Yoti Age Verification Service – Privacy Information
Last updated on: 14 November 2023
The Yoti Age Verification Service (“AVS”) is provided by Yoti Ltd. This privacy information, in addition to the Yoti Biometrics Policy for users in Illinois, Texas and Washington, covers the age checking methods we provide for this product. This privacy information will refer to Yoti as ‘us’ and the organisation you’re interacting with to prove your age as the ‘Organisation’.
Yoti is the service provider and the Organisation asking you to prove your age should have provided you with their privacy information and any associated data collection and use they carry out.
Contents
What is Yoti Age Verification?
Yoti Age Verification has been designed to give you a quick way to prove you’re over the relevant age for what you are doing online, without sharing any personal information with an Organisation.
Yoti acts as a data minimising tool between you and the Organisation.
The process works as follows:
- You prove your age using your preferred age checking method.
- Yoti determines your age and deletes your personal information.
- The Organisation receives either an ‘over’ or ‘under’ result, or your date of birth.
No personally identifiable information is shared with the Organisation. Yoti deletes your personal information as soon as the result of the age check is shared with the Organisation.
Proof-of-age methods
The Organisation decides which of the age verification methods it wants to offer and can choose to receive your date of birth or if you are ‘over’ or ‘under’ their age requirement.
Once the age check has been shared with the Organisation, we delete all your personal information. If you are interacting with an age method provided by a third party, we share your details for the purpose of determining your age and nothing else.
You can prove your age in different ways:
1. Age estimation
You’ll be asked to take a selfie using the camera on your device. This captures multiple images and one will be analysed by our age estimation technology to determine your age.
We then calculate if you are over the Organisation’s age requirement.
The Organisation can receive either:
- Your estimated age in years
- If you are ‘over’ or ‘under’ their age requirement
For extra security, the Organisation can also request a liveness test. This is to make sure it’s a real person behind the camera, and not a 2D image, mask or bot. The technology works by processing the image(s) through a sequence of deep neural networks. Each of these examine a different element of the image to look for clues that it might not be a real person.
We delete the image as soon as an age estimate is given.
2. ID scan
You’ll be asked to scan your ID document using the camera on your device. We extract the information from the ID document and calculate if you are over the Organisation’s age requirement using your date of birth.
The Organisation can receive either:
- Your age in years
- If you are ‘over’ or ‘under’ their age requirement
For extra security, the Organisation may also ask you to take a selfie using the camera on your device. This is to make sure the ID document belongs to you and is how we stop fraudsters from impersonating you. Multiple images will be captured and the clearest image will be analysed using face matching technology. This will create a biometric template of your face, which will be compared to the photo on your ID document.
We store any data captured, such as your ID document and selfie, in our UK data centre. Once the session has been completed, we delete all your personal information. If the session is left incomplete then we will delete your data after 25 hours, whichever is sooner. We do not use the data for any other purpose.
3. Yoti app
You’ll be asked to scan a QR code with your Yoti app to share your date of birth. Prior to this, you’ll need to complete a one-time verification process with the Yoti app by uploading your ID document and a selfie.
We then calculate if you are over the Organisation’s age requirement.
The Organisation can receive either:
- Your age in years
- If you are ‘over’ or ‘under’ their age requirement
You will have a share receipt in your Yoti app showing what you shared, with whom and when. Yoti also has a share receipt that only contains a date and timestamp, and that a date of birth attribute was provided but it doesn’t store the date of birth itself. We store this encrypted receipt securely in our UK data centre.
4. Credit card
You’ll be asked to enter your credit card PAN number, expiry date, postcode and CV2 number.
We send these details to a payment provider and place a temporary £0.30 hold on your card. This is to verify that your card is current and valid. We use this to determine that you are over 18 and remove the £0.30 hold on your card once the age check is complete.
The Organisation can receive:
- If you are ‘over’ or ‘under’ their age requirement
We never store or share your credit card details and you will not be charged to verify your age.
5. Mobile number
You’ll be asked to enter your name, date of birth, mobile number and address.
We send these details to one of our mobile checking providers. You will receive an SMS with a verification code that you will need to enter. This is to confirm you are in possession of the phone. The provider then confirms that the details entered match the details of the mobile account and we use this to determine that you are over 18.
The Organisation can receive:
- If you are ‘over’ or ‘under’ their age requirement
We never store or share your details with anyone other than the provider.
6. Database check
You’ll be asked to prove your age using your name, date of birth and address.
We send these details to a credit reference agency provider to confirm they are accurate and obtain or confirm your date of birth.
The Organisation can receive:
- If you are ‘over’ or ‘under’ their age requirement
We never store or share your details with anyone other than the provider.
7. eID scheme
You’ll be asked to prove your age using one of the following eID schemes:
- Bank ID (Sweden)
- MitID (Denmark)
- Finnish Trust network (Finland)
Once you have chosen the eID scheme that you want to use, you will need to log and share your details through our eID provider. We will receive your identity information such as name, date of birth and national ID number and use this to confirm your age.
The Organisation can receive:
- If you are ‘over’ or ‘under’ their age requirement
We never store or share your details with anyone other than the provider.
8. US Mobile Driving licence (mDL)
You’ll be asked to prove your age using one of the following US mobile driving licences:
- LA Wallet (Louisiana)
Once you have chosen the mDL scheme that you want to use, you will need to login and share your details. We will receive confirmation that you meet the age threshold defined by the business.
