GDPR & Privacy
VeriSelf is designed with privacy-by-default principles. This guide explains what data is collected, how long it is kept, and what rights users have.
What Data Is Collected
| Data | When | How Long | Purpose |
|---|---|---|---|
| Estimated age | Every verification | User meta + log | Age check |
| Gender | Every verification | User meta + log | Profile data |
| Race | Every verification | User meta + log | Optional analytics |
| GPS coordinates | If GPS enabled | Stored in log | Jurisdiction compliance |
| IP address | Every verification | Stored in log | Fraud scoring, rate limiting |
| Photo | Debug Mode ON only | Auto-deleted after retention | Troubleshooting |
| Consent flag | If consent mandatory | User meta | Legal compliance |
| Timestamp | Every verification | Permanent in log | Audit trail |
What Is NOT Collected
- No raw photos in production (unless Debug Mode is explicitly enabled)
- No cookies for tracking or advertising
- No third-party analytics
- No data sold or shared
User Rights
- Right to access — Admin can export a user’s log entries
- Right to deletion — purges all user data
- Right to object — Users can decline camera access (verification will fail)
For Data Processors
If you are a data processor under GDPR (e.g., running the plugin on behalf of clients):
- Ensure your privacy policy describes the AI verification process
- Enable the consent checkbox if required by your DPA
- Set debug retention to the minimum needed
- Use self-hosted Ollama (PRO) to keep images entirely within your infrastructure