Creators must provide a copy of their government-issued ID and a selfie holding that ID to OnlyFans as part of the registration and verification process. Third-party social media handles may also be collected to further verify identity.
This analysis describes what OnlyFans's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Submitting a government ID and selfie creates a detailed identity record held by OnlyFans and its third-party processors, which if breached or misused could expose Creators to serious identity theft risk.
Creators hand over highly sensitive identity data including government-issued documents and selfie images to both OnlyFans and third-party verification vendors, creating meaningful identity and privacy risk if that data is compromised.
Cross-platform context
See how other platforms handle Government ID and Selfie Collection from Creators and similar clauses.
Compare across platforms →Monitoring
OnlyFans has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"a copy of the government identity document that you provide to us* ... a 'selfie' of you holding your government identity document* ... third-party social media handle / personal website address (used to further verify your age and identity and to help us better understand the content which you are likely to share on OnlyFans)— Excerpt from OnlyFans's OnlyFans Privacy Policy
REGULATORY LANDSCAPE: Collection of government identity documents engages GDPR/UK GDPR provisions on special category or sensitive data processing, CCPA sensitive personal information provisions, and anti-money-laundering and KYC obligations that may justify collection under legal compliance bases. The UK ICO and EU supervisory authorities are relevant enforcement bodies. US FTC oversight applies to the adequacy of data security practices around this sensitive data. GOVERNANCE EXPOSURE: High. Government ID and selfie data represents some of the most sensitive personal data a platform can hold. A breach affecting this data category would likely trigger notification obligations under GDPR, UK GDPR, and US state breach notification laws. The policy does not specify retention periods for this data or the security standards applied to its storage. JURISDICTION FLAGS: EU and UK users have strong rights under GDPR and UK GDPR to understand the legal basis for processing and to request erasure. California residents have CCPA rights over sensitive personal information. The collection of this data from users globally creates multi-jurisdictional obligations. CONTRACT AND VENDOR IMPLICATIONS: Third-party identity verification vendors who receive government ID copies must be governed by robust processor agreements under GDPR Article 28. Procurement teams should confirm these vendors meet ISO 27001 or equivalent security standards and have clear data destruction obligations. COMPLIANCE CONSIDERATIONS: The legal basis for retaining government ID data after verification is complete should be documented and reviewed. Data minimisation principles under GDPR may require that ID document copies are not retained longer than necessary. Breach response plans should specifically address this high-sensitivity data category.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Submitting a government ID and selfie creates a detailed identity record held by OnlyFans and its third-party processors, which if breached or misused could expose Creators to serious identity theft risk.
Creators hand over highly sensitive identity data including government-issued documents and selfie images to both OnlyFans and third-party verification vendors, creating meaningful identity and privacy risk if that data is compromised.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OnlyFans.