The policy discloses that Stripe collects government-issued identification information, including identification numbers and document images, as part of identity verification processes for account holders and transaction participants.
This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Collection of government-issued identification data engages heightened sensitivity requirements under multiple privacy frameworks and triggers specific obligations regarding secure storage, limited retention, and restricted sharing under applicable identity verification and financial services regulations.
Interpretive note: The specific categories of government identification collected and the retention and deletion schedules are disclosed in sections of the policy that were truncated in the provided document text.
Under this provision, individuals required to complete identity verification through Stripe's services will have government-issued identification data collected and processed, subject to the retention and security obligations described in the policy and applicable law.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Stripe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"This Privacy Policy describes the Personal Data that we collect, how we use and share it, and how you can reach us with privacy-related inquiries.— Excerpt from Stripe's Stripe Privacy Policy
1. REGULATORY LANDSCAPE: Collection of government-issued identification numbers engages CCPA sensitive personal information provisions (which include government identification numbers), GDPR special category adjacent provisions regarding data that carries particular risks, and U.S. financial services know-your-customer requirements under the Bank Secrecy Act and FinCEN regulations. State identity theft protection laws in multiple U.S. jurisdictions impose additional restrictions on handling of government identification numbers. 2. GOVERNANCE EXPOSURE: High. Government identification data is among the highest-sensitivity categories in most privacy frameworks. Unauthorized access, improper retention, or unlawful disclosure creates significant regulatory exposure and potential harm to data subjects. The combination of identity document images with financial account data creates a high-value data set from a security perspective. 3. JURISDICTION FLAGS: California residents have specific rights regarding sensitive personal information including government identification numbers under CPRA, including a right to limit use. EU and EEA residents may have rights under GDPR depending on how identification data is categorized in the specific processing context. U.S. states with identity theft protection laws impose security requirements for entities holding government identification numbers. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations using Stripe's identity verification services should review the sub-processors list at stripe.com/service-providers/legal to identify any third parties who may access government identification data as part of verification workflows. Subprocessor agreements should be assessed for appropriate data handling and security obligations. 5. COMPLIANCE CONSIDERATIONS: Organizations deploying Stripe identity verification should confirm that data retention schedules for government identification documents comply with applicable law and Stripe's stated practices. End-user consent flows should specifically identify government identification collection and its purpose. Internal data inventories should document government identification data flows through Stripe infrastructure.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Collection of government-issued identification data engages heightened sensitivity requirements under multiple privacy frameworks and triggers specific obligations regarding secure storage, limited retention, and restricted sharing under applicable identity verification and financial services regulations.
Under this provision, individuals required to complete identity verification through Stripe's services will have government-issued identification data collected and processed, subject to the retention and security obligations described in the policy and applicable law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.