Yoti Age Verification Service – Privacy Information

Yoti AVS has been designed to give you a quick, privacy-friendly way to prove your age online. The process works as follows:

1. You prove your age using your preferred age-checking method based on the preferred age check method of the Yoti Client.
2. Yoti performs the age check using the preferred method (see detail of methods below) and deletes your personal information.
3. The Yoti Client receives either an ‘over’ or ‘under’ result or age in years.

No directly identifiable information is shared back with the Yoti Client – they only receive the result of the age check.

AVS has various different methods that can be used to verify age: 

1. Facial Age Estimation
2. Identity Document Verification (IDV)
3. Digital ID app (DID)
4. Credit card check
5. Mobile Provider check
6. Database Check
7. eID Check
8. US Mobile Driving licence (mDL)
9. Email Check
10. Partner Age Check
11. Age Token
12. Age Account

The Yoti Client decides which of the above age-checking methods it wants to use and whether they want to receive your age in years or if you are ‘over’ or ‘under’ their specific age requirement. 

Depending on the age-checking method, the Yoti Client may also choose to enhance the security of the check and use your information to:

• check the document you add is genuine
• check you’re a real live person
• check for fraud

This check uses your selfie to analyse and estimate your age. You’ll be asked to take a selfie using the camera on your device. This captures a single facial image which will be analysed by our age estimation technology to determine whether you are over or under the required age. 

If requested by the Yoti Client, we analyse the image with liveness detection technology to ensure it is of a real person and not a 2D image, mask, or bot.

Yoti deletes the image as soon as an age estimate is given – no images are shared with the Client.

This check uses your ID document to determine your age. You’ll be asked to scan your ID document using the camera on your device. We extract the information from your ID document and calculate if you are over the Client’s age requirement using your date of birth.

If the Yoti Client wants extra security for their IDV check, they will ask you to take a selfie using the camera on your device. This is to make sure the ID document belongs to you and is how we stop fraudsters from impersonating you. Multiple images will be captured, and the clearest image will be compared to the photo on your ID document using face matching technology.

This check uses the DID app to determine your age.  You’ll be asked to scan a QR code with your app to share your date of birth attribute as found in your ID document. Prior to this, you’ll need to complete a one-time verification process with the app by uploading your ID document and a selfie.

Once you complete the share of your age attribute with the Client, you will have a share receipt in your app showing what you shared, with whom and when. Yoti also has a share receipt that only contains a date and timestamp, and that a date of birth attribute was provided but it doesn’t store the date of birth itself. We store this encrypted receipt securely in our UK data centre.

This check uses your credit card details to verify your age. You’ll be asked to enter your credit card details and postcode, we will send these details to a payment provider and place a temporary £0.30 hold on your card. This is to verify that your card is current and valid. We use this to determine that you are over 18 and remove the £0.30 hold on your card once the age check is complete.

You will not be charged to verify your age. We never store or share your credit card details with anyone other than the provider.

This check uses your mobile number to verify your age. You’ll be asked to enter your name, date of birth, mobile number and address. Alternatively the Yoti client may provide us with your details.  We send these details to one of our mobile checking providers. You will receive  an SMS with a verification code that you will need to enter. This is to confirm you are in possession of the phone. The third party provider then confirms that the details entered match the details of the mobile phone provider account.

We never store or share your details with anyone other than the third party provider. Yoti deletes your data immediately following the check. The third party provider may retain a record of your check for up to 2 years.

This check uses a credit reference agency provider to verify your age. You’ll be asked to enter your name, address, DOB and social security number (depending on what the Yoti client chooses)  which will be shared with a third-party provider.

We never store or share your details with anyone other than the third party provider.

This check uses the eID schemes to verify your age. You’ll be asked to prove your age using one of the following eID schemes:

• Bank ID (Sweden)
• MitID (Denmark)
• Finnish Trust network (Finland)

Once you have chosen the eID scheme that you want to use, you will need to log in and share your details through our eID provider.  We will receive your identity information such as name, date of birth and national ID number and use this to confirm your age. We never store or share your details with anyone other than the provider.

You’ll be asked to prove your age using one of the following US mobile driving licences:

• LA Wallet (Louisiana)

Once you have chosen the mDL scheme that you want to use, you will need to log in and share your details.  We will receive confirmation that you meet the age threshold defined by the Yoti Client.

This check uses your email address to estimate your age. You’ll be asked to submit your email address, which we will share with the third-party provider. 

The third-party provider checks marketing and other databases for which advertising segments your email address is linked to and these are cumulatively used to estimate age. Such advertising segments may include ‘Home Own or Rent’, ‘Credit Card Holder Bank’, ‘Refinance Loan Type’, ‘Household Income’, ‘Number of Credit Lines’, etc.

This check involves proving your age using your identity document via a third party identity verification provider. Under certain laws this is also known as a ‘Partner Anonymous Age Check’.

You will be redirected to a third party identity verification provider (or partner) and asked to scan your ID document using the camera on your device. The partner will extract the information from the ID document and calculate if you are over the Client’s age requirement using your date of birth. That information will be passed to Yoti and then sent to the Client.

For this check, Yoti never sees your ID document, only the results of the check and the third party identity verification partner will not know what service you are seeking to access and will never store or share the information used for the age check for any purpose other than to complete the check.

To reduce the number of times you need to verify your age online, we have developed a system of age tokens. These are optional so not all Yoti Clients will use them. Below, we explain how they work and where you would interact with them.

Age Tokens act as digital proof of an age check and allow you to reuse the result of an age check for as long as the Organisation allows.

An age token is created when you prove your age with Yoti and contains the result of the check plus information on how and when it was performed. Age tokens do not contain any directly identifiable personal information, they do not track you and do not know where you have been or where you have come from. Age tokens are stored in your browser like a cookie and are time limited. You can delete an age token by clearing your cache.

If you go to a website that’s using age tokens, you will click a button to verify your age and the organisation will read the age token from your browser. If the token meets the requirements set by the website, Yoti will return a result to confirm your browser has previously been verified and you’ll be given access to the website for as long as the token is valid.

If you don’t have an Age Token that meets the requirements, you’ll be asked to prove your age via the standard process.

You can store your Age Tokens in an Age Account. This allows you to access the Yoti Client’s website on another browser or device, without having to prove your age again.

You will only be able to create an age account if the specific Yoti Client  is using Age Tokens. Once you prove your age via the standard methods, you will be given the option to create an Age Account with an anonymous username and password. If you go to a website that’s using Age Accounts, you will see an option to log into your Age account using your username and password. The website will check to see if there are any Age Tokens in your browser that meet the criteria defined by the Client. If so, Yoti returns a result to the Yoti Client to confirm you have previously been verified and your Age Token meets those criteria. 

If you don’t have any Age Tokens that meet the criteria, you will be asked to verify your age using one of the other available methods. When successful, a new Age Token will be created and stored in your Age Account. You can delete your Age Account at any time.

For most age-checking methods, the data is deleted as soon as the check is complete. In some cases, the Yoti Client will configure the Yoti service so that the maximum amount of time that Yoti has access to your personal data to perform the check is 28 days. This will depend on the Yoti Client and its specific requirements.

After 28 days (or sooner if chosen by the Client), Yoti may continue to store the results of the age checks on behalf of the Client, according to the retention period set by them as controller. Yoti does not have access to the data following the initial 28 days.

Where Yoti is under a legal or statutory obligation to retain your data, for example, due to a valid request from law enforcement, we will keep your data for longer.

Yoti shares the results of the age checks with the Yoti Client that has requested for you to complete an age check. These results include (depending on the Client’s configuration):

• If you are ‘over’ or ‘under’ the Client’s age requirement
• Your age in years

We also share information with:

• third party providers that assist with the conducting of the age checks
• Yoti affiliates, for example for the purpose of manually conducting checks, where this option has been selected by the Yoti Client
• law enforcement agency, regulatory body or other legal authority that have submitted a lawful request for data and which we have a legal obligation to provide

Where Yoti are required to share data we always make sure that we only share what data is required to fulfil the purpose.

Checks and  results of checks  processed on Yoti servers in Yoti Tier 2 data centre(s) within the UK or in a US, EU, UK AWS region. 

Third-party providers may process data in different locations. Where this processing involves a cross-border transfer of data, Yoti ensures there are appropriate technical and organisational measures in place to protect the data, and that such transfers are made in accordance with legal requirements.