From the Temu website/app you may be asked to verify your age with GBG. This page answers common questions about how GBG processes your information during this age verification check.
We will share a link to GBG’s full Products & Services Privacy Policy, which covers all GBG solutions. However, because that policy is broad and includes services we do not provide to Temu, we’ve included additional information here specifically about how GBG processes data for Temu.
Important: GBG processes your identity document for age verification that you provide for the age verification check (“verification materials”). Temu does not receive, access, store or otherwise process your verification materials. Temu only receives the verification result (e.g., pass/fail). Temu does not receive or access your ID images, document details, or any other verification materials submitted to GBG.
What is the service and how does it work?
GBG’s age verification service scans the document you provide and conducts an age verification check only.
GBG’s age verification check for Temu then confirms if the date of birth on the document is over the age of 18 or 21 (the age required is determined by Temu). GBG then returns a verification result (pass/fail) to Temu to determine whether you’re eligible to access Temu’s age-restricted goods and services.
What products require age verification is determined by Temu within the Temu website/app. GBG has no visibility of, or control, on the categorization as to what constitutes an age restricted good or service.
It is also important to note GBG’s age verification service is configurable. This notice is specific to the processing we do for Temu which does not include fraud checks or biometric processing.
What are the reasons for a “fail” result?
If your verification is unsuccessful, this could be for one or more of the following reasons:
The document does not have a date of birth which represents you are over the age of 18 or 21
The document has not been captured correctly (a common mistake is when scanning your document, not all of it has been ‘in frame’)
A face was uploaded as proof of ID (this is not an age estimation tool. We only request and assess a document as part of this process).
What data is collected and processed by GBG and why?
GBG directly collect and process your identity document for age verification. In order to do this we need to collect an image of the document, which will contain your date of birth and also all of the other personal information contained on that document, for example your name, date of birth and passport ID (if a passport) or name, address, date of birth and driving license number (if a driving license).
This is held in a repository hosted by GBG in the UK, US or Australia, and only contains Temu data (e.g. for citizens in UK & Europe, data is hosted in the UK. If you’re in the US, data remains in the US. If you’re in Australia, data remains in Australia).
How long is this data retained for?
One of the common questions asked is about the retention of the identity document (e.g. passport or driving license) so we wanted to be really upfront about this.
This data will be purged every day, which means your document and the personal data contained therein is only retained for up to a maximum of 24 hours.
The “up to 24 hours” is important to note as it depends on when you complete your verification as the purge process runs at the same time every day, which means your document/data may be retained for 23 hours or 5 minutes, but never for longer than 24 hours.
Who can access the Verification data?
This data can only be accessed by a small number of GBG employees to answer a specific query. Again, Temu will not have access to this data, which means they will not see your identity document.
Is this data shared with other third parties?
No
Is biometric data processed?
This is a document-only journey. GBG has a biometric policy which details what we do in relation to biometric processing however GBG does not perform facial age verification or process any biometric data as part of this verification check. If you accidentally upload a selfie, this image is not further processed and is not used for age verification or biometric processing.
I want to raise a ‘right of erasure’, how do I do this?
Whilst you have the right to do so, with the automatic deletion within 24 hours, this would action your request. How to make a privacy rights request with GBG is detailed in full in our Products & Services Privacy Policy linked below.
What is GBG’s role and lawful basis under privacy law?
This is where it gets really complex - GBG’s role depends on where in the world you are and on the relevant privacy legislation.
In the US and APAC, GBG takes on the role of processor/service provider.
Under GDPR, GBG is an independent controller. This doesn’t mean GBG can do what we want with your personal data: we process your personal data in accordance with applicable data protection law, as set forth in our Privacy Policy and in line with our agreement with Temu. GBG’s lawful basis is ‘legitimate interest of a third party’ which in this instance is enabling Temu to complete age verification.
Where GBG is a Controller (e.g. Europe) GBG retain a “GBG Audit Trail”. This is not a copy of your document, but a record that at a point in time GBG completed a transaction, the personal data submitted to GBG’s service and the corresponding verification result. This data is only accessed by GBG’s Data Subject Rights Team when you make a request to GBG and is retained for 12 months, then automatically deleted. GBG does not further process this data or share it with third parties. Data is only retained to meet our regulatory obligations in relation to rights requests.
Where GBG is a Processor (e.g. United States): GBG does not create a GBG Audit Trail.
To view GBG’s Products and Services Privacy Policy, click here
This policy was last updated on 12 February, 2026.
