1. Overview

AgeOnce is committed to a "Zero-Image" approach: we minimize data collection to what is needed to verify your age and reduce retention of sensitive imagery. This policy explains what we collect, why, how long we keep it, and the choices and rights you have.

Where this policy applies: The verification experience may be served from an application host or subdomain (for example, app.), while marketing and merchant tools may use the main website. Unless a specific page states otherwise, this Privacy Policy describes our practices across those surfaces. Merchant-specific terms may also apply to business accounts.

Operator: AgeOnce is operated as an independent project. We may complete formal business registration (for example, an LLC) as the company grows; when we do, we will update this section with the registered entity name and contact details.

Contact for privacy matters: hi@ageonce.com.

2. Age eligibility (16+)

AgeOnce is intended for people aged 16 years or older. Creating an AgeOnce account or completing a verification requires you to confirm that you are at least 16. We also enforce this on the server side: if a scanned document indicates an age below 16, verification is rejected with a platform-level error, separate from any merchant-specific minimum age (for example, 18 or 21).

If we become aware that we have created an account or processed personal data of someone under 16, we will take reasonable steps to delete that data. If you believe a child under 16 has used the service, please contact us at hi@ageonce.com.

Merchants may require a higher minimum age for their own audience (for example, 18 or 21). The highest of (a) the platform minimum (16) and (b) the merchant minimum applies to a given verification.

3. Information We Collect

Identity and age signals: When you scan an ID, we use extracted data (including date of birth during processing) to decide if you meet the required age. We do not keep your full date of birth in our database after verification; we retain age-eligibility indicators (for example, over 16 / 18 / 21) as needed for the service.

Biometric data: We process facial geometry to confirm that the ID holder matches the person using the device, and we store a mathematical template (a vector derived from your face) to enable optional re-verification. See our Biometric Information Policy for full details and your choices.

Account data: If you sign in, we process identifiers from your authentication provider (for example, Google OAuth) such as your email address, to create and manage your account.

Device and security data: Such as IP address, browser type, and integrity signals, used to detect abuse, secure accounts, and keep an internal audit trail.

Merchant / business data (for organizations): For business accounts we process identifiers, roles, API key material in hashed form, usage events for metering and billing, and subscription or payment metadata.

4. How We Process Data (the "Zero-Image" flow)

Transient processing: Images of your ID and face are handled in temporary memory for verification and are not retained as a gallery of photos in our database.

Template / vector: From your face we derive a mathematical representation used for matching and optional future re-verification, stored in protected form, not raw photos.

Deletion of originals: Original verification photos are not kept as a persistent image library on our side; processing is designed so imagery does not persist as uploaded files on our systems after verification completes.

Automated processing: Age verification and face matching use automated techniques (including machine-learning models). You can ask for human review of a verification result that you believe is incorrect by contacting hi@ageonce.com.

5. Legal bases for processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

• Explicit consent (Art. 9(2)(a)) for processing biometric data for identity verification and re-authentication. You can withdraw consent at any time; withdrawal does not affect processing done before the withdrawal.
• Contract (Art. 6(1)(b)) to provide the verification service you or the merchant requested.
• Legal obligation (Art. 6(1)(c)) where applicable (for example, to respond to lawful requests or comply with tax, accounting, or fraud-prevention rules).
• Legitimate interests (Art. 6(1)(f)) to secure the service, prevent fraud, and operate our infrastructure. We balance these interests against your rights and freedoms.

6. Data Retention

Biometric templates: Stored for as long as you have an active AgeOnce account, or until the earliest of: you request deletion, the purpose is satisfied, or three (3) years of inactivity (consistent with Illinois BIPA guidance). See the Biometric Information Privacy Policy for details.

Account data: Kept while your account is active and for a limited period afterwards to satisfy tax, accounting, dispute, and fraud-prevention requirements.

Verification logs: Kept to support audit, support, and fraud prevention, and minimized (for example, truncated or hashed) where feasible.

Raw images: Not retained as a database of photos; processed transiently only.

7. Sharing and sub-processors

We do not sell your personal data. We share limited data with service providers that help us run AgeOnce, under written terms that restrict their use of the data. Current categories of sub-processors include:

Self-hosted OCR and face recognition: ID text extraction (OCR) and biometric face-template generation run on AgeOnce-operated services deployed on our cloud-hosting provider. We do not send your ID images or face data to any third-party OCR or face-recognition API for routine verification; those computations happen on infrastructure we control.

