Chrono

Inspiration

In 2025, age gates aren’t optional anymore. Right now, they’re being built in the most invasive way: many apps ask for sensitive identity data, send it to another vendor, and store something they never wanted to store in the first place. We’re fixing that. Our system verifies age once using a face scan or a driver’s license, then returns a signed age band, such as 18+, 21+, or under 13, so platforms can enforce rules without collecting or retaining your ID or biometric image. The app gets the one fact it needs, nothing else. It’s safer for users, lower liability for platforms, and it finally makes online safety achievable without normalizing surveillance.

What it does

The solution we provide is a centralized, anonymized, and encrypted age-band credential that allows users to prove their age once and reuse that proof across multiple platforms. Verification inputs are converted into a secure hashed representation, and platforms receive only a signed age band, never a name, date of birth, or raw biometric data, which greatly minimizes privacy risk while enabling consistent and enforceable age gating. This safeguards users, reduces legal risk for companies, and improves child safety without turning platforms into biometric data repositories.

How we built it

Our project uses a dual-platform architecture: a time management app (Chrono) and a private demo casino-style platform (Casino Royale). Both are built with Next.js 15, React 19, TypeScript, and Tailwind CSS on the frontend, and are backed by FastAPI (Python) services with MongoDB Atlas databases. We implement privacy-preserving age verification using Tesseract OCR for ID scanning, machine learning for facial age detection, and a zero-knowledge proof approach to confirm a user is 18+ without storing sensitive data. We also integrated Google Gemini to improve the verification experience, and added JWT authentication, bcrypt password hashing, and rate limiting for security. The casino demo includes custom-built game logic for slots, blackjack, roulette, poker, mines, and coin flip, along with wallet management and transaction tracking.

Challenges we ran into

A major challenge we faced was the lack of publicly available training data. It was especially difficult to find accessible datasets with images spanning a wide range of age groups, largely because strict laws and protections around minors limit what can be shared online. A second challenge was proving eligibility without exposing sensitive artifacts, which is why we designed around converting inputs into a secure, hashed representation and adopting a zero-knowledge proof approach so a user can prove they meet an age threshold without revealing their underlying image or identity data.

Accomplishments that we're proud of

We’re proud that we delivered a working end-to-end prototype, not just a concept. We built a private, demo-only age-restricted web experience that simulates a regulated 21+ access flow, where users are either blocked or granted entry based on the verification result. The verification is powered by our Chrono layer and supports both face scans and driver’s license checks, with clear pass/fail outcomes to demonstrate gate enforcement. Given hackathon constraints and limited publicly available training data, we leveraged Gemini’s multimodal capabilities to reliably determine age eligibility from images without building the entire vision-and-OCR pipeline from scratch. Most importantly, the prototype preserves the product goal: the relying site needs only a single eligibility outcome to enforce the threshold, demonstrating how age gating can work in practice without requiring every app to become an identity or document storage system.

What we learned

Many companies, such as Discord, TikTok, and Roblox, sometimes store facial data collected during age verification and use it to train their own models. As this practice becomes more common, new companies are increasingly adopting image-based methods to train facial recognition and age estimation systems. However, this growing reliance on biometric data has raised serious privacy concerns, particularly given numerous data leaks involving sensitive biometric information.

What's next for Chrono

We plan to replace the current API-based approach with a custom-trained model to better control the full pipeline, strengthen spoof-and fraud-resistance, reduce third-party exposure, and improve consistency and security at scale. We also want to partner with more businesses so verification becomes a familiar, trusted standard across apps, reducing user suspicion that their data is being misused and making age checks feel transparent and predictable rather than invasive.