Stripe · Stripe Privacy Policy · View original document ↗

Identity Verification and Know Your Customer Data

High severity Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Stripe recorded 2 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Stripe Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Stripe collects government IDs, facial images, and potentially biometric data to verify your identity when you sign up for certain services, to comply with financial regulations and prevent fraud.

This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The provision establishes the operational basis for Stripe's collection and processing of identity verification data as a condition of financial services provision. KYC and identity verification processes are required under applicable financial regulations, and this clause documents the data categories and purposes supporting those regulatory compliance obligations.

Clause Stability Stable

0
Changes
3
Months Monitored
Apr 27, 2026
First Seen
Apr 27, 2026
Last Seen

Change history

removed May 19, 2026

Removal of explicit disclosure about collection and use of sensitive biometric data (facial images, government IDs) for KYC/identity verification, reducing transparency about sensitive data handling.

View full change record →

Consumer impact (what this means for users)

If you use Stripe-powered services that require identity verification, Stripe collects and processes your government ID and potentially facial biometric data — sensitive information that carries heightened breach risk and is subject to specific legal protections in states like Illinois and Texas.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@stripe.com to request deletion of your identity verification documents and biometric data. Specifically reference biometric data and government ID documents in your request, and include your full name and the email address associated with your Stripe account.

Cross-platform context

See how other platforms handle Identity Verification and Know Your Customer Data and similar clauses.

Compare across platforms →

Monitoring

Stripe has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We collect Personal Data as part of our identity verification and Know Your Customer (KYC) processes, which may include government-issued identification documents, facial images or biometric data, and other verification information. This data is used to verify your identity, comply with financial regulations, and prevent fraud.

— Excerpt from Stripe's Stripe Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY FRAMEWORK: Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14) imposes strict consent, retention, and destruction requirements for biometric identifiers including facial geometry, with a private right of action and statutory damages of $1,000-$5,000 per violation. Texas CUBI (Tex. Bus. & Com. Code §503.001) and Washington MIPA provide similar protections. GDPR Art. 9 designates biometric data used for unique identification as a 'special category' requiring explicit consent or specific legal basis under Art. 9(2). Bank Secrecy Act and FinCEN Customer Identification Program (CIP) rules (31 CFR §1020.220) mandate KYC collection. CCPA grants additional rights over biometric data as 'sensitive personal information' under CPRA.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has enforcement authority over biometric data misuse and unfair data collection practices under FTC Act Section 5, and has issued specific guidance on facial recognition and biometric data.
    File a complaint →
  • State AG
    Illinois AG and other state AGs enforce BIPA and state biometric privacy laws with statutory damages available; California AG enforces CPRA sensitive personal information rights.
    File a complaint →

Provision details

Document information
Document
Stripe Privacy Policy
Entity
Stripe
Document last updated
May 5, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003375
Document ID
CA-D-00106
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
44d69cd19e1ca6f2b31785fb53f7c219f512832c75cd8b17d2cae72b6a1516d6
Analysis generated
April 27, 2026 12:23 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Stripe
Document: Stripe Privacy Policy
Record ID: CA-P-003375
Captured: 2026-04-27 12:23:52 UTC
SHA-256: 44d69cd19e1ca6f2…
URL: https://conductatlas.com/platform/stripe/stripe-privacy-policy/identity-verification-and-know-your-customer-data/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Stripe's Identity Verification and Know Your Customer Data clause do?

The provision establishes the operational basis for Stripe's collection and processing of identity verification data as a condition of financial services provision. KYC and identity verification processes are required under applicable financial regulations, and this clause documents the data categories and purposes supporting those regulatory compliance obligations.

How does this clause affect you?

If you use Stripe-powered services that require identity verification, Stripe collects and processes your government ID and potentially facial biometric data — sensitive information that carries heightened breach risk and is subject to specific legal protections in states like Illinois and Texas.

Is ConductAtlas affiliated with Stripe?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.