The information is not being collected by D&D Beyond. It is being collected by our partner k-ID.
To add to this, k‑ID doesn't store the info it collects either. It only stores the verification result, whether you passed or failed. From their privacy policy:
k-ID does NOT store the information that you provide to prove your age and/or parent/guardian status. All we store is the result of the validation process (i.e., whether you passed or failed). In the case of Facial Age Estimation (“FAE”) technology provided by Privately, the facial image you provide is processed solely on your device – we don’t actually see any faces that are processed via this solution.
And all D&D Beyond gets is the verification result. No PII is stored or shared.
Rollback Post to RevisionRollBack
How I'm posting based on text formatting: Mod Hat On - Mod Hat Off
I am relieved to hear that the K-ID service at least pay lip service to data privacy.
I am not relieved overall, because it is still murky to me what features could be locked behind this system. Could my age or location be used to lock me out of my purchased content? Could it be used to restrict what I say on the forum? Could it be used to prevent me from playing a barbarian on Maps because the local law says so?
The information is not being collected by D&D Beyond. It is being collected by our partner k-ID.
To add to this, k‑ID doesn't store the info it collects either. It only stores the verification result, whether you passed or failed. From their privacy policy:
k-ID does NOT store the information that you provide to prove your age and/or parent/guardian status. All we store is the result of the validation process (i.e., whether you passed or failed). In the case of Facial Age Estimation (“FAE”) technology provided by Privately, the facial image you provide is processed solely on your device – we don’t actually see any faces that are processed via this solution.
And all D&D Beyond gets is the verification result. No PII is stored or shared.
It might be a good idea to include this on the page that asks for this personal information. It currently provides no clarification on what is done with the collected data.
I am not relieved overall, because it is still murky to me what features could be locked behind this system. Could my age or location be used to lock me out of my purchased content? Could it be used to restrict what I say on the forum? Could it be used to prevent me from playing a barbarian on Maps because the local law says so?
It's not all that useful to ask what 'could' be done. In theory, just about anything on the site could be age-gated. In practice, D&D Beyond wants to do the minimum possible amount of work, so the question I would ask is what their current intent is. Given that D&D Beyond has never been a site that publishes adult content, my guess would be (already existing) shop restrictions and possibly restrictions on the more social media-y aspects of the site such as forums and DMs.
I am not relieved overall, because it is still murky to me what features could be locked behind this system. Could my age or location be used to lock me out of my purchased content? Could it be used to restrict what I say on the forum? Could it be used to prevent me from playing a barbarian on Maps because the local law says so?
It's not all that useful to ask what 'could' be done. In theory, just about anything on the site could be age-gated. In practice, D&D Beyond wants to do the minimum possible amount of work, so the question I would ask is what their current intent is. Given that D&D Beyond has never been a site that publishes adult content, my guess would be (already existing) shop restrictions and possibly restrictions on the more social media-y aspects of the site such as forums and DMs.
Well sure. I wasn't so much alluding to WotC's agency here. If a law is passed that says 43-year-old Michiganders are not permitted to use the spell "Silvery Barbs", WotC has very little to say about it. I am just curious to know what levers are available and in place for WotC to respond to these laws, so as to work out why this was all deemed necessary in the first place.
Because from my point of view, if WotC wants to do the minimum required to follow the law, then there must be some reason that the minimum requires even this measure. You know what I mean?
Just to reiterate, I am not angry or concerned with WotC's behavior here insofar as we live by laws that must be followed.
The consequences are you don't get to use your account until it is provided. This email was sent yesterday. I am sure that anyone with email communication turned on got it.
so many people crying the sky is falling on this thread. there is nothing shady or nefarious happening, WotC is jsut covering their butts with all the new regulations and laws countries are passing.
if you took the time to read what K-ID is instead of running straight here to cry foul, you would know that the only thing being stored is your country and weather or not your a minor, your birthdate is not stored. and evehn if it was it will take a small amount of time for anyone to find your birthdate online anyway. everyone's birthdate is somewhere online.
Definitely was better ways of doing this, such a shame wizbro chooses the most difficult path for every journey.
Difficult, it litterly took me less then 10 seconds to do. its only difficult if you cant remember what your birthday is and what country you live in, and at that point you have bigger problems.
Definitely were better ways of doing this, such a shame wizbro chooses the most difficult path for every journey.
Is there a better way though? They are going through a third-party that (a) already has the infrastructure set up, (b) only stores verification data, and (c) purges the actual PII once verification is complete. So, at the end of the day, Wizards does not need to make up their own system (which, judging from tech issues Beyond has consistently had, likely would have its own host of problems), and the PII is not stored anywhere and thus is not available for access.
