| Hey Patrick, > As a philosophical matter, we consider ourselves to serve the business, which means that limiting access to what we consider to be the business's own information feels a bit strange. Maybe I'm wrong , but once a customer upload the document on Stripe Identity they are supposed to be YOUR documents. I worked in Bank as a Service , fundamentally when a customer goes through a verification process , the documents uploaded are not the owned by the partner using our APIs. They are owned by us , the Bank. For Stripe Identity the same should have apply. Here the goal is not "Lock the Partner" but rather to protect them. Now that discord has access to my Passport , in case of an identity theft could you tell me EXACTLY whose liable for the leak in regards to the law ? With BaaS it's pretty clear , the Bank carry the responsibility to keep those documents safe , thus it's safer to not give access to a basic business to the raw details. With the current API design you are offering, it's more ambigous and more prone very large leak within a business information system like Discord or Uber etc.. Those leak will happen. |
Discord only has access to your passport if you upload it to them. They don't have access to it by virtue ofthem being a stripe customer.