Last Updated: May 13, 2025
Summary of Key Points
This is a summary of the key points in our Privacy Policy. Please read the full document for complete details.
- Zero-Storage Approach: We process your photos, video frames, and ID documents in a completely stateless manner. We don't store any of this information after verification is complete.
- Data We Process: During verification, we temporarily process facial images, ID documents, and basic technical information. All processing happens in temporary memory.
- Purpose: We use your information solely to verify your age and to prevent fraud. We do not use it for marketing or profiling.
- No Sale of Data: We will never sell, rent, or trade your personal information.
- Security: We use advanced security measures to protect your data during the brief time we process it.
- Your Rights: You have the right to access, correct, or delete your data and to withdraw consent at any time.
- Third Parties: We share information with Emblem only when you choose to create a reusable verification token.
1. Introduction
This Privacy Policy explains how SafePassage, S.A.S. ("SafePassage," "we," "our," or "us") processes personal information in connection with our age verification service.
By using our service, you agree to the terms of this Privacy Policy. If you don't agree, please don't use our service.
1.1 What This Policy Covers
This policy covers:
- How we process your personal information
- What information we process
- How we protect your information
- Your rights regarding your information
- How to contact us with questions or concerns
1.2 Important Terms
- Personal Information: Information that identifies you or could be linked to you.
- Processing: Analyzing, using, or handling your information.
- Stateless Processing: Processing data temporarily without storing it permanently.
- Biometric Information: Data derived from your physical characteristics, such as facial features.
2. Information We Process
2.1 When Using Our Age Verification Service
When you use our age verification service, we temporarily process:
a) Facial Images: A series of photos or video frames of your face for age estimation
b) ID Documents: Images of your government-issued ID (if document verification is needed)
c) Information from Documents: Data from your ID needed to verify your age
d) Technical Information: Device type, IP address, browser information
Important: All images, video frames, and document data are processed in a completely stateless manner. We don't store or retain any of this information after verification is complete. All processing happens in temporary memory, and once verification is finished, all personal data is automatically discarded.
2.2 When Creating a Reusable Verification
If you choose to create a reusable verification token (through our partner Emblem):
a) Basic account information may be collected and stored by Emblem
b) A verification token is created on the Polygon blockchain
c) The token contains no personal information - only confirmation that your age has been verified
d) For information about Emblem's privacy practices, please see Emblem's Privacy Policy
2.3 Information We Do Not Collect
We do not collect or store:
- Your specific age or date of birth after verification
- Your address or contact information
- Your browsing history or online activities
- Information about minors under 13
3. How We Use Information
We use the information we process only for:
3.1 Age Verification
- Determining if you meet the age requirement for a website or service
- Providing a pass/fail result to the requesting website
- Creating a verification token if you choose the reusable verification option
3.2 Improving Our Service
- Analyzing anonymous, aggregated data to improve accuracy
- Testing and developing our technology
- Identifying and fixing technical issues
3.3 Security and Fraud Prevention
- Detecting and preventing fraudulent verification attempts
- Protecting our systems from unauthorized access
- Maintaining the integrity of our service
3.4 Legal Compliance
- Complying with applicable laws and regulations
- Responding to valid legal requests from authorities
- Establishing, exercising, or defending legal claims
4. Our Zero-Storage Approach
4.1 Stateless Processing
Our service uses stateless processing, which means:
a) We process your information only in temporary memory (RAM)
b) Your facial images and ID documents are never stored on persistent storage
c) All data is automatically erased once verification is complete
d) We maintain no database of user images or ID documents
4.2 Biometric Information
For facial age estimation:
a) We temporarily analyze facial features to estimate age
b) We do not create or store persistent biometric templates
c) All biometric analysis is discarded immediately after verification
d) We never use biometric data for identification purposes beyond the immediate verification
4.3 Regulatory Compliance
Our zero-storage approach helps us meet various regulatory requirements:
a) Ofcom (UK): Meets data minimization requirements for highly effective age assurance
b) Arcom (France): Supports the double anonymity architecture required by SREN law
c) KJM (Germany): Complies with data protection requirements for age verification systems
d) GDPR/UK GDPR: Minimizes data protection risks by not storing special category data
e) CCPA/CPRA: Reduces privacy risks for California residents
5. Information Sharing
5.1 With Websites Requesting Verification
We share with websites requesting verification:
- Only a verification result (pass/fail)
- Not your specific age, facial images, or ID information
5.2 With Our Service Partners
We work with:
- Emblem: For reusable verification tokens (only when you choose this option)
- Google Cloud Platform: For secure processing infrastructure
- Third-party verification authorities: For document verification (in certain regions)
5.3 Legal Disclosures
We may disclose information when required by law:
- In response to valid legal requests
- To protect our rights or property
- To prevent fraud or security issues
- To protect the safety of our users or the public
6. Your Privacy Rights
6.1 Access and Control
You have the right to:
a) Access: Request information about what data we process about you
b) Correction: Request correction of inaccurate data
c) Deletion: Request deletion of your data
d) Objection: Object to certain processing of your data
e) Restriction: Request restriction of processing
f) Portability: Request a copy of your data in a portable format
g) Withdraw Consent: Withdraw your consent at any time
6.2 How to Exercise Your Rights
To exercise any of these rights:
- Email us at privacy@safepassageapp.com
- Include "Privacy Request" in the subject line
- Specify which right(s) you wish to exercise
We will respond to your request within 30 days.
