Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
Brazil · Lei nº 15.211/2025

Comply with Lei Felca. With Felca-ready age verification.

Age Estimation at $0.10 first. ID Verification + Liveness only when borderline. Brazilian Portuguese flow, LGPD-aligned. 500 verifications free every month.

Start freeRead the docs
Backed by
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

A cinematic dark abstract Brazil-child-protection stack illustration — four floating translucent glass panels in 3D perspective on pure black, threaded by a luminous Didit Blue line and framed by four glowing scanner brackets. Each panel carries a small pale-white abstract motif (face oval with age arc, passport rectangle, Brazil-flag geometric silhouette, shield).

What Felca demands

Estimate first. Document when needed. Protect minors by design.

Brazilian platforms with age-restricted content owe a Felca-aligned age gate on every signup. Didit ships it as a tiered workflow — Age Estimation at $0.10 for the average user, document escalation only on borderline bands. Brazilian Portuguese, LGPD consent, 5-year retention, 500 verifications free every month.

How it works

From sign-up to verified user in four steps.

  1. Step 01

    Create the workflow

    Pick the checks you want — ID, liveness, face match, sanctions, address, age, phone, email, custom questions. Drag them into a flow in the dashboard, or post the same flow to our API. Branch on conditions, run A/B tests, no code required.

  2. Step 02

    Integrate

    Embed natively with our Web, iOS, Android, React Native, or Flutter SDK. Redirect to a hosted page. Or just send your user a link — by email, SMS, WhatsApp, anywhere. Pick what fits your stack.

  3. Step 03

    User goes through the flow

    Didit hosts the camera, the lighting cues, the mobile hand-off, and accessibility. While the user is in the flow, we score 200+ fraud signals in real time and verify every field against authoritative data sources. Result in under two seconds.

  4. Step 04

    You receive the results

    Real-time signed webhooks keep your database in sync the moment a user is approved, declined, or sent to review. Poll the API on demand. Or open the console to inspect every session, every signal, and manage cases your way.

Built for Brazil · Priced like infrastructure

Six checks. Tiered cost. ~$0.10 for most users.

Felca compliance isn't a single check — it's a tiered recipe. Toggle the parental-consent branch per platform category, retain artefacts for 5 years, surface the Felca reporting hook on under-13 detections.
Read the docsGet an API key
01 · Age Estimation first

Cheapest path: only borderline pay more.

Age Estimation runs on every signup at $0.10. Confident 18+ users skip the document upload entirely. Only borderline bands (16-21) escalate to ID Verification, keeping the average per-user cost at ~$0.10-$0.15.
Age Estimation module
02 · Brazilian document fallback

RG, CNH, Passport, CIN — all live.

ID Verification handles every Brazilian document. RG (state ID across 27 states), CNH (driver's licence with DENATRAN cross-check via Database Validation), Passport (ICAO Machine-Readable Zone), CIN (new federal national ID). $0.15 per check.
ID Verification module
03 · Selfie liveness

Real face. Not a print, screen, mask, or deepfake.

Passive Liveness — Presentation Attack Detection (PAD) signals reject every common attack vector. iBeta Level 1 certified. $0.10 per check, no head-tilt prompts. Active Liveness ($0.15) available for higher-assurance categories.
Liveness module
04 · Retention pack

5-year audit-ready evidence, per user.

Every artefact — age estimation result + confidence, document scan, selfie, consent record — held for at least 5 years per Lei Geral de Proteção de Dados (LGPD) defaults. Exportable on subject access request. SOC 2 Type 1 + ISO 27001 controls.
Security & Compliance
05 · Parental consent

13-17 covered. Under-13 blocked + reported.

Workflow Builder branches per age band: 18+ confident allows, 13-17 triggers parental-consent capture + parent's ID Verification, under-13 confident hard-blocks and pipes the event to your Felca reporting line.
Workflow Orchestrator
06 · Brazilian-first flow

Português, LGPD, BRT, Brazil mid-range Android.

