Vygard
Lone-worker safety
12 sector apps, biometric unlock

Sign in with your face.
Burn no SMS quota.

First sign-in via SMS OTP with Apple's From-Messages autofill — the 6-digit code drops straight into the PIN box. Every shift after that, Face ID unlocks a refresh token held in the Secure Enclave. Stolen phone? One click in /admin force-revokes the session.

Try the worker demoSecurity architecture
First sign-in

Three taps. One SMS. Worker is on shift.

We've watched too many workers give up on a safety app at the first sign-in screen. So the first-time flow has been ground down to the absolute minimum.

  1. 1

    Tap Send code

    Worker types their phone number once and taps the button. The platform fires a one-time 6-digit OTP via SMS — no app install, no setup, no IT ticket.

  2. 2

    SMS lands

    Apple's From-Messages autofill recognises the code on iOS 14+. The 6-digit code appears as a single tappable pill above the keyboard.

  3. 3

    Code drops into the PIN box

    One tap and all six digits land in the right place. Worker is signed in and immediately prompted to enrol Face ID for the next session.

Why SMS first? Because every phone has SMS. No app store account, no email password, no forgotten-magic-link-in-spam. The OTP is rate-limited per number + per device, and tied to the SIM's SS7 origin to resist swap attacks.

Every shift after

Face ID. No SMS. No quota burn.

Once enrolled, every subsequent sign-in is biometric. The worker tap-tap-glances and is on shift. We never charge you for SMS that didn't need to be sent — and the worker never waits 30 seconds for an OTP that's late.

At a 300-worker contractor doing two shifts a day, this is ~18,000 SMS / month avoided versus an SMS-every-shift competitor.

  1. 1

    Tap the app icon

    On every subsequent sign-in, the worker just taps the app. iOS prompts for Face ID (or Touch ID on older devices, or device passcode as fallback).

  2. 2

    Face ID unlocks the Secure Enclave key

    The refresh token never leaves the Secure Enclave. Even if the device is jailbroken or the app's local storage dumped, the token is inaccessible without a successful biometric.

  3. 3

    Refresh token rotates

    Every successful unlock rotates the refresh token server-side. A stolen old token is dead the moment the real worker signs in again — no replay window.

Lost phone? Stolen? Just left?

Force sign-out in one click.

From /admin/workers/[id] an ops manager can invalidate every refresh token for a worker in under a second. Next attempt to unlock the app fails the refresh, requires re-OTP, and triggers an audit-log entry. Useful for offboarding, lost devices, and policy-suspension events.

  • Works on iOS and Android (BiometricPrompt on Android, Face ID / Touch ID on iOS).
  • Refresh token rotation on every use — old token immediately dead.
  • Per-device session list visible to the worker — they can revoke an old phone themselves.

Force-revoke playbook

  1. 1Ops manager opens /admin/workers/[id] and clicks Force sign-out.
  2. 2Every refresh token for that worker is invalidated server-side. Average propagation: ~280ms.
  3. 3Audit entry is written with the actor, reason, and IP. Worker is auto-emailed (if email on file) for transparency.

Sign in to the worker demo with your face.

One SMS to enrol. Every subsequent shift is biometric. See the round-trip in under 4 seconds.

Try the live demoBook a 30-min call