Privacy policy
Last updated: April 2026
What we collect
When a developer creates a verification session via our API, we store the session ID, the developer-supplied internal user ID (optional), the IP address for fraud prevention, the redirect and callback URLs, and the final verification result (pass/fail, estimated age, estimated gender). That is the entirety of the data we hold.
Data shared with third parties
Upon completion of a verification process, specific results are transmitted back to the requesting third-party service via a secure callback. This data includes the verification ID, the estimated age, the estimated gender, and the internal third-party ID (if one was provided during the creation of the verification session).
What we do not collect
We do not persistently store camera images, video frames, audio, facial embeddings, or any other raw biometric data on our servers. Any such data processed during a verification session is held exclusively in volatile memory (RAM) and is deleted immediately upon completion of the process. No biometric data is ever written to non-volatile storage.
Data retention
Session records are retained for a maximum of one hour after creation. Verifications stored via Passkey are retained for one year. After these respective periods, they are automatically and permanently deleted from our database. No backups of session data are kept beyond these windows.
Cookies & tracking
We use an external advertising server to display ads. This service uses an anonymous user ID to track interactions locally on our website. No cross-site tracking is performed, and no personally identifiable information is shared with the ad server. The only other network requests made during a verification session are to our own API endpoints.
Your rights
For users who choose to use optional Passkey-based verifications, you have the right to access, correct, or request the erasure of your stored verification data under GDPR or similar regulations. For standard sessions, data is automatically deleted within one hour, meaning no further personal data is retained to be processed.
To permanently delete your Passkey and all associated data, visit the Delete my data page.
Contact
For privacy-related questions, please refer to the Imprint page for contact details.