camera by handing the scan off to the user's own phone via QR; no proprietary hardware is required.

For merchants — a biometric checkout overlay, universal payment acceptance, an AI loyalty and CRM suite, cross-merchant loyalty (Collab Hub), first-party attribution, and native fraud prevention.
For users — one identity across every merchant, payment method, and loyalty program: opt-in, self-enrolled via a secure web portal, not tied to any handset, deletable anytime.
For AI agents (roadmap) — a verified identity, a permissioned wallet, and checkout access, with every action authorized by and auditable to a human principal.

What AyeFace is · how it works

How it works

Biometric identity — the trust anchor

Your face is never stored as an image, and what is kept cannot be turned back into your face. During enrollment the captured face is converted into an encrypted, one-way template; the raw image is never stored, and the template cannot be reverse-engineered into a face. Stored templates are encrypted, so a breach yields ciphertext, not usable data.

Enrollment is opt-in and self-served through a secure, encrypted web portal — from any device, anywhere, never on a merchant's device. Because what AyeFace holds is an encrypted template, not a photo, the identity is not locked to a single handset the way phone face-unlock is; the trade-off people rightly worry about — a central library of faces — does not apply, because there are no face images to steal, only irreversible templates encrypted in transit (TLS 1.3) and at rest (AES-256).

Merchants see nothing biometric. A user can also use AyeFace for loyalty only and pay separately, and can delete their template anytime — deactivated instantly, fully purged within 30 days.

Checkout, payments & loyalty

The overlay runs on existing devices or e-commerce; a camera on the merchant side is optional. AyeFace accepts major card networks and the dominant APAC QR and e-wallet methods — DuitNow, Touch 'n Go, GrabPay, ShopeePay, Alipay+, WeChat Pay and more — all tokenised. Payment through AyeFace is optional — loyalty is fully decoupled and works on cash or the merchant's existing terminal.

Collab Hub

Independent neighbouring merchants collaborate to issue and redeem rewards. AyeFace does not create a unified "AyeFace point" — each merchant owns its own currency, and a merchant-set cost and value (exchange rate) applies when they collaborate, with AyeFace acting purely as the neutral clearinghouse. No sales or customer data is shared between merchants beyond the minimum required to issue and redeem.

Intelligence & agents

Sales, Loyalty, and Data agents operate strictly on each merchant's own first-party data — never shared across merchants. Market Pulse validates which social trends actually convert using only public signals and anonymized aggregate data. The roadmap extends the rail to AI agents: a single biometric approval grants a permissioned wallet with per-agent limits, category restrictions, auto-revoke, and a full audit trail.

03 · Architecture

Under the hood: the identity primitive

Feature extraction runs on-device inside an embedded AyeFace SDK — in the checkout app or the web-based user portal — so the image is reduced to a numerical embedding locally and the raw image never leaves the device. Only the encrypted embedding is transmitted.

Model-agnostic. Multiple independently NIST-evaluated face-recognition models, aggregated and routed — no single-vendor lock-in. Top-percentile NIST FRTE 1:1 accuracy, applied within AyeFace's 1:N pipeline.
Irreversible. The embedding is a lossy, non-invertible transform — no decoder reconstructs the face. Templates are encrypted at rest (AES-256-GCM; legacy AES-256-CBC + HMAC-SHA-256) with keys in Google Cloud KMS, and are revocable.
1:N matching, safely. Candidate sets narrowed by context, scored by cosine similarity over an ANN index; ambiguous or unusual results require step-up MFA before authorizing.
Liveness. ISO/IEC 30107-3 presentation-attack detection at Level 2 before any match.
Payments & agents. Network-tokenized payments (no card number stored); AI-agent actions run under scoped, revocable authorizations.
Compute & infrastructure. NVIDIA GPUs are used in-house to train AyeFace's own AI models, as an NVIDIA Inception member; production runs on Google Cloud.
Audit. Append-only, tamper-evident log of metadata and authorization evidence — never biometric or raw personal data.

Figure 1 — System architecture & data flow. Conceptual; internal thresholds, indexes, and keys are omitted.

Standards: ISO/IEC 30107-3 · ISO/IEC 24745 · ISO/IEC 19794 · NIST FRTE/FRVT · ISO/IEC 27002 · PCI-DSS · TLS 1.3 · AES-256.

04 · Security & privacy

Privacy-first by architecture, not by policy

Irreversible template, not device-bound — one-way encrypted template that can't be reverse-engineered into a face; universal across checkouts.
Encryption — TLS 1.3 in transit; AES-256-GCM at rest, with legacy AES-256-CBC + HMAC-SHA-256.
Data minimization — merchants receive only generic transaction activity.
User control — opt-in, scan-on-your-own-phone, spending caps, PIN, and anytime deletion.
Payment security — tokenized credentials; no raw card data stored; PCI-DSS-certified processing.
Auditability & liveness — append-only, tamper-evident logs (metadata only, never biometric or raw personal data); ISO/IEC 30107-3 PAD Level 2 on every scan.
Infrastructure — Google Cloud hosting with regional data residency and 99.9% uptime SLA; SOC 2-aligned controls, reviewed and passed in Google Cloud Security Command Center (certifications in progress).

