At v0uch.me, we respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
We are committed to maintaining transparency and accountability in our data handling processes. We encourage you to contact us with any questions or concerns you may have regarding your privacy.
This policy applies to all users who interact with our services, including those based in jurisdictions with specific privacy regulations (e.g., California, Virginia). Although our services are currently not offered to residents of the European Union, we plan to adopt GDPR-aligned practices for future expansion.
We primarily serve individuals aged 21 and over. Users aged 18-20 may access limited services. Users under 18 are strictly prohibited from using our platform.
2. Data Collection and Usage
Types of Information We Collect
We collect personal information that you voluntarily provide to us when registering on the site, expressing an interest in obtaining information about us or our products and services, or otherwise contacting us.
We only collect the minimum necessary information to provide our services. This includes:
Verification Data: During age verification we collect your date of birth and state of residence. You can choose whether to save this information to your account after verification is complete. Your account works the same way regardless of your choice.
Wallet Data (user-controlled): Your account includes an encrypted wallet where you can optionally store personal details such as your name, email address, address, region, zip code, and more. This data is encrypted with a key that only you control. v0uch.me cannot access, read, or decrypt your wallet contents. You may choose to share specific wallet data with partners, but even then we cannot see it.
When you interact with our services, we automatically collect certain technical data to keep the platform running and to prevent abuse. We hash this data so that we never see it in its original form:
Device and Usage Data: We collect your IP address and device information, then immediately hash them using a one-way function. We use these hashed values for rate limiting, abuse prevention, and session management. We cannot reverse the hash to recover the original IP address or device details.
Session Identifiers: We generate a random session ID for each visit. This ID is not linked to your identity across sessions.
We do not track your behavior or browsing activity. The unhashed versions of your IP address and device information are visible only to you through your account profile. We do not have access to this information in its original form.
Why We Collect Data
We collect data to:
Deliver and improve our services
Verify user age and enforce age restrictions
Comply with legal and regulatory obligations
Facilitate optional, opt-in advertising with strict user control (see below)
Your personal data is anonymized where possible to protect your identity. We do not use pseudonymized data, as we prefer the clarity of anonymized data in our processes.
3. Advertising & Opt-In
For advertising purposes:
You have the option to disclose your age and state of residence to third-party advertisers.
This decision is entirely yours, and we do not control or access this data.
Disclosure, if any, occurs via an API and is strictly under your control.
You can opt in or out at any time.
Any data shared for advertising is anonymized and remains under your control. We do not access, store, rent, or sell this data.
4. Cookies and Tracking
We do not use tracking or persistent cookies. We use only session-based cookies that expire when your session ends and are essential for secure authentication and basic functionality.
5. Zero Trust Architecture and Security
We employ administrative, technical, and physical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction.
We follow a strict Zero Trust model:
No system or user is inherently trusted
All access is verified, logged, and limited
Data is encrypted both in transit and at rest using industry-standard protocols
We employ privacy-enhancing technologies (PETs) and role-based access to minimize risk
Our infrastructure is built to safeguard your information at every point in the lifecycle.
6. Data Retention and Minimization
We retain data only for as long as necessary or as required by law. Once the purpose is fulfilled, data is securely deleted or anonymized.
Plaintext data entered during registration is removed after setup.
Abandoned registrations are purged.
Deleted accounts are wiped from our systems entirely.
Data required for legal compliance is retained only for the minimum duration required.
We do not keep sensitive personal data beyond its use case, limiting risk exposure.
All analytics or performance data we retain is fully anonymized stripped of all personal identifiers and unrecoverable. No pseudonymized or re-identifiable formats are used.
7. Data Sharing & Subprocessors
Subprocessors: We do not currently use third-party subprocessors. Any such additions will be disclosed and updated in this policy if implemented.
No Sale of Personal Data: We do not sell, trade, or rent your personal information to third parties for marketing purposes. Any data sharing is done solely for the purposes of improving our services or when legally required.
8. Legal Compliance and Law Enforcement Requests
We may comply with legally valid requests (e.g., court orders). However, due to our minimal data collection and strong encryption, we often have limited or no usable information to provide.