We live in a new era of the internet where age verification is becoming the norm. It is not Wizards' fault they have to comply with changing internet policies - and I would much rather they outsource this to an entity with actual experience and who deletes the data than try to build something of their own. As, I think, would anyone who actually thinks about the reality of the situation.
Definitely were better ways of doing this, such a shame wizbro chooses the most difficult path for every journey.
What do you think those better ways were? I will say that they should probably have had the above message written and published before they triggered the script for asking us to verify IDs, which isn't the best of internal communications, but other than that... they're mostly adding a small amount of enforcement to existing rules (see section 1.3 of the TOS), it's generally stuff that's required by their biggest markets (COPPA in the US, GDPR article 8 in the EU, UK Children's Code, ...), and developing their own system in-house would not be more secure than contracting with a third-party specialist.
dumb things like this that do not apply to me but it is easy for them rather than them coming up with a solution that works without making people that are not in the effected group have to verify they aren't.
The number of people who are actually not in the affected group is rather small.
I genuinely doubt that there will be all that many people who do not comply with the age verification and get locked out of their account. Most folks are willing to spend ten seconds of their lives to fill out a two-question form, and anyone who actually cares about data privacy is going to be satisfied with the fact the data requested by the third-party Wizards is using is not stored and is deleted immediately after verification occurs.
Now, Wizards absolutely should do a better job advertising "no data is actually being stored" - that information is buried in places like this forum thread, so a person with a legitimate privacy concern might not realize that this is a pretty harmless ask with no real privacy risk. And, since Wizards is dropping the ball, it once again comes up to the players to make sure this information is well known, particularly to combat rampant misinformation and fearmongering.
yeah nah i'm done with wizards and hasbro. this has nothing to do with protecting anyone and is only to leech more marketing data. i'm out.
Because they haven’t already figured out the requested geographic region from your purchasing data and your birthday is that valuable to marketing teams?
Honestly, I understand data security, but it feels like it’s started snowballing into paranoia.
Definitely were better ways of doing this, such a shame wizbro chooses the most difficult path for every journey.
Is there a better way though? They are going through a third-party that (a) already has the infrastructure set up, (b) only stores verification data, and (c) purges the actual PII once verification is complete. So, at the end of the day, Wizards does not need to make up their own system (which, judging from tech issues Beyond has consistently had, likely would have its own host of problems), and the PII is not stored anywhere and thus is not available for access.
We live in a new era of the internet where age verification is becoming the norm. It is not Wizards' fault they have to comply with changing internet policies - and I would much rather they outsource this to an entity with actual experience and who deletes the data than try to build something of their own. As, I think, would anyone who actually thinks about the reality of the situation.
One thing they could do better is to actually include some statement of who is doing what with your personal information on the page where you submit it. Currently, there is no information on that page. Meanwhile, the privacy policy page lists date of birth and country of residence among the data that dndbeyond does collect.
-
View User Profile
-
View Posts
-
Send Message
ModeratorTo add to this, k‑ID doesn't store the info it collects either. It only stores the verification result, whether you passed or failed. From their privacy policy:
And all D&D Beyond gets is the verification result. No PII is stored or shared.
Homebrew Rules || Homebrew FAQ || Snippet Codes || Tooltips
DDB Guides & FAQs, Class Guides, Character Builds, Game Guides, Useful Websites, and WOTC Resources
Are you referring even to the bday / region? Or just the additional info K-ID would need?
This is a signature. It was a simple signature. But it has been upgraded.
Belolonandalogalo, Sunny
Eggo Lass, Bone and Oblivion | Tendilius Mondhaven Paxaramus, Drakkenheim
Karl Erikson, No Guts No Glory | Chipper, Curse of Strahd
Silverwood Group 1 | Silverwood Group 2
Get rickrolled here. Awesome music here. Track 51, 10/23/25, Viva La Vida
I am relieved to hear that the K-ID service at least pay lip service to data privacy.
I am not relieved overall, because it is still murky to me what features could be locked behind this system. Could my age or location be used to lock me out of my purchased content? Could it be used to restrict what I say on the forum? Could it be used to prevent me from playing a barbarian on Maps because the local law says so?
It might be a good idea to include this on the page that asks for this personal information. It currently provides no clarification on what is done with the collected data.
It's not all that useful to ask what 'could' be done. In theory, just about anything on the site could be age-gated. In practice, D&D Beyond wants to do the minimum possible amount of work, so the question I would ask is what their current intent is. Given that D&D Beyond has never been a site that publishes adult content, my guess would be (already existing) shop restrictions and possibly restrictions on the more social media-y aspects of the site such as forums and DMs.
