# Disclosures Disclosures control what information users reveal during identity verification. You configure them in the frontend `disclosures` object, which contains two types of settings: 1. **Verification Requirements** - conditions that must be met (must match backend) 2. **Disclosure Requests** - information users will reveal (frontend only) ## Verification Requirements These settings define verification conditions and must match your backend `verification_config`: ### `minimumAge` Verifies user is at least this age without revealing exact age or date of birth. ```javascript disclosures: { minimumAge: 18, // User must be 18 or older } ``` ### `excludedCountries` Blocks users from specific countries using [ISO 3-letter country codes](https://www.iso.org/obp/ui/#search). ```javascript disclosures: { excludedCountries: ['IRN', 'PRK'], // Block Iran and North Korea } ``` {% hint style="info" %} The maximum amount of excluded countries you can specify is 40. Any more than this will cause proofs to fail verification on the Self App. {% endhint %} ### `ofac` Enables OFAC (sanctions) checking against official watchlists. ```javascript disclosures: { ofac: true, // Enable sanctions checking } ``` ## Disclosure Requests These settings specify what information users will reveal. Configure only in frontend - backend receives this data automatically. ### Personal Information * **`name`**: User's full name from the verified document * **`nationality`**: User's nationality * **`gender`**: User's gender (M/F) * **`date_of_birth`**: Full date of birth ### Document Information * **`passport_number`**: Document number (use carefully for privacy) * **`expiry_date`**: Document expiry date * **`issuing_state`**: Country that issued the document ## Example Configuration ```javascript disclosures: { // Verification requirements (must match backend) minimumAge: 21, excludedCountries: ['IRN'], ofac: true, // Disclosure requests (frontend only) nationality: true, gender: true, name: false, // Don't request name date_of_birth: true, passport_number: false, // Don't request for privacy } ``` ## Verification Result When verification succeeds, disclosed information is available in `result.discloseOutput`: ```javascript const result = await selfBackendVerifier.verify(/*...*/); if (result.isValidDetails.isValid) { const data = result.discloseOutput; console.log(data.nationality); // "USA" (if requested) console.log(data.gender); // "M" or "F" (if requested) console.log(data.olderThan); // "18" (if minimumAge set) console.log(data.name); // undefined (if not requested) } ``` ## Frontend & Backend Alignment {% hint style="warning" %} **Critical**: The verification rules in your frontend `disclosures` object **must exactly match** the configuration in your backend `SelfBackendVerifier` or smart contract. A mismatch — even a stricter value — will cause verification to fail. {% endhint %} For example, if the backend requires `minimumAge: 18` but the frontend specifies `minimumAge: 21`, verification will fail. The values must be identical, not just compatible. {% hint style="success" %} **Best practice**: Centralize your disclosure config in a shared constants file and import it into both frontend and backend to avoid drift. {% endhint %} {% hint style="info" %} Data disclosures (`nationality`, `gender`, `name`, etc.) are **not** enforced by your backend or contracts — they only control what data the user reveals. Only verification rules (`minimumAge`, `excludedCountries`, `ofac`) need to match. {% endhint %} ## Privacy Best Practices * **Request only what you need**: Each disclosure reveals personal information * **Avoid sensitive fields**: Be cautious with `passport_number` and `name` * **Consider alternatives**: Use `minimumAge` instead of `date_of_birth` for age verification * **Store carefully**: Implement proper data protection for disclosed information ## Common Use Cases **Age verification only:** ```javascript disclosures: { minimumAge: 18, // No personal data revealed } ``` **Basic identity with nationality:** ```javascript disclosures: { minimumAge: 18, nationality: true, gender: true, } ``` **Complete identity verification:** ```javascript disclosures: { minimumAge: 21, ofac: true, nationality: true, name: true, date_of_birth: true, } ```