We disclose only the data we actually possess, which is encrypted by you
We evaluate all requests to ensure legal validity and limit broad warrant submissions where possible
We are designed for transparency reports to demonstrate how little we retain
9. Children's Privacy
We are committed to ensuring that our services are only accessible to individuals who meet the legal age requirements for accessing age-restricted content. As part of this, we use age verification to confirm the age of users. We do not knowingly collect, use, or store personal information from children under the age of eighteen.
We do not permit users under 18 to use any part of our platform. We take this seriously and use age verification to enforce it.
If we become aware that a user under 18 has provided personal information, we will:
Request deletion of your personal information. We will delete all data we can. The only exceptions are: data we are legally required to preserve (e.g., an active court order), hashed identifiers retained to prevent re-registration of accounts terminated for fraud or underage use, and one-way hashed IP and device data that cannot be reversed or selectively removed
Opt out of certain data processing or sharing activities
We comply with the following privacy and biometric data regulations:
Illinois Biometric Information Privacy Act (BIPA): We collect biometric data (facial geometry) during age verification. We obtain your informed consent before collection, use the data only for verification, and delete it immediately after processing. We do not sell, lease, or trade biometric data.
California Consumer Privacy Act (CCPA/CPRA): You have the right to know what data we collect, request deletion, and opt out of data sales or sharing for advertising. We do not sell or share personal information for advertising. Verified non-premium accounts may see sponsored partner content, but this is based on age group (18+ or 21+) and preferences you control -- not personal data, behavioral tracking, or profiling.
Virginia Consumer Data Protection Act (VCDPA): You can access, correct, delete, and obtain a copy of your personal data. You can opt out of data sales, targeted advertising, and profiling. We do not sell data or profile users. Verified non-premium accounts may see sponsored partner content based on age group (18+ or 21+) and preferences you control -- no personal data or browsing behavior is used for targeting.
Colorado Privacy Act (CPA): You can access, correct, and delete your personal data, and opt out of targeted advertising or data sales. We honor universal opt-out signals and do not sell personal data. Sponsored partner content shown to verified non-premium users is based only on age group and user-controlled preferences, not behavioral tracking or personal data.
Connecticut Data Privacy Act (CTDPA): You can access, correct, delete, and port your data. You can opt out of data sales, targeted advertising, and profiling. We do not sell data or profile users. Verified non-premium accounts may see sponsored partner content based on age group and preferences you set -- no personal data or browsing behavior is used for targeting.
Texas Data Privacy and Security Act (TDPSA): You can access, correct, delete, and port your data. You can opt out of data sales, targeted advertising, and profiling. As a Texas-based company, we take this compliance seriously. We do not sell personal information. Sponsored partner content shown to verified non-premium users is based on age group and user-controlled preferences, not personal data or behavioral tracking.
Texas House Bill 1181 (HB 1181): This law requires websites hosting a substantial amount of sexually explicit material to verify that visitors are 18 or older. v0uch.me exists to provide that verification as a third-party service. We confirm a user's age so that partner websites can comply with HB 1181 without collecting personal documents themselves. We do not retain identifying information after verification, consistent with the law's data minimization requirements.
Utah Consumer Privacy Act (UCPA): You can access and delete your personal data and opt out of data sales or targeted advertising. We do not sell data. Sponsored partner content shown to verified non-premium users is based on age group and user-controlled preferences, not personal data or behavioral tracking.
Nevada Privacy Law (SB 220): You can opt out of the sale of your personal information. We do not sell personal information.
Because we collect the minimum data necessary, do not sell personal information, and delete verification documents after processing, our practices meet or exceed the requirements of these regulations. If you have questions about your rights under a specific law, contact us at compliance@authme.services.
12. International Expansion (GDPR)
Currently, we do not serve EU residents. Should that change, we will comply with the General Data Protection Regulation (GDPR), providing rights such as:
Access and deletion of personal data
Data portability
Right to object to processing
Requirement for explicit consent for sensitive data
Our privacy policy will be updated to reflect these changes as necessary.
13. Changes to This Policy
We may update this policy periodically to reflect changes in our practices or legal requirements. We encourage you to review it regularly.
Contact Us
For questions or concerns regarding this policy or your privacy rights, please contact us at compliance@authme.services.