Why Tencent PalmAI
Tencent Cloud PalmAI Service is a world-leading biometric authentication platform, leveraging advanced palm vein recognition technology to deliver secure, contactless identity verification solutions. Founded by Tencent, one of the world's largest technology companies, we combine cutting-edge AI research with deep industry expertise to help enterprises across finance, retail, healthcare, and more transform their authentication experiences. Our mission is to make biometric authentication universally accessible, secure, and seamless – enabling a future where your identity is always with you.
Our Core Advantages
Bank-Grade Security
Equipped with dedicated encryption chipset providing data encryption strategies based on the AES 256 standard.
NFEC certification and extensive experience in security and compliance, helping clients to achieve qualified commercialization.
Cutting-Edge Technology
20 publications in top global conferences with more than 90 applied patents.
Algorithm suitable for various complex environments—hospitals, supermarkets, subways, and more.
Proven Scale: Algorithm validated on over 50 million users in China.
Tencent Ecosystem
Leverage Tencent Cloud's global infrastructure/AWS/Azure etc. and seamless integration with open API and documentation, and dedicated technical support to accelerate your deployment.
Diverse offerings of modules and whole devices from ecosystem partners.
Contactless & Hygienic
No physical contact required – perfect for post-pandemic hygiene-conscious environments.
Our Journey & Milestones
Project Launch
In 2019, Tencent officially launched the Palm Pay project, cumulatively publishing over thirty top-tier conference and journal papers along with more than one hundred patents.
Internal Piloting
PalmPay is officially released in early 2022 and used in Tencent canteens, access control and other scenarios, and has received great praise from employees.
Rapid Growth in Retail
Since September, palm payment promotion has boomed in China's retail industry. Many brands rush to access and buy equipment/systems. 7-Eleven launched in 1,500 stores in a month, boosting cashier efficiency by 25% during peak times.
First Public Launch
The first public use case in Beijing Daxing Airport attracted great attention from the public. It received over 470 Million views in a month, with a single-day search volume reaching 7.89 Million. PalmPay boosts entry efficiency by 30%.
Stable Large Scale
In 3 months, the user base grew rapidly from 100 thousand to 10 Million. In order to match the scale, the product team continues to upgrade the algorithm every week.
Popularization in China
1 Billion transactions, 100 Thousand merchants, 50 Million users, 20+ scenarios within 1 year. 70% registered users chose PalmPay as their first payment option. Won the "2023 Financial Technology Development Award" from the People's Bank of China.
Go Overseas
In November, Tencent won the 'FinTech Excellence Award' in Singapore and announced to provide palm services to global customers with advanced technology support.
Security You Can Trust
Biometric data demands the highest standards of security and privacy. We are certified, audited, and transparent about how we handle your most sensitive data.
Biometric Data Handling
Palm biometric data is among the most sensitive personal data. Our handling practices are designed to minimize risk at every stage:
- Template-Only Storage: We never store raw palm images. Only mathematical templates (feature vectors) are stored, which cannot be reverse-engineered into an image
- On-Device Option: In our hybrid deployment model, biometric templates can be stored exclusively on the user's device or smart card, never leaving the hardware
- Encryption at Rest: All stored templates are encrypted with AES-256-GCM. Encryption keys are managed via Hardware Security Modules (HSM)
- Deletion on Request: Biometric templates are permanently deleted within 24 hours of a deletion request, with cryptographic proof of deletion provided
- Purpose Limitation: Biometric data collected for one purpose (e.g., access control) is never used for another purpose (e.g., marketing analytics)
Encryption & Security Architecture
All communications and stored data are protected with industry-leading encryption:
- Transport Layer: TLS 1.3 for all API communications; DTLS 1.3 for device-to-cloud streams
- Template Encryption: AES-256-GCM for all stored biometric templates
- Key Management: FIPS 140-2 Level 3 certified HSMs for all cryptographic operations
- Zero-Knowledge Architecture: Our matching algorithms are designed so that even PalmAI engineers cannot access individual biometric templates
- Penetration Testing: Annual third-party penetration tests by certified security firms; results published in our Security Transparency Report
Your Privacy Rights
Under GDPR, CCPA, BIPA, and other applicable laws, individuals whose biometric data is processed have the following rights:
- Right to Informed Consent: Biometric enrollment requires explicit, informed consent. Consent can be withdrawn at any time
- Right to Access: Request a copy of all personal data we hold, including your biometric template hash
- Right to Erasure: Request permanent deletion of your biometric template and all associated data
- Right to Portability: Receive your non-biometric personal data in a machine-readable format
- Right to Object: Opt out of any non-essential data processing activities
Data Collection & Processing
We collect only the minimum data necessary to provide our services:
- Biometric Templates: Mathematical representations of palm vein patterns (not images). Used solely for identity verification
- Technical Data: Device identifiers, scan quality metrics, and network latency for service optimization
- Usage Data: Verification timestamps and success/failure rates for analytics (no biometric data included)
- Account Data: Email, name, and billing information for enterprise account management
Cross-Border Data Transfers
For customers with data residency requirements, we offer:
- Regional Data Centers: Dedicated infrastructure in China, Singapore, EU (Frankfurt), and US (Virginia) to keep data within specific jurisdictions
- Data Residency Guarantee: Contractual commitment that biometric data will not leave the specified region
- Standard Contractual Clauses: EU SCCs in place for any cross-border transfers involving EU personal data
- APEC CBPR: Certified under the APEC Cross-Border Privacy Rules system for transfers within the Asia-Pacific region