Age Verification & Safety Controls

GirlfriendEngine is an adults-only AI companion service. This page explains the age-verification and safety controls we use to keep minors off the platform, prevent illegal or abusive content, and respond quickly to any safety concerns. It is written for customers and partners who need a clear view of how our safeguards work in practice.

The sections below describe how our controls span product messaging, authentication, ongoing monitoring, payment flows, logging, and incident response.

1. Product Positioning & Public Messaging

• All customer-facing surfaces (e.g., https://girlfriendengine.com/safety/ and https://girlfriendengine.com/legal/privacy/) prominently disclose “Adults 18+ only,” so the restriction is visible before any authentication step.
• This approach goes beyond the common single splash-screen pattern still used by many adult sites, which industry observers have flagged as insufficient for "reasonable age verification" standards (Cospark analysis).

2. Pre-Login Access Controls

• Landing flows and help-center language reiterate 18+ eligibility before sign-in buttons appear, aligning with state proposals such as Colorado SB25-201 that emphasize layered verification and deterrence (Colorado SB25-201).
• The Safety and Legal pages warn that suspected minors will be removed and escalated to authorities pursuant to our Human Trafficking Prevention Policy (Human Trafficking Policy).

3. Authentication & Affirmation Flow

1. OAuth Requirement – Access requires Google OAuth, which provides a baseline identity signal and age gate instead of exposing explicit content to anonymous visitors (iDenfy overview). We treat OAuth as one input and still require users to complete our own 18+ confirmations and compliance steps before any content is served.
2. Pre-login Checkbox – Before OAuth starts, users must affirm “I am 18+ and agree to the Terms/Privacy,” providing an auditable consent record beyond the typical cookie-based confirmation (Cospark analysis).
3. Compliance Modal – After authentication, a compliance modal blocks further access until the user again certifies 18+ status and acceptance of the Terms of Use, reflecting the multi-layer controls referenced in SB25-201.

4. Session Refresh & Continuous Monitoring

• The gfe_refresh_session() control revalidates age-affirmation state periodically. Any policy flag, stale token, or anomaly reopens the compliance modal, whereas many adult portals never re-check after login (iDenfy overview).
• Automated classifiers and heuristics review prompts for underage cues, child-safety risk, and scripted abuse; flagged sessions route to Trust & Safety for manual assessment before the user is allowed back into the experience.

5. Acceptable Use & Policy Alignment

• Every governing policy reiterates the 18+ requirement and prohibits creating accounts for minors or attempting to depict minors, including the Acceptable Use Policy, User Agreement, Terms of Service, Terms of Use, Privacy Policy, and Content Moderation Policy.
• Maintaining consistent contractual language across policies mirrors the layered approach highlighted in payment-risk and regulatory briefings (Ondato briefing).

6. Human Trafficking & Safety Controls

• The Human Trafficking Prevention Policy sets 24-hour response targets, codifies NCMEC and law-enforcement escalation pathways, and explicitly links trafficking prevention to verified 18+ access (Human Trafficking Policy).
• External compliance guidance has noted that integrating trafficking safeguards directly into age-verification frameworks remains uncommon, positioning these controls above baseline industry practices (iDenfy overview).

7. Payment & Underwriting Oversight

• The billing system checks the user’s session token for a current 18+ affirmation before allowing any purchase or premium unlock, preventing minors from reaching paid experiences (Ondato briefing).
• This structure aligns with the age-verification controls used by specialist providers (e.g., third-party age-verification and KYC services).

8. Logging & Audit Trails

• We record the timestamp, session token, and IP metadata for each 18+ affirmation as well as the compliance modal presentation history and moderation tags related to underage concerns, creating an auditable trail (iDenfy overview).
• These logs can be produced to demonstrate continuous enforcement when regulators assess whether “reasonable age verification” has been implemented (Colorado SB25-201).

9. Incident Response & Remediation

• Any suspected underage activity triggers immediate suspension, forensic review of the recent interaction history, and escalation to compliance leadership; verified cases are permanently banned and, when warranted, reported to NCMEC or law enforcement (Human Trafficking Policy).
• These steps mirror the layered safeguards mainstream AI providers employ (e.g., OpenAI’s minimum-age terms and age-prediction controls) while applying a stricter adults-only baseline (OpenAI Terms; Cybernews on OpenAI; The Hill).

10. Benchmarking vs. Industry & Regulators

• Adult industry comparison: Our combination of messaging, OAuth gating, recurrent checks, trafficking overlays, and audit logging meets or exceeds the controls commonly expected for compliant adult services when merchants integrate specialist age-verification providers (e.g., third-party age and identity verification services) (Cospark analysis; Ondato provider overview).
• Mainstream AI comparison: Providers like OpenAI typically allow users 13+ with parental consent and use age-prediction models; GirlfriendEngine applies similar layered monitoring but requires 18+ for every feature, including payments, which is a stricter application of those concepts (OpenAI Terms; Cybernews on OpenAI).
• Statutory alignment: Laws advancing in Louisiana, Utah, Virginia, Colorado, and others stress multi-layer verification, deterrence, and penalties for non-compliance; our present controls already cover those elements and can integrate third-party ID checks where required (Action FSC tracker; BBC overview).

Conclusion

GirlfriendEngine’s age-verification and safety program applies multiple independent safeguards across messaging, authentication, automated monitoring, payments, logging, and human review. These controls are designed so that minors are deterred at the outset, blocked by multiple checkpoints if they attempt access, and removed quickly if any underage risk is detected.

If you have questions about these controls you can contact our Trust & Safety team at support@monolithinteractive.net or through the reporting links on our Safety and Legal pages.