The verification flow
Visitor arrives
Your Cloudflare Worker checks for a valid Veriox session cookie. If none exists, it injects a small trigger script into the page response.
Popup is presented
The trigger script opens the Veriox verification popup, served directly from Veriox infrastructure — not your domain.
Visitor connects their Concordium ID
The visitor opens the Concordium mobile wallet and approves a proof request. The wallet generates a cryptographic proof that the visitor meets the age threshold — without disclosing their actual date of birth.
Proof is verified
Veriox sends the proof to an isolated verifier service. The verifier checks the cryptographic validity of the proof against the Concordium blockchain and returns a pass or fail result.
Result is anchored on-chain
On a passing result, Veriox anchors a hash of the verification on the Concordium blockchain, creating a tamper-evident audit trail you can verify independently. No personal data goes on-chain — only a hash. See On-Chain Anchoring.
What Veriox sees
| Data | Veriox receives it? |
|---|---|
| Visitor date of birth | No |
| Visitor name or address | No |
| Concordium account address | No |
| Verification result (pass/fail) | Yes |
| Timestamp of verification | Yes |
| Domain the verification was for | Yes |
What you (the merchant) see
In your dashboard you can see verification counts, success rates, and usage over time — no visitor-level data.Because Veriox never sees personal data, you do not need to update your privacy policy to cover Veriox’s verification process.