AML / KYC Policy

To get you paid, we open and operate a real merchant account on your behalf through our payment processors. That brings us inside the financial system, and the financial system has rules. US anti-money-laundering law (the Bank Secrecy Act), the card networks (Visa, Mastercard, and others), and our processors all require us to know who our merchants are before we move money for them. This is called Know Your Customer (KYC).

We are not asking for your ID because we want to. We are asking because we cannot legally board you for payments without it. This page sets out, in plain language, what we collect, how it is protected, how long we keep it, and who it is shared with.

Identity verification only runs when you apply for SellStein Payments, our managed merchant account. It does not run for ordinary account signup, browsing, or building a store. You will be asked to verify when:

• You apply for a SellStein Payments merchant account
• You add or change the bank account that receives your payouts
• Your account triggers a regulatory review (for example, an unusual change in activity)
• A processor or regulator requires re-verification of an existing account

To verify your identity and your business, we collect and store identity and financial information, which may include:

• Legal name, date of birth, and residential and business addresses
• Government tax identifier (SSN, EIN, or local equivalent)
• Images of a government-issued ID document (passport, driving licence, or national ID)
• For some verification flows, a short selfie or liveness video to confirm you match your ID
• Bank account and routing numbers used to settle your payouts
• Basic business details (entity type, ownership, website, the products you sell)

We collect what the law and our processors require to board you, and no more.

This is the most sensitive data we hold, and we treat it that way:

• Sensitive identifiers (tax ID, date of birth, bank account and routing numbers), your ID document images, and any biometric or liveness media are encrypted at rest with AES-256-GCM, using a dedicated encryption key that is separate from our general platform key.
• ID document images and biometric media live in a private storage bucket that is never publicly accessible and is served only through authenticated endpoints.
• All data is encrypted in transit over TLS 1.2 or higher.
• Internal staff access to KYC documents is restricted and gated behind hardware-backed passkey two-factor authentication.

For the full set of controls, including our breach-notification commitment and our ongoing internal security testing, see our Security page.

We keep verification data only as long as the law and our processors require:

• KYC and identity record fields are kept while your account is active and deleted from our systems when you close your account. Our payment processors (Fiserv and NMI) may retain identity and transaction records for as long as anti-money-laundering law requires.
• Raw government-ID document images and biometric/liveness media are automatically deleted 12 months after the verification decision, and immediately upon account deletion.
• General account data is deleted 30 days after account closure.

This schedule is identical to the one in our Privacy Policy, so the two never disagree.

To open and operate your merchant account, we share your identity and financial onboarding data with our payment processors, Fiserv (CardConnect / ISV) and NMI, so they can board you, run the Know-Your-Customer and sanctions checks they are required to perform, and settle your funds. They are bound by contract and PCI DSS.

Identity verification itself, matching your selfie to your ID and screening for spoofing, is performed in-house on Cloudflare Workers AI. We do not send your ID document or biometric media to a separate third-party identity-verification vendor. We may also disclose information where required by law, subpoena, or a lawful government request.

As part of boarding and on an ongoing basis, you and your business may be screened against applicable sanctions and watchlists. We may decline, pause, or close an account where we are legally unable to provide service, or where activity indicates fraud, money laundering, or a breach of our Acceptable Use Policy.

Where we can, we will tell you what is happening and give you a chance to respond, consistent with the commitments on our /promise page, except where the law prevents us from doing so.

For questions about this policy, your verification, or to exercise your data rights, contact us at: