Yoti Keys - Privacy Notice
Last updated: 13 August 2025
Contents
1. What is Yoti Keys?
Yoti Keys is an age assurance solution that uses passkey technology and is a secure and privacy-preserving method for proving age across different websites and applications.
After you successfully complete an age check through one of our methods (such as Facial Age Estimation, Credit Card, or Mobile Provider checks etc), you have the option to save the age token issued as a Yoti Key on your device. Yoti Keys contain a reference to the original result of your age check, which can be re-used on other websites or platforms accepting Yoti Keys.
The information in this privacy notice relates to Yoti Keys. We also have general information that applies across all our business here: https://www.yoti.com/privacy.
2. Information Collection and Use
Yoti Keys refers to two cryptographically linked keys which are generated when you choose to save your age check results. Yoti Keys are made up of a private key stored on your device (e.g. stored on iCloud Keychain for iOS devices and Google Accounts for Android devices) and a public key, which is securely stored on Yoti servers.
Yoti Keys contain the encrypted result of your original age check (i.e. +18), the method used for the original age check (otherwise known as an age token) and the time the age token was created. When you visit a new website that accepts Yoti Keys as an age check method, you can choose to use your saved Yoti Key to verify your age. At this point, your Yoti Keys are used to authenticate you on your device and the age information is shared with the Yoti Client i.e. the website requesting an age check.
Yoti Keys does not contain any directly identifiable information about you. It also does not contain any information about the websites you visit. Rather, it just shares the minimum data required to verify age with the Yoti Client.
Yoti is responsible for the creation and ongoing storage of Yoti Keys. We rely on Yoti’s legitimate interests to create a secure re-usable age-check method. You can stop using Yoti Keys by deleting your private key from your device. Once a Yoti Client uses your Yoti Keys to verify your age, they become the controller of the results of the age check and any ongoing use of that data.
3. Data Retention
Yoti retains the public key on our servers until you choose to delete the private key on your device. Once you choose to remove your Yoti Keys from your device, the private key on your device is deleted and can no longer be used to retrieve the age result.
4. Information Sharing
If you choose to use your Yoti Keys as an age check method, Yoti will only share the results of your age check and the original age check method you used (e.g. Facial Age Estimation) to the Yoti Client requesting your age check so they can see if this information meets their age check requirements. If it does not meet their requirements, you may be asked to perform a new age check.
5. Security
We keep all the data securely encrypted in the UK.
We always ensure any transfers of data follow the relevant legal requirements, such as entering into standard contractual clauses (SCCs) and completing transfer impact assessments to ensure that any data transferred is protected to an adequate standard.
We are audited annually by KPMG against the SOC2 Type 2 Security control standards and we also maintain our ISO 27001, ISO9001 and ISO27701 certification. You can see more about Yoti’s technical and organisational measures at https://www.yoti.com/security/
6. Individual rights
Individuals are entitled to certain data protection rights which are listed below. Many of these will not practically apply to Yoti Keys because Yoti only holds the public key and this does not contain any personal data that can be used to identify you. Therefore, technically speaking, Yoti might not be able to practically action these rights due to the inherent design of Yoti Keys.
- Right of Access: You are entitled to know what personal information we hold about you and to receive a copy of it.
- Right to Correction: You are entitled to correct personal information we hold about you that is inaccurate.
-
Right to Deletion: You are entitled to ask us to delete the personal information we hold about you. If you want to stop using your Yoti Keys, you can simply delete your private key from your device, and this will sever any connection to the public key we hold on Yoti servers. Depending on the device you have, you can delete Yoti Keys by:
- Navigating to the Passwords app, choose the account, tap Edit, and then tap Delete (If you have an iOS device).
- Navigating to Google Account settings, go to Security settings and locate Passkeys (if you have an Android device).
- Right to Objection: In certain circumstances you are entitled to object to Yoti processing your personal information.
- Right to Restriction: In certain circumstances you are entitled to ask us to restrict our processing of your personal information.
- Right to Portability: In certain circumstances, you are entitled to receive the personal information you have provided us in a structured, commonly used and machine-readable format.
If you want to ask us any questions about any of your rights, please email privacy@yoti.com.
7. Complain to the ICO
You can also complain to the Information Commissioner’s Office (ICO) who is responsible for making sure that organisations comply with the law on handling personal information at https://ico.org.uk/global/contact-us/.
8. Contact Us
If you have any questions about Yoti or what is included in this privacy information, you can contact Yoti using the below:
Email: privacy@yoti.com
Address: Yoti Ltd, 6th Floor, 107 Leadenhall St, London, EC3A 4AF
If you are in the EU, you can contact our GDPR Representative, the European Data Protection Office (EDPO) by
- writing to the EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium; or
- using the EDPO’s online request form available here: https://edpo.com/gdpr-data-request/