It is possible to design a system where there are three parties, you, the site R that is requesting you prove your age, and a site D that you are willing to show documentation that will prove your age, with these properties:

1. There is no direct communication between R and D related to your proof of age. You will receive a message from R, send a message to D, receive a message from D, and send a message to R.

2. R gets no information other than (1) your age information, (2) what site D checked your documents, (3) the timestamps of when you exchanged messages with them.

3. The site D just gets (1) the documents you provide to prove your age, (2) a binary blob that you generate that is for all practical purposes random to anyone other than you [1], and (3) the timestamps of when you exchanged messages with them.

If someone compromises D all they get is copies of your documents (assuming D kept them) and those for all practical purposes random blobs (if they kept them), and timestamps. They don't get the identity of R, the site you were verifying your age to.

If someone compromises both R and D, they might try to match up timestamps to try to figure out who people really are. If D is busy enough and you add some delays in your message sending it should be possible to make this risk negligible.

[1] The blob is some data you receive from R, transformed by a random permutation chosen by you. To anyone who does not know the random permutation it is indistinguishable from random.