There is a critically important difference between facial age estimation and facial recognition.
For facial age estimation, there is no need – or indeed any legal basis – to retain a copy of the image that is analysed to estimate your age – indeed the calculation can be completed in memory, with no data saved at all.
For age estimation, you supply a selfie, which is immediately converted into a mathematical map of your face. From this point, there is no longer sufficient data to uniquely identify you, and certainly not enough to recreate an image. Tthe artificial intelligence compares this mathematical map to patterns in the same maps of thousands of other volunteers who have also supplied their actual age as “ground truth”, and estimates your age by looking for similarities. As soon as that estimate is created, which takes less than a second, the selfie can – and legally should – be deleted. (It is not retained to train the model, because the real age of the user is not known, so it is useless for that purpose.)
It is against the law, under GDPR, for an age verification provider to ask you for a photo for the purposes of estimating your age, and then keep it for any other purpose unless you give clear and explicit consent.
Many US State laws require that all data used for age checks is deleted and not used for other purposes, often with heavy penalties for doing so.
So no images are stored as a result of facial age estimation.
Facial recognition is quite separate. That is about using your face as a password. If a biometric feature is to be used as a key to unlock a previously determined record of your age, then enough unique data points need to be stored to allow for the user to prove they are the same person. This data can be stored locally on a device, or encrypted before being stored centrally, but again only accessible with a digital key controlled by the user themselves.
You may already do this to unlock your phone – in which case a copy of your facial image is stored on the phone, so it can be compared to your face each time you want to use the device.
In age verification, some services do make use of facial recognition so you can unlock an age check you have done previously, prove it is still the same person who was verified before, and save you the need to prove your age again. That reference image can be stored on your phone, or in the “cloud” but in a part of this online storage that only you can access from your own phone because it is encrypted and only you hold the key. Any image is highly encrypted in a way that means it only allows for comparisons, and the reference image can’t be viewed as a photo and used for some other purpose. Whatever approach is used, AV providers need to demonstrate it is secure.
But the most important thing to remember is that facial images you supply for age estimation can only legally be used for that purpose and must be deleted as soon as the estimate is complete unless you agree otherwise.
What is never required is a central database of photos with names, addresses and dates of birth, and worse still which platforms that user accessed. That is simply asking for trouble, and no AV provider would be certified if they created such a high risk situation, nor would a sensible digital service contract with them as their users’ data would be at risk.