Age verification

Privacy & security

All Verifymy solutions are built with a privacy-by-design approach.​
Privacy policy
Label

Privacy & security

Data protection is the process of safeguarding sensitive information from loss, corruption, or damage. It involves security processes and strategies to protect information about individuals, such as their names, dates of birth, email addresses, and photographs.

Privacy and data protection are hugely important in the age assurance, identity verification and content moderation solutions that Verifymy offers. Data protection laws aim to balance the rights of individuals to privacy with the legitimate interests of organisations to process personal data.

Privacy-by-design

Our safeguarding solutions have been built within the principles of privacy-by-design. This is a concept that involves incorporating privacy and data protection into the design of products, services, and business processes from the very beginning. Privacy-by-design is a fundamental principle of the General Data Protection Regulation (GDPR).

Please view our Privacy Policy for more details.

GDPR

Our safety tech solutions fully comply with all fundamental principles and requirements of the GDPR. GDPR (the General Data Protection Regulation) is the European Union's legal framework for protecting personal information.

Data minimisation

We only collect and process the minimum amount of data needed to fulfil the requirements of our safety tech solutions. We routinely evaluate our data collection policy to ensure we collect the minimum data required.

User data

We never sell user data and only retain it for the length of time outlined in our privacy policies.

Age verification when accessing adult content

Privacy is a key feature of Verifymy’s age assurance solution. To protect users’ identities and to maintain their privacy, Verifymy does not share age verification data or personally identifiable information (PII) with any of the businesses we work with, including adult content platforms.

Platforms will only know that a user has successfully verified their age. Nothing else.

Where we provide age verification for adult sites in certain US states, we are prohibited by the laws of those states from retaining identifiable personal information. Therefore, this data is deleted immediately after we have completed the age verification process (at the time of writing, this applies in the states of Arkansas, Louisiana, Mississippi, Montana, North Carolina, Texas, and Utah).

Method-specific information

Facial age estimation

The user is asked to scan their face, which is then submitted securely using 256-bit encryption to the Verifymy server.

During the face scan, liveness is confirmed to protect against the use of 2D images, masks or bots. Once liveness is confirmed, facial images are analysed to estimate the user’s age.

ID Scan

The user is asked to scan their ID document using the camera on their device. The document is then submitted securely using 256-bit encryption to the Verifymy server. Information is then extracted from the ID document to calculate whether the user meets the service’s minimum age requirements.

ID scan + face match​

The user is asked to scan their face, which is then submitted securely using 256-bit encryption to the Verifymy server. 

During the face scan, liveness is confirmed to protect against the use of 2D images, masks or bots.

The user is then asked to scan their ID document using the camera on their device. The document is then submitted securely using 256-bit encryption to the Verifymy server. Information is then extracted from the ID document to calculate whether the customer meets the service’s minimum age requirements.

The face scan confirms that the user is the owner and in possession of the ID document they are using to verify.

Credit Card​

The user is asked to enter their credit card number, expiration date, CVC/CVV number, and address. These details are submitted via our payment service provider, and a £1 charge is placed and immediately refunded to confirm the card’s active status.

No card details are stored or captured by Verifymy during this process.

Email Address

The user’s email address is submitted by either the service facilitating the sale or access of age-restricted products or services or manually by the user.

If a user submits their email address for age estimation, they will be asked to authenticate the email via a time-sensitive one-time passcode sent to their inbox. We only use the email address to estimate a user’s age, and we will not contact the user for any other reason.

Mobile Phone Number

The user is asked to submit their mobile phone number. The user receives a one-time passcode to confirm they are in possession of the phone. Once confirmed, our mobile service provider checks the account holder status to determine if the user is over 18. 

Stealth Check

Some services which sell or provide access to age-restricted products and services already hold customer account details or transactional information. In some cases, the service will pass details related to an order to facilitate an age verification check during or after the checkout process.

These details can include:

Email address

Full name

Address

Telephone number

We then use these details to verify the age of the user.

Data security

All data submitted through Verifymy’s safety tech solutions is encrypted using high-end cryptography. The data is encrypted at rest and in transit using a combination of 256-bit encryption and hashing algorithms.

Data encryption

All web traffic is encrypted via HTTPS and TLS 1.2 using high-end cryptography. Data is encrypted using AES-256 encryption. Decryption keys are stored on separate hosts and rotated regularly.

Data security

All data is securely stored and kept only as long as necessary while relevant to the safeguarding process. When applicable, hashing anonymises data, adds an extra security layer and confirms data integrity.

Fast response firewall

We use Cloudflare to provide an extra layer of data security. Cloudflare detects unusual activity and activates high-security measures when necessary.

Security-focused team of experts

Our products are built in-house by an expert development team with track records in building applications that securely process user data.

Audited by third-party security specialists

In addition to our in-house security experts, our software and platform are analysed by a third party via penetration tests to ensure data is safe and stays safe.

Internal due-diligence

All employees undergo background checks prior to their employment.

ISO 27001

We routinely test our systems and are ISO 27001 compliant, following industry standards for information security.

Get in touch

Discover how we can help you solve your compliance and safeguarding challenges.
Contact us
our solutions
industries
Company
resources
Age verification & age estimation
Visit page
Identity verification & content moderation
Visit page
Use case

Back / Age verification & age estimation

Get started
Support
Use case

Back / Identity verification & content moderation

Get started
Support