Privacy Notice — Age & Identity Verification

This notice explains how biometric and document data are processed during a verification.

What we process

A photo of your identity document and short live camera frames, used only to confirm a live face matches the document and to read your date of birth.
Derived signals (a face embedding, head-pose readings, liveness/anti-spoof scores) computed during the check.

What we keep

Document images and selfies are processed transiently in memory and are never written to storage.
We retain only: a yes/no “over the required age” result, a coded outcome, short-lived dispute scores, a salted hash of your IP, and a tamper-evident audit hash.

Legal basis

Biometric data is special-category data. We process it on the basis of your explicit consent (GDPR Art. 9(2)(a)), captured before the check begins, and to meet legal age-assurance obligations.

Retention

Dispute scores are deleted automatically (default 30 days). The minimal result record is deleted after the configured retention period (default 12 months).

Your rights

You may request access to, or erasure of, the minimal records we hold. Because no biometrics are stored, erasure removes everything tied to your reference.

This template is provided as engineering scaffolding and is not legal advice. Have your DPO / counsel review before going live, and complete a DPIA.