PocketAnimus
insight

Who actually verifies age on AI companion platforms

Every platform claims age verification. Most use a checkbox. Some use credit cards. A handful use biometric ID scanning. Here's the platform-by-platform matrix of what each one actually does, what each method catches, and what gets through every layer.

May 19, 2026 · 9 min read

Affiliate disclosure: Some of the links in this article are affiliate links. We may earn a commission if you sign up for a platform through these links, at no additional cost to you. This doesn't influence our editorial verdicts. Full disclosure →

The Sewell Setzer III case, the Italian regulatory action against Replika, and the OpenAI Trusted Contact rollout all share one root cause: AI companion platforms with inadequate age verification. The platforms know this. Most of them implement what they call "age verification" through a checkbox that asks the user to self-attest they are 18 or older. That's the floor. Some platforms have moved well above that floor. Many haven't.

The map below is what actually happens when you try to access each major platform, what each verification layer catches, and what gets through every layer regardless of how strict the platform is.

The five verification tiers, ranked by what they catch

Before the platform-by-platform matrix, here's what each verification method actually does in practice.

MethodWhat it catchesBypass difficulty
Self-attestation checkboxAlmost nothing; provides legal cover for the platformTrivial
Date of birth fieldChildren who tell the truth; nothing elseTrivial
Credit card age inferenceUsers without payment cards or with cards belonging to minorsEasy
ID document uploadMost underage users; bypassed with borrowed or fake IDsModerate
Biometric facial age estimationMost underage users including those with borrowed IDsHard

The single most important insight here is that the first two methods don't actually verify anything. They establish a legal defense. A 14-year-old who checks the "I am 18 or older" box has technically lied to the platform, which means the platform's terms of service have been violated. The platform can point to the checkbox in a regulatory action and say users self-certify. This protects the platform legally. It does not protect the children.

The middle method, credit card age inference, works on the assumption that minors don't have credit cards. This assumption was already shaky in 2015. In 2026, with prepaid debit cards available at any grocery store, parental supplementary cards on every major issuer, and digital wallets like Apple Cash that don't require credit checks, credit card verification catches a small subset of underage users and a meaningful number of false positives among adults without traditional payment access.

ID document upload and biometric facial age estimation are the only methods that meaningfully verify age. Both have privacy tradeoffs that platforms and users have to weigh. Biometric estimation through providers like Yoti returns a zero-knowledge proof rather than storing the underlying biometric data, which is the privacy-preserving direction the field is moving toward.

What each major platform actually uses

The matrix below covers twelve major AI companion platforms and what verification method each actually deploys at signup and at the NSFW unlock stage.

PlatformSignup verificationNSFW unlock verification
Candy AICheckbox + DOBID upload via Persona (in regulated markets)
NomiCheckbox + DOBNSFW not offered (no unlock needed)
ReplikaCheckbox + DOBSubscription gate (effectively credit card)
Character.AICheckbox + DOBNSFW filtered; bypass attempts blocked
Dream CompanionCheckbox + DOBSubscription gate + checkbox
DreamGFCheckbox + DOBSubscription gate
CrushOn AICheckbox + DOBSubscription gate
KindroidCheckbox + DOBSubscription gate
SpicyChatCheckboxSubscription gate
Janitor AICheckboxCheckbox + character-level NSFW flags
iGirl (Anima AI)CheckboxApp Store rating tier (effectively self-attestation)
Romantic AICheckbox + DOBSubscription gate + Romantic mode toggle

The pattern across the industry is consistent. Almost every major platform uses self-attestation at signup. The "stronger" verification at NSFW unlock is usually a subscription paywall, which is just credit card verification dressed up as something more. Only Candy AI uses meaningful biometric or ID verification, and only in regulated markets where they have to.

The platforms operating in jurisdictions with active age verification mandates (UK, Florida, Australia) are starting to implement Yoti or Persona on the NSFW unlock pathway, but typically only for users with IP addresses in those jurisdictions. A UK user gets the ID check. A US user accessing the same platform from outside one of the regulated states does not.

The five questions to ask before signing up if you care about this

If you're choosing a platform and the age verification quality matters to you, these five questions will tell you what you need to know. They also serve as a useful filter for whether a platform is taking its broader safety responsibilities seriously.

1. Does the platform require ID verification at any point?
If yes, the platform takes this seriously. If no, treat the platform as essentially open access.
2. Does the platform name its verification provider?
Reputable providers (Persona, Yoti, Veriff, Onfido) are named in terms of service. If no provider is named, the verification is probably internal and minimal.
3. Does the platform offer a privacy-preserving option?
Yoti's zero-knowledge proof model and Persona's data deletion options indicate the platform considered user privacy. Platforms that require ID upload without articulating data retention policy probably retain everything.
4. Does the platform vary verification by jurisdiction?
If yes, the platform is doing minimum-viable compliance per region. If no (verification is uniform globally), the platform has made age verification a product priority rather than a compliance checkbox.
5. What does the platform say happens if a minor is detected post-signup?
Reputable platforms have explicit policies (account closure, data deletion, optional parental notification). Platforms without articulated post-signup policies typically have no detection mechanism at all.

The reason these questions matter beyond the surface issue of age verification: they're proxies for how seriously the platform thinks about its broader safety responsibilities. A platform with strong age verification typically also has stronger data retention policies, better mental health crisis routing, and more transparent terms of service. A platform with checkbox-only verification typically also has minimal investment in any of these areas.

What gets through every layer

No verification method catches everything. The cases where verification fails fall into a few predictable categories.

Family-borrowed verification. A 16-year-old using their parent's ID upload, their parent's credit card, or their parent's face for biometric estimation will pass any individual layer of verification. This is the dominant pathway for underage access to AI companion platforms in 2026. Platforms know this and treat it as an irreducible gap.

VPN-based jurisdiction shopping. A user in the UK or Florida who wants to skip the stricter regional verification can route through a VPN to a US state without those requirements. The platform sees a US IP address and applies the lighter verification appropriate to that jurisdiction. This is why age verification triggered VPN crackdowns in the UK, Australia, and several US states throughout 2025-2026.

Account purchasing. Verified accounts get bought and sold on secondary markets. The verified user passes the original verification; the actual user of the account is whoever buys it later. Platforms can detect some account transfers (sudden behavioral changes, IP location shifts) but can't catch all of them.

The bottom line on age verification in 2026 is that the technology has gotten meaningfully better, the regulatory pressure has gotten meaningfully stronger, and a substantial portion of the underage user base has still figured out how to get through. The platforms that take this seriously are doing more than they used to. The platforms that don't are still doing essentially nothing. Knowing which one you're on is information worth having.

Top Reviews
Compare all platforms →