Privacy-First Architecture

Age Verification API

Verify user age for regulatory compliance without storing personal data. Two-tier verification, regional rules, white-label support, and a full admin dashboard to manage it all.

See Live Demo See How It Works

Two-Tier Verification

Not every region requires full ID verification. Our two-tier system matches the verification level to regulatory requirements—so you don't overpay for compliance.

Tier 1: Face Verification

Lower cost per verification

Liveness detection confirms a real person is present, then classifies the probability that the user is a minor. Fast, frictionless, and sufficient for many jurisdictions.

  • Liveness detection prevents photos/videos
  • AI-generated image detection
  • Completes in seconds on mobile
  • No document required

Tier 2: ID Verification

Full document verification

When regulations require definitive proof, Tier 2 adds government ID verification. We extract the date of birth, confirm the face matches, and verify the user meets the age requirement.

  • Everything in Tier 1, plus...
  • Government ID document capture
  • Date of birth extraction and age calculation
  • Face-to-ID matching
  • Meets strictest regulatory requirements

Transparent Per-Attempt Pricing

You're billed per API call—liveness attempts and document attempts are tracked separately. There's a separate fee for exablishing sessions that is $0.0001 for most sites. At typical volumes (~100 verifications/day), costs average around $0.085 per completed verification across both tiers.

No monthly minimums. No hidden fees. Your dashboard shows exact costs in real-time. Scroll down to view the Cost Report.

How It Works

Simple flow, powerful compliance. Users verify once and browse freely.

1

User Arrives

Visitor from a regulated region hits your age gate. Your server calls our API with their location.

2

Tier Determined

Based on your regional rules, we return the required verification tier and a secure verification URL.

3

User Verifies

User completes liveness check (and ID scan if Tier 2) on their device. Data processed in memory, never stored.

βœ“

Access Granted

Verified users receive a token. Set a cookie and they can browse your site freely for up to a year.

Configure Rules by Region

Different jurisdictions have different requirements. Your admin dashboard lets you configure exactly what happens when a user arrives from each country or state.

Tier 1 or Tier 2 — Choose verification level per region
Allow without verification — Skip verification in unregulated regions
Block entirely — Deny access from prohibited regions
Custom minimum age — 18, 21, or whatever your business requires
Example Configuration
πŸ‡ΊπŸ‡Έ
Texas, USA
State law requires ID
Tier 2
πŸ‡¬πŸ‡§
United Kingdom
Face check accepted
Tier 1
πŸ‡©πŸ‡ͺ
Germany
No verification required
Allow
πŸ‡ΈπŸ‡¬
Singapore
Content prohibited
Block

Full Admin Dashboard

Every client gets access to a comprehensive dashboard to monitor activity, analyze performance, and manage their verification settings. All accounts require 2FA.

Cost Report Dashboard

Cost Reporting

Track spending by site, filter by date range, see your assigned rates. Export to CSV for accounting.

Activity Dashboard

Activity Monitoring

See session funnel, abandonment breakdown, and verification counts. Understand where users drop off.

Quality Report

Quality Analytics

Success rates, failure reasons, average attempts per session. Identify UX issues before they become problems.

Verification Detail

Verification Records

Drill into individual verifications. Confidence scores, attempt history, and timing—the documentation you need if your process is ever questioned.

Every verification creates a detailed record—timestamps, confidence scores, verification tier, and attempt history.
If you ever need to demonstrate what your age-gating process did for a specific session, the data is there.

Built for Reliability
Redundant infrastructure with automatic failover ensures verification stays online.
User sees your domain
verify.yourdomain.com
Age Verification
Powered by Your Brand

Your Domain, Your Brand

Verification happens on your subdomain, not ours. Users see verify.yourdomain.com, reinforcing that you're in control of their experience.

Custom subdomain via Cloudflare for SaaS
Automatic SSL certificate provisioning
Custom logo, colors, and styling
Reinforces privacy separation from your main content

Setup requires a simple CNAME record. We handle the rest.

Security & Certifications

Level 2
iBeta PAD Certification
Highest level of spoof detection
100%
Perfect PAD Score
Zero spoofing attacks succeeded
ISO 30107-3
NIST/NVLAP Accredited
International biometric standard

iBeta Level 2 Liveness Detection

Our liveness detection is powered by AWS Rekognition Face Liveness, which achieved a perfect score on iBeta's Level 2 Presentation Attack Detection (PAD) testing β€” conducted in accordance with ISO/IEC 30107-3 by NIST/NVLAP-accredited laboratories.

Level 2 certification tests against sophisticated spoofing attacks including silicone masks, 3D-printed replicas, and deepfake video injection β€” far beyond the basic photo and screen replay detection covered by Level 1 certification.

View the iBeta Level 2 Confirmation Letter β†’

Privacy by Design

We architected XY Zinc to minimize data collection from day one. You can't breach data you don't store.

Never Stored
  • User photos or selfies
  • ID document images
  • Names or addresses
  • ID numbers or dates of birth
  • Biometric templates or faceprints
What We Retain
  • Session ID (anonymous UUID)
  • Verification result (approved/rejected)
  • Confidence scores (for quality reporting)
  • IP addresses (fraud prevention)
  • Timestamps (for audit trail)
Read our full Privacy Policy →
Coming Soon

AgeKey Support

We're preparing to support AgeKey, the privacy-preserving age credential recently endorsed by the Free Speech Coalition.

Users who've already verified elsewhere will be able to use their existing AgeKey instantly. New users who verify through XY Zinc can save their result as an AgeKey for frictionless verification across the web.

One verification. Reusable everywhere. No PII stored.

Instant Verification

Users with an existing AgeKey verify in seconds—no photos, no ID upload, no friction.

Double-Blind Privacy

Neither the issuer nor the verifier can track users across sites. Built on FIDO2 passkey standards.

Industry-Backed Standard

Supported by the FSC, Meta, and major identity providers. The emerging standard for age verification.

Ready to Get Started?

Try the free WordPress plugin or contact us for a custom API integration. We'll walk you through the dashboard and help you understand how XY Zinc fits your compliance needs.

Get the Free Plugin Contact Us for Pro Not on WordPress?