/
Contact usSee pricingStart building

    About Stytch Fraud and Risk

    Introduction
    Use cases
    Device Fingerprinting
      Overview
      Fingerprints
    • Verdicts

      • Verdicts overview
        Allow
        Block
        Challenge
        Not Found
    Getting started
      Device Fingerprinting API
      DFP Protected Auth
    Decisioning
      Decisioning overview
      Setting rules with DFP
      Overriding verdict reasons
      Intelligent Rate Limiting
    Enforcement
      Enforcement overview
    • Protected Auth

      • Overview
        Handling challenges
    Integration steps
      Configure custom domains
      Test your integration
      Privacy and compliance considerations
    Reference
      Warning Flags (Verdict Reasons)
Get support on SlackVisit our developer forum

Contact us

Fraud and Risk Prevention

/

Guides

/

About Stytch Fraud and Risk

/

Integration steps

/

Privacy and compliance considerations

Privacy and compliance considerations

Stytch Device Fingerprinting collects telemetry data and stores a visitor ID to local storage. This page outlines some considerations for privacy and compliance of your application.

You may consult your legal and compliance team to determine the exact impact on your business. The information on this page does not, and is not intended to, constitute legal advice; instead, all information is for general informational purposes only.

General considerations

Generally speaking, users should be notified of the types of data being collected, how this data is used, and what information is stored on the device.

The exact requirements for these notifications vary based on the jurisdiction of the user and your service.

Data collected

Stytch Device Fingerprinting collects various forms of data about the user's device. The only personally-identifiable data (PII) is the IPGEO information, described below.

IPGEO information

By default, Stytch returns IP address, Autonomous System Number (ASN), and geolocation information in the response of the Fingerprint Lookup API (/lookup). You should consult with your compliance team to understand if you need to update your privacy policy to collect this data.

IPGEO information is opt-out. You may contact Stytch to remove this information from the payload.

Data stored on the user's device

Stytch Device Fingerprinting stores the visitor ID to the local storage of the user's browser.

External metadata

The Fingerprint Lookup API provides an external_metadata parameter that can help you correlate fingerprints based on your own records of that user.

If you provide external metadata, specifically external_id, consider the privacy implications. For example, if you set external_id to be a user's email address or other PII, then that information is shared with Stytch and may require updates to your privacy policy or other disclosures.

General considerations

Data collected

IPGEO information

Data stored on the user's device

External metadata