• Database and authentication: Supabase (PostgreSQL, Auth, Storage).
• Cloud hosting / compute: the hosting provider that runs our application servers and our self-hosted OCR and face-recognition services. That provider has custodial access to the underlying machines under its own security program.
• Payments (business accounts only): Stripe. Stripe acts as an independent controller for payment data under its own privacy policy.
• Authentication providers: Google (OAuth sign-in).
• Error and performance monitoring: Sentry (PII minimized in our logging configuration).

8. International data transfers

Depending on where our sub-processors operate, your data may be processed in countries other than your own, including the United States and the European Union. Where required, we use appropriate safeguards, such as the EU Standard Contractual Clauses, and we rely on our providers' own certifications and transfer mechanisms. Our self-hosted OCR and face-recognition services are deployed in the region(s) we select with our hosting provider; they do not transfer data to any third-party recognition API.

9. Security

We apply reasonable technical and organizational measures to protect personal data, including transport encryption (TLS), encryption of biometric vectors, hashed secrets, strict access controls, row-level security in the database, and audit logging. No system is perfectly secure; we work to detect and respond to incidents quickly.

Security incident notifications: If a breach is likely to result in a risk to your rights and freedoms, we will notify you and the competent supervisory authority in accordance with applicable law (for example, within 72 hours under the GDPR where feasible).

10. Business accounts, integrations, and billing

Merchants and developers use an organization account to integrate AgeOnce (API credentials, allowed redirect URLs, usage limits, and related settings).

For those accounts we process business data needed to operate the platform: identifiers, roles, API key material stored in hashed form, verification usage events for metering and billing, and subscription or payment data. Card payments are handled by Stripe; their privacy policy governs how they process payment information.

When a merchant sends an end user to AgeOnce to verify, the merchant generally decides why verification happens and how to use the result on its properties. We process end-user verification data to deliver the service the merchant configured. Depending on jurisdiction, the merchant may be an independent controller for its relationship with the end user while we act as a processor for the verification workflow. Controller vs. processor roles should be confirmed by the merchant's own counsel.

11. Cookies, analytics, and tracking

We use cookies and similar technologies strictly necessary to run the service (for example, authentication and session cookies). We do not place advertising cookies. Where analytics or product-telemetry cookies are used, they are limited, privacy-respecting, and where required we request consent before setting them. You can control cookies in your browser settings.

12. Your rights

Depending on where you live, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at hi@ageonce.com. We will respond within the timeframes required by applicable law (typically 30 days for the GDPR; 45 days for US state privacy laws, extendable where allowed). If you are in the EU / UK / EEA, you also have the right to lodge a complaint with your local data-protection authority.

• Access: Understand what personal data we hold about you.
• Rectification / correction: Ask us to correct inaccurate data.
• Deletion: Request deletion of your account and associated data where applicable.
• Restriction or objection: Ask us to restrict or object to certain processing.
• Portability: Receive a machine-readable copy of data you provided where applicable.
• Withdraw consent: For biometric processing and any other consent-based processing; withdrawal may limit features but does not affect prior lawful processing.
• Non-discrimination: We will not discriminate against you for exercising a privacy right (CCPA / CPRA).
• Opt-out of "sale" or "sharing": We do not sell personal data; we do not share personal data for cross-context behavioral advertising.

13. Jurisdiction-specific notices

California residents (CCPA / CPRA): You have the rights listed above, including the right to know, delete, correct, and limit use of sensitive personal information. You may authorize an agent to act on your behalf. We do not sell personal information and do not use or disclose sensitive personal information for purposes other than those allowed without a right to limit.

Other US states (for example, Colorado, Connecticut, Virginia, Utah, Texas): Residents of states with comprehensive privacy laws have analogous rights. Where appeals are required by law, you may appeal our decision on a request by replying to our response email.

EU / UK / EEA (GDPR / UK GDPR): You have the rights summarized in Section 12, including the right to lodge a complaint with a supervisory authority.

14. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates when the latest change was made. Material changes will be communicated through the service, by email (where we have your address), or by a clear notice on the site before they take effect, to the extent required by applicable law.