Every relationship-driven product faces the same problem on day one: how do you know the person who just signed up is a real human, and not a script, a scammer, or someone trying to be three people at once. The naive answer is to collect more data. The mature answer is to collect less, but to collect it deliberately.
Verification without surveillance
The principle is selective disclosure. Prove what is needed for the system to function, and prove nothing else. A user who needs to confirm they are over 18 does not need to disclose their full date of birth. A user who needs to confirm they are not a bot does not need to disclose their face permanently.
Modern primitives make this possible. Age estimation models confirm a likely range without parsing the document. Liveness checks confirm a real human is present without retaining the biometric. Document verification can confirm authenticity and return a credential, then forget the underlying ID.
What the architecture looks like
Verification happens once, in a hardened service. Successful verification produces a credential: a signed, scoped, time-bounded attestation. The credential is what the rest of the system consumes. The raw verification data is destroyed.
This separation is the difference between a system that can be inspected calmly by a regulator and a system that has to delete data in panic when the disclosure window opens.