Science-backed, contactless, 60 seconds
VitalCheck uses remote photoplethysmography (rPPG) to extract 24 vital signs from a standard smartphone camera. No wearables, no needles, no clinic visit. Here is exactly how it works.
How remote photoplethysmography works
rPPG detects the blood volume pulse from subtle colour changes in facial skin. Every heartbeat causes blood vessels to expand, slightly altering the amount of light reflected from the skin. A smartphone camera can capture this signal.
Camera captures facial video
The user faces their smartphone camera for 60 seconds. Any standard smartphone works — no special hardware, no wearables, no contact required. The camera records a short video of the face in normal lighting conditions.
Works on devices as basic as a $40 Android phone. Supports both front and rear cameras. Functions on 3G networks with offline fallback via PWA.
rPPG detects blood flow signals
Remote photoplethysmography (rPPG) algorithms analyse sub-pixel variations in reflected light from the skin surface. Every time the heart beats, blood flow causes imperceptible colour changes in the face that are invisible to the human eye but detectable by a camera sensor.
The algorithm isolates the blood volume pulse signal from ambient noise, motion artefacts, and lighting variations using advanced signal processing.
Vital signs extracted in real time
From the blood volume pulse signal, the platform computes 24 vital metrics: heart rate, blood pressure (systolic and diastolic), blood oxygen saturation (SpO2), breathing rate, HRV parameters, stress indices, hemoglobin, HbA1c, and more.
Each metric is computed independently with its own validation logic. Results that fall outside physiological norms are flagged for re-scan.
Risk scores computed and triaged
Clinical risk algorithms classify results against evidence-based thresholds from ACC/AHA 2017, ADA 2024, WHO, and ESC/NASPE 1996 guidelines. Each scan produces a composite triage classification: GREEN (normal), AMBER (monitor), or RED (urgent referral).
RED-band results trigger a 1-hour SLA for clinical follow-up. Predictive scoring detects comorbidity patterns and 10-year ASCVD risk.
All 24 vital signs we measure
Every metric below is extracted from a single 60-second smartphone camera scan. No blood draws, no wearables, no clinical equipment.
- Heart Rate (bpm)
- Blood Pressure — Systolic (mmHg)
- Blood Pressure — Diastolic (mmHg)
- Blood Oxygen Saturation (SpO2 %)
- Breathing Rate (breaths/min)
- SDNN (ms) — overall HRV
- RMSSD (ms) — parasympathetic activity
- Mean RRI (ms) — average R-R interval
- SD1 / SD2 — Poincare plot indices
- LF/HF Ratio — sympathovagal balance
- PRQ — pulse rate quotient
- PNS / SNS Index — autonomic balance
- Stress Level (1-5 scale)
- Mental Stress Index
- Recovery Score
- PNS / SNS Balance
- Hemoglobin (g/dL)
- HbA1c (%) — glycated haemoglobin / diabetes marker
- Hypertension Risk (ACC/AHA staging)
- Cardiac Risk Score
- Diabetes Risk (ADA criteria)
- ASCVD 10-Year Risk (%)
- Heart Age (estimated)
- Trend Detection (longitudinal)
- Comorbidity Pattern Detection
- Early Warning Signals
- Mortality Risk Banding (funeral insurance)
Grounded in clinical evidence
Every clinical threshold and risk algorithm in VitalCheck is aligned with published guidelines from internationally recognised medical bodies.
ACC/AHA 2017
Blood Pressure Classification & Cardiovascular Risk
The 2017 Guideline for the Prevention, Detection, Evaluation, and Management of High Blood Pressure in Adults. Defines Normal (<120/80), Elevated (120-129/<80), Stage 1 Hypertension (130-139/80-89), and Stage 2 Hypertension (>=140/>=90). VitalCheck applies these thresholds to classify every blood pressure reading and compute hypertension risk scores.
ADA 2024
Diabetes Screening Standards of Care
The American Diabetes Association 2024 Standards of Care in Diabetes. Defines HbA1c thresholds: Normal (<5.7%), Pre-diabetes (5.7%-6.4%), and Diabetes (>=6.5%). VitalCheck uses these thresholds to flag diabetes risk from contactless HbA1c estimation, enabling early screening without blood draws.
WHO Guidelines
Pulse Oximetry & NCD Risk Assessment
World Health Organisation guidelines for blood oxygen saturation thresholds. SpO2 >=95% is normal; 90-94% indicates mild hypoxemia; <90% requires urgent intervention. Also incorporates WHO/ISH cardiovascular risk prediction charts adapted for low-resource settings in Sub-Saharan Africa.
ESC/NASPE Task Force 1996
Heart Rate Variability Measurement Standards
The European Society of Cardiology and North American Society of Pacing and Electrophysiology Task Force standards for HRV measurement. Defines time-domain parameters (SDNN, RMSSD), frequency-domain parameters (LF, HF, LF/HF ratio), and their physiological interpretation. VitalCheck computes all standard HRV parameters from the rPPG-derived pulse signal.
Data Privacy Architecture
Your biometric data never leaves the device.
VitalCheck uses on-device processing. Raw camera data and biometric signals are processed entirely on the user’s phone or laptop — never transmitted to our servers, never sent to the cloud, never seen by anyone.
