Verify what matters, without collecting more than necessary.
Checkpoint confirms eligibility with minimal data exposure so you can verify real people without turning verification into surveillance.
Add a lightweight widget where eligibility needs to be confirmed or enforce verification at the infrastructure layer with Checkpoint Proxy. Configure once and apply consistently.
Select the eligibility requirement that applies to your use case. Checkpoint applies pre-built templates informed by regulatory guidance, standards, and best practices, so enforcement stays consistent without custom logic.
Your system receives a signed pass or insufficient result and you do not receive or store raw identity documents. Checkpoint’s privacy-preserving architecture protects user privacy while delivering the assurance you need.
Human check
Distinguish real users from automated systems before granting access to sensitive features.
Age assurance
Gate access to regulated or age-restricted experiences without collecting and storing full identity data.
Targeted eligibility checks
Enforce specific requirements and receive a simple outcome, without ingesting identity data into your systems.
How Checkpoint’s privacy-preserving architecture works
Privacy-preserving means verification is isolated from your application and the content a user is trying to access.
When Checkpoint runs, it is asked only to confirm the eligibility requirement you’ve set, no specific information about what the user is trying to browse. Your platform receives only the result, not identity documents or personal data.
Unlike traditional identity verification, which often collects and verifies a full set of identity information in a single, centralized flow, Checkpoint isolates the eligibility check and limits data exposure by design.
Distinguish humans from automation with Checkpoint
As generative AI and automated agents become more accessible, confirming real human presence is becoming a foundational requirement for online services.
Traditional bot checks rely on behavior patterns or simple challenges. Checkpoint can help confirm live human presence when more assurance is needed, without turning verification into full identity collection.
The world is moving beyond self-attestation as the primary age assurance method and jurisdictions across the globe have varying requirements.
Checkpoint translates regulatory guidance into actionable age requirements across regions and supports your broader compliance strategy.
Under the UK Online Safety Act (18+), Ofcom outlines expectations for “highly effective” age assurance for certain services. Depending on your use case, supported methods may include:
- Document-based verification with live selfie matching
- Facial age estimation
Designed for trust. Built for privacy.
Checkpoint establishes the appropriate level of identity assurance once, reducing the need to repeatedly collect and verify sensitive information.
For organizations, this supports strong security while lowering data risk and operational burden. For individuals, it means sharing less personal information, less often.
Checkpoint reflects our broader privacy philosophy: build trust while minimizing data exposure and handling personal information responsibly.
Frequently asked questions
What does privacy-preserving architecture mean? Toggle description visibility
Checkpoint’s privacy-preserving architecture separates identity verification from your application. Persona confirms eligibility by conducting identity verification aligned to the configured template requirements and returns only the eligibility result, not identity documents or personal data.
Can users reuse their verification? Toggle description visibility
Yes. After completing verification, users can store a credential in Persona Wallet. On return visits, they authenticate with a passkey and reuse their previously verified eligibility result, reducing repeated friction. Some regulators refer to this as a “reusable digital identity” or in the context of age assurance, an "age token."
Does Checkpoint require domain allowlisting? Toggle description visibility
Yes. Domain allowlisting ensures verification requests originate from authorized environments and prevents misuse by unauthorized sites. Allowlisting validates the origin of the request but does not provide Persona with visibility into specific content being accessed.
How is Checkpoint different from traditional verification? Toggle description visibility
Traditional verification often requires platforms to collect and store full identity documents or detailed personal information and verify that information in one experience controlled by that platform. Checkpoint works differently. When verification is required, it steps up to an identity verification experience that only collects the minimum information needed to confirm whether a user meets the configured eligibility requirement. Only an eligibility result is returned to the platform, without transferring raw identity documents or personal data. Once processed, verification-related data is deleted. This gives you the assurance you need without needing to collect, store, or manage your users’ sensitive data.
Does Checkpoint support different regulatory requirements? Toggle description visibility
Yes. For age assurance, Checkpoint uses configurable templates informed by published regulatory frameworks across jurisdictions. You can apply region-specific age thresholds consistently, without building custom logic for each region.
Does using Checkpoint make my organization compliant? Toggle description visibility
For age assurance, Checkpoint templates are designed to help organizations implement assurance-based age controls, with underlying methods informed by published regulatory frameworks. However, each organization is responsible for determining how applicable laws and regulations apply to its services. Checkpoint should be implemented as part of a broader compliance and risk strategy tailored to your specific jurisdictions and use cases.
