Capture the document image and send it to a document parsing API to extract the date_of_birth field from the MRZ or visual inspection zone
Compute the user's age server-side from the extracted DOB and the current date, applying the appropriate jurisdiction's legal age threshold
Return only a boolean age_verified response to the frontend — do not persist the extracted DOB or document image beyond the verification transaction
Log only a non-reversible age-tier indicator (e.g., over_18: true) with the transaction timestamp for compliance records
If the document extraction fails or the DOB field is absent, route to a fallback method (credit bureau age check or selfie-based age estimation) per your regulatory requirement
Known gotchas
Storing full DOB or document images to satisfy audit requirements may conflict with data minimisation obligations under GDPR — hash or encrypt with short retention periods
Age at time of verification differs from age at time of transaction; compute age at the moment of the regulated action, not at onboarding
Selfie-based age estimation alone does not meet the evidential standard for most regulated age-gated services — document verification is typically required
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp