Privacy Notice

Last updated: June 16, 2026.

What this notice covers

This notice explains how Stile handles personal data for the public website, merchant account evaluation, and identity or age verification workflows. Stile is an identity-verification API for regulated commerce. Merchants configure the verification flow they need, and Stile returns a signed webhook with the eligibility decision, session ID, and audit pointer.

This page is written for users, merchants, and reviewers who need the practical data-handling shape. Contract terms, data-processing terms, and customer-specific retention settings are handled in the applicable agreement with each merchant.

Data Stile may collect

Depending on how you interact with Stile, we may process these categories of data:

• Verification data: document images, selfie or liveness captures, barcode or OCR outputs, mobile driver's license attributes, jurisdiction, age tier, verification result, session ID, and audit pointer.

• Biometric data: face-match and liveness signals generated during verification. These are used to confirm that the document presenter is present and matches the credential portrait.

• Merchant and account data: work email, company, role, requested product interest, support messages, account configuration, API usage, webhook configuration, and billing or procurement context.

• Technical data: IP address, device and browser information, logs, security events, analytics events, and diagnostic data needed to operate and secure the service.

How Stile uses data

Stile uses data to provide, secure, and improve verification workflows. That includes:

• creating and running verification sessions;

• performing document checks, OCR, barcode cross-reference, liveness, face match, mobile driver's license attribute checks, age-tier resolution, and jurisdiction handling;

• returning a signed eligibility webhook and session-level audit pointer to the merchant;

• preventing fraud, debugging reliability issues, and maintaining security logs;

• responding to support, sales, procurement, and compliance review requests.

What merchants receive

In the default configuration, the merchant's product code receives the signed webhook with the eligibility decision, jurisdiction or age tier when configured, and a session ID. The merchant does not receive raw document fields, biometric templates, date of birth, or source images by default. Configurations that surface specific document fields to the merchant are available only when a verification flow explicitly requires them and are documented per merchant during onboarding.

Biometric processing and consent

Some verification flows use selfie, liveness, and face-match signals. Stile uses those signals to verify that the person completing the flow is present and matches the credential being checked. Where notice, consent, or a written release is required, the merchant's implementation and Stile's hosted verification flow should present the required disclosures before biometric processing starts.

Stile does not sell biometric data. Biometric templates and source images follow the retention setting configured for the merchant account or session, as described below.

Retention and deletion

Retention is configurable per account. The default is delete-on-completion: source images and biometric templates are discarded once the verification session resolves and the signed webhook is delivered. Merchants who need lookback for chargeback dispute resolution or fraud-investigation review can configure a retention window measured in days and bound to their contractual obligations.

The eligibility signal, session ID, webhook event, and audit pointer may be retained on a longer horizon to support audit trails, dispute review, security, and legal obligations. The underlying document and biometric artifacts are not retained longer than the configured retention policy unless a legal hold or similar obligation applies.

Sharing and subprocessors

Stile shares data with service providers that help operate the product, including infrastructure, storage, email, analytics, security, support, and verification-processing providers. Those providers are limited to processing data for Stile's service operations. Stile may also disclose data when required by law, to protect the service, or as part of a business transaction subject to appropriate safeguards.

Website analytics and cookies

The public website may use analytics and performance tooling to understand page usage, diagnose errors, and improve reliability. The site also loads security, routing, and theme behavior needed for normal operation. Browser controls can limit cookies or similar storage, though some controls may affect site behavior.

Your privacy choices and requests

Depending on your location, you may have rights to request access, correction, deletion, portability, objection, restriction, or opt-out of certain processing. Verification requests are often tied to a merchant relationship, so Stile may need to coordinate with the merchant that initiated the session before completing a request.

To make a privacy request, contact Stile through the contact page and include enough context to locate the relevant account or verification session. Do not send government ID images or biometric data through the contact form.

Security posture

All API and admin traffic is encrypted with TLS 1.3 in transit. Stored documents and biometric templates are encrypted with AES-256 at rest. Data-handling architecture is aligned with GDPR Articles 5, 17, and 25: data minimization, right-to-erasure, and privacy by design. This is architectural alignment, not an external certification. More detail is available on the security page.

Changes to this notice

Stile may update this notice as the product, legal requirements, or data-processing practices change. When the change is material, Stile will update the date above and use reasonable channels to make the updated notice available.