Title: Privacy implications?
Last modified: January 30, 2019

---

# Privacy implications?

 *  Resolved [Ate Up With Motor](https://wordpress.org/support/users/ate-up-with-motor/)
 * (@ate-up-with-motor)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/)
 * Hi,
    I was considering switching to Age Gate as my old age verification plugin
   seems to have been abandoned by the developer. However, I have an important question:
   Are entered birth dates or ages stored anywhere? I assume the plugin takes the
   birth date and uses it to check the age against the preset value, but are either
   the date or the calculated age (hashed or otherwise) stored in a cookie, in the
   database, and/or as a query string added to the URL?
 * Since these questions implicate privacy laws (date of birth is potentially personally
   identifying information by most standards), I would need to explain in my privacy
   policy how the entered values are stored (if at all) and where. Could you clarify?(
   This might be a good subject for the FAQ.)
 * Thanks!

Viewing 11 replies - 1 through 11 (of 11 total)

 *  Plugin Author [Phil](https://wordpress.org/support/users/philsbury/)
 * (@philsbury)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11150031)
 * Hi [@ate-up-with-motor](https://wordpress.org/support/users/ate-up-with-motor/),
 * I think we’ve talked about [this before](https://wordpress.org/support/topic/saving-user-data/),
   but happy to give an overview here as it’s useful for you and anyone else finding
   the topic.
 * No information is stored by the plugin long term except in a couple of cases (
   remember me, or if using the additional user registration plugin which has the
   option to).
 * When a user passes the test, their age (not DoB) is stored in a cookie. I would
   argue this isn’t personally identifiable **but** that is only in the context 
   of the plugin as any given site may hold other user data that then makes age 
   more identifiable. There’s a good post by the people who made Contact Form 7 
   about plugins and GDPR compliance, but I digress.
 * The age is stored as Age Gate has the option to set different ages on different
   content.
 * There’s essentially two options to not store the users (correct) age.
    1. Use Yes/No buttons. This adds the _required_ age to the cookie, not the users
       actual age. This option allows you to still have different ages for different
       content. The user would be rechallenged when looking a a page/post with older
       requirement.
    2. The second option is to use **_Anonymous Age Gate_** which was added in 2.0.4.
       This will set the cookie to just 1 if passed. The knock on affect here is you
       can’t use variable ages, but if you don’t need that then this is the best option.
       This setting is in the Advanced settings for the plugin
 * Definitely a good call for an FAQ topic for that, I’ll add it in the next release.
 * Cheers
    Phil
 *  Thread Starter [Ate Up With Motor](https://wordpress.org/support/users/ate-up-with-motor/)
 * (@ate-up-with-motor)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11150573)
 * Thanks! I appreciate the comprehensive answer.
 *  Thread Starter [Ate Up With Motor](https://wordpress.org/support/users/ate-up-with-motor/)
 * (@ate-up-with-motor)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11150602)
 * Oh, you bring up a closely related question: If the user clicks “Remember me,”
   the age or value is still just stored in the cookie, right?
 * What are the cookie durations for the plugin?
 *  Plugin Author [Phil](https://wordpress.org/support/users/philsbury/)
 * (@philsbury)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11150621)
 * Yes it is. Remember me just sets the same cookie for longer – by default it expires
   at the end of the session.
 * The length of time “remember me” lasts is up to the site admin. The default on
   install is 365 days but it could be anything you wanted it to be.
 * Displaying the remember me is also optional so can just be disable if you don’t
   want them to do that.
 * Of course as above, options 1 and 2 still apply with the remembered age.
 * Thanks
    Phil
 *  Thread Starter [Ate Up With Motor](https://wordpress.org/support/users/ate-up-with-motor/)
 * (@ate-up-with-motor)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11150690)
 * Okay, so I could, for example, set the anonymous option to make the cookie value
   pass/fail and set the remember me duration to a week or 14 days? That’s great.
 *  Thread Starter [Ate Up With Motor](https://wordpress.org/support/users/ate-up-with-motor/)
 * (@ate-up-with-motor)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11151171)
 * Two other questions: What are the names of the validation cookies used? (I can
   figure this out through testing, but it would be helpful for the FAQ.)
 * Second, does the anonymous mode work with user registration? That is, can I require
   that new users complete age validation upon registration, but then just record“
   yes/passed” rather than storing their ages or birth dates in the database?
 *  Plugin Author [Phil](https://wordpress.org/support/users/philsbury/)
 * (@philsbury)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11152721)