Infrastructure controls are aligned to SOC 2 Trust Service Criteria; the cloud security posture has been reviewed and passed in Google Cloud Security Command Center, with formal certifications in progress.

05 · Compliance

Consent-first, jurisdiction by jurisdiction

Jurisdiction	Framework
EU	GDPR
Malaysia	PDPA 2010
Singapore	PDPA 2012 (amended 2021)
Philippines	DPA 2012 (RA 10173), NPC-registered
Thailand	PDPA B.E. 2562 (2019)
Vietnam	PDPD 13/2023/ND-CP
Indonesia	UU PDP No. 27/2022
Brunei	PDPO 2021
Cambodia	ASEAN frameworks + e-Commerce Law; consent-first applied
Laos	Electronic Data Protection + ASEAN frameworks; consent-first applied

A Data Protection Officer is appointed (Singapore; privacy@aye-ai.org). Breach-notification, retention, and cross-border-transfer terms are set out in the Privacy Policy, with EU Standard Contractual Clauses applied where relevant. Biometric templates are deleted within 30 days of closure or withdrawal; transaction records are retained for 7 years for legal and audit compliance.

06 · Market

Southeast Asia as the proving ground

~700 million people across 11 countries, dozens of non-interoperable payment systems, a merchant base that can't afford expensive POS upgrades but needs customer intelligence, and the world's fastest mobile-first payment adoption. A universal identity layer that spans the region's fragmented rails — DuitNow, Touch 'n Go, GrabPay, ShopeePay, Alipay+, WeChat Pay, Visa, and Mastercard — is portable to any fragmented market: South Asia, the Middle East, Latin America.

AyeFace is in early commercial deployment across multiple APAC verticals. In keeping with this paper's evidence-first stance, the company does not publish market-sizing or performance figures it cannot yet source at scale; verified metrics will be reported as deployments reach materiality.

07 · Business model

Start free, scale with AI

Free (Starter) — universal payment acceptance and automatic loyalty-profile creation at every checkout.
Growth — loyalty programs, membership, segmentation, multi-channel outreach, and reporting.
Enterprise — AI Sales/Data/Loyalty agents, advanced scheduling, and POS-integrated self-ordering.

A tiered, per-touchpoint subscription with no upfront hardware cost. Current plans and pricing are published at aye-ai.org/pricing.

08 · Competition

An intersection no incumbent occupies

Amazon One — biometric payment, but proprietary hardware and a closed ecosystem.
Alipay / WeChat Pay — vast but closed; not open, hardware-agnostic rails for third-party merchants.
Stripe & processors — payments, but not identity, loyalty, or in-store biometric checkout.
Loyalty / coalition platforms — mature loyalty software, but account-based, with no biometric identity, payment rail, or agentic layer; they need a program owner rather than an open peer network.
Proof-of-personhood networks — biometric identity for the online world, not physical-retail checkout, payments, and loyalty.

AyeFace's defensibility is the combination plus a data network effect: the biometric identity is the only credential that unifies payment, loyalty, and agent authorization in one scan.

09 · Roadmap

What's next

The roadmap mirrors the two problems this paper opens with.

Now — solving the human problem. Biometric checkout, universal payments, unified loyalty & CRM, Collab Hub, and Market Pulse, live across APAC verticals.
Future — solving the agent problem. AyeFace for AI Agents: agent identity, permissioned wallets, stablecoin settlement, and a merchant agent API — plus user savings wallet and micro-invest.

Future capabilities are directional and forward-looking; scope and timing may change.

10 · Risks & disclosures

Stated plainly

Forward-looking features marked "Soon" are in development and will launch only where licensed, possibly via regulated partners. Availability varies by market.
Digital-asset / investment features carry risk including loss of principal, are not bank deposits, and are not deposit-insured. Nothing here is financial advice or an offer.
Regulatory risk — biometric, payments, e-money, capital-markets, and digital-asset activities are licensed; expansion depends on obtaining and maintaining approvals.
Biometric/privacy risk — mitigated by irreversible templates, no raw-image storage, opt-in consent, and deletion, but regulatory positions may change.
Execution & competition risk — network effects require merchant density; well-capitalized entrants may compete.

11 · Company

Who we are

Aye Global Holdings Pte. Ltd. (UEN 202532211G), headquartered in Singapore, and a member of the NVIDIA Inception program and Google for Startups. AyeFace is backed by a combination of public and institutional capital — community crowdfunding, venture capital, and angel investors including senior banking and enterprise leaders, with strategic backing from PayNet, Malaysia's national payments network. Detailed leadership, advisor, and investor information is available to qualified partners and investors on request.

12 · Conclusion

The anchor for the next era of commerce

In ten years, every significant transaction — human or agent — will require a verified identity anchor. The question is not whether biometric identity becomes infrastructure, but who builds it with the right principles: privacy-first, hardware-agnostic, and built for humans and AI agents alike. AyeFace is building that anchor, starting where fragmentation is greatest and adoption is fastest.