Privacy and Data Handling
This guide explains what data the XYZ Age Verification system collects, how it's processed, and what's retained.
Design Principle: Minimal Data Collection
The system is designed around a principle of minimum necessary data. The goal is to determine whether a visitor meets the age threshold for a region — nothing more. Personal identity details are not needed for this determination and are not stored.
What Happens During Verification
Tier 1: Face Liveness Check
- The visitor's phone or webcam captures a brief video of their face for the liveness check.
- The video frames are analyzed in real-time to classify minor probability.
- No face images or biometric data are stored. They are processed in memory and immediately discarded.
- The only data retained is the session result: pass/fail, the probability score, and a timestamp.
Tier 2: Government ID Verification
- The visitor photographs their government ID (passport, driver's license, etc.).
- The system extracts the date of birth and document expiration date. No name, address, or ID number is extracted.
- The system calculates the visitor's age and confirms the document is not expired.
- The system performs a face comparison between the ID photo and the liveness selfie to confirm the same person is presenting the document.
- The system checks for signs of a fraudulent or AI-generated document.
- The document image is not stored. It is processed in real-time and discarded.
- The date of birth and expiration date are discarded after the verification. They are not retained.
- The retained data is: pass/fail result, face match result (match/no match), document authenticity result, and timestamps. The visitor's age is not stored.
What Data Is Stored
On the XYZ API Server
- Verification session metadata: session ID, site ID, region codes, tier used, status (pass/fail), timestamp, credit cost.
- Verification attempt details: attempt type (liveness/document), result, probability scores, timestamps.
- IP address: the IP address of the verification session is retained for fraud detection purposes. In some jurisdictions, an IP address is considered personally identifiable information (PII). This is the only PII retained by the system.
On Your WordPress Server
- API key: stored in the WordPress options table.
- Cookie signing key: stored in the WordPress options table.
- Verification cookie: set in the visitor's browser. Contains a signed token with the expiration timestamp. Does not contain personal information.
What Is NOT Stored Anywhere
- Face images or biometric templates
- Government ID images
- Name, address, or ID numbers
- Date of birth or age
- Device fingerprints or browser identifiers
Data Flow
The data flow during a verification session:
- Your WordPress site → XYZ API: Country code, state code, and site URL header. The visitor's IP address is logged by the API for fraud detection.
- Visitor's phone → XYZ Verification UI: Face images and ID photos are sent directly from the visitor's device to the verification service. They never pass through your WordPress server.
- XYZ API → Your WordPress site: Session status (pending/approved/rejected), session ID, and verification token. No biometric data is returned.
- Your WordPress site → Visitor's browser: A signed verification cookie.
Your WordPress server never handles or has access to biometric data or document images.
Cookie Details
The verification cookie (xyz_verified) contains:
- A HMAC-SHA256 signature proving the cookie was issued by your site
- An expiration timestamp
- No personal data
The cookie is:
- Secure: Only sent over HTTPS
- HttpOnly: Not accessible to JavaScript (except in test mode, where HttpOnly is disabled for testing convenience)
- SameSite: Set to Lax for standard browser behavior
- Path: Set to
/ (site-wide)
Free Plan Data
When you register for a free plan, the following is collected:
- Email address: Used for account confirmation and important service notifications only. Not shared with third parties.
- Site URL: Bound to your API key to prevent key sharing. Visible to the XYZ service administrator.
Data Retention
- Verification session data (pass/fail results, probability scores, timestamps) is retained for analytics and compliance purposes.
- Biometric data (face images, liveness frames, document photos) has zero retention — it is processed in memory and immediately discarded.
- Date of birth and document expiration (Tier 2 only) are used during verification and then discarded. They are not retained.
- IP address is retained for fraud detection. In some jurisdictions this is considered PII.
Compliance Considerations
The minimal data collection approach is designed to simplify compliance with privacy regulations:
- GDPR (EU): The system processes biometric data only for the legitimate purpose of age verification and does not retain it. Date of birth is used transiently for age calculation and discarded. IP addresses are retained for fraud prevention under legitimate interest.
- UK Data Protection Act / ICO guidance: The privacy-by-design approach aligns with UK regulator expectations for age assurance systems.
- CCPA (California): No personal information is sold or shared with third parties. IP addresses retained for fraud detection are the only data element that may qualify as personal information under CCPA.
Important: You should consult with your own legal counsel regarding your specific obligations under applicable privacy laws. The above is informational only and not legal advice.
Privacy Policy
Full details about data handling, retention, and your rights are available in the XY Zinc Privacy Policy.
Next Steps
