Consent & privacy

Sovera is built to a consent-first, data-minimizing standard. Consent must be recorded before any biometric template is created, subject PII is tokenized rather than stored in the clear, and a subject can be erased on request. All of this runs on infrastructure inside Zimbabwe.

Record consent before you start a flow that captures biometrics. A verification that would create a face template without a prior consent record should not proceed. Recording consent needs the consent:write scope.

Provide the purpose and how consent was captured. Sovera returns a consentId and a subjectToken you use to refer to the subject afterward, without handling raw PII again.

POST
/v1/consent
curl -X POST https://verify.lioncapventures.com/v1/consent \
  -H "Authorization: Bearer svk_live_xxxxxxxx" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: $(uuidgen)" \
  -d '{
    "purpose": "account_onboarding_kyc",
    "method": "checkbox",
    "policyVersion": "2026-07-01",
    "subject": { "firstName": "Tapiwa", "lastName": "Moyo" }
  }'

Response (201)

{
  "consentId": "con_4d19ab",
  "subjectToken": "sub_7c2f81e0",
  "status": "granted",
  "grantedAt": "2026-07-04T17:40:00Z"
}
  • Name
    purpose
    Type
    string (required)
    Description

    Why you are collecting biometrics, for example account_onboarding_kyc.

  • Name
    method
    Type
    string
    Description

    How consent was captured, for example checkbox or signature.

  • Name
    policyVersion
    Type
    string
    Description

    The version of the privacy policy the subject agreed to.

  • Name
    subject
    Type
    object
    Description

    Subject details. Stored tokenized, and referenced afterward via subjectToken.

  • Name
    subjectToken
    Type
    string
    Description

    An existing subject token, if you are recording renewed consent for a known subject.

A subject can withdraw consent. Revoking marks the consent record inactive. It requires the consent:write scope.

POST
/v1/consent/{consent_id}/revoke
curl -X POST https://verify.lioncapventures.com/v1/consent/con_4d19ab/revoke \
  -H "Authorization: Bearer svk_live_xxxxxxxx"

Erase a subject

To honor a data subject access request (DSAR), erase a subject by subjectToken. Sovera deletes the associated biometric templates and tokenized PII. It requires the consent:write scope.

POST
/v1/subjects/erase
curl -X POST https://verify.lioncapventures.com/v1/subjects/erase \
  -H "Authorization: Bearer svk_live_xxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{ "subjectToken": "sub_7c2f81e0" }'

Response

{
  "subjectToken": "sub_7c2f81e0",
  "erased": true,
  "status": "erased"
}

Was this page helpful?