Well sure. I wasn't so much alluding to WotC's agency here. If a law is passed that says 43-year-old Michiganders are not permitted to use the spell "Silvery Barbs", WotC has very little to say about it. I am just curious to know what levers are available and in place for WotC to respond to these laws, so as to work out why this was all deemed necessary in the first place.
Because from my point of view, if WotC wants to do the minimum required to follow the law, then there must be some reason that the minimum requires even this measure. You know what I mean?
Just to reiterate, I am not angry or concerned with WotC's behavior here insofar as we live by laws that must be followed.
Still no update on what the alleged consequences will be for refusing to provide more PII.
The consequences are you don't get to use your account until it is provided. This email was sent yesterday. I am sure that anyone with email communication turned on got it.
DM mostly, Player occasionally | Session 0 form | He/Him/They/Them
EXTENDED SIGNATURE!
Doctor/Published Scholar/Science and Healthcare Advocate/Critter/Trekkie/Gandalf with a Glock
Try DDB free: Free Rules (2024), premade PCs, adventures, one shots, encounters, SC, homebrew, more
Answers: physical books, purchases, and subbing.
Check out my life-changing
Oh, this is going to go over like the proverbial ton of bricks.
so many people crying the sky is falling on this thread. there is nothing shady or nefarious happening, WotC is jsut covering their butts with all the new regulations and laws countries are passing.
if you took the time to read what K-ID is instead of running straight here to cry foul, you would know that the only thing being stored is your country and weather or not your a minor, your birthdate is not stored. and evehn if it was it will take a small amount of time for anyone to find your birthdate online anyway. everyone's birthdate is somewhere online.
Difficult, it litterly took me less then 10 seconds to do. its only difficult if you cant remember what your birthday is and what country you live in, and at that point you have bigger problems.
Is there a better way though? They are going through a third-party that (a) already has the infrastructure set up, (b) only stores verification data, and (c) purges the actual PII once verification is complete. So, at the end of the day, Wizards does not need to make up their own system (which, judging from tech issues Beyond has consistently had, likely would have its own host of problems), and the PII is not stored anywhere and thus is not available for access.
We live in a new era of the internet where age verification is becoming the norm. It is not Wizards' fault they have to comply with changing internet policies - and I would much rather they outsource this to an entity with actual experience and who deletes the data than try to build something of their own. As, I think, would anyone who actually thinks about the reality of the situation.
What do you think those better ways were? I will say that they should probably have had the above message written and published before they triggered the script for asking us to verify IDs, which isn't the best of internal communications, but other than that... they're mostly adding a small amount of enforcement to existing rules (see section 1.3 of the TOS), it's generally stuff that's required by their biggest markets (COPPA in the US, GDPR article 8 in the EU, UK Children's Code, ...), and developing their own system in-house would not be more secure than contracting with a third-party specialist.
The number of people who are actually not in the affected group is rather small.
It doesn't take special knowledge to realize that the vast majority of D&D Beyond users are in one of the US, UK, and EU.
It’s common sense that a text reliant product developed by an English-speaking team will be targeted primarily at English-speaking audiences.
I genuinely doubt that there will be all that many people who do not comply with the age verification and get locked out of their account. Most folks are willing to spend ten seconds of their lives to fill out a two-question form, and anyone who actually cares about data privacy is going to be satisfied with the fact the data requested by the third-party Wizards is using is not stored and is deleted immediately after verification occurs.
Now, Wizards absolutely should do a better job advertising "no data is actually being stored" - that information is buried in places like this forum thread, so a person with a legitimate privacy concern might not realize that this is a pretty harmless ask with no real privacy risk. And, since Wizards is dropping the ball, it once again comes up to the players to make sure this information is well known, particularly to combat rampant misinformation and fearmongering.
Because they haven’t already figured out the requested geographic region from your purchasing data and your birthday is that valuable to marketing teams?
Honestly, I understand data security, but it feels like it’s started snowballing into paranoia.
One thing they could do better is to actually include some statement of who is doing what with your personal information on the page where you submit it. Currently, there is no information on that page. Meanwhile, the privacy policy page lists date of birth and country of residence among the data that dndbeyond does collect.
I'll see you on Jan 28th.
DM mostly, Player occasionally | Session 0 form | He/Him/They/Them
EXTENDED SIGNATURE!
Doctor/Published Scholar/Science and Healthcare Advocate/Critter/Trekkie/Gandalf with a Glock
Try DDB free: Free Rules (2024), premade PCs, adventures, one shots, encounters, SC, homebrew, more
Answers: physical books, purchases, and subbing.
Check out my life-changing
My banking info is already linked that’s enough from me. If this goes through I’ll happily delete my account. I’m not giving you any else.