Persona (identity verification service)

Last updated

Persona Identities, Inc.
Company type Private
Industry Software
FoundedOctober 2018;7 years ago (2018-10)
Founders
  • Rick Song
  • Charles Yeh
Headquarters San Francisco, California, United States
Services Identity verification
Website withpersona.com

Persona Identities, Inc. is an American identity verification company headquartered in San Francisco. The company develops infrastructure for businesses to verify individuals and organizations, manage onboarding, and comply with KYC/AML requirements. [1] [2] Persona is a consumer-facing platform, and uses the backend engine Paravision for the technical verification. [3]

Contents

History

Rick Song and Charles Yeh founded Persona in 2018, developing identity infrastructure to help businesses fight fraud. [4]

In 2025, the social media platform Reddit selected Persona to perform age checks for United Kingdom users as part of the Online Safety Act 2023. [5] [6] [7]

Also in 2025, the popular game creation platform Roblox chose Persona to estimate player ages via a facial scan to unlock chat for Netherlands, Australia and New Zealand users. [8] The scan was enforced to all users worldwide in 2026, stirring up extreme controversy with the playerbase.

In January 2026, OpenAI announced it will rollout age prediction worldwide using Persona as a service provider for age verification. [9]

In February 2026, Discord announced it will be rolling out global age verification restrictions in March. This follows after Discord already has started testing age verification in 2025, originally using the services of company k-ID. At least some users have already been presented with the prompt to verify their age using Persona, so it is likely that Discord was testing Persona as an alternative service provider for age verification, but Discord did not yet specify why they were using Persona instead of k-ID. [10]

Source Code Leak

On February 16, 2026, security researchers published a post detailing findings from a persona-owned web server with 53 MB of publicly exposed, now removed source code. [11] The researchers found exposed backends for integrations with OpenAI, FedRAMP, and Fivecast ONYX, an AI-based Open-source intelligence platform purchased by the DHS to provide surveillance services to ICE and CBP. [12] [13] [11] Persona's CEO has stated "We do not want our technology to be used by ICE or the government for any surveillance purposes." [14]

They note the OpenAI integration seems to have been running since November 2023, [11] with OpenAI only publicly announcing "Verified Organization" requirements in April of 2025, meaning OpenAI's watchlist infrastructure was operating in some capacity 18 months before it was publicly known. [15] OpenAI updated their privacy policy on November 4th, 2024 to include a section stating they may use information provided to them to "establish your identity or age." [16]

The researchers found that Persona has a module to directly file case data from any individual verified on the Persona platform to FinCEN and FINTRAC, and had specifically mentioned names of individual public-private partnerships operated by FINTRAC. [11] It was previously known that Persona had acquired FedRAMP Authorized status. [17] They note the same codebase is used for both verifying customer identities and filing data with the government. [11]

The researchers state the Persona platform was found to keep 13 types of tracking lists, for government ID numbers, IP addresses, names, phone numbers, emails, geolocation data, browser and device fingerprints, facial data, countries, selfie backgrounds, as well as arbitrary fields and strings. [17] [14]

The researchers provided a list of vendors used for various purposes, such as Chainalysis for crypto address screening, Equifax for credit and identity data, and OpenAI for "AI copilot (productivity)", among others. They noted a distinct lack of Palantir, Clearview, NEC, or any other surveillance vendors, only including KYC/AML compliance businesses and productivity tools. [11]

They found Persona compares all uploaded selfies and profile data to politicians and world leaders. [11] [14] They also found Persona will sometimes label faces as "suspicious", though the methodology is not stated. AI-based identification systems are commonly criticized for misidentifying, flagging, and causing false positives, especially on darker skin tones. [18]

The leaked verification pipeline showed a total of 269 different checks performed during the verification process, to accomplish features such as comparing a face with an ID photo, determining if you look like a public figure, identifying if you have the same background as another user, recording if you wear glasses, and performing liveness detection, among others. [11] [14] [19]

Questions were raised regarding inconsistent retention limits, with OpenAI stating biometric data would be stored for "up to a year", while the leaked source code showed facial data retention set to a max of 3 years, and government IDs being retained permanently. [11] Persona's Privacy Policy states personal data is automatically deleted "as soon as processing is complete and an outcome has been determined", though they also state its business customers can retain customer data for "longer periods as necessary to detect, investigate, or prevent suspicious or fraudulent activity." [20]

Products and services

Persona’s platform provides document and biometric identity verification, including proprietary selfie "liveness" checks [21] [22] and database-based verification. [23]

Reception and privacy concerns

Persona and other third‑party age verification providers have been cited in broader debates about the privacy and security implications of online age checks. Coverage of Reddit’s UK rollout focused on short photo retention windows and the separation of user account data from verification data, while also highlighting civil liberties concerns about expanding age restrictions online. [24]

See also

References

  1. Azevedo, Mary Ann (May 4, 2021). "Persona lands $50M for identity verification after seeing 10x YoY revenue growth". TechCrunch. Retrieved November 15, 2025.
  2. "US identity platform Persona hits $2bn valuation after $200m Series D". FinTech Futures. May 2, 2025. Retrieved November 15, 2025.
  3. Tucker, Hank (February 13, 2024). "The Future Of Wall Street And Enterprise: Fintech 50 2024". Forbes .
  4. "Persona and Index Ventures talk