How Age Verify handles data across verification and billing workflows

This Privacy Policy describes how Age Verify processes data for its platform, APIs, SDK, integrator portal, onboarding, lead capture, and demo workflows. Depending on your implementation, Age Verify may act as a processor or controller under applicable privacy law.

Age Verify is designed to support age-assurance decisions, including implementations that use facial age estimation where legally appropriate. The standard flow is intended to minimize collection and retention of personal data and is not designed for identity-document collection or biometric template storage. The default product goal is to answer the age-threshold question, not to identify the person.

We process account and contact data (such as name, company, email), integrator authentication data (including password reset request/complete events), merchant billing metadata, API credential and usage metadata, verification session metadata, webhook and audit metadata, and lead/demo/resource-request inquiry data. We process only data needed to execute verification workflows and return signed outcomes.

We use data to provide and secure verification services, create and finalize verification sessions, prevent abuse and fraud, support idempotent and replay-safe operations, operate billing and reconciliation, issue and protect API keys, support integrator account authentication, and provide customer support. If a client opts in, Age Verify may reuse prior verification outcomes or tokens across participating client properties to reduce repeat checks, subject to applicable law and configured controls.

Billing is merchant-level. We use secure hosted checkout during onboarding to collect and store a default payment method, then process usage-based billing events and invoice lifecycle updates through billing webhooks.

When you submit forms on sales, API key onboarding, blog/resource downloads, demo pages, or exit-intent prompts, we process submitted contact details and source metadata (for example path, topic, and campaign context) to respond, deliver requested resources, onboard accounts, and improve support operations. Demo verification access uses short-lived controls and is intentionally separate from billable verification flows.

Verification workflows are designed to use only what is needed, with privacy controls described in our product documentation. We also block verification outcomes when required model or verification prerequisites are unavailable.

We apply technical and organizational controls including access restrictions, secret management, transport protections, audit logging, and monitoring for abnormal activity. You remain responsible for securing your own implementation and key handling.

We share data with subprocessors and service providers only as needed to operate the service, including infrastructure, payments, delivery, and security providers, and where required with legal or regulatory authorities. We do not sell personal information.

We retain data for the period necessary to provide services, maintain security and auditability, comply with law, and resolve disputes. Retention periods differ by data class and legal requirement.

Where data is transferred internationally, we apply transfer safeguards consistent with applicable law and our contractual obligations.

Depending on your jurisdiction, individuals may have rights to access, correction, deletion, portability, or objection. Requests can be submitted through your organization account channel or designated support contact.

The platform is designed to support age-gated product experiences. We do not provide general-audience child-directed services without required safeguards and legal basis.

We may update this Privacy Policy to reflect legal, operational, or product changes. Material changes will include an updated effective date.