Age Assurance Policy
Effective Date: May 4, 2026
Purpose
Documents Rideau AI's approach to age verification and assurance.
Age Requirement
Rideau AI requires all users to be at least 18 years of age. This is stated in:
- Terms of Service, Section 2.1: "You must be at least 18 years old to use the Service. By creating an account, you represent and warrant that you are at least 18 years of age."
- Terms of Service, Key Points summary: "You must be 18 or older."
- Privacy Policy, Section 11 (Children's Privacy)
Current Implementation
Tier 1: Self-Attestation + Payment Gate (Active)
| Method | How It Works | Assurance Level | Status |
|---|---|---|---|
| ToS acceptance | By creating an account and accepting the Terms of Service, the user represents they are 18+ | Self-declaration (low) | ✅ Active |
| Payment method | A valid payment method is required for all subscription plans. While youth debit cards exist, requiring a payment instrument adds meaningful friction beyond self-declaration alone | De facto age gate (moderate) | ✅ Active |
These two methods together provide layered assurance: self-declaration combined with a financial instrument gate. CAN/DGSI 127:2025 notes that self-declaration alone has "historically been unreliable." The mandatory payment method provides the additional barrier. If Rideau AI ever offers a free tier that does not require a payment method, additional age assurance measures would be needed to maintain this level of assurance.
No date of birth is collected or stored. No biometric data is collected. No identity documents are required.
Tier 2: High-Assurance (Future)
If additional age assurance is required in the future (e.g., due to regulatory changes or specific content categories), Rideau AI may implement:
- Bank ID verification or equivalent
- Third-party age verification service (verification result only, pass/fail, no documents stored)
These would be implemented in accordance with CAN/DGSI 127:2025's tiered model, prioritizing privacy-preserving methods.
Why 18?
| Factor | Rationale |
|---|---|
| Simplicity | A single minimum age across all jurisdictions avoids per-region branching |
| Payment gate | Credit cards provide a de facto 18+ gate, aligning the technical and legal requirements |
| Content risk | AI chat platforms can generate content on any topic; 18+ reduces exposure to age-inappropriate content without complex per-topic filtering |
| Provider alignment | OpenAI (13+/18+ by region), Anthropic (18+ for API), Google (18+ for Gemini API). Our 18+ requirement is at or above all provider minimums. |
Enforcement
If we become aware that an account holder is under 18, we will close the account and delete the associated data (Privacy Policy, Section 11), except where retention is required by law (e.g., financial transaction records for Canada Revenue Agency obligations).
Detection may occur through:
- Content safety systems flagging age-related disclosures
- User reports
- Law enforcement notification
Proportionality Assessment
CAN/DGSI 127:2025 requires a risk-based approach to method selection. Our Tier 1 methods (self-declaration + payment gate) are at the lower end of the assurance spectrum. We consider this proportionate because:
- The payment method requirement provides a meaningful barrier beyond pure self-declaration
- Higher-assurance methods (ID verification, biometrics) impose significant privacy trade-offs disproportionate to the current risk profile
- No content on the platform is specifically targeted at or designed for minors
- All upstream AI providers have their own safety filters as an additional layer
- If the risk profile changes (e.g., content categories that attract younger users, regulatory mandate), we have a documented Tier 2 path