Blog
Contact us
Back to Home

Privacy Policy

1. Introduction

At VerifEye, your privacy and security come first.
VerifEye is an AI-powered tool operated by Realeyes OÜ, registry code 11730664, Vahe 15, 11615 Tallinn, Estonia (“Realeyes,” “we,” “us,” or “our”). The service helps online platforms anonymously verify that you are a real person and, where required by law or platform policy, that you meet a specified minimum age.

We design VerifEye to use the least possible amount of personal data. The process involves a short, live visual input (for example, a brief selfie video) that is analyzed in real time to estimate your probable age and confirm human presence. We never request or store identity documents, and all data is processed in accordance with the GDPR, UK GDPR, CCPA/CPRA, and other applicable privacy laws.

This Privacy Policy explains how we handle your information, what rights you have, and how to contact us.

2. Who is Responsible for Your Data

Realeyes OÜ operates VerifEye in collaboration with its business customers (“Business Customers”)—for example, websites or apps that use VerifEye to confirm that users meet an age or authenticity threshold.

  1. Business Customer as Data Controller.
    The Business Customer decides why and how your personal data is processed (for example, to comply with an age-assurance rule).
    Realeyes acts on the Business Customer’s behalf to perform the technical analysis and return only a verification result such as “18 or over” or “human verified.”
  2. Realeyes as Data Processor.
    In most cases, Realeyes processes your data strictly under the instructions of the Business Customer and never uses that data for its own independent purposes.
  3. Realeyes as Independent Controller (limited cases).
    In certain narrow circumstances, Realeyes may process anonymized or pseudonymized data independently to maintain and improve the accuracy, security, and fairness of its AI systems. This processing never produces decisions about you personally and is carried out under Realeyes’ legitimate interests and applicable data protection safeguards. Such processing never involves identifying individuals or linking results back to specific verification sessions.

3. Applicability of This Privacy Policy

This Privacy Policy applies exclusively to the processing of personal data carried out through the VerifEye Service, including:

  1. the verification process you complete when a Business Customer uses VerifEye on its website or app; and
  2. any communication you have directly with Realeyes in connection with that process (for example, support requests).

This Policy does not apply to:

  1. the Business Customer’s own website, platform, or services, which are governed by their own privacy terms;
  2. Realeyes’ corporate website or marketing activities, which are subject to a separate corporate privacy notice; or
  3. any third-party services not controlled by Realeyes.

By using VerifEye, you acknowledge that your data will be processed in accordance with this Privacy Policy and applicable law.

4. Key Definitions

For clarity, the following terms have the meanings below:

  1. End User / You – a natural person who uses VerifEye to verify their age or human status.
  2. Business Customer – the entity integrating VerifEye into its platform to confirm users’ age or authenticity; the Data Controller for such processing.
  3. End User Data – the personal data (such as brief visual input or metadata) processed by VerifEye to generate a verification result.
  4. Verification Result – the outcome of the analysis (for example, “18 or over,” “under 18,” “human verified,” or “unable to estimate”).
  5. Third-Party Provider – a trusted vendor engaged by Realeyes to supply technical components of the Service (e.g., cloud hosting, liveness detection) under strict contractual safeguards.
  6. Personal Data – any information relating to an identified or identifiable person as defined under applicable data-protection laws.

5. What Data We Process

VerifEye is designed according to the principle of data minimization. We collect and process only the information required to estimate your age and verify that you are a real person.

Depending on how a Business Customer integrates the Service, VerifEye may process the following categories of data:

  1. Visual input: a short live video or camera frames showing your face, used only for real-time analysis. The visual input is processed in memory only for the duration of the verification session and deleted automatically and irreversibly within minutes after the result is produced.
  2. Derived technical data: numerical representations (embeddings) or signals created by the AI model to estimate age and liveness.
  3. Device and session data: limited technical metadata such as device type, browser, session ID, and connection status.
  4. Verification result: the non-identifying outcome shared with the Business Customer (e.g., “18 or over,” “under 18,” “human verified”).

VerifEye does not request or store identity documents, financial information, or government-issued IDs.

6. Why and How We Use Your Data

We process your data exclusively for the following purposes:

  1. Age and human verification – to confirm whether you appear to meet the age threshold defined by the Business Customer and to verify that you are a live, real person.
  2. Fraud and abuse prevention – to detect automated submissions, repeated misuse, or presentation attacks.
  3. Security and service reliability – to monitor system performance and prevent unauthorized access.
  4. Model improvement (anonymized form) – to maintain the accuracy, fairness, and robustness of VerifEye’s AI models.

All processing takes place within secure, controlled environments and follows the documented instructions of the relevant Business Customer.

7. Legal Basis for Processing

Your data is processed under one or more of the following lawful bases:

  1. Consent – where required by law, for example when biometric data (facial imagery) is processed, you are asked to give explicit consent before starting the verification.
  2. Contractual necessity – processing may be necessary for the Business Customer to provide its service to you when age assurance or human verification is a condition of access.
  3. Legitimate interests – Realeyes may process anonymized or pseudonymized data independently to ensure the safety and reliability of its AI technology, without producing decisions about you personally.