6.3 Regional Privacy Rights
European Union Residents
Under the General Data Protection Regulation (GDPR), you have rights detailed in Section 6.1, plus:
- The right to lodge a complaint with a supervisory authority
- The right to object to automated decision-making
United Kingdom (UK) Residents
SafePassage complies with the UK GDPR and the requirements established by Ofcom for highly effective age assurance:
- Our age verification technology meets Ofcom's standards for technical accuracy (>99% for identifying minors)
- We maintain robust safeguards for data protection as required by UK regulations
- You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO)
France Residents
SafePassage complies with the French SREN law and Arcom requirements:
- Our solution implements the required "double anonymity" between verification providers and content providers
- We ensure proper separation between verification authorities and content services
- Our system provides reusable verification with appropriate authentication controls
Germany Residents
SafePassage complies with the German Interstate Treaty on the Protection of Human Dignity and Minors (JMStV) and KJM requirements:
- Our age verification implements KJM's required two-stage verification process
- We maintain a challenge age threshold that exceeds KJM's five-year buffer requirement
- Our system includes appropriate measures to prevent credential sharing
California Residents
Under the California Consumer Privacy Act (CCPA), you have the right to:
- Know what personal information we collect
- Request deletion of your personal information
- Opt-out of the sale of your personal information (though we do not sell personal information)
- Non-discrimination for exercising your rights
Colorado, Connecticut and Virginia Residents
You have the right to:
- Access and receive a copy of your personal information
- Correct inaccurate personal information
- Delete your personal information
- Opt out of targeted advertising (though we do not engage in targeted advertising)
Arkansas and Louisiana Residents
Arkansas and Louisiana law requires age verification for sites hosting adult content. We comply with these requirements through our verification process.
7. Security Measures
7.1 Technical Safeguards
We implement strong security measures:
a) Encryption: All data is encrypted during transmission
b) Secure Infrastructure: We use Google Cloud Platform with industry-standard security
c) Access Controls: Only authorized personnel can access our systems
d) Security Testing: Regular security audits and testing
7.2 Organizational Safeguards
We maintain:
a) Staff Training: Regular privacy and security training for our team
b) Access Limitations: Strict need-to-know access policies
c) Security Policies: Comprehensive information security policies
8. Children's Privacy
Our service is not directed to children under 13, and we do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us at privacy@safepassageapp.com, and we will delete such information.
9. International Data Transfers
Our services are operated in Colombia. If you are located outside of Colombia, please be aware that information we process may be transferred to, stored, and processed in Colombia where our servers are located.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The current version will always be posted on our website with the effective date. If we make material changes, we will provide notice through our website or by other means as appropriate.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:
Email: privacy@safepassageapp.com
Mail: SafePassage, S.A.S. CR 42 No.5 SUR 145 Medellin, Antioquia Colombia
12. Cookies and Tracking
12.1 Limited Use of Cookies
We use a minimal set of cookies that are necessary for our service to function. These cookies do not track your browsing behavior across other websites.
12.2 Types of Cookies We Use
- Strictly Necessary Cookies: Essential for the service to work
- Functional Cookies: Remember your settings and preferences
- Security Cookies: Help us detect and prevent fraud
12.3 Your Cookie Choices
You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use our service.
© 2025 SafePassage, S.A.S. All rights reserved.