Legal · Draft · 2026
Privacy
AgeAssure is built so that a verification proves an age without us learning who anyone is. This page explains, in plain terms, what we process and what we keep.
Draft — not yet reviewed by counsel. This page is placeholder copy that will be replaced with final, reviewed terms before launch. Do not rely on it.
01What we process during a check
To run a verification we briefly process the input a user provides — a selfie for facial age estimation, a document image for an ID check, or a card authorisation for a card check. This processing happens in AWS’s Sydney region (ap-southeast-2).
02What we delete
Images and other raw inputs are analysed and then permanently deleted within seconds. A 24-hour storage lifecycle rule acts only as a backstop; in normal operation nothing survives the check. We never retain the image, date of birth, name, or document number.
03What we keep
For each verification we keep a de-identified record: the method used, the outcome, a confidence band, and timestamps. This is what lets a customer demonstrate that a check took place. It does not identify the individual who was verified.
04Customer accounts
Separately from end-user verifications, we hold the account details of the businesses that use AgeAssure — contact information, billing details, and API credentials — to operate the service. Authentication is handled by our identity provider and payments by our payments provider.
05Sub-processors
We rely on a small set of infrastructure providers, including Amazon Web Services for hosting and processing (in Australia), our authentication provider, and our payments provider. A complete, current list will be published here before launch.
06Your choices and contact
End users interact with AgeAssure on behalf of the site they are verifying with; requests about a specific verification should generally go to that site. For questions about this policy, contact details will be published here before launch.