Webull · Webull Privacy Policy

Biometric and Identity Verification Data Collection

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Webull collects biometric data such as facial recognition information to verify your identity when you open an account, using third-party verification services.

Consumer impact (what this means for users)

Your facial recognition and biometric data is collected by Webull and processed by third-party identity verification vendors during account opening, and this data is subject to heightened legal protections in several states that Webull must comply with.

Cross-platform context

See how other platforms handle Biometric and Identity Verification Data Collection and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Biometric data is uniquely sensitive — unlike a password or account number, your facial recognition data cannot be changed if compromised. Several states have enacted strict laws governing biometric data collection, including Illinois which allows private lawsuits.

View original clause language
We may collect biometric information, including facial recognition data, as part of our identity verification processes to comply with applicable know-your-customer (KYC) and anti-money laundering (AML) requirements. This information is collected and processed by our identity verification service providers.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14) imposes strict requirements for collection and use of biometric identifiers including facial recognition data, including written consent, a published retention and destruction policy, and a private right of action with statutory damages of $1,000-$5,000 per violation. Texas Biometric Privacy Law (CUBI, Tex. Bus. & Com. Code Ch. 503) and Washington's biometric law impose similar restrictions. CPRA classifies biometric data as 'sensitive personal information' subject to heightened use restrictions. GDPR Art. 9 classifies biometric data processed for identification as a special category requiring explicit consent and a specific Art. 9(2) exemption. FinCEN and KYC regulations under 31 CFR Part 1023 provide the legal basis for collection but do not preempt state biometric laws.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    State attorneys general in Illinois, Texas, and Washington enforce biometric privacy laws, and the California CPPA enforces CPRA sensitive personal information provisions applicable to biometric data.
    File a complaint →
  • FTC
    The FTC has enforcement authority over deceptive or unfair biometric data collection practices and has issued guidance on biometric data privacy under Section 5 of the FTC Act.
    File a complaint →

Provision details

Document information
Document
Webull Privacy Policy
Entity
Webull
Document last updated
April 29, 2026
Tracking information
First tracked
April 28, 2026
Last verified
April 28, 2026
Record ID
CA-P-003963
Document ID
CA-D-00057
Evidence Provenance
Source URL
https://www.webull.com/protocol/webull_privacy_policy
Wayback Machine
View archived versions →
SHA-256
52ce27ebbc3f44e8211fd1b42bcf95b713a9bb02589393332f68453da894ec75
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Webull | Document: Webull Privacy Policy | Record: CA-P-003963
Captured: 2026-04-28 09:34:31 UTC | SHA-256: 52ce27ebbc3f44e8…
URL: https://conductatlas.com/platform/webull/webull-privacy-policy/biometric-and-identity-verification-data-collection/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document