01 / 8
Firestore rulesPer-tenant index
Multi-tenant SaaS
Fully isolated workspaces per institution. No data bleeds between tenants — ever.
- Row-level security via Firestore
- Separate audit + reports per inst
- Owner-scoped role hierarchy
Appearance
Private beta · 40 institutions
Attendance,unforgeable.
0%
Scan success
0
Spoofed scans blocked
0s
QR rotation
#0000 · 1s
DTU · Delhi Technological University◆NIT Trichy◆BITS Pilani◆Chitkara University◆St. Stephen's College◆IIIT Hyderabad◆Manipal Academy◆Symbiosis Pune◆DTU · Delhi Technological University◆NIT Trichy◆BITS Pilani◆Chitkara University◆St. Stephen's College◆IIIT Hyderabad◆Manipal Academy◆Symbiosis Pune◆
[ 01 — context ]
Manual rolls leak.QR alone leaks faster.We close every gap.
0%
Of attendance is faked on average (paper)
0s
QR token lifetime
0
Tenants ever cross-leaked (multi-tenant by design)
0.97%
Scan validation accuracy
The problem
01
Proxy attendance
A roommate marks them present.
02
Forwarded QR
A screenshot in the class group does the rest.
03
Paper registers
Hours of data entry, signatures faked.
04
Fake GPS
One mock-location app and "I was there."
The fix
01
Dynamic signed QR
Rotated every 7 seconds, single-use, signed server-side.
02
Device binding
One student, one device — only admins can reset.
03
Geofence + accuracy
Haversine on the server; mock-location instantly flagged.
04
Play Integrity / App Attest
Requests outside the genuine app don't validate.
[ 01.5 — by the numbers ]
Numbers that
speak for themselves.
Live scan validation
99.7%
scan success rate
QR token lifetime
7s
rotated & signed
Device binding
1:1
student to device
Institutions
40+
in private beta
Fraud blocked
132k
spoofed scans stopped
Cross-tenant leaks
0
fully isolated
Geofence radius
50m
server-side Haversine
Avg attendance
88%
vs 62% paper
[ 02 — features ]
Eight building blocks. One verdict.
02 / 8
HMAC-SHA2567s TTL
Dynamic signed QR
HMAC-signed tokens rotate every 7 s with a single-use nonce. Screenshots are useless.
- Tokens carry sid, nonce, exp, prev-hash
- Rolling hash chain (tamper-evident)
- Server-held signing key
03 / 8
Haversine±50m radius
Geofencing
Server-side Haversine with accuracy thresholds blocks anyone outside the classroom.
- Per-class lat/lon + radius
- Reject low-accuracy fixes (>50m)
- Mock-location detection
04 / 8
1:1 bindingAdmin reset
Device binding
Lock each student to their registered device. Only admins can rebind.
- One student ↔ one device fingerprint
- Audit trail on every rebind
- Stops scanning for absent friends
05 / 8
Play IntegrityApp Attest
App attestation
Play Integrity, DeviceCheck and App Attest verify the app is genuine and unmodified.
- Verify build hasn't been tampered with
- Reject rooted / jailbroken devices
- Cryptographic device evidence
06 / 8
HeuristicsReview queue
Fraud detection
Weighted signals feed a suspicious-scan queue for human review.
- Velocity > 90mph between scans
- Duplicate scans on same nonce
- Spoofed GPS signal patterns
07 / 8
PDFXLSX
PDF / Excel reports
Branded async exports with signed download URLs. Ready in seconds.
- Per-class, per-month, per-student
- Signed time-limited download URLs
- Background queue, no UI blocking
08 / 8
Append-onlySHA-256
Audit trail
Append-only, hash-chained log. Any tampering breaks every subsequent record.
- Every action: who, what, when, hash
- Hash-chain like a mini-blockchain
- TTL-configurable retention
Firestore rulesPer-tenant index
Multi-tenant SaaS
Fully isolated workspaces per institution. No data bleeds between tenants — ever.
- ›Row-level security via Firestore
- ›Separate audit + reports per inst
- ›Owner-scoped role hierarchy
HMAC-SHA2567s TTL
Dynamic signed QR
HMAC-signed tokens rotate every 7 s with a single-use nonce. Screenshots are useless.
- ›Tokens carry sid, nonce, exp, prev-hash
- ›Rolling hash chain (tamper-evident)
- ›Server-held signing key
Haversine±50m radius
Geofencing
Server-side Haversine with accuracy thresholds blocks anyone outside the classroom.