You may withdraw your consent at any time before or during the verification by cancelling the process. Doing so may prevent you from accessing the content or service that requires verification.

8. Data Sharing and Recipients

We never sell or share your personal data in the sense prohibited by the CCPA/CPRA.
Your data may be disclosed only to the following categories of recipients:

  1. Business Customers, who receive only the Verification Result.
  2. Trusted Third-Party Providers, such as secure cloud-hosting or liveness-analysis partners, engaged under written contracts that impose data-protection and confidentiality obligations equivalent to the GDPR and UK GDPR standards. These providers may process limited data solely to support VerifEye’s operation and are regularly reviewed for compliance.
  3. Regulators or authorities, where disclosure is required by law, court order, or competent authority, limited to the minimum necessary.

Where data is processed by Third-Party Providers outside your jurisdiction, Realeyes applies appropriate transfer safeguards (see below).

9. International Data Transfers

VerifEye’s infrastructure is primarily located within the EU / EEA and United Kingdom.
If data is transferred to other jurisdictions, we rely on lawful transfer mechanisms such as:

  1. the EU Standard Contractual Clauses (SCCs) and UK Addendum;
  2. adequacy decisions recognized by the European Commission or UK authorities; and
  3. additional technical and organizational safeguards, including encryption and access controls.

These measures ensure an equivalent level of protection wherever your data is processed.

10. Data Retention

We retain your data only for as long as strictly necessary to perform the verification and ensure system integrity. Raw visual data (e.g., video frames) is automatically deleted within seconds after the verification result is produced. Pseudonymized or aggregated technical data may be stored for a short, limited period for security auditing, fraud detection, or performance monitoring. After these periods, the data is securely deleted or anonymized in accordance with Realeyes’ internal retention policy and applicable law.

11. Automated Processing and Human Oversight

VerifEye’s analysis uses automated AI models to estimate probable age and detect liveness signals. These automated processes do not make legally or similarly significant decisions about you, are limited to returning a categorical verification result and are subject to ongoing testing for accuracy and demographic fairness. Where required, Business Customers can request a human review if an automated result prevents access and you believe it may be incorrect.

12. Your Rights and How We Support Them

Depending on your location and applicable privacy laws (for example, the GDPR, UK GDPR, or CCPA/CPRA), you have the following rights concerning your personal data:

  1. Access – to know whether VerifEye processes your data and to obtain a copy.
  2. Rectification – to request correction of inaccurate or incomplete information.
  3. Erasure (“Right to be forgotten”) – to request deletion of your data when it is no longer needed or when you withdraw consent.
  4. Restriction – to request limitation of processing under certain conditions (for instance, if accuracy is contested).
  5. Objection – to object to processing carried out on legitimate-interest grounds, such as pseudonymized model-improvement activities.
  6. Data portability – to receive your data in a structured, machine-readable format, where legally applicable.
  7. Withdraw consent – to withdraw your consent for biometric or other consent-based processing at any time before or during the verification.

Realeyes’ role in consent and rights management:

  1. Realeyes is responsible for recording consent whenever it is legally required—particularly where biometric data is processed during the VerifEye session.
  2. Realeyes also supports Business Customers in fulfilling data-subject rights requests that relate to the VerifEye verification process. When a request is addressed to a Business Customer, Realeyes provides the necessary technical and organizational assistance to ensure it is fulfilled properly and within legal deadlines.

If you wish to exercise your rights directly or inquire about your consent record, you can contact Realeyes at verifeye@realeyesit.com

You may also contact the Business Customer that requested your verification, as they remain the Data Controller responsible for determining the purpose of processing.

You have the right to lodge a complaint with your local data-protection authority if you believe your data has been processed unlawfully.

13. Security Measures

Realeyes applies strict technical and organizational measures to protect your data, including:

  1. encryption of data in transit and at rest;
  2. secure EU/UK data-centre environments;
  3. multi-factor authentication and role-based access control;
  4. continuous monitoring, vulnerability management, and penetration testing; and
  5. regular staff training and confidentiality undertakings.

These measures are designed to prevent unauthorized access, loss, or misuse of your personal data and to maintain the integrity of VerifEye’s verification process.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in law, technology, or our Service. The “Last updated” date at the top of this document shows the latest version. If updates materially affect your rights, we will make reasonable efforts to notify you through the verification interface or our website before the new version takes effect. Your continued use of VerifEye after an update means you accept the revised Policy.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact:

Realeyes OÜ
Vahe 15, 11615 Tallinn, Estonia
Email: verifeye@realeyesit.com

16. Relationship to Other Legal Documents

This Privacy Policy forms part of the broader legal framework governing your use of VerifEye.
Please also review:

  1. the VerifEye Terms and Conditions for Users, and
  2. our Cookies Policy explains how cookies and similar technologies are used.

Together, these documents describe how VerifEye operates and how your personal data is collected, used, and protected.

Last updated: 20 November 2025

Stay Updated

Subscribe to our low frequency news letter to get our latests updates delivered to your inbox