Collecting an ID or using a consumer's biometric information is subject to heightened scrutiny under various laws in many countries. Stripe's identity verification service offers one input or tool that can be used as part of a compliance programme. You should seek independent legal or compliance advice to determine whether Stripe's identity verification service is suitable for use as part of your compliance programme. Please note that Stripe is not offering a comprehensive method of complying with regulatory legal obligations such as Know-Your-Customer (KYC) requirements, and Stripe is not acting as your agent undertaking these requirements on your behalf.
Please review our best practices before going live to ensure that you are setting the right expectations with users and building a secure integration. You can also use this FAQ template to help you explain to your users how ID verification works through Stripe Identity.
Stripe Identity may help you to meet some of the legal requirements by notifying your customers that their information will be used and shared by both you and Stripe, according to each of our respective privacy policies, and obtaining consent prior to using their biometric information for the verification.
While Stripe will store a copy of the customers' image and ID for you in the Stripe Dashboard, as well as a record of the consent (where applicable), there may be additional obligations that apply to your retention, use and deletion of this data.
You should always seek help from your legal advisor to understand how you should use, retain and delete this sensitive personal data, but here are a few specific examples of obligations that apply in some areas and which you should bear in mind:
If a customer does not consent to the use of their biometric information, you may need to provide them with an alternative solution to access your service that does not require the creation of a biometric identifier. Check with your legal advisor, but one alternative may be to have a manual, human review flow for the verification.
A growing number of privacy laws prohibit companies from keeping personal data for longer than is necessary for the purpose it was obtained or after an individual has requested deletion. By default, Stripe balances your business needs with these requirements by retaining data in your Stripe Dashboard for three years and by providing you with the ability to delete it sooner if requested by the customer or if you no longer need it. As for biometrics, learn more about Stripe's retention of biometrics.
Some countries, such as Singapore and Germany, treat ID cards as particularly sensitive information. You may not be able to request a Singaporean ID card without sufficient justification or retain a copy of a German ID card once the initial verification has been completed without express consent to store it. Check applicable laws to make sure that your use case is acceptable and use the redaction endpoint to delete data that you have no lawful basis to retain.
Stripe is not aware of your legal obligations and cannot delete data on your behalf when acting as your data processor. Instead, Stripe will request that customers contact you directly to request that their information is deleted. If a customer asks you to delete their data, you can redact the VerificationSession which will remove the personal data from that VerificationSession. This process may take up to four days. Upon completion, Stripe will no longer store the personal data from that VerificationSession as your service provider.
We recommend that you remind your customers that Stripe is also an independent controller of their personal data and that you direct them to Stripe at privacy@stripe.com to request that Stripe deletes their data.