User’s Device
All processing happens hereCamera captures video
60-second facial video recorded by phone camera
On-device AI processing
WebAssembly engine extracts blood flow patterns from video frames
Vital signs calculated
24 health metrics derived from rPPG signal analysis
Video frames discarded
Raw video is permanently deleted — never stored, never transmitted
VitalCheck Database (Supabase)
Numbers only — no video, no imagesWhat we store
- Heart rate: 72 bpm
- Blood pressure: 120/80 mmHg
- SpO2: 97%
- Triage band: GREEN
- Risk scores, timestamps
How we protect it
- AES-256-GCM encryption at rest
- TLS 1.3 in transit
- Role-based access (11 roles)
- Org-scoped data isolation
- Immutable audit trail
What we never store
- Video frames or recordings
- Camera images or photos
- Raw biometric signals
- Facial recognition data
- Device identifiers
Third-party SDK isolation
The biometric analysis SDK runs entirely as a WebAssembly module inside the browser. It connects to a licensing server once on initialization (to validate the API key) — no health data, no video frames, and no vital signs are transmitted to the SDK provider. The SDK provider never sees your employees’ health data.
GDPR Article 25
Data protection by design and by default. Biometric processing happens on-device, minimizing data collection to numerical results only.
Data Minimisation
We collect the minimum data necessary — vital sign numbers and timestamps. No video, no images, no raw biometric signals.
Right to Erasure
Users can request complete deletion of all their health data via the patient portal. Deletion cascades through all related records within 24 hours.
Security & Privacy
Privacy-by-design. Security-first architecture.
Biometric health data demands the highest level of protection. Every layer of VitalCheck is engineered with privacy and security as foundational requirements, not afterthoughts. Here is exactly how we protect your data.
Data Encryption
Encryption at rest
AES-256-GCM authenticated encryption applied at the field level to all biometric data and personally identifiable information. Each field is encrypted independently — not just the database volume.
Encryption in transit
All data transmitted over TLS 1.3. HSTS enforced with a 1-year max-age. Certificate pinning for API communications.
Identity Protection
SHA-256 PII hashing
Date of birth, national ID numbers, and other identifiers are hashed using SHA-256 before storage. The original values are never persisted in the database.
k-Anonymity cohort protection
Population-level analytics use k-anonymity to prevent individual re-identification. No aggregated report is generated for cohorts smaller than the configured threshold.
Access Control
11 RBAC roles
SUPER_ADMIN, ORG_ADMIN, HR_MANAGER, CLINIC_ADMIN, NURSE, INSURER_ADMIN, INSURER_ANALYST, INSURER_COMPLIANCE_OFFICER, CLAIMS_ASSESSOR, MEMBER, and PATIENT. Each role has specific permissions and data visibility boundaries.
Organisation-scoped data isolation
Every data query is automatically filtered by organisation. An HR manager at Company A cannot see any data belonging to Company B — even if they manipulate API requests.
Consent Management
GDPR Article 7 versioning
Every consent is versioned. When consent terms change, members are re-prompted. Historical consent records are preserved for audit. Consent is granular — members choose exactly what data they share.
Right to erasure
Members can request complete deletion of their biometric data at any time. The platform processes erasure requests by removing all PII, scan data, and associated analytics. A deletion receipt is generated for compliance.
Audit Trail
Immutable logging
Every data access, modification, export, and deletion is logged with the user ID, timestamp, IP address, and action type. Logs are append-only and cannot be modified or deleted by any user, including administrators.
Compliance-ready exports
Audit logs can be exported in structured formats for regulatory review, internal audit, or incident investigation. Supports filtering by date range, user, action type, and data subject.
Infrastructure Security
Security headers
Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), X-Frame-Options DENY, X-Content-Type-Options nosniff, and Referrer-Policy strict-origin-when-cross-origin. Prevents clickjacking, XSS injection, and MIME sniffing attacks.
Rate limiting
API rate limiting powered by Upstash Redis. Protects against brute-force attacks, credential stuffing, and DDoS. Different rate limits for authentication endpoints versus data endpoints.
Error monitoring
Sentry error tracking with session replay for debugging. Performance monitoring on all API routes. Alerts configured for error spikes and latency anomalies.
Compliance alignment
VitalCheck is designed to align with the following regulatory frameworks. Configurable data residency policies allow per-country deployment to meet local data sovereignty requirements.
U.S. Health Insurance Portability and Accountability Act — Security Rule and Privacy Rule alignment for protected health information.
EU General Data Protection Regulation — lawful basis for processing, data minimisation, purpose limitation, consent management, and data subject rights.
South Africa's Protection of Personal Information Act — conditions for lawful processing, cross-border transfer restrictions, and information officer requirements.
Zimbabwe's Insurance and Pensions Commission — regulatory compliance for insurance data handling and policyholder protection.
International standard for information security management systems (ISMS). Framework alignment for risk assessment, access control, and incident management.
Extension to ISO 27001 for privacy information management. Framework alignment for PII controller and PII processor requirements.
Configurable Data Residency
VitalCheck supports per-country data residency configuration. Biometric and PII data can be stored in the jurisdiction where it is collected, meeting local data sovereignty requirements in Zimbabwe (IPEC), South Africa (POPIA), the EU (GDPR), and other regulated markets.
Experience it yourself
See contactless health screening in action. Book a live demo and scan yourself in 60 seconds.