Managing Identity Verification Information

Be sure to also contact that company to delete all data stored by Stripe on its behalf as well as copies of your data stored on its systems.

Don’t forget to also contact the company that requested your identity verification to delete all data stored by Stripe on its behalf, as well as copies of your data stored on its systems.

How can I delete the identity data I provided?

Remember to also contact the company that requested your identity verification to delete all data stored by Stripe on their behalf, as well as copies of your data stored on their systems. We cannot delete this data ourselves, as we act as a data processor when storing data on behalf of a company that has requested verification.

If Stripe receives a legitimate deletion request, Stripe will no longer use the identity information you provided to Stripe. Please note, however, that unless the company that requested the verification has erased your identity data, Stripe will retain a copy of that data (photos of your face and ID, any data extracted or entered , as well as the result and information of the verification), as a data processor serving the account of the company that requested the verification. Please also note that Stripe may retain your personal data where permitted or required by applicable law. For example, Stripe may not be able to delete data due to legal retention obligations. This is particularly the case if your data has been used to verify that your company meets Stripe’s anti-money laundering requirements.

As a reminder, if you have only authorized Stripe to verify your identity in order to combat fraud and ensure your security, the biometric identifiers used for the initial verification  If you have authorized Stripe to use your biometric identifiers to improve its verification technology , the biometric identifiers generated for this purpose will also be deleted within one year of their creation.

Stripe Identity builds on the expertise we’ve gained building a global infrastructure capable of processing hundreds of billions of dollars in payments each year. We are leveraging the lessons we have learned from building our banking infrastructure to ensure the security of verification data.

We transfer verification data over encrypted TLS connections and use the AES-256 protocol to encrypt data at rest. We have implemented additional access controls to prevent unauthorized access or use of verification data and to protect the confidential and sensitive data we store. Thus, only authorized persons will be able to access the most sensitive data.

Who can access captured identity data?

In instances where Stripe verifies an individual’s identity on behalf of a business, you also consent to that business accessing and using the captured information as part of the verification flow. The company will therefore be able to access the captured images of the ID, the selfies, the data extracted from the ID, the information entered and the result of the verification. Stripe does not share the biometric identifiers used to verify your identity with third parties.

People who have obtained company authorization, as well as owners and administrators who have requested verification of your identity, can access your information through the Stripe Dashboard. In addition, the company has access to your information through the API by means of limited API keys .

As part of the identity verification process, we may send captured images and entered information to third party service providers for their review. Stripe may work with third-party service providers to verify information submitted from data sources owned and operated by third parties (such as government-provided databases, etc.) to confirm identity question. This option only comes into play if our automated verification technology does not lead to a reliable decision. These third-party providers must comply with the same rules that we impose on subcontractors .

What information do you collect?

Stripe stores data collected during the identity verification process on behalf of the company that issued the verification request, and in some cases on its own behalf when we act as data controller .

Biometric identifiers created for verification purposes will be completely removed from our systems within one year.

The rest of the identity information that you send to us is generally stored for 3 years. This includes all captured images, data collected from your interaction with Stripe (e.g. browser type and IP address), data extracted from your ID (including your name, date of birth and ID number) and information entered into forms (such as your name, date of birth, U.S. Social Security number, email address, and phone number), as well as the result of the cheking process.

Be sure to review the privacy policy of the company that used Stripe to verify your identity to learn how they will use your personal data.

We also capture common web analytics metadata (such as your browser type, operating system, camera type, and IP address) that is sent by your browser to the websites you visit. Depending on how the company requesting to verify your identity has set up Stripe Identity, we may also collect advanced fraud detection signals sent by your browser. We keep this information for the purpose of limiting fraud, identifying problems and improving our services, but may need to keep it longer in accordance with applicable laws and our Privacy Policy.