Device intelligence

Every device has a signature.
We read it in 40ms.

Veriprint returns one stable visitor ID and a risk signal for every browser that hits your app, even through cookie clears, browser updates, and incognito. One API call.

▸ 20k identifications/mo free▸ ~40ms p95▸ works in incognito▸ self-hostable
Live, on your device

This is your browser fingerprint, right now

No sign-up needed. The panel below ran the real Veriprint agent against the live API and identified this browser. Watch it read each signal, then settle on one visitor ID.

ready
Your visitor ID
············
Detected signals
Collecting entropy from this browser…
identify.ts
import { Veriprint } from '@veriprint/sdk';

const vp = new Veriprint({
  apiKey: 'vp_pk_demo_public_key',
});

// One call. Runs in the browser, ~40ms.
const visitor = await vp.identify();

console.log(visitor.visitorId);   // "vp_8f3kzq..."
console.log(visitor.confidence);  // 0.98
console.log(visitor.bot.result);  // "notDetected"

This is running for real against the Veriprint API right now, and the ID above is your browser's. Clear your cookies and hit re-run. The fuzzy persistence engine re-links you to the same ID from the signals that survive.

Trusted by fraud and growth teams

NorthwindAcme PayLoopholeVertexBasecaseHexaKernelOutpost
0.0%
returning devices identified
measured on the demo dataset
0ms
p95 identification latency
server-side
0+
entropy sources per device
browser + network
0.0B
identifications / month
placeholder, swap for real
The problem

Your riskiest users look exactly like your best ones

Cookies get cleared. IP addresses rotate behind VPNs. A fraud ring signs up 400 times from one laptop and every account reads as brand new. Rules engines and CAPTCHAs punish real users while the bots walk through.

Fake signups

One device farming referral credits, free trials, and promo codes across hundreds of accounts that all look new.

Account takeover

A login from a device that has never touched this account before. If you only check the password, you never see it.

Payment fraud

Stolen cards tested from datacenter IPs and headless browsers that pass every cookie-based check you have.

Bot abuse

Scrapers and credential-stuffing scripts that rotate IP addresses faster than you can block them.

What you get

Device fingerprinting signals that hold up when everything drifts

Six things Veriprint does. Each one is a specific mechanism you can read about in the docs, not a slogan.

Fuzzy identity persistence

One stable ID that survives browser updates and cleared cookies.

Signals are weighted by stability (timezone ×5, canvas ×1) and re-linked above a 0.82 similarity threshold. An EMA decay follows the device as it drifts.

Incognito & storage-independent

Recognize a returning device even in a private window.

Three durable anchors (cookie, localStorage, Cache API) plus a probabilistic fingerprint. Losing any one anchor re-links on the others.

Server-verified results

The browser can never spoof its own verdict.

GET /v1/events/:requestId returns the result WE computed, gated by your secret key. Public key in the browser, secret key on your server.

Bot & automation detection

Separate headless Chrome and Selenium from real users.

Weighted scoring over navigator.webdriver, plugin/permission anomalies, and UA/platform mismatch. Search engines are classified separately from evasive bots.

IP intelligence

Flag datacenter, VPN, and TOR traffic.

Geo + ASN resolution with a datacenter/hosting-range check; vpnLikely is true for cloud egress or a known TOR exit.

~40ms p95, one call

Fast enough for the login path.

A single POST /v1/identify returns id, confidence, geo, bot, and VPN signals. Rate-limited per key, Redis-backed, horizontally scalable.

How it works

Agent collects. API identifies. You decide.

Three steps and one round trip. Scroll to move through each stage.

Pricing

Clear tiers, and the free one is actually free

You get 20,000 identifications a month, free forever. The gotchas are written here, not saved for a sales call.

MonthlyAnnual −20%

Free

For side projects and evaluation.

$0/mo
20,000 identifications / month
  • Full browser + server signals
  • Fuzzy persistence engine
  • Bot & VPN detection
  • 7-day visit history
  • Community support
note · Free forever. After 20k/mo, identification returns a lower-confidence result rather than failing, so you never get a surprise bill.
most popular

Pro

For products in production.

$99/mo
500,000 identifications / month
  • Everything in Free
  • 90-day visit history
  • Server-side events API
  • Webhooks on new-visitor / bot
  • 99.9% uptime SLA
  • Email support, 1-day response
note · Overage is $0.20 / 1k identifications, billed monthly. No per-seat pricing, no annual lock-in on monthly plans.

Scale

For high-volume fraud teams.

Custom
Custom volume, from 5M / month
  • Everything in Pro
  • Unlimited history retention
  • Self-hosting option (your VPC)
  • Custom signal weighting
  • SSO + audit logs
  • Dedicated support & Slack channel
note · Self-hosting requires your own Postgres and Redis. We do not sell your data or share signals across customers, ever.
Questions, answered

What developers ask before they sign up

A visitorId derived from device signals is personal data under GDPR, so you need a lawful basis (usually legitimate interest for fraud prevention) and a mention in your privacy policy. Veriprint is first-party by design, stores no PII, never shares signals across customers, and offers self-hosting so raw signals never leave your infrastructure. We are a processor; you are the controller.

Fingerprinting is probabilistic, so we do not claim 100 percent. Confidence is a similarity score returned on every response, not a hard-coded value. Identification stays strong over weeks and good over a few months, then degrades gracefully. Multi-year persistence only holds for devices that keep at least one anchor and do not change hardware. We would rather give you a number than a slogan.

Yes, with a caveat. Private windows partition storage, so anchors are weaker, but the probabilistic fingerprint still identifies the device from its signals. You also get an incognito:true flag on the response so you can treat those visits differently.

A single identification is ~40ms p95 server-side. The browser agent collects signals in parallel (the audio fingerprint is the slowest at ~30ms). It is fast enough to run inline on a login or signup without a spinner.

Yes. The whole stack is a monorepo that boots with docker compose up, which starts the API, web app, Postgres, and Redis. On the Scale tier you run it in your own VPC so raw signals never leave your network. You bring your own Postgres and Redis.

Get a visitor ID for your app in five minutes

Free key, no credit card. Copy ten lines, ship the agent, and start seeing IDs.