Persona's Identity Verification and Biometric Data Trove
How Persona collects government IDs, selfies, and biometric data from millions of users during identity verification flows for companies like Coinbase, Square, and DraftKings.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreKey Findings
- #1Processes millions of identity verifications monthly with government IDs and selfies
- #2Clients include Coinbase, Square, DraftKings, and major fintech companies
- #3Biometric templates generated from facial scans may be retained after verification
- #4Concentration of identity documents in single company creates systemic risk
- #5Privacy advocates warn of chokepoint control over digital identity verification
Investigation Details
Persona, a leading identity verification platform, reportedly processes millions of identity checks monthly, collecting government-issued ID photos, live selfies, and extracted biometric data. According to reports, companies including Coinbase, Square, DraftKings, and numerous fintech startups use Persona to verify user identities. During each verification, Persona captures high-resolution images of government IDs and compares them with live facial scans, generating biometric templates that may be retained. Privacy advocates have raised concerns about the concentration of sensitive identity documents and biometric data in a single company that serves as a chokepoint for identity verification across the digital economy.
persona has been the subject of increasing scrutiny over its data collection practices practices. Privacy researchers and regulatory bodies across multiple jurisdictions have documented concerns about how the company handles user data, particularly regarding consent, transparency, and data minimization principles. The findings suggest a pattern of prioritizing business metrics over user privacy, a trend observed across the broader technology industry. Users affected by these practices have limited recourse without proactive intervention such as filing formal complaints with data protection authorities or submitting DSAR requests.
Regulatory responses have varied significantly. European data protection authorities have been more aggressive in enforcement under GDPR, while US enforcement remains fragmented across state-level privacy laws. The investigation highlights the need for stronger federal privacy legislation and more transparent corporate data practices. Affected users should consider reviewing their privacy settings, submitting data deletion requests, and exploring privacy-preserving alternatives recommended by independent researchers.
Related Scandals
Take Action
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.
Frequently Asked Questions
What data does persona collect?
Our investigation reveals persona engages in data collection practices. How Persona collects government IDs, selfies, and biometric data from millions of users during identity verification flows for companies like Coinbase, Square, and DraftKings.
Is persona's data collection practices legal?
The legality of persona's practices varies by jurisdiction. Under GDPR, companies must have a lawful basis for data processing. Under CCPA, California residents can opt out of data sales.
How can I protect myself from persona?
You can submit a data subject access request (DSAR) to persona, opt out of data collection through their privacy settings, or use privacy-preserving alternatives.