- ABOUT US
What is AgePass?
AgePass is an anonymous online age-verification consumer product built using zero knowledge proof and blockchain technologies. Our blockchain is a private blockchain that acts as the repository of encrypted credentials that represent age-verified consumers.
AgePass requests you perform an age-authentication check with trusted third-parties (through a choice of options – see below) and once validated, our software allows you, using your browser, to create an anonymous ‘root’ access AgePass that is able to generate one-time use proof-of-age tokens when you visit websites that require you to prove your age. By giving users the ability to generate their own ‘valid’ one-time use proof-of-age tokens, our customers can be confident that neither we, nor any of the websites that use our technology, nor our partners, are able to track their activity using our technology.
we do not collect your information (unless you give up your anonymity and contact us directly – see below) and we have no way of tracking information about how, where and when, you use your AgePass verification credentials.
Neither the Websites, the App nor our services are intended for anyone under eighteen (18) and we do not knowingly collect any data relating to individuals under eighteen (18).
AVSecure LLC is responsible for your information (collectively referred to as
- online, via the www.agepass.com website (desktop and mobile versions) and www.agepass.net (our online age verification product) (
Websites) or AVSecure’s app (
App), together the
- offline, via all channels of communication including post, phone or otherwise
Other privacy policies, as notified to you, may apply to you if you use other products or services we provide
- DATA WE COLLECT AND DATA WE DO NOT COLLECT
What we do not collect
We do not collect any personal information about you when you use AgePass.
As explained above, where we use a third party to help verify your age the only information we receive from the third party is a “pass/fail” based on whether you are eighteen (18) years or older. We do not receive, nor have any right to receive, any other information about you from these third parties which you may have provided to them during the age verification process. Once we have received confirmation that a user is eighteen (18) years or older, the user’s browser generates a unique AgePass age credential from Access Key and user-chosen PIN +SALT. We know the AgePass anonymous age credentials that are valid, but we do not know the user Access Key or PIN. We also do not know, and have no means of knowing, the identity of the person who uses an AgePass or their Access Key or PIN.
Our Platforms do not collect any personal information about you.
IP information: When accessing any website, your web browser automatically sends your Internet Protocol (IP) address. While most companies log or store this information, we take affirmative steps to not retain any user IP information.
User agent information: When accessing any website, your web browser also sends “user agent” information detailing the type of software initiating the request. We do not retain or use any user agent information.
Browser fingerprinting: We do not use any browser fingerprinting that can identify a single user. We do utilise client-side encrypted ‘group’ browser generated fingerprinting data to help manage security and fraud risks on our platform by getting client’s browsers to re-authenticate their credentials periodically.
Web beacons: Our Platforms do not use web beacons and we do not store any information associated with web beacons.
Analytics information: Our Platforms do not use or store information about its users for purposes of analyzing their online activity.
What we do collect
We only collect the anonymised encrypted age-verification credentials after a successful age verification check. This credential identifies the age verification provider but NOT the individual who was verified; this cannot personally identify user.
If you choose to give up your anonymity by contacting us directly and providing us with your details, we collect your personal information to deal with your query.
We have designed our age verification service to safeguard the privacy and anonymity of users of AgePass. However, if you choose to contact us and lose your anonymity, we collect the information you actively submit to us (for example via use of our customer contact form or via offline communications such as post).
We collect and use aggregated (non-identifiable) usage data about the Platforms
for example, to calculate the percentage of users accessing a specific Platform feature, but this is not personally identifiable.
- OUR THIRD PARTY PARTNERS
As explained above, AgePass requests you perform an age-authentication check with trusted third-parties. Accordingly, the Platform links to third-party websites and applications. These third parties verify your age directly and, if successful, we will issue an AgePass. The third party involved depends on the age verification method you select through our Platforms.
Where we use a third party to help verify your age the only information we receive from the third party is a “pass/fail” based on whether you are eighteen (18) years or older. We cannot access and have no right to access any other information about you from these third parties.
Our Third Party Partners by Age Verification Method
We do not control these third-party websites and are not responsible for their privacy statements and practices. We strongly encourage you to read the privacy policies and statements of the above third parties before selecting your age verification method.USING INFORMATION
We process any information you choose to provide us with as necessary to respond to your query. Our legal grounds are the performance of our contract with you and our legitimate interests, as indicated above. We will also process information where required to do so by law or to comply with a legal obligation.SHARING INFORMATION
If you provide us with your personal information, we may share it within our group of companies, including AV_Card LLC, to the extent necessary to deal with the matter.
Our servers are hosted on Amazon Web Services in the UK. We also use other service providers who provide IT and system administration services. We may use professional advisors (e.g. lawyers, accountants, auditors etc.) and we may share information with regulators or other governmental or legal authorities where required.
If you provide us with your personal information, we will only retain it for as long as reasonably necessary to respond to your query and satisfy any legal or reporting requirements. We may retain your information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.TRANSFERRING INFORMATION
If you provide us with your personal information, we may share it with our personnel in the United States and within our group of companies, including AV_Card LLC, to the extent necessary to deal with the matter. We are certified to the Privacy Shield, which gives personal information the same protection it has in Europe. Please see below.
To the extent our service providers are based outside the EEA and receive personal information, we ensure the transfer is either (a) to a country deemed to provide an adequate level of protection by the European Commission, (b) pursuant to specific contracts approved by the European Commission, or (c) for transfers to the US, pursuant to that third party’s certification to the Privacy Shield.
AVSecure Privacy Shield
This section provides additional information on how AVSecure LLC and its subsidiaries and affiliates in the United States (
) collect, use, and disclose certain personally identifiable information that we receive in the US from the European Economic Area (
) and the United Kingdom (
To provide adequate protection for certain personal information about consumers, corporate customers, suppliers, business partners received in the US from the EEA or the UK, AVSecure LLC has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce (
). AVSecure LLC adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
AVSecure LLC is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce's Privacy Shield website located at: https://www.privacyshield.gov
. To review our representation on the Privacy Shield list, see the US Department of Commerce's Privacy Shield self-certification list located at: https://www.privacyshield.gov/list
Please see above for the information we may collect and use. Where required by the Privacy Shield, we enter into written agreements with any relevant third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process any personal information in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of any personal information that we transfer to them.
AVSecure LLC maintains reasonable and appropriate security measures to protect information from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
For any unresolved complaints, we have agreed to cooperate with the ICDR-AAA EU-U.S. Privacy Shield Independent Recourse Mechanism
. If you are unsatisfied with the resolution of your complaint, you may contact the ICDR-AAA.
YOUR LEGAL RIGHTS
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with us and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce's Privacy Shield Framework: Annex I (Binding Arbitration)
You are always entitled to exercise your legal rights. However, please note that due to the nature of AgePass, the anonymity it provides, and the fact that we do not collect your personal information, the information you disclose to us if you contact us directly will almost always be only information which we have about you.
Under certain circumstances, you have rights under data protection laws in relation to any personal information we have about you. We try to respond to all legitimate requests within one month, although we will notify you if it will take longer.
- Request access to your personal information.
- Request correction of your personal information
- Request erasure of your personal information.
- Object to processing of your personal information
- Request restriction of processing your personal information
- Request transfer of your personal information.
- Right to withdraw consent (where we rely on your consent as our basis for processing).
You have the right to make a complaint at any time to your supervisory authority for data protection issues.