What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@stripe.com', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': 'Email privacy@stripe.com to request deletion of your identity verification documents and biometric data. Specifically reference biometric data and government ID documents in your request, and include your full name and the email address associated with your Stripe account.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has enforcement authority over biometric data misuse and unfair data collection practices under FTC Act Section 5, and has issued specific guidance on facial recognition and biometric data.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'Illinois AG and other state AGs enforce BIPA and state biometric privacy laws with statutory damages available; California AG enforces CPRA sensitive personal information rights.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Identity Verification and Know Your Customer Data clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Identity Verification and Know Your Customer Data — Stripe

Share 𝕏 Share in Share 🔒 PDF

What it is

Stripe collects government IDs, facial images, and potentially biometric data to verify your identity when you sign up for certain services, to comply with financial regulations and prevent fraud.

Change history

added Apr 29, 2026

This new provision introduces explicit disclosure of biometric data collection (facial images) as part of KYC processes, representing a significant expansion in sensitive personal data categories requiring enhanced transparency.

View full change record →

Consumer impact (what this means for users)

If you use Stripe-powered services that require identity verification, Stripe collects and processes your government ID and potentially facial biometric data — sensitive information that carries heightened breach risk and is subject to specific legal protections in states like Illinois and Texas.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Email privacy@stripe.com to request deletion of your identity verification documents and biometric data. Specifically reference biometric data and government ID documents in your request, and include your full name and the email address associated with your Stripe account.

Cross-platform context

See how other platforms handle Identity Verification and Know Your Customer Data and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Biometric and government ID data is among the most sensitive personal information that can be collected — if mishandled or breached, it cannot be changed like a password, creating long-lasting identity theft risk.

View original clause language

We collect Personal Data as part of our identity verification and Know Your Customer (KYC) processes, which may include government-issued identification documents, facial images or biometric data, and other verification information. This data is used to verify your identity, comply with financial regulations, and prevent fraud.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14) imposes strict consent, retention, and destruction requirements for biometric identifiers including facial geometry, with a private right of action and statutory damages of $1,000-$5,000 per violation. Texas CUBI (Tex. Bus. & Com. Code §503.001) and Washington MIPA provide similar protections. GDPR Art. 9 designates biometric data used for unique identification as a 'special category' requiring explicit consent or specific legal basis under Art. 9(2). Bank Secrecy Act and FinCEN Customer Identification Program (CIP) rules (31 CFR §1020.220) mandate KYC collection. CCPA grants additional rights over biometric data as 'sensitive personal information' under CPRA.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has enforcement authority over biometric data misuse and unfair data collection practices under FTC Act Section 5, and has issued specific guidance on facial recognition and biometric data.
File a complaint →
State AG

Illinois AG and other state AGs enforce BIPA and state biometric privacy laws with statutory damages available; California AG enforces CPRA sensitive personal information rights.
File a complaint →

Provision details

Document information

Document

Stripe Privacy Policy

Entity

Stripe

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003375

Document ID

CA-D-00106

Evidence Provenance

Source URL

https://stripe.com/privacy

Wayback Machine

View archived versions →

SHA-256

44d69cd19e1ca6f2b31785fb53f7c219f512832c75cd8b17d2cae72b6a1516d6

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Stripe | Document: Stripe Privacy Policy | Record: CA-P-003375
Captured: 2026-04-27 12:23:52 UTC | SHA-256: 44d69cd19e1ca6f2…
URL: https://conductatlas.com/platform/stripe/stripe-privacy-policy/identity-verification-and-know-your-customer-data/
Accessed: May 2, 2026

Classification

Severity

High

Identity Verification and Know Your Customer Data