GDPR & Biometric Data

Under GDPR, biometric data processed for the purpose of uniquely identifying a natural person is classified as a special category of personal data (Article 9). AgeEvidence minimizes server-side biometric processing through its client-side architecture:

Client-side processing

Face detection, liveness verification, anti-spoofing analysis, and OCR run in the user's browser using local AI models. Raw biometric frames are analyzed locally and are not transmitted to any server during the processing phase.

Server-side storage

After client-side processing, the following artifacts are uploaded and stored:

• Continuous video recording of the verification session
• ID document frames for admin review
• Face descriptors (1024-dimensional numerical embeddings)
• Challenge metadata and fraud signal scores

Face descriptors and video recordings may constitute biometric data depending on the specific processing context and applicable jurisdiction.

The verification widget collects explicit consent before any biometric processing begins. Three mandatory checkboxes must be confirmed:

1. Terms of Service — agreement to the platform's terms and conditions
2. Privacy Policy — acknowledgment of how personal data will be processed
3. Biometric data consent — specific consent for the collection and processing of biometric data, including face detection, liveness analysis, and face descriptor extraction

The camera does not activate and no biometric processing begins until all three consents are provided. Consent records are stored alongside the verification.

AgeEvidence applies data minimization at multiple levels:

• Client-side processing — raw biometric frames are analyzed locally and discarded. Only processed artifacts (video, frames, embeddings) are uploaded.
• Verification level selection — platforms choose the minimum verification level needed. age_only collects no ID documents. full_age verifies age without creating performer records.
• Purpose limitation — verification data is used solely for identity/age verification and compliance recordkeeping. It is not used for marketing, profiling, or secondary purposes.
• Configurable retention — data is retained only for the period required by the verification level and applicable law.

When retention periods expire, verification data and associated biometric artifacts are securely deleted or anonymized. Deletion is permanent and includes all stored files in object storage.

AgeEvidence supports the following data subject rights under GDPR:

• Right of access (Article 15) — data subjects can request a copy of their verification data
• Right to rectification (Article 16) — inaccurate verification data can be corrected
• Right to erasure (Article 17) — verification data can be deleted upon request, except where retention is required by law (2257 performer records during the 7-year period)
• Right to restriction (Article 18) — processing can be restricted while accuracy is contested
• Right to data portability (Article 20) — verification data can be exported in a structured, machine-readable format (JSON)

Data Subject Access Requests (DSARs) can be submitted through:

• The contact form (select “Privacy” as the topic)
• Direct email to the privacy contact listed on the contact page

If the verification was initiated by a platform (e.g., the subject verified their identity for a content platform), the data subject should contact that platform first, as it typically acts as the controller for the access decision.

AgeEvidence uses EU-based subprocessors for the hosted service: application hosting, object storage, servers.

No non-EU subprocessors are involved in the processing of verification data. Both subprocessors are subject to their respective Data Processing Agreements.