- ›Per-class lat/lon + radius
- ›Reject low-accuracy fixes (>50m)
- ›Mock-location detection
1:1 bindingAdmin reset
Device binding
Lock each student to their registered device. Only admins can rebind.
- ›One student ↔ one device fingerprint
- ›Audit trail on every rebind
- ›Stops scanning for absent friends
Play IntegrityApp Attest
App attestation
Play Integrity, DeviceCheck and App Attest verify the app is genuine and unmodified.
- ›Verify build hasn't been tampered with
- ›Reject rooted / jailbroken devices
- ›Cryptographic device evidence
HeuristicsReview queue
Fraud detection
Weighted signals feed a suspicious-scan queue for human review.
- ›Velocity > 90mph between scans
- ›Duplicate scans on same nonce
- ›Spoofed GPS signal patterns
PDFXLSX
PDF / Excel reports
Branded async exports with signed download URLs. Ready in seconds.
- ›Per-class, per-month, per-student
- ›Signed time-limited download URLs
- ›Background queue, no UI blocking
Append-onlySHA-256
Audit trail
Append-only, hash-chained log. Any tampering breaks every subsequent record.
- ›Every action: who, what, when, hash
- ›Hash-chain like a mini-blockchain
- ›TTL-configurable retention
[ 03 — security ]
Eight checks, in order. A scan only passes all eight.
- 01✓
Signature
HMAC-SHA256 over header.payload.
- 02✓
Expiry
Server time. ≤10s window, no exceptions.
- 03✓
Nonce
Single-use, atomically consumed in Redis.
- 04✓
Session
Must be OPEN; status checked on every scan.
- 05✓
Device
Fingerprint + generation match the bound device.
- 06✓
Attestation
Play Integrity / App Attest verified upstream.
- 07✓
Geofence
Haversine ≤ radius; mock-location flag = reject.
- 08✓
Duplicate
DB-level (sessionId, studentId) uniqueness.
[ 04 — dashboard ]
A dashboard you'd actually want to open.
attendly.app/admin/sessions/CS-301 · OPEN live
Marked
0
Pending
0
Suspicious
0
Last 14 sessions
Attendance pulse
Live scans
- Aanya R.28m in09:31:02
- Karan V.31m in09:31:00
- Ishita G.geo miss09:30:58
- Rahul T.12m in09:30:55
- Nikhil S.device mismatch09:30:51
[ 05 — mobile ]
For students, it's just tap, scan, done.
Bound to one device. Sees its own attendance history, percentages and warnings — nothing more.
CS-301 · Operating Systems
Scan QR
Hold steady — token rotates every 7s.
Device bound · GPS OK · attestation OK
YOUR ATTENDANCE
86%
across 4 subjects · last 30 days
Operating Systems92%
Networks84%
DBMS78%
Compilers64%
Compilers is below 75%. 2 more classes to recover.
[ 06 — pricing ]
Honest pricing. No per-scan tax.
Early access — 60% off
Starter
For coaching centers up to 200 students.
$0/ month
- ✓1 institution
- ✓200 students
- ✓Dynamic QR
- ✓Email reports
- ✓Community support
Pro
Most pickedMost schools and small colleges.
$99/mo
$40/ month
- ✓Up to 5000 students
- ✓Geofence + device binding
- ✓PDF / Excel reports
- ✓Fraud queue
- ✓Priority support
Enterprise
Universities, multi-campus, SSO.
Custom
- ✓Unlimited students
- ✓Custom geofence policies
- ✓SAML SSO + audit export
- ✓Webhooks
- ✓Dedicated SLA
[ 07 — faq ]
Asked often.
The token expires in seconds and the nonce is single-use. Even if forwarded, the friend's device fingerprint will not match the bound student's, and the request will fail.
Each scan carries a mock-location flag and accuracy reading. Mock = instant reject + suspicious log. Geofence is checked server-side via Haversine.
They request a device reset from inside the app. An admin approves it, which bumps the binding generation and invalidates the old refresh tokens.
The scan is online by design — that's how we verify session state. The app caches the student's own attendance history offline.
No. The QR is a short-lived signed token: institution id, class id, session id, issued-at, expiry, nonce, signature. Nothing about the student is in it.
Every tenant-scoped query is forced through a Prisma extension that injects the institutionId filter. Cross-tenant reads are physically impossible at the data-access layer.
attend.
Demo on your real classroom in under 20 minutes. We bring the QR, you bring the students.