User-facing copy in Brazilian Portuguese with LGPD-aligned consent text. BRT-timezone audit timestamps. Mobile-first capture tuned for the mid-range Android handsets dominant in Brazil. Same workflow across 48+ languages.
Country page — Brazil
Integrate

One session. One webhook. Felca compliance shipped.

Open the age-gate session at signup. Read the signed verdict. Branch on age band.
POST /v3/session/Felca
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_br_felca_age_gate",
    "vendor_data": "user-br-3821",
    "metadata": { "law": "lei_felca" }
  }'
201Created{ "session_url": "verify.didit.me/..." }
Gate the platform until the webhook says status: Approved.docs →
POST /webhooks/diditVerdict
// X-Signature-V2 verified upstream
const age = payload.age_estimation.estimated_age;
if (payload.status === "Approved" && age >= 18) {
  unlockPlatform(payload.vendor_data);
} else if (age < 13) {
  felca.report(payload);
  block(payload.vendor_data);
}
200OKstatus Approved · Declined · In Review · Kyc Expired
Verify X-Signature-V2 before reading the payload.docs →
Agent-ready integration

Ship Felca compliance in one prompt.

Paste into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. Fill in your stack. The agent builds the tiered workflow, opens the age-gate session, reads the verdict, branches on age band, and wires the Felca reporting hook.
didit-integration-prompt.md
You are integrating Didit into a Brazilian platform to comply with Lei nº 15.211/2025 (the "Felca law") — Brazil's child-protection age + identity rule. Three obligations on every user that touches age-restricted content:

  - Verify the user is old enough (18+ for adult content; bespoke thresholds for gambling, alcohol, social-media reach).
  - Block users under 13 with a logged report (Felca-aligned).
  - Capture parental consent + identity for users 13-17 where the platform allows them.

Recommended recipe (cheapest path that satisfies the law):

  - Step 1: Age Estimation ($0.10) on every signup. Confident "18+" bands skip downstream checks.
  - Step 2: ID Verification ($0.15) + Passive Liveness ($0.10) only on borderline bands (15-21 confidence overlap).
  - Step 3: Parental consent + ID Verification on 13-17 users.
  - Step 4: Hard block + Felca reporting line on confident "under 13" detections.

Average per-user cost in production: ~$0.10-$0.15 (most users pay only Age Estimation; only borderline escalate).

PRE-REQUISITES
  - Production API key from https://business.didit.me (sandbox key in 60s, no card).
  - Webhook endpoint with HMAC SHA-256 verification using the X-Signature-V2 header and your webhook secret.
  - A workflow_id from the Workflow Builder that branches on Age Estimation confidence band: 18+ confident → allow; 16-19 borderline → escalate to ID + Liveness; 13-17 confident → parental consent flow; under 13 confident → block + report.
  - LGPD (Lei Geral de Proteção de Dados) consent copy approved by your legal team in Brazilian Portuguese.

STEP 1 — Open the age-gate session at signup

  POST https://verification.didit.me/v3/session/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "workflow_id": "<wf id with Age Estimation + conditional ID + Liveness>",
      "vendor_data": "<your user id, max 256 chars>",
      "callback": "https://<your-app>/age-gate/callback",
      "metadata": {
        "law": "lei_felca_15211_2025",
        "platform_category": "social_app",
        "min_age_for_full_features": 18
      }
    }

  Response: 201 Created with a hosted session URL. Redirect the user (web or in-app webview). Sub-2-second median verdict on completion (Age Estimation alone; longer when ID + Liveness escalate).

STEP 2 — Read the signed webhook on the verdict

  Didit POSTs to your callback. Session statuses are Title Case With Spaces:

  Body (excerpted):
    {
      "session_id": "<uuid>",
      "vendor_data": "<your user id>",
      "status": "Approved",
      "age_estimation": { "estimated_age": 27, "lower_bound": 24, "upper_bound": 30, "confidence": 0.92 },
      "id_verification": { "status": "Approved", "document_type": "RG", "dob": "1997-03-12" },
      "liveness": { "status": "Approved" }
    }

  Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.