The Organisation can receive:
- If you are ‘over’ or ‘under’ their age requirement
We never store or share your details with anyone other than the provider.
Reusable age checks
To reduce the number of times you need to verify your age online, we have developed a system of age tokens. These are optional so not all Organisations will use them. Below we explain how they work and where you would interact with them.
Age tokens
Age tokens act as digital proof of an age check and allow you to reuse the result of an age check for as long as the Organisation allows.
An age token is created when you prove your age with Yoti and contains the result of the check plus information on how and when it was performed.
Age tokens do not contain any personal information, they do not track you and do not know where you have been or where you have come from. Age tokens are stored in your browser like a cookie and are time limited. You can delete an age token by clearing your cache.
If you go to a website that’s using age tokens, you will click a button to verify your age and the organisation will read the age token from your browser. If the token meets the requirements set by the website, Yoti will return a result to confirm your browser has previously been verified and you’ll be given access to the website for as long as the token is valid.
If you don’t have a token that meets the requirements, you’ll be asked to prove your age via the standard process.
Age account
You can store your age tokens in an age account. This allows you to access the Organisation’s website on another browser or device, without having to prove your age again.
You will only be able to create an age account if the Organisation is using age tokens. Once you prove your age via the standard methods, you will be given the option to create an account with an anonymous username and password.
If you go to a website that’s using age accounts, you will click a button to verify your age with Yoti and see an option to log into your age account. You’ll be asked to enter your username and password. The website will check to see if there are any age tokens in your browser that meet the criteria defined by the business linked with your account. If so, Yoti returns a result to confirm if you have previously been verified and your age token meets those criteria.
If you don’t have any age tokens linked to your age account that meet the criteria, you will be asked to verify your age using one of the available methods. When successful, a new age token will be created and stored in your age account.
Information Collection and Use
The information we collect from you is for the purpose of determining whether you are the right age to access a product or service.
Depending on the age method you choose, we may enhance the security of the check and use this information to:
- verify your details
- check the document you add is genuine
- check you’re a real live person
- check for fraud
Where an image is captured as part of the age check, the Organisation can also request a liveness test. We have children between 13 and 18 among our users who may need to prove their age.
Below we list the information requested from you for each age verification method and how it’s used.
As soon as we share the result of an age check with the Organisation, we delete all personally identifiable information.
ID scan
| Information | Use |
| ID document uploaded by user
Selfie taken by user |
We extract the date of birth data source from the ID document to calculate your age.
We check the document photo against the photo you took to make sure it’s your document. If requested by the Organisation, we may analyse this image with age estimation technology to make sure the age of the selfie matches the age on the ID document. |
Yoti app
| Information | Use |
| Age attribute based on the date of birth from ID document uploaded by the user | We share if you are over or under the age requirement with the Organisation. |
Age estimation
| Information | Use |
| Selfie captured by user or image provided by the Organisation | We analyse the image using our age estimation technology to determine whether you are over or under the required age.
If requested by the Organisation, we may analyse the image with liveness detection technology to make sure the image is of a real person, and not a 2D image, mask or bot. |
Age tokens
| Information | Use |
| Result of a previous age check | To determine whether you are over the required age and confirm the age check method used. |
Age account
| Information | Use |
| Username and password | To authenticate your browser and get your age tokens |
Credit card check
This check is provided by a card payment provider. Your details are shared with and processed by them for the purpose of determining your age.
| Information | Use |
| Card number, expiry date, CVC and postcode. The information is sent to Stripe and processed with them. | To confirm your details are correct, that you’re in possession of a credit card and so are therefore over 18. |
Mobile check
This check is provided by a mobile services provider. Your details are shared with and processed by them for the purpose of determining your age.
| Information | Use |
| Mobile number, full name, date of birth, address and country. | To confirm your details are correct and to determine whether you are over or under the required age. |
Database check
This check is provided by a credit reference agency provider. Your details are shared with and processed by them for the purpose of determining your age.
| Information | Use |
| Full name, address, country and date of birth. | To confirm your details are correct and to determine whether you are over or under the required age. |
eID scheme
This check is provided by an eID provider. Your details are shared with and processed by them for the purpose of determining your age.
| Information | Use |
| Swedish Bank ID (Sweden ONLY) – Name, National ID number | To determine whether you meet the required age of the organisation. |
| Denmark MitID (Denmark ONLY) – Name, National ID number, Date of Birth | To determine whether you meet the required age of the organisation. |
| Finnish Trust Network (Finland ONLY) – Name, National ID number, Date of Birth | To determine whether you meet the required age of the organisation. |
US Mobile Driving licence (mDL)
This check is provided by a third party mobile driving licence provider. Your details are processed by them for the purpose of determining your age.
| Information | Use |
| LA Wallet – Age attribute (Over or under a threshold) based on the date of birth from the document in your LA Wallet app | To determine whether you meet the required age of the organisation. |
Contact us
Yoti is the service provider and so you should contact the Organisation at requested you complete the age check to exercise your rights in relation to your data.
If you have any questions about Yoti or what is included in this privacy information, you can contact Yoti using the below:
Email: privacy@yoti.com
FAQs: https://support.yoti.com/hc/en-us
Address: Yoti Ltd, 6th Floor, 107 Leadenhall St, London, EC3A 4AF