Collecting an ID or using a consumer’s biometric information is subject to heightened scrutiny under various laws in many countries. Stripe’s identity verification service offers one input or tool that can be used as part of a compliance program. You should seek independent legal or compliance advice to determine whether Stripe’s identity verification service is suitable to use as part of your compliance program. Please note that Stripe is not offering a comprehensive method of complying with regulatory legal obligations like Know-Your-Customer (KYC), and Stripe is not acting as your agent undertaking these requirements on your behalf.
Please review our best practices before going live to ensure that you are setting the right expectations with users and building a secure integration. You can also use this FAQ template to help you explain how ID verification works through Stripe Identity to your users.
Stripe Identity may help you meet some of the legal requirements by notifying your customers that their information will be used and shared by both you and Stripe, according to each of our respective privacy policies, and obtaining consent prior to the use of their biometric information for the verification.
While Stripe will store a copy of the customers’ image and ID for you in the Stripe Dashboard, as well as a record of the consent (where applicable), there may be additional obligations that apply to your retention, use, and deletion of this data.
You should always check with your legal counsel to understand how you should use, retain, and delete this sensitive personal data, but here are a few specific examples of obligations that apply in some areas and which you should keep in mind:
If a customer does not consent to the use of their biometric information, you may need to provide them an alternative means to access your service that does not require creation of a biometric identifier. Check with your legal counsel, but one alternative may be to have a manual, human review flow for the verification.
A growing number of privacy laws prohibit companies from keeping personal data longer than necessary for the purpose it was obtained or after an individual has requested deletion. By default, Stripe balances your business needs with these requirements by retaining data in your Stripe Dashboard for 3 years and providing you with the ability to delete it sooner if you are requested by the customer or if you no longer have a need for it. As for biometrics, learn more about Stripe's retention of biometrics.
Some countries, such as Singapore and Germany, treat ID cards as particularly sensitive information. You may not be able to request a Singaporean ID Card absent a sufficient justification or retain a copy of a German ID Card after the initial verification was conducted absent express consent to store it. Check applicable laws to make sure that your use case is acceptable and use the redaction endpoint to delete data that you have no lawful basis to retain.
Stripe does not know your legal obligations and when acting as your data processor, cannot delete data on your behalf. Instead, Stripe will request that customers reach out directly to you to request deletion of their information. If a customer asks you to delete their data, you can redact the VerificationSession which will remove the personal data from that VerificationSession. The process may take up to 4 days. Upon completion, Stripe will no longer store the personal data from that VerificationSession as your service provider.
We recommend that you remind your customers that Stripe is also an independent controller of their personal data and direct them to Stripe at privacy@stripe.com to request deletion of their data by Stripe.