Biometric Data Policy

1. Introduction

AgeVerif.com, a website operated and managed by PlanetSeason, is an online age verification service. This Biometric Data Policy describes the principles and practices governing the collection, processing, storage, and deletion of biometric data by AgeVerif in the context of age verification, in compliance with applicable laws and regulations. By using our service and providing your consent, you acknowledge that you have read and understood this document, our Privacy Policy, and our Terms of Use.

2. Scope

This policy applies to all users who provide biometric data to AgeVerif via certain estimation and verification methods available on the AgeVerif.com website, or through integrated modules on the websites of third-party Clients

3. Types of biometric data collected and processed

We may collect and process the following biometric data:

  • Facial Analysis Data: As part of our "Facial Analysis-Based Age Estimation (Selfie)" method, we process facial features extracted from submitted Selfies, locally on the user's device. This process involves identifying nine (9) facial positions and, for each position, sixty-eight (68) facial landmarks.

AgeVerif uses only a mathematically derived representation of facial biometric data for liveness detection. No original facial images or reconstructible facial biometric data are stored in the system. The biometric model used by the system is irreversible and cannot be used to recreate, reconstruct, or retrieve the individual's original facial features or image.

In the normal operation of the service, complete images of faces are neither retained nor stored after analysis. However, a limited random sample of facial landmarks may be retained temporarily for audit, security, and quality control purposes, in accordance with this policy.

4. Purposes of collecting and processing biometric data

We collect and process biometric data for the following purposes:

  • Age Verification: To estimate and verify the age of users accessing content or services subject to age restrictions.
  • Quality Control: A random sample of 0.1% of the facial landmarks from Selfie-based estimations is retained for quality control and auditing purposes to ensure the accuracy and reliability of our system. These samples are anonymized and are not associated with any individual user and do not involve the retention of complete facial images of users.

The processing of biometric data is based on explicit user consent (Article 9.2(a) of the GDPR). For the sampling of 0.1% of facial landmarks for quality control purposes, this processing is based on our legitimate interest in ensuring the reliability of the algorithm (Article 6.1(f)), subject to immediate irreversible anonymization.

The biometric data collected in the context of the service is not sold, licensed, publicly advertised, or used for direct or indirect commercial purposes.

5. Data retention

  • Facial Analysis-Based Age Estimation (Selfie): Random samples of facial landmarks are retained for a period of one (1) year.1

6. Security measures

We implement appropriate technical and organizational measures to protect biometric data from unauthorized access, use, disclosure, alteration, or destruction, including:

  • Encryption of all transmitted data (Asymmetric RSA Encryption and Randomized AES-256 Encryption).
  • Storage of biometric data representation (non-reversible) in a secure database (Asymmetric RSA Encryption and Randomized AES-256 Encryption).
  • Implementation of access controls to prevent unauthorized access.
  • Logging of access attempts.
  • Limitation of privileges.
  • Automatic deletion.
  • Environment segmentation.

All biometric data processing is performed in accordance with the principles and requirements of the General Data Protection Regulation (GDPR), such as data minimization, purpose limitation, storage limitation and cybersecurity (defined above).
Access to biometric data is strictly limited to authorized personnel in accordance with their functions and is subject to logging. AgeVerif adheres to the principle of data minimization and strictly limits the collection to the data necessary for age estimation or verification.

7. User choice

When biometric data is used for age estimation or verification purposes, the user has the following options:

  • Provide consent: To accept the temporary processing of their biometric data for age verification purposes.
  • Choose an alternative method: To choose a method of estimation or verification that does not involve the processing of biometric data, if available.
  • Refuse: To decline to use our service.

8. User Rights

Each user has the right to object to the processing of their biometric data by refusing the proposed estimation or verification method. In accordance with Articles 15 to 21 of the GDPR, you have the rights of access, rectification, and erasure. However, when the chosen method involves facial analysis-based age estimation, the data, being processed locally or irreversibly anonymized, cannot be used to identify a user. AgeVerif may therefore be technically unable to respond to certain requests for access, rectification, or erasure in accordance with Article 11 of the GDPR.
Consult section 8. Rights of Data Subjects of AgeVerif Privacy Policy for more information about Data Subjects Rights and how it can be executed.

9. Sub-processors and technical service providers

AgeVerif may engage technical sub-processors, as defined by article 4.8 of RGPD, to act on its behalf for hosting, security, maintenance, or other technical operations necessary for the operation of the service. These service providers are subject to strict contractual obligations of confidentiality and security in accordance with the GDPR.
Consult section 6. Transfer of personal data with other entities of AgeVerif Privacy Policy for more information.

10. International transfers

In the event of data transfers outside the European Economic Area (EEA), including to servers located in the United States, PlanetSeason will use the Standard Contractual Clauses (SCCs), as provided for in Article 46(2)(c) of the GDPR or will ensure that the recipient adheres to the Data Privacy Framework

11. Policy updates

We may update this Biometric Data Policy at any time to reflect current practices. When we make changes to this document, we will update the "Last Updated Date" in the footer of the document. We encourage you to regularly review this Biometric Data Policy to stay informed about how PlanetSeason processes and protects your information.

Last updated: June 16, 2026