Consult your legal and compliance team to determine the exact impact on your business.The information on this page does not, and is not intended to, constitute legal advice;
instead, all information is for general informational purposes only.
General considerations
In general, users should be notified of:- The types of data being collected.
- How the data is used.
- What information is stored on the device.
Data collected
Stytch Device Fingerprinting collects various forms of data about the user’s device. The only personally-identifiable data (PII) is the IPGEO information, described below.IPGEO information
By default, Stytch returns IP address, Autonomous System Number (ASN), and IP-based geolocation information in the response of the Fingerprint Lookup API. IPGEO information is opt-out and you may contact Stytch to remove this information from the payload.Consult your compliance team to understand if you need to update your privacy policy to collect this data.
Data stored on the user’s device
Device Fingerprinting stores the visitor ID to the local storage of the user’s browser.External metadata
The Fingerprint Lookup API provides anexternal_metadata parameter that can help you correlate fingerprints based on your own records of that user.
If you provide external metadata, specifically external_id, consider the privacy implications.
For example, if you set external_id to be a user’s email address or other PII,
then that information is shared with Stytch and may require updates to your privacy policy or other disclosures.