Borderage Core

Borderage Core protects your WordPress site by requiring age verification for visitors. Unlike traditional ID-based systems, BorderAge uses hand gesture recognition – no selfie, no ID document required.

Features:

• Protect entire site or specific pages
• Hand gesture verification (no facial recognition)
• Visitor account system for returning users
• Unified login form (WordPress account first, then visitor account fallback)
• Credit alert system – Automatic email notifications when credits run low
• Rate limiting – Prevent brute force verification attempts
• Login brute-force protection – Rate limiting on account login attempts
• Health logging system – 24-hour internal monitoring with export
• Statistics dashboard – View verification metrics (total, adults, minors)
• Customizable verification page styling
• Multi-language support (EN, FR, DE, ES)
• Developer tools – Testing utilities and data reset
• Debug mode with logging and export functionality

Requirements:

• BorderAge API credentials (site_id and site_secret_key)
• Credits for new verifications (existing verified users can still access)
• Pretty permalinks enabled in WordPress Settings

For more information, visit borderage.com or contact us at contact@needemand.com

Admin Pages

Borderage Core provides 8 configuration tabs accessible via BorderAge in the WordPress admin menu:

Tab Description Purpose

Configuration API credentials and basic settings Enter your site_id, secret_key, enable/disable plugin, set debug mode

Protection Protection mode and protected pages Choose to protect all pages or specific pages, configure rate limiting

Appearance Form styling customization Customize verification page colors, button styles, and layout

Statistics Verification metrics dashboard View total verifications, adult/minor breakdown, monthly statistics

Guide User documentation Complete usage guide and setup instructions

Developers API documentation Technical reference for developers integrating with BorderAge

Debug Health logs viewer View system health logs, export debug information

Dev Tools Testing utilities Reset visitor data, clear logs, testing functions (debug mode only)

Navigation: Click on the "Borderage" menu item in WordPress admin to access all tabs. Each tab provides a specific set of configuration options and tools.

External Services

This plugin connects to the BorderAge API at pool.borderage.com for age verification services.

When data is transmitted

1. During age verification – When a visitor clicks "Verify now"
2. Credit balance check – When admin pages load to display remaining credits
3. Statistics retrieval – When the Statistics dashboard loads to display verification metrics
4. Health logging – Internal monitoring events (not transmitted to external API)

Data transmitted

Data Description Purpose

site_id Your site identifier Identify your site

user_id SHA256 hashed visitor ID Pseudonymized visitor tracking

age Age threshold Verification requirement

hash Security signature Request validation

is_over_age Boolean (true/false) Age verification result

result_hash Callback validation hash Verify callback authenticity

reference_id Attempt reference for rate limiting Track verification attempts

Hash Generation:

• Credits check: hash('sha256', timestamp . site_id . secret_key)
• Callback verification: hash('sha1', result . user_id . age . secret_key)

Privacy note: This plugin and the BorderAge API store only pseudonymized data: a hashed visitor ID and a boolean indicating whether the age threshold was met. Zero Personally Identifiable Information (PII) is stored or transmitted – no names, emails. Unlike competitors, BorderAge uses no biometric fingerprinting, no selfies, and no ID documents. This eliminates any risk of personal data leaks, as such data simply doesn't exist in our system.

For more details about BorderAge's technology and privacy-first approach, visit https://borderage.com/technology/

Service links

• Privacy Policy: https://borderage.com/politique-confidentialite/
• Technology information: https://borderage.com/technology/
• Service website: https://borderage.com/

Terms of Service: BorderAge's Terms of Use are negotiated individually between each client and Needemand (creator of the BorderAge SaaS). Contracts are established on a case-by-case basis rather than using a generic public ToS. Please contact BorderAge to discuss your specific terms.

Privacy Policy

Data processed by this plugin:

1. Visitor verification status – Stored in browser cookies to remember verified visitors (expires after 24 hours)
2. Visitor accounts – Optional accounts for returning visitors (email, hashed password)
3. Verification logs – Records of verification callbacks for debugging (24-hour retention)
4. Health logs – Internal system monitoring logs (24-hour retention, JSON format)

Data sent to the external BorderAge API:

Only pseudonymized data is transmitted and stored: a hashed visitor ID (SHA256) and a boolean indicating whether the age verification was successful (is_over_age: true/false). Additional metadata includes site_id, age threshold, and security hashes for validation.

What makes BorderAge different:

• Zero PII storage – Neither this plugin nor the BorderAge API store any Personally Identifiable Information
• No biometric fingerprint – No biometric data is collected, stored, or transmitted
• No data leak risk – Impossible to leak personal data that doesn't exist
• Privacy by design – Hand gesture verification without selfies, ID documents, or facial recognition
• Rate limiting protection – Prevents brute force verification attempts
• Automatic cleanup – Verification tokens and logs expire after 24 hours

For complete privacy information, see the BorderAge Privacy Policy.