Beneficiary Face Login Workflow

Founder demo script | 27 May 2026 | Separate from pastor OTP workflow

This document exists to keep the founder demo clear: the pastor manages enrolment and distribution, but the beneficiary signs in with facial recognition.

Core Rule

The pastor does not log in as the beneficiary.

The pastor can enrol, verify, support, and view beneficiary records within their authorised role. The beneficiary's own login path is facial recognition from the login page.

Live Links

Main site: https://gta.cleva-ai.co.za/

Pastor demo: https://gta.cleva-ai.co.za/demo-login?demoRole=pastor

Beneficiary face login: https://gta.cleva-ai.co.za/demo-login, then choose Sign in with face

Pastor/founder demo account: nolsdebeer@gmail.com | PIN 000000

Open Pastor Demo Open Face Login

Recommended Founder Demo Flow

Pastor logs in with OTP.
Open the pastor demo link and use nolsdebeer@gmail.com with PIN 000000. Explain that this is the site lead's authorised operational role.

Pastor opens Beneficiaries.
Show the beneficiary directory and explain that beneficiaries are service-recipient records, not normal staff login users.

Pastor enrols or re-onboards the beneficiary.
Capture name, optional ID/contact details, consent, face photo and face descriptor. Phone and email are optional.

Pastor logs out.
This makes the role separation obvious before showing the beneficiary's own access path.

Beneficiary opens face login.
Open /demo-login and click Sign in with face. The beneficiary looks at the camera.

System matches the face.
The browser creates a face descriptor and the server matches it to an enrolled beneficiary record.

Beneficiary dashboard opens.
Show collection status, last collection, next collection where available, and limited self-service information.

Pastor can continue distribution work.
Pastor can later verify the same beneficiary at collection and log the parcel handout, but that is separate from beneficiary self-login.

What To Say

Pastor Role

"The pastor is responsible for the distribution day. They enrol people, manage exceptions, verify collection and keep the event record clean."

Beneficiary Role

"The beneficiary does not need an email address, phone number or password. Once enrolled, they can identify themselves by face and see their own status."

Why This Matters

"This protects dignity and access. People without devices can still receive support, while the system keeps proof of who was served."

Privacy Position

"Face login is tied to consent and an enrolled support record. Staff roles and beneficiary access are separated so sensitive data is not exposed unnecessarily."

UAT Checks

Check	Expected result
Pastor OTP login	Pastor dashboard opens using nolsdebeer@gmail.com and PIN 000000.
Beneficiary enrolment	Face photo and face descriptor are captured during enrolment.
Pastor logout	Session clears and returns to login page.
Beneficiary face login	Sign in with face opens camera and recognises the enrolled beneficiary.
Beneficiary dashboard	Only beneficiary-appropriate status and collection information is shown.
Wrong or unknown face	Login is rejected with a clear message to ask staff to verify enrolment.

Fallback If Camera Fails

Do not switch the beneficiary to OTP as the main story.

If camera permissions fail during the demo, explain the intended flow, show the enrolled beneficiary profile with face-login status, then continue with pastor scan-and-distribute. The founder requirement remains: beneficiary login is facial recognition.