The policy states that sellers are required to submit government-issued identification documents and financial account information (bank account details) to Whatnot for identity verification and payout processing.
This analysis describes what Whatnot's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision requires sellers to submit sensitive personal and financial data categories that are subject to heightened protection under state financial privacy laws, data breach notification statutes, and potentially federal requirements depending on the nature of payout processing relationships.
The updated terms require all disputes arising from the Strategic Seller Agreement or a seller's relationship with Whatnot to be resolved through arbitration as defined in the main Terms of Service, rather than through litigation in California courts. Previously, sellers could bring claims in federal or state courts located in Los Angeles; under the revised language, this option is eliminated except where the Terms of Service arbitration section expressly permits court proceedings. The change applies to the relationship between individual sellers and Whatnot, affecting how contract disputes, payment disagreements, or other claims are processed and adjudicated.
View change record →The updated terms establish a new Creator Program for UK users that allows them to submit content (videos, shopping hauls, seller spotlights) and potentially receive program benefits including cash payments, shopping credit, or promotional support. The terms grant Whatnot a one-year non-exclusive license to use submitted content across all marketing channels worldwide for promotion, advertising, and derivative works without additional compensation beyond the stated program benefit. Creators must be at least 18 years old, maintain a valid Whatnot account, and complete identity verification and tax documentation before receiving any payment. The terms state explicitly that submission does not guarantee content will be selected, used, featured, or rewarded, and Whatnot retains discretion to reject, remove, or stop using content at any time.
View change record →This new high-severity provision discloses collection of sensitive personal identifiers and financial data from sellers, which raises significant privacy and security concerns.
View full change record →Under this provision, sellers must provide government-issued ID and bank account information as a condition of selling on the platform; these data categories are retained and processed by Whatnot and its payout and identity verification service partners.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Whatnot has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are a seller on Whatnot, we may collect additional information from you, including government-issued ID (such as a driver's license or passport) for identity verification purposes, and financial account information (such as bank account details) for payout processing.— Excerpt from Whatnot's Whatnot Privacy Policy
1) REGULATORY LANDSCAPE: Collection of government-issued ID and financial account information engages state data breach notification laws (all 50 US states), the FTC Act's requirements for reasonable data security, and potentially the Gramm-Leach-Bliley Act if Whatnot's payout processing relationships involve financial institutions subject to GLBA. For EU and UK sellers, this data collection engages GDPR and UK GDPR provisions on processing special categories or sensitive data, and data minimization requirements. 2) GOVERNANCE EXPOSURE: High. Government-issued ID and financial account numbers are among the most sensitive personal data categories; their collection, storage, and transmission require strong encryption, access controls, and vendor due diligence on identity verification and payout processing partners. A breach involving these categories would trigger mandatory notification obligations across multiple jurisdictions. 3) JURISDICTION FLAGS: California's CCPA/CPRA includes government-issued ID and financial account numbers in its definition of sensitive personal information, requiring specific disclosure and potentially additional use limitations. Illinois, New York, and other states impose specific requirements on the collection and retention of identity documents. 4) CONTRACT AND VENDOR IMPLICATIONS: Whatnot's agreements with identity verification and payout processing vendors must include data processing agreements, security requirements, and breach notification obligations; procurement teams should audit these vendor contracts and confirm that subprocessors handling government ID data are appropriately vetted. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should map the retention and deletion schedule for seller government ID and financial account data; confirm that data minimization principles are applied (data retained only as long as necessary for verification or payout purposes); and verify that seller-facing disclosures about the use and sharing of this data category are complete and accurate.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision requires sellers to submit sensitive personal and financial data categories that are subject to heightened protection under state financial privacy laws, data breach notification statutes, and potentially federal requirements depending on the nature of payout processing relationships.
Under this provision, sellers must provide government-issued ID and bank account information as a condition of selling on the platform; these data categories are retained and processed by Whatnot and its payout and identity verification service partners.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Whatnot.