Frequently Asked Questions

General

What is VerifyHuman?

VerifyHuman is a Shopify app that provides three tiers of customer verification:

• L1 - Human Check: Bot detection using selfie-based liveness verification. Protects signup, review, and contact forms from automated submissions.
• L2 - Age Verification: Confirms customers meet a minimum age requirement (18+ or 21+) using selfie-based age estimation.
• L3 - Identity Verification: Full KYC (Know Your Customer) verification using government-issued ID documents matched against a live selfie.

What Shopify plan do I need?

VerifyHuman works with all Shopify plans. The Theme App Extension (app embeds and app blocks) requires an Online Store 2.0 compatible theme. Most modern Shopify themes support this.

Do I need a separate VerifyHuman account?

Yes. You need an API key from app.verifyhuman.io to use age verification and identity verification features. The API key connects your Shopify store to VerifyHuman's verification services.

Is my API key secure?

Yes. Your API key is encrypted before being stored. It is never exposed to the storefront or browser. All verification API calls are made server-side from the app backend.

Age Gate

What is the difference between attestation and selfie verification?

• Attestation only (selfie disabled): The customer simply clicks a button confirming they are of legal age. No camera is required. This is less secure but faster.
• Selfie verification (selfie enabled): The customer takes a selfie that is sent to the VerifyHuman API for AI-based age estimation. This provides stronger assurance.

You can control this with the Require Selfie Verification toggle in Age Gate settings.

Can I apply the age gate to specific products only?

Yes. In the Theme Editor, set the Age Gate trigger mode to Products with Specific Tag and enter your tag (default: age-restricted). Only product pages with that tag will show the age gate overlay.

What happens if a visitor says they are underage?

They are immediately redirected to a URL you configure. The default is google.com. You can set this in the Underage Redirect URL field.

How long does age verification last?

Verification is stored in the browser session for a configurable duration (default: 24 hours). Options include 1 hour, 6 hours, 12 hours, 24 hours, 2 days, or 1 week. After expiry, the customer must verify again.

What is the difference between Guest Mode and Profile Mode?

• Guest Mode: Verification is stored in the browser session using sessionStorage. It expires after the configured session duration. No customer account required.
• Profile Mode: This option is reserved for a future update. When selected, the age gate currently behaves the same as Guest Mode. A future release will add persistent verification tied to customer accounts.

Identity Verification

When should I use identity verification?

Use identity verification (L3) for:

• High-value orders where fraud risk is elevated.
• Regulated products requiring KYC compliance.
• Orders exceeding a dollar threshold (configurable via the High-Value Cart Threshold setting).

How does the checkout guard work?

The checkout guard intercepts the checkout process on the cart page. It detects restricted products by checking:

1. Product metafield: verifyhuman.requires_idv set to true.
2. Product tag: vh_requires_idv (configurable).

When restricted items are in the cart, the standard checkout and express checkout buttons are replaced with a verification prompt. After successful verification, checkout proceeds normally.

Can I require identity verification for all orders?

Yes. Enable Require for All Checkouts in the Checkout ID settings. Every checkout will require identity verification regardless of product tags.

What about express checkout (Shop Pay, Apple Pay, Google Pay)?

When combined with the Cart Checkout Validation function extension, express checkout buttons can also be blocked for unverified customers. The theme extension hides accelerated buttons visually, and the checkout validation function enforces the requirement server-side.

How long is identity verification valid?

By default, 180 days. This is configurable via the Identity Reuse TTL setting (1-365 days). For logged-in customers, verification status is stored in their account metafields and persists across sessions.

Human Check (Bot Protection)

Which forms can Human Check protect?

Out of the box, Human Check protects:

• Signup/Registration forms (customer account creation)
• Product review forms (compatible with Shopify's built-in reviews, SPR, Stamped, Judge.me)
• Contact forms
• All forms (site-wide protection using custom selectors)

What if my theme uses custom form selectors?

You can specify custom CSS selectors in the Advanced: Custom Form Selectors section of the Human Check settings. Enter comma-separated selectors for each form type.

Does Human Check work with third-party review apps?

Yes. The default selectors include common review app selectors:

• .spr-form (Shopify Product Reviews)
• .stamped-form (Stamped.io)
• .jdgm-form (Judge.me)
• .product-review-form

If your review app uses a different selector, add it as a custom selector.

What is the verified badge?

After a customer passes human verification on a form, a green "Verified" badge appears near the form. This provides visual confirmation. You can disable it with the Show Verified Badge toggle.

Settings & Modes

What is Simple Mode vs Advanced Mode?

• Simple Mode: A streamlined setup where you choose a minimum verification level (L1, L2, or L3) and an optional cart dollar threshold. The app automatically determines which verification to require.
• Advanced Mode: Full control over each verification type independently. You enable/disable Age Gate, Identity, and Human Check separately with individual settings.

Simple Mode is recommended for most merchants. Advanced Mode is for complex compliance requirements.

What is the High-Value Cart Threshold?

In Simple Mode, you can set a dollar amount. When a customer's cart total exceeds this threshold, the app automatically upgrades the verification requirement to L3 (Identity Verification), regardless of the minimum level setting.

For example, if your minimum level is L2 (Age) and the threshold is $500, orders under $500 require age verification and orders over $500 require full identity verification.

Can I allow guest checkout for restricted items?

Yes, but it is not recommended for compliance purposes. Enable Allow Guest Checkout for Restricted Items in Simple Mode settings. Guest verification uses session tokens instead of account-linked metafields, which provides defense-in-depth but is not as secure as requiring customer accounts.

Privacy & Compliance

What data does VerifyHuman collect?

• Selfie images are sent to the VerifyHuman API for verification and are processed according to the VerifyHuman privacy policy.
• ID document images (for identity verification) are sent server-side and never stored in the Shopify app database.
• Verification results (pass/fail, confidence scores) are logged in the app for audit purposes.
• No raw biometric data is stored by the Shopify app.

Is there a privacy disclosure shown to customers?

Yes. The verification widgets display a privacy notice informing customers that their selfie or ID image will be processed for verification. The specific disclosure text is configured server-side.

Does the app comply with GDPR?

The app processes selfie and ID images only for verification purposes and does not retain raw images. Verification records are stored with the shop and can be deleted. For full GDPR compliance details, refer to the VerifyHuman privacy policy.

Technical

Why do I see "App URL metafield not set" in my browser console?

The shop metafield verifyhuman.app_url is not configured. This metafield tells the theme extension where to load widget scripts from. Fix it by clicking the Repair button in Settings > Diagnostics.

Can I use both App Embeds and manual code snippets?

Yes. The widgets have built-in duplicate detection and will not initialize twice. However, using App Embeds is recommended for easier management.

What API rate limits apply?

The app enforces 30 requests per shop per 60-second window for storefront API calls. Dashboard API calls are not subject to this limit.

What happens if the VerifyHuman API is down?

If the API is unreachable, verification calls will fail with a "Verification service unavailable" error. The age gate in attestation-only mode (selfie not required) will continue to work since it does not call the external API. Identity and human verification require the API to be available.