  Verify the X-Signature-V2 header BEFORE reading the body — HMAC SHA-256 of the raw bytes with your webhook secret.

STEP 3 — Branch on the verdict + age

  Approved + 18+    → unlock the platform.
  Approved + 13-17  → route to parental consent capture; unlock limited features.
  Approved + under 13 (rare; only if document escalation overruled the estimation) → block; log to your Felca reporting line.
  Declined          → block; surface to ops.
  In Review         → soft-fail; pending manual review.

STEP 4 — Re-verify on age-threshold transitions

  When a user crosses an age threshold (turns 18, turns 16), open a re-verification session to update their tier. The original session URL is single-use; create a new session per re-verify.

WEBHOOK EVENT NAMES
  - Sessions: status changes flow through the standard session webhook.

  Verify X-Signature-V2 on every payload.

CONSTRAINTS
  - Session statuses use Title Case With Spaces (Approved, In Review). Do not lowercase or snake_case them.
  - Age Estimation is statistical, not deterministic. Confident bands (high model confidence + age comfortably above/below threshold) skip the document upload; borderline bands MUST escalate to ID Verification.
  - LGPD requires explicit consent capture before processing personal data. The Didit-hosted flow renders a consent screen in Brazilian Portuguese; if you self-host the UI via the mobile SDK, render the LGPD consent BEFORE opening the session.
  - Default retention is 5 years post-relationship per LGPD defaults; configure per workflow in the Business Console.
  - Brazilian documents supported live: RG (state ID across 27 states), CNH (driver's licence with DENATRAN cross-check), passport, CIN (new federal national ID). 14,000+ documents across 220+ countries total.

Read the docs:
  - https://docs.didit.me/sessions-api/create-session
  - https://docs.didit.me/core-technology/age-estimation/overview
  - https://docs.didit.me/core-technology/id-verification/overview
  - https://docs.didit.me/integration/webhooks

Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.
Need more context? See the full module docs.docs.didit.me →
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter — the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design

Proof numbers

Proof numbers
  • ~$0.10
    Per average user — Age Estimation only; document escalation only on borderline.
  • 0y
    Default retention per Lei Geral de Proteção de Dados (LGPD); configurable per workflow.
  • <0s
    End-to-end verdict per session, on entry-level Android.
  • 0
    Free verifications every month, on every account.
Three tiers, one price list

Start free. Pay per usage. Scale to Enterprise.

500 free verifications every month, forever. Pay-as-you-go for production. Custom contracts, data residency, and SLAs (Service Level Agreements) on Enterprise.
Free

Free

$0 / month. No credit card required.

  • Free KYC bundle (ID Verification + Passive Liveness + Face Match + Device & IP Analysis) — 500 / month, every month
  • Blocklisted Users
  • Duplicate Detection
  • 200+ fraud signals on every session
  • Reusable KYC across the Didit network
  • Case Management Platform
  • Workflow Builder
  • Public docs, sandbox, SDKs, MCP (Model Context Protocol) server
  • Community support
Start free
Most popular
Pay per usage

Usage Based

Pay only for what you use. 25+ modules. Public per-module pricing, no monthly minimum fee.

  • Full KYC at $0.33 (ID + Biometric + IP / Device)
  • 10,000+ AML datasets — sanctions, PEPs, adverse media
  • 1,000+ government data sources for Database Validation
  • Transaction Monitoring at $0.02 per transaction
  • Live KYB at $2.00 per business
  • Wallet Screening at $0.15 per check
  • Whitelabel verification flow — your brand, our infrastructure
See full list of pricesStart free
Enterprise

Enterprise

Custom MSA & SLA. For large volumes and regulated programs.

  • Annual contracts
  • Custom MSA, DPA, and SLA
  • Dedicated Slack and WhatsApp channel
  • Manual reviewers on demand
  • Reseller and white-label terms
  • Exclusive features and partner integrations
  • Named CSM, security review, compliance support
Talk to us

Start free → pay only when a check runs → unlock Enterprise for a custom contract, SLA, or data residency.

FAQ

Common questions

Related

Related modules + workflows

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page