Data Protection Policy for Age verification
1. Purpose and Scope
This Data Protection Policy outlines the principles, safeguards, and responsibilities that govern the collection, processing, and storage of personal data by Identiff. Our service is designed to verify a user’s age in a fully automated manner, ensuring compliance with legal requirements while safeguarding individual privacy to the highest standard.
This policy applies to all users of the service, all data processed, and all employees, contractors, or affiliates of Identiff.
2. Principles of Data Protection
We are committed to complying with all applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and relevant local legislation. Our data handling is based on the following principles:
Lawfulness, fairness, and transparency – Data is collected and processed only for legitimate purposes.
Purpose limitation – Data is used strictly for age verification.
Data minimization – Only the minimum amount of personal data necessary is collected.
Accuracy – We ensure that automated verification processes are accurate and reliable.
Storage limitation – Data is not stored longer than required by law or technical necessity.
Integrity and confidentiality – Robust security measures protect all data.
Accountability – We demonstrate compliance with data protection obligations at all times.
3. Data Collected
To verify age, our system may request the user to submit:
Verification Images (such as a photo of an identity document or a selfie for automated matching).
Email Address (used for account access, communication, and verification records).
Limited Accessibility of Data
Images: All verification images are encrypted and processed exclusively by automated systems. No employee, administrator, or third-party contractor can access, view, or retrieve the images under normal circumstances.
Email: Only the email address is accessible to authorized accounts
4. Automated Processing and No Human Intervention
The age verification process is fully automated, conducted by advanced machine-learning and computer-vision technology.
No human staff are involved in viewing, analyzing, or approving the verification process.
This ensures the highest degree of privacy for users while reducing human error and bias.
5. Data Access and Restrictions
Routine Access: Only the email address is accessible to staff for operational purposes.
Restricted Data: Verification images and related biometric data are inaccessible to administrators, developers, or support staff under normal operations.
Law Enforcement Requests: Encrypted data, including images, may only be accessed and decrypted under a valid, legally binding request from law enforcement authorities. Such access is logged, strictly controlled, and requires legal verification.
6. Data Storage and Retention
Verification images are encrypted and stored in secure environments with restricted access protocols.
Images are retained only for as long as necessary to complete the verification process or as required by law. After this period, images are automatically deleted from our systems.
Email addresses may be retained for account continuity and service records unless a user requests deletion under applicable rights (see Section 8).
7. Security Safeguards
We employ industry-leading security measures to protect user data:
Encryption for all transmissions.
Multi-layered firewalls and intrusion detection systems.
Role-based access control (ensuring only authorized personnel can access limited data, such as emails).
Continuous monitoring and automated alerts for suspicious activities.
8. User Rights
In compliance with GDPR and applicable laws, users have the following rights:
Right to Access – Users can request confirmation of what personal data is held (limited to email and automated processing records).
Right to Rectification – Users may correct or update their email information.
Right to Erasure (“Right to be Forgotten”) – Users may request deletion of their email and associated data, subject to legal retention requirements.
Right to Restrict Processing – Users may request restrictions on certain uses of their data.
Right to Data Portability – Users may request a copy of their personal data in a machine-readable format.
Right to Object – Users may object to certain processing activities, except where legally required.
9. Legal Compliance and Law Enforcement
We comply with applicable laws regarding data protection, privacy, and lawful disclosure.
No data will be disclosed to third parties unless legally mandated.
Law enforcement access requires a formal legal order, and such requests are documented and reviewed by our legal department.
10. Accountability and Updates
This policy will be reviewed regularly to ensure compliance with evolving regulations and best practices.