Rigr AI

Minor Age Estimation Service

We've built an accurate AI model for Facial Age Estimation trained on a proprietary dataset. This system accurately determines the age of minors from images and is designed for law enforcement, immigration, and trust and safety measures to protect children both online and offline.

Features

• On-premise or cloud infrastructure based on your needs.
• Integrate with your tools using the API.
• Use interactively through a web application.
• Non-storage and non-utilisation of any data processed.
• Capable of processing high volumes of images efficiently.
• Generate exportable reports containing results along with image SHA identifiers.

Benefits

• High accuracy age estimation, even for adolescents.
• Trained and evaluated on a highly diverse population.
• Utilised to create a safe online environment for children.
• Monitor legal compliance of online content.
• Non-invasive method to assess children's age in migration.
• Provides age estimate with uncertainty determination.
• Identifies if an image includes a face or faces.

£2,150 a user a year

• Free trial available

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ed@rigr.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

179940211930277

Contact

Edward Dixon
+353868532940
ed@rigr.ai

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Our service runs well on a standard server. Very high volume users might require a server with attached GPU.
• System requirements:
  • 16GB RAM
  • 2 CPU cores

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The response time for basic email support is 24 hours, excluding weekends and public holidays. We also offer a higher support tier at an additional cost.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: The basic level of support includes 24-hour email response time on weekdays, excluding weekends and public holidays. Our support team will assist with general inquiries, basic troubleshooting, and guidance on using the product. While this level provides timely assistance, it does not include dedicated account management or specialized technical support. ; ; In addition to the basic level of support we provide the services of a Technical Account Manager at an additional cost, tailored to the scope and needs of your project. This dedicated professional will work closely with you to understand your requirements, provide technical guidance and support, and ensure that your project runs smoothly.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The onboarding process for new users is tailored to the specific implementation they choose: on-premise, on-cloud web interface, or API integration. For on-cloud web usage, users are provided with credentials that grant them access to the application, ensuring a straightforward and secure login experience. If users opt for API access, they receive their API keys upon signing a licensing agreement, enabling seamless integration with their systems. For on-premise implementations, we customise the onboarding process based on the specific technical requirements of the user's environment.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Our service does not store any data from the user, ensuring full privacy and data protection at all times.
• End-of-contract process: At the end of the contract, depending on the implementation chosen by the user, we disable access to our services. For users of the web application, credentials are disabled, and for those using API integration, the API key is disabled. This ensures that access is effectively revoked and no further usage is possible.; ; For on-premise implementations, our technical team collaborates with the user to determine their preferred method of discontinuing the service. This tailored approach ensures a smooth transition and aligns with the user's specific requirements and preferences.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Our API can be used to integrate age estimation with their own systems, processing images automatically.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: We use automatically scaling based on request volume to spin up additional copies of our service with a load balancer to share the work. We can also deploy an instance on the customer's cloud subscription.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide regular reports detailing the number of images processed and API calls made. ; ; We also provide regular usage reports for cloud deployments, offering insights into activity and resource usage. ; ; For on-premise setups, we can customise reporting functions to meet the specific requirements of the customer, ensuring tailored insights and visibility into usage metrics.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Depending on the chosen implementation—whether it's API integration, a cloud-based web app, or an on-premise setup—users will receive the system's output in the relevant format. For API integration, users get an API response that they can integrate into their systems. In the web application, the response is displayed directly within the application and can also be exported as a.pdf report. For on-premise setups, the system is customised based on the user's requirements, and export functions can be implemented as needed.
• Data export formats: Other
• Other data export formats: .pdf
• Data import formats: Other
• Other data import formats:
  • .jpeg (max 50 MB per file)
  • .png (max 50 MB per file)
  • .jpg (max 50 MB per file)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our service uptime is better than 99.8%. Outages not due to notified service updates will attract a pro-rata credit in the subsequent billing cycle or a cash refund.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Role based access control.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our approach to security governance integrates policies, processes, and controls to safeguard information integrity, confidentiality, and availability. We assign clear roles and responsibilities and apply role-based access controls. Our governance involves ongoing risk assessments, security audits, and the application of commonly accepted best practices. We also prioritise continuous employee training to maintain security awareness and competence. By proactively detecting (with monitoring and automated alerts) and responding to threats, and using technologies like encryption and multi-factor authentication, we ensure resilience and security.
• Information security policies and processes: Building upon our robust security governance framework, our information security policies and processes are meticulously devised to align with our established principles. We adhere to a data minimisation policy, ensuring that only the data absolutely necessary for delivering our services is collected and stored. This approach reduces potential exposure and simplifies data management.; ; Access to critical systems and data is governed by stringent role-based access controls, regularly reviewed and refined to address emerging security challenges. For each new service, we mandate external logging, accompanied by comprehensive reporting and alerting mechanisms designed to promptly detect any breaches or misuse of credentials. These surface alerts to the wider team, avoiding excessive reliance on a single individual.; ; Our risk management process is proactive, involving regular security risk assessments to identify vulnerabilities and implement timely mitigations. We engage third-party security specialists for independent security audits, ensuring adherence to widely accepted best practices.; ; Our reporting structure ensures clear communication and accountability: engineers report security findings to their team leads, who then escalate significant security issues up to the CEO. This ensures that all levels of management are informed and can act swiftly.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change management approach prioritizes transparency and reliability. We track all changes and provide release notes to users, detailing the updates, enhancements, or fixes implemented. Before any changes are released, the application undergoes rigorous internal testing to ensure stability, functionality and security. This testing phase is conducted using a traceable system, allowing us to monitor and document each step of the process.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Our vulnerability management approach combines automated testing and manual assessments to identify potential vulnerabilities effectively. Additionally, if a vulnerability is reported by a user, we assess its severity and impact to prioritize our remediation efforts. Our global team is available around the clock to promptly address and respond to reported vulnerabilities, ensuring timely resolution. For remediation, we employ a structured approach that includes patch management and mitigation strategies to fix identified vulnerabilities efficiently. Moreover, our vulnerability management approach is regularly reviewed and updated to adapt to evolving threats and technologies, ensuring that we maintain a robust security posture.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We actively monitor our logs and set up real-time alerts to detect suspicious spikes or anomalies in activity. Our global team is available 24/7 to promptly investigate and determine the scope and impact of any detected incidents. Stakeholders are alerted through agreed-upon communication channels as soon as potential compromises are identified. Our protective monitoring processes are continuously reviewed and updated to stay ahead of new threats, leverage emerging technologies, and adapt to organizational changes, ensuring ongoing effectiveness and responsiveness.
• Incident management type: Undisclosed
• Incident management approach: Our incident management processes are designed to ensure a fast response to security incidents. Users can report incidents through e-mail. Our global team is committed to responding promptly to such reports. During an incident, we maintain open communication with stakeholders, providing regular updates on the situation and our progress towards resolution. Post-incident, we conduct thorough analyses to identify the root cause, assess the impact, and derive lessons learned. Incident reports, detailing these findings and actions taken, are then provided to stakeholders to ensure transparency and accountability. Our incident management processes are continuously reviewed and updated.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Our Minor Age Estimation Service helps protect children, through its use in police investigations and in Trust & Safety for social media platforms.

Pricing

• Price: £2,150 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We provide a limited-time free trial of our cloud-based web app, giving users the chance to fully explore the features and performance. During this trial, users can test the model with their own media, experiencing firsthand how our AI model performs with their specific content.

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ed@rigr.ai. Tell them what format you need. It will help if you say what assistive technology you use.