Protecting families from AI voice cloning fraud with time-locked cryptographic codes.
A scammer calls your mom, sounding exactly like you. They're panicking, asking for money, begging for help. The voice is perfect.
How does she know it's really you?
Both phones generate the same 4-digit code at the same time. Only the real person's phone can produce it. Ask for the code — if it matches, it's them.
Someone calls claiming to be your son, your sister, your partner. The voice sounds right, but something feels off.
While still on the call, open Safeword and tap the person's name. They'll get a notification on their phone.
Both phones now show matching 4-digit codes. Ask the caller to read theirs aloud. A real family member will have the code. A scammer won't.
Enter the code they read to you. Safeword tells you instantly if it matches.
Codes are generated from a shared cryptographic secret that only exists between your two devices. Not even Safeword's servers know it.
Even if someone somehow saw a code, it's already different by the time they could use it. Each code lives for exactly one minute.
Face ID or fingerprint is required before your code is revealed. Someone with your phone still can't see your code without your face or fingerprint.
Each device generates an Ed25519 key pair. The public key is uploaded to the registry.
Ed25519 → SecureStore
Phone numbers are HMAC-SHA256 hashed server-side. Your phone never sends raw numbers for storage.
HMAC-SHA256(key, phone)
Both devices fetch each other's public key. Ed25519 keys are converted to Curve25519 for Diffie-Hellman.
nacl.box.before()
The shared secret feeds a TOTP algorithm: SHA-1, 4 digits, 60-second window. Both phones produce the same code.
TOTP(secret, time)