Privacy Policy

English DeutschEspañolFrançais

SafePassage Privacy Policy

Last Updated: May 13, 2025

Summary of Key Points

This is a summary of the key points in our Privacy Policy. Please read the full document for complete details.

  • Zero-Storage Approach: We process your photos, video frames, and ID documents in a completely stateless manner. We don't store any of this information after verification is complete.
  • Data We Process: During verification, we temporarily process facial images, ID documents, and basic technical information. All processing happens in temporary memory.
  • Purpose: We use your information solely to verify your age and to prevent fraud. We do not use it for marketing or profiling.
  • No Sale of Data: We will never sell, rent, or trade your personal information.
  • Security: We use advanced security measures to protect your data during the brief time we process it.
  • Your Rights: You have the right to access, correct, or delete your data and to withdraw consent at any time.
  • Third Parties: We share information with Emblem only when you choose to create a reusable verification token.

1. Introduction

This Privacy Policy explains how SafePassage, S.A.S. ("SafePassage," "we," "our," or "us") processes personal information in connection with our age verification service.

By using our service, you agree to the terms of this Privacy Policy. If you don't agree, please don't use our service.

1.1 What This Policy Covers

This policy covers:

  • How we process your personal information
  • What information we process
  • How we protect your information
  • Your rights regarding your information
  • How to contact us with questions or concerns

1.2 Important Terms

  • Personal Information: Information that identifies you or could be linked to you.
  • Processing: Analyzing, using, or handling your information.
  • Stateless Processing: Processing data temporarily without storing it permanently.
  • Biometric Information: Data derived from your physical characteristics, such as facial features.

2. Information We Process

2.1 When Using Our Age Verification Service

When you use our age verification service, we temporarily process:

a) Facial Images: A series of photos or video frames of your face for age estimation

b) ID Documents: Images of your government-issued ID (if document verification is needed)

c) Information from Documents: Data from your ID needed to verify your age

d) Technical Information: Device type, IP address, browser information

Important: All images, video frames, and document data are processed in a completely stateless manner. We don't store or retain any of this information after verification is complete. All processing happens in temporary memory, and once verification is finished, all personal data is automatically discarded.

2.2 When Creating a Reusable Verification

If you choose to create a reusable verification token (through our partner Emblem):

a) Basic account information may be collected and stored by Emblem

b) A verification token is created on the Polygon blockchain

c) The token contains no personal information - only confirmation that your age has been verified

d) For information about Emblem's privacy practices, please see Emblem's Privacy Policy

2.3 Information We Do Not Collect

We do not collect or store:

  • Your specific age or date of birth after verification
  • Your address or contact information
  • Your browsing history or online activities
  • Information about minors under 13

3. How We Use Information

We use the information we process only for:

3.1 Age Verification

  • Determining if you meet the age requirement for a website or service
  • Providing a pass/fail result to the requesting website
  • Creating a verification token if you choose the reusable verification option

3.2 Improving Our Service

  • Analyzing anonymous, aggregated data to improve accuracy
  • Testing and developing our technology
  • Identifying and fixing technical issues

3.3 Security and Fraud Prevention

  • Detecting and preventing fraudulent verification attempts
  • Protecting our systems from unauthorized access
  • Maintaining the integrity of our service

3.4 Legal Compliance

  • Complying with applicable laws and regulations
  • Responding to valid legal requests from authorities
  • Establishing, exercising, or defending legal claims

4. Our Zero-Storage Approach

4.1 Stateless Processing

Our service uses stateless processing, which means:

a) We process your information only in temporary memory (RAM)

b) Your facial images and ID documents are never stored on persistent storage

c) All data is automatically erased once verification is complete

d) We maintain no database of user images or ID documents

4.2 Biometric Information

For facial age estimation:

a) We temporarily analyze facial features to estimate age

b) We do not create or store persistent biometric templates

c) All biometric analysis is discarded immediately after verification

d) We never use biometric data for identification purposes beyond the immediate verification

4.3 Regulatory Compliance

Our zero-storage approach helps us meet various regulatory requirements:

a) Ofcom (UK): Meets data minimization requirements for highly effective age assurance

b) Arcom (France): Supports the double anonymity architecture required by SREN law

c) KJM (Germany): Complies with data protection requirements for age verification systems

d) GDPR/UK GDPR: Minimizes data protection risks by not storing special category data

e) CCPA/CPRA: Reduces privacy risks for California residents

5. Information Sharing

5.1 With Websites Requesting Verification

We share with websites requesting verification:

