Security

• Data minimization — collect only what is needed for verification and compliance
• Least-privilege access controls across all systems
• Auditability for all sensitive operations
• Secure development and change management practices
• Defense in depth — layered security controls

AgeEvidence uses a client-side processing architecture that minimizes data exposure:

1. Browser (client-side):Face detection, liveness analysis, anti-spoofing scoring, document OCR, and face descriptor extraction all run in the user's browser using local AI models. No biometric processing is sent to third-party servers.
2. Upload: Only verification artifacts are transmitted — continuous video recording, ID document frames, face descriptors (numerical embeddings), and challenge metadata. Uploads use HTTPS/TLS encryption in transit.
3. Storage: Artifacts are stored in EU-based object storage with signed URLs (1-hour expiry for admin review, 24-hour expiry for client upload). Files are stored with obfuscated filenames and path traversal prevention.
4. Admin review: Authorized administrators access verification data through the review dashboard. All access is logged with actor ID, IP address, timestamp, and reason.

• Encryption in transit: TLS 1.3 with HSTS (2-year max-age, includeSubDomains, preload)
• Encryption at rest: AES-256
• Authentication: WebAuthn/FIDO2 for admin access (hardware security keys, biometric authenticators). OAuth + passkey for client dashboard.
• Session management: Database-backed sessions with 8-hour TTL, HTTP-only cookies, secure flag
• Rate limiting: IP-based rate limiting on authentication endpoints (10 req/min admin, configurable for API)
• Security headers: CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
• Access logging: All verification data access logged with actor, IP, timestamp, and access type
• Environment separation: Separate development, staging, and production environments
• Secret management: Environment-variable based, not committed to source control
• File integrity monitoring: AIDE-based monitoring for unauthorized file modifications

Specific controls evolve as the service improves. No method of transmission or storage is perfectly secure.

All access to performer records and verification data is logged in an immutable audit trail:

• Fields logged: Verification ID, accessor identity, access type (view, download, review, export), IP address, user agent, timestamp
• Retention: Access logs are retained for 7 years alongside the records they reference
• Export: Audit trails can be exported for compliance audits

AgeEvidence infrastructure is hosted in Europe:

All verification data — including identity documents, liveness media, and associated metadata — is stored and processed within the European Union. No data is transferred outside the EU.

No third-party services are used for biometric processing. Face detection, liveness analysis, and OCR run client-side in the user's browser.

If you discover a security vulnerability, please report it responsibly:

• Use our contact form and select the Security category
• Include details about the vulnerability and steps to reproduce
• Allow reasonable time for investigation and remediation before public disclosure

We take all security reports seriously and will respond as quickly as possible.