The agreement reserves Gumroad's right to request identity verification information from both Buyers and Suppliers, including Social Security Numbers, bank account details, government-issued identification, and taxpayer identification numbers, for anti-fraud, anti-money laundering, and trade sanctions compliance purposes.
This analysis describes what Gumroad's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes collection of highly sensitive personal and financial data categories, including Social Security Numbers and bank account information, from both Suppliers and Buyers. The data collection is positioned as discretionary rather than universal, but the categories listed represent the most sensitive class of personal identifiers under US and international privacy frameworks.
Under this clause, Gumroad may request that Buyers or Suppliers provide Social Security Numbers, bank account information, government-issued identification, and other sensitive personal data as a condition of continued platform access or transaction processing, for anti-fraud and regulatory compliance purposes.
How other platforms handle this
We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including app...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We collect information about you in a variety of ways depending on how you interact with us and our products and services. This includes information you provide directly, information we collect automatically when you use our services, and information we receive from third parties. We may collect ide...
Monitoring
Gumroad has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Gumroad reserves the right, but has no obligation, to request additional information from Buyers or Suppliers to verify identity in order to safeguard the integrity of the Platform and reduce the risk of fraud, money laundering, terrorist financing, and the violation of trade sanctions. Information that Gumroad may request, or seek to confirm, may include full legal name, mailing address, phone number, date of birth, taxpayer identification number (e.g. Social Security Number), bank account information, and a form of government-issued identification.— Excerpt from Gumroad's Gumroad Terms of Service
(1) REGULATORY LANDSCAPE: Collection of taxpayer identification numbers, Social Security Numbers, and bank account information engages the Bank Secrecy Act and FinCEN's Customer Due Diligence (CDD) and Know Your Customer (KYC) requirements applicable to financial intermediaries. The Gramm-Leach-Bliley Act may apply to financial data collected in connection with payment processing. CCPA requires disclosure of sensitive personal information categories collected, and provides California residents with rights regarding the use of sensitive personal information including Social Security Numbers. GDPR requires a lawful basis for processing special categories of data and financial identifiers. (2) GOVERNANCE EXPOSURE: High. The collection of Social Security Numbers, government-issued identification, and bank account information represents the highest-sensitivity data categories under US and EU privacy frameworks. A data breach involving these categories would trigger state breach notification obligations in all US states, federal notification requirements under applicable financial regulations, and GDPR breach notification requirements for EU-resident data subjects. (3) JURISDICTION FLAGS: California residents have specific rights under CCPA regarding sensitive personal information, including the right to limit its use. EU and EEA users' financial identifiers and government identification are subject to GDPR processing requirements. Illinois, New York, and other states with enhanced data protection statutes create additional compliance obligations for entities collecting this data category. (4) CONTRACT AND VENDOR IMPLICATIONS: Organizations onboarding employees or contractors as Gumroad Suppliers should account for the platform's right to collect sensitive personal identifiers as part of vendor risk assessment. Data processing agreements should address Gumroad's handling and storage of Social Security Numbers and bank account information. (5) COMPLIANCE CONSIDERATIONS: Legal and compliance teams should evaluate Gumroad's data security practices and breach notification procedures with respect to the sensitive data categories this provision authorizes collecting. Users subject to CCPA should review available sensitive personal information controls. GDPR-regulated organizations should assess the lawful basis Gumroad relies upon for processing financial identifiers and government identification.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 10 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes collection of highly sensitive personal and financial data categories, including Social Security Numbers and bank account information, from both Suppliers and Buyers. The data collection is positioned as discretionary rather than universal, but the categories listed represent the most sensitive class of personal identifiers under US and international privacy frameworks.
Under this clause, Gumroad may request that Buyers or Suppliers provide Social Security Numbers, bank account information, government-issued identification, and other sensitive personal data as a condition of continued platform access or transaction processing, for anti-fraud and regulatory compliance purposes.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Gumroad.