 * The cookie is called `age_gate`. In some scenarios and second cookie is set called`
   age_gate_failed` which just holds a 1 value. This is used when the “Rechallenge”
   option is set to off and allows returning users who have failed the test to not
   get the option to try again. That expires at the end of the session.
 * For user registration, it will always check the users DoB rather than use a yes/
   no but it doesn’t store that information anywhere unless you set it to in the
   settings. Storing it would be useful in say a shop where you want to check their
   age but not recheck for existing customer.
 * Hope that helps
 * Ta
    Phil
 *  Thread Starter [Ate Up With Motor](https://wordpress.org/support/users/ate-up-with-motor/)
 * (@ate-up-with-motor)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11152910)
 * So, if Rechallenge is OFF and the verification fails, it sets age_gate_failed
   so they can’t try again? If Rechallenge is ON and verification fails, does it
   just not place the age_gate cookie?
 * With user registration, do the settings allow you to control WHAT is saved? For
   instance, can it be set to save the user’s actual age instead of their DOB? (
   That might be preferable from a privacy standpoint, since DOB is probably the
   more sensitive information and more valuable to a hacker or identity thief.)
 * If a new user fails the validation check when trying to register, I assume the
   plugin causes the registration to fail, is that right? So, if I have only one
   age requirement across the board, there wouldn’t be any need to save the DOB/
   age for users, since they wouldn’t be able to register at all if they aren’t 
   at least that age.
 * (Sorry for all these questions — the recent spate of privacy laws is making it
   important to sweat these minor details! I really appreciate your taking the time
   to spell it out, and I wish more developers would do the same so I didn’t have
   to try to piece it together through experimentation.)
 *  Thread Starter [Ate Up With Motor](https://wordpress.org/support/users/ate-up-with-motor/)
 * (@ate-up-with-motor)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11156114)
 * After poking around the settings a bit more, let me reframe the previous question
   like this:
 * Does checking “Ignore logged in” automatically cause new users to be prompted
   to enter their dates of birth upon registration? Or does that require a different
   setting I’m not seeing, or separate plugin or add-on?
 * If checking “Ignore logged in” does prompt new users to enter their DOB, is that
   information automatically stored in the database, or is there a further option
   to control that retention? If the DOB is stored, _where _is it stored in the 
   database?
 *  Plugin Author [Phil](https://wordpress.org/support/users/philsbury/)
 * (@philsbury)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11156802)
 * Hi [@ate-up-with-motor](https://wordpress.org/support/users/ate-up-with-motor/),
 * I know there’s a couple of other topics, but let’s sort this one initially;
 * Registration is handled by an [additional plugin](https://wordpress.org/plugins/age-gate-user-registration/),
   but it extends the main age gate one. It shares some functionality but has it’s
   own options. Age Gate (other than the cookies we’ve mentioned) will never store
   data unless an admin or developer tells it to – including in the registration.
   Under registering, any data entered is discarded as soon as the checks have been
   done, whether they pass or fail (unless an admin or developer has done otherwise).
 * As for the “Ignore logged in”, it simply checks if a user is logged into the 
   site and if they are, doesn’t challenge their age. It doesn’t to any checks for
   them, ever (unless they log out).
 * Most of the settings are documented [here](https://agegate.io/docs/cms-settings/),
   though there may be a couple of new ones that haven’t found their way into the
   docs yet, something I need to review.
 *  Thread Starter [Ate Up With Motor](https://wordpress.org/support/users/ate-up-with-motor/)
 * (@ate-up-with-motor)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11157322)
 * Okay, if registration is handled by the separate plugin, that shouldn’t be an
   issue. (I’m just concerned about accidentally storing DOBs in the database without
   realizing I’m doing so!) Thanks for clarifying!

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Privacy implications?’ is closed to new replies.

 * ![](https://ps.w.org/age-gate/assets/icon-256x256.png?rev=2783003)
 * [Age Gate](https://wordpress.org/plugins/age-gate/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/age-gate/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/age-gate/)
 * [Active Topics](https://wordpress.org/support/plugin/age-gate/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/age-gate/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/age-gate/reviews/)

 * 11 replies
 * 2 participants
 * Last reply from: [Ate Up With Motor](https://wordpress.org/support/users/ate-up-with-motor/)
 * Last activity: [7 years, 3 months ago](https://wordpress.org/support/topic/privacy-implications/#post-11157322)
 * Status: resolved