  • Only a verification result (pass/fail)
  • Not your specific age, facial images, or ID information

5.2 With Our Service Partners

We work with:

  • Emblem: For reusable verification tokens (only when you choose this option)
  • Google Cloud Platform: For secure processing infrastructure
  • Third-party verification authorities: For document verification (in certain regions)

5.3 Legal Disclosures

We may disclose information when required by law:

  • In response to valid legal requests
  • To protect our rights or property
  • To prevent fraud or security issues
  • To protect the safety of our users or the public

6. Your Privacy Rights

6.1 Access and Control

You have the right to:

a) Access: Request information about what data we process about you

b) Correction: Request correction of inaccurate data

c) Deletion: Request deletion of your data

d) Objection: Object to certain processing of your data

e) Restriction: Request restriction of processing

f) Portability: Request a copy of your data in a portable format

g) Withdraw Consent: Withdraw your consent at any time

6.2 How to Exercise Your Rights

To exercise any of these rights:

  • Email us at privacy@safepassageapp.com
  • Include "Privacy Request" in the subject line
  • Specify which right(s) you wish to exercise

We will respond to your request within 30 days.

6.3 Regional Privacy Rights

European Union Residents

Under the General Data Protection Regulation (GDPR), you have rights detailed in Section 6.1, plus:

  • The right to lodge a complaint with a supervisory authority
  • The right to object to automated decision-making

United Kingdom (UK) Residents

SafePassage complies with the UK GDPR and the requirements established by Ofcom for highly effective age assurance:

  • Our age verification technology meets Ofcom's standards for technical accuracy (>99% for identifying minors)
  • We maintain robust safeguards for data protection as required by UK regulations
  • You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO)

France Residents

SafePassage complies with the French SREN law and Arcom requirements:

  • Our solution implements the required "double anonymity" between verification providers and content providers
  • We ensure proper separation between verification authorities and content services
  • Our system provides reusable verification with appropriate authentication controls

Germany Residents

SafePassage complies with the German Interstate Treaty on the Protection of Human Dignity and Minors (JMStV) and KJM requirements:

  • Our age verification implements KJM's required two-stage verification process
  • We maintain a challenge age threshold that exceeds KJM's five-year buffer requirement
  • Our system includes appropriate measures to prevent credential sharing

California Residents

Under the California Consumer Privacy Act (CCPA), you have the right to:

  • Know what personal information we collect
  • Request deletion of your personal information
  • Opt-out of the sale of your personal information (though we do not sell personal information)
  • Non-discrimination for exercising your rights

Colorado, Connecticut and Virginia Residents

You have the right to:

  • Access and receive a copy of your personal information
  • Correct inaccurate personal information
  • Delete your personal information
  • Opt out of targeted advertising (though we do not engage in targeted advertising)

Arkansas and Louisiana Residents

Arkansas and Louisiana law requires age verification for sites hosting adult content. We comply with these requirements through our verification process.

7. Security Measures

7.1 Technical Safeguards

We implement strong security measures:

a) Encryption: All data is encrypted during transmission

b) Secure Infrastructure: We use Google Cloud Platform with industry-standard security

c) Access Controls: Only authorized personnel can access our systems

d) Security Testing: Regular security audits and testing

7.2 Organizational Safeguards

We maintain:

a) Staff Training: Regular privacy and security training for our team

b) Access Limitations: Strict need-to-know access policies

c) Security Policies: Comprehensive information security policies

8. Children's Privacy

Our service is not directed to children under 13, and we do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us at privacy@safepassageapp.com, and we will delete such information.

9. International Data Transfers

Our services are operated in Colombia. If you are located outside of Colombia, please be aware that information we process may be transferred to, stored, and processed in Colombia where our servers are located.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The current version will always be posted on our website with the effective date. If we make material changes, we will provide notice through our website or by other means as appropriate.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@safepassageapp.com

Mail: SafePassage, S.A.S. CR 42 No.5 SUR 145 Medellin, Antioquia Colombia

12. Cookies and Tracking

12.1 Limited Use of Cookies

We use a minimal set of cookies that are necessary for our service to function. These cookies do not track your browsing behavior across other websites.

12.2 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the service to work
  • Functional Cookies: Remember your settings and preferences
  • Security Cookies: Help us detect and prevent fraud

12.3 Your Cookie Choices

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use our service.

© 2025 SafePassage, S.A.S. All rights reserved.

Effective Age Verification with Privacy Protection

Let's Talk
Terms & Conditions Privacy PolicyBiometric Disclosure