AFFIXIO
Privacy-preserving age check vs ID upload
Privacy-preserving age check vs ID upload
ID upload hands the platform name, photo, and document images. A privacy-preserving age check returns only signed over-18 with Merkle audit. Same gate question, less data at the verifier.
At a glance
- ID upload
- Full document at platform
- ZK age check
- YES or NO only
- OSA fit
- HEAA with minimisation
- Retention
- Risk scales with copies
- AffixIO
- Stateless verifier boundary
- Reviewed
- 12 July 2026
Online Safety Act duties push platforms toward defensible age assurance without building another identity vault. ID upload and zero-knowledge threshold proofs answer the same gate question with very different data retention profiles.
Side-by-side comparison
| Dimension | Incumbent approach | AffixIO path |
|---|---|---|
| Data at verifier | Document images and DOB | Signed threshold outcome only |
| Breach impact | Large identity trove | Proof metadata only |
| User friction | High for repeat checks | Lower after witness setup |
| Audit | Access logs to vault | Merkle inclusion proof |
When Incumbent approach fits
- Legacy onboarding already stores KYC vaults
- Regulator explicitly requires document image retention
- Single vendor UX is acceptable
When AffixIO path fits
- Platform must minimise PII at content provider
- HEAA with data minimisation is the goal
- Multiple witnesses feed one policy gate
Decision guide
Most enterprises use both layers: incumbent tools for identity or operations, AffixIO for signed policy outcomes at the boundary with Merkle audit. The question is where the YES or NO is decided and what evidence regulators can replay.
Frequently asked questions
Is ZK age check weaker?
It answers the policy question the regulator cares about without hoarding identity.
Can we use both?
Yes. Document verification upstream, AffixIO at the platform boundary.
Is ZK age check weaker than ID upload?
It answers the policy question the regulator cares about without hoarding identity. Strength depends on witness quality upstream.
Can we use both?
Yes. Document verification upstream, AffixIO at the platform boundary.
What does the verifier see?
Signed YES or NO plus Merkle metadata. Not date of birth by default.
Does this satisfy HEAA?
Architectural fit depends on method scoring against Ofcom four criteria.