Compliant the UK Online Safety Act (2024) and Ofcom requirements
Audit-ready compliance,with
no data retained
Everything regulators, procurement teams, and enterprise buyers need, with zero storage of personal information
Audit-Ready Compliance
Download one-pagers covering key requirements from Ofcom, Arcom, KJM, COPPA, and GDPR
COPPA
Compliant with the US Federal Children’s Online Privacy Protection Act (COPPA)
Why Compliance Matters
Failure to meet age verification standards can result in site restrictions, takedowns, fines, and loss of platform access. Private AV helps you stay ahead of evolving regulations.
.png)
New laws are already active
Authorities in the UK, France, and Germany now require verified age checks — self-declared dates and checkboxes are no longer accepted.
.png)
Non-compliance carries legal risk
Sites have been fined, blocked, or removed for skipping enforcement. Penalties are already being applied, not just theoretical.
.png)
Privacy is part of compliance
Agencies like Arcom and GDPR regulators now evaluate how age is verified — including how biometric data is handled and stored.
.png)
Buyers require proof up front
Legal, procurement, and compliance teams expect clear evidence of readiness — not claims, but documented support for audits and due diligence.
No Storage.
No Risk.
Private AV handles all inputs ephemerally. Nothing is retained, logged, or written to disk. Built for compliance and resistant by design to data compromise.
.svg)
Ephemeral by Design
All inputs — including biometric data — are processed in memory and discarded instantly.
.svg)
Liveness & Anti-Spoofing
High-accuracy detection using multi-frame input and real-time AI to block fraudulent attempts at all times.
Encrypted in Transit
Websocket-based encryption secures every transmission. No uploads, no file exposure.
Isolated by Default
Each session is cryptographically siloed. No cross-site leakage or shared state.
Designed for compliance standards
SOC 2
ISO 27001
COPPA
KJM
CCPA
GDPR
Have questions? Let's talk.
Whether you’re reviewing for legal, procurement, or compliance, we’re here to provide clear answers.
Contact UsFrequently Asked Questions
Unsure how billing works? Here’s what most teams ask before getting started.
Do you retain any user data?
No. Private AV processes all personal, biometric, and document inputs ephemerally — in memory only. Nothing is stored, logged, or written to disk. Data is deleted immediately after use.
Are you compliant with GDPR, COPPA, Arcom, Ofcom, and KJM?
Yes. Private AV aligns with all published requirements under GDPR, COPPA, KJM, Arcom, and Ofcom. One-page summaries are available for each framework with implementation details.
Are you certified by any authorities?
Where applicable (e.g. COPPA Safe Harbor), Private AV operates through certified partners. For other frameworks, formal certifications are not issued — but our system meets or exceeds all published requirements.
Can I pass an audit using Private AV?
Yes. We provide technical documentation, privacy architecture diagrams, and compliance one-pagers to support regulators, auditors, and legal teams during reviews.
What happens to ID and biometric inputs during verification?
All data is processed in volatile memory over secure WebSocket. Facial matching, liveness checks, and OCR run in-session — inputs are deleted immediately and never retained.
Can you provide a signed Data Processing Agreement (DPA)?
Yes. A standard DPA is available, and we support custom DPAs for enterprise clients as needed.
Do you support external security attestations like SOC 2?
Yes. Our infrastructure and operational practices follow SOC 2-aligned controls. Security documentation is available upon request.
Is there server-side access to verification results?
Yes. Our API provides secure session validation and webhook delivery for all outcomes — no reliance on client-side logic required.