AgeOnce - Age Verification Platform for Businesses

Privacy Policy

Last updated: March 28, 2026

We do not keep raw photos of your ID or face in our database.

Images are processed in memory to verify your age and match your face to your document. After that, we retain only what is needed for the service—such as encrypted biometric templates for optional re-verification and age-eligibility indicators—not your original pictures.

1. Overview

AgeOnce is committed to a "Zero-Image" approach: we minimize data collection to what is needed to verify your age and reduce retention of sensitive imagery.

Where this policy applies: The verification experience may be served from an application host or subdomain (for example, app.), while marketing and merchant tools may use the main website. Unless a specific page states otherwise, this Privacy Policy describes our practices across those surfaces. Merchant-specific terms may also apply to business accounts.

Operator: AgeOnce is operated as an independent project. We may complete formal business registration (for example, an LLC) as the company grows; when we do, we will update this section with the registered entity name and contact details.

2. Information We Collect

Identity and age signals: When you scan an ID, we use extracted data (including date of birth during processing) to decide if you meet the required age. We do not keep your full date of birth in our database after verification; we retain age-eligibility indicators (for example, over 16 / 18 / 21) as needed for the service.

Biometric data: We process facial geometry to confirm that the ID holder matches the person using the device. See our Biometric Information Policy for retention and your choices.

Device and security data: Such as IP address, browser type, and integrity signals to detect abuse and protect accounts.

3. How We Process Data (the "Zero-Image" flow)

Transient processing: Images of your ID and face are handled in temporary memory for verification.

Template / vector: We derive a mathematical representation used for matching and optional future re-verification, stored in protected form—not raw photos.

Deletion of originals: Original verification photos are not kept as a gallery in our database; processing is designed so imagery does not persist as uploaded files on our side.

4. Data Retention

Biometric templates: Stored so you can re-verify without repeating the full document flow where the product supports it. You may request deletion subject to product and legal requirements.

Inactive accounts: If you do not use AgeOnce for an extended period (for example, three years), we may delete data in line with our schedules and applicable law.

5. Business accounts, integrations, and billing

Merchants and developers use an organization account to integrate AgeOnce (API credentials, allowed redirect URLs, usage limits, and related settings).

For those accounts we process business data needed to operate the platform: identifiers, roles, API key material stored in hashed form, verification usage events for metering and billing, and subscription / payment data. Card payments are handled by Stripe; their privacy policy governs how they process payment information.

When you send your end users to AgeOnce to verify, you generally choose why verification happens and how you use the result on your site. We process end-user verification data to provide the service you configured. Depending on jurisdiction, you may be an independent controller for your users' relationship with your business while we act as a processor for the verification workflow—confirm roles with counsel for your use case.

6. Your rights (CCPA / GDPR and similar laws)

Depending on your location, you may have the right to:

Access: Understand what personal data we hold about you.
Delete: Request deletion of your account and associated data where applicable.
Withdraw consent: For biometric processing where consent is required; withdrawing may limit features.

To exercise these rights, contact us at: hi@ageonce.com.