Product Idea Sheet · 2025
A unified facial recognition layer for Property Management Systems and Point of Sale — enabling frictionless guest check-in, room charge payments, loyalty rewards, and secure staff authentication.
01 — Property Management System
Replace the front-desk queue with a seamless face-first workflow. Guests are recognised the moment they approach the kiosk or desk terminal, pulling their reservation, room assignment, and ID-verification status automatically.
Guest approaches kiosk. Live frame captured, liveness detection confirms physical presence.
Biometric vector compared against enrolled guest profile. <0.8 s match time.
Reservation retrieved, room assigned, key card or digital key issued. Receipt sent to guest email.
Returning guests and loyalty members are flagged to front-desk staff on approach — name, tier, and preferences surface before a word is spoken.
Optional: face-unlock integration with compatible door locks (RFID + camera combo) so guests can access their room without any physical key.
When a guest face is matched departing the property, housekeeping queue is automatically updated to mark the room for service.
Do-Not-Check-In flags linked to face profiles. Security team alerted silently if a flagged individual is recognised at any terminal.
02 — Point of Sale
Guests settle their dining bill or charge it to their room with a glance at the POS camera — no card, no phone, no signature. Servers see the guest's name, room number, dietary preferences, and loyalty tier the moment a face is recognised.
Restaurant, bar, pool bar, spa, and room service can all share the same biometric engine — guest identity and folio consistent across every touchpoint.
Property-configurable thresholds: charges above a set amount (e.g. $200) require a secondary PIN or card confirmation alongside the face match.
Server or outlet manager can see a guest's running account balance and current folio total before processing a new charge.
Day-spa visitors, club members, and event guests can be enrolled as non-resident profiles, still enabling face-pay without a room charge destination.
03 — Loyalty Programme
Every recognised interaction — check-in, dining, spa, activity — earns points automatically. No app tap or card swipe required. The face is the loyalty card.
0 – 4,999 pts / yr
5,000 – 14,999 pts / yr
15,000 – 39,999 pts / yr
40,000+ pts / yr
Points credited the moment a face-pay transaction settles at any outlet — no delay, no manual link. Visible in the guest app within seconds.
Guests redeem points directly at the POS by face — server sees redeemable balance and applies discount or free item with one confirmation tap.
Property can define date-range or outlet-specific multiplier events (e.g. 3× on spa Tuesdays) — applied automatically to all eligible face-pay transactions.
API hooks to connect points earning/burning with external partner platforms (airlines, car hire, third-party hotels) for a wider loyalty ecosystem.
04 — Staff Authentication
Staff authenticate to both the PMS workstation and POS terminal using their face — eliminating shared passwords, forgotten PINs, and buddy-punching. Every action is tied to a verified individual identity.
Time-and-attendance is biometrically locked — staff cannot clock in or out on behalf of another employee. Each record is a verified face event.
Configurable list of actions (rate override, comp authorisation, account adjustment) that require supervisor-level face re-authentication before execution.
HR or management enrols new staff via a secure mobile flow — name, role, department, and face captured in under 60 seconds, immediately active across all terminals.
Every discrepancy or unusual action correlated to the staff identity active at that terminal. Exception reports flag high-frequency voiders or comp issuers.
05 — Institutional Dining
FaceFlow's biometric layer extends beyond hotel F&B into high-volume, account-based dining environments — university campuses, corporate cafeterias, hospital staff canteens, and aged-care facilities — where speed, meal entitlements, and dietary compliance are critical.
Meal plan entitlements, resident vs commuter tracking, dining hall access control
Subsidised meals, department cost-coding, executive dining rooms, visitor catering
Patient meal delivery confirmation, clinical dietary flags, staff canteen billing
Resident identification, nutritional compliance, medication mealtime flags
Dining hall entry gates linked to face recognition — only enrolled plan holders gain access during service hours. Integrates with campus access control platforms.
For boarding schools and universities, parents can optionally link to view their child's meal activity and remaining balance — configurable privacy controls per institution.
Dedicated express lanes for pre-packaged grab-and-go items; face scan at exit confirms selection against plan entitlement — no cashier required.
Connects to SAP, Oracle HR, Workday, and student information systems — new enrolments and leavers automatically synced; no manual profile management.
Participation data correlated with food waste metrics — caterers can right-size production quantities by outlet and day-part based on verified consumption trends.
Automated monthly billing pack for managed dining contracts — verified cover counts, plan utilisation, and subsidy totals all derived from biometric transaction records.
06 — Technical Architecture
A lightweight biometric middleware layer sits between existing PMS and POS systems — no rip-and-replace required. Integration via standard REST APIs and webhooks.
Near-infrared + RGB dual-camera hardware (kiosk, tablet, or fixed terminal). Liveness detection built into SDK prevents photo spoofing.
Face vectorisation runs at the edge device — raw biometric data never leaves the terminal. Only encrypted feature vectors transmitted.
Hosted matching service compares encrypted vectors against enrolled profile store. Returns match confidence score and linked profile ID.
REST API adapters for WinCloud & Yellowstone. Reservation and folio data exchanged bidirectionally.
Integrations for Hashmato POS products. Guest profile and payment method pushed on match event.
Points ledger API — earn rules, tier calculation, redemption engine, and partner exchange hooks. Real-time balance pushed to guest app.
Web-based property management UI — enrolment management, terminal health, match logs, exception reports, and loyalty analytics.
Self-service enrolment, loyalty balance, transaction history, point redemption, and digital room key. iOS + Android.
07 — Security & Compliance
Biometric data handling governed by GDPR, CCPA, BIPA, and local equivalents. Guest and staff consent is explicit, revocable, and fully audited.
Raw facial images are never persisted. Only encrypted mathematical feature vectors are stored — these cannot be reverse-engineered into a photograph.
Guests and staff opt in explicitly before enrolment. Consent captured digitally with timestamp and version of privacy policy accepted.
One-click biometric data deletion for any guest or staff member. All vectors purged across all nodes within 24 hours of request.
Anti-spoofing via active liveness challenge (blink / head-turn) and passive depth analysis. Prevents photo, video, or mask attacks.
All data in transit encrypted with TLS 1.3. Biometric vectors additionally encrypted with per-property AES-256 keys managed in HSM.
FaceFlow engine certified SOC 2 Type II. Annual penetration testing. Data residency options for EU and APAC properties.
08 — Technology Stack
FaceFlow is built on a robust, battle-tested open web stack — maximising compatibility with existing hotel infrastructure, minimising hosting costs, and ensuring a wide pool of available development talent.
Server-side application logic built in modern PHP 8 — leveraging typed properties, fibers, named arguments, and match expressions for clean, maintainable code. Composer-managed dependencies.
Relational data store for guest profiles, folios, loyalty ledgers, staff records, and audit logs. InnoDB engine with row-level locking for high-concurrency POS environments. Encrypted at rest.
Stateless REST endpoints consumed by PMS connectors (WinCloud, Yellowstone), Hashmato POS, kiosk terminals, and the guest mobile app. OAuth 2.0 bearer token authentication on all routes.
On-device face vectorisation via hardware SDK (NIR + RGB). Encrypted 128-dimension feature vectors passed to the PHP matching service over mTLS — raw images never stored or transmitted.
In-memory session cache for active guest and staff face-match sessions. Entitlement data cached at terminal level for offline resilience. Sub-millisecond lookups during peak service periods.
High-performance Nginx reverse proxy fronting PHP-FPM process pools. Handles concurrent recognition requests from multiple terminals simultaneously with low memory overhead.
Asynchronous job processing for loyalty point calculation, PMS folio posting, e-receipt dispatch, and audit log writes — ensuring POS payment response times are never blocked by downstream tasks.
Deployable to any Linux server, managed cloud (AWS, Azure, GCP), or on-premise hardware. Docker Compose configuration provided for rapid environment provisioning and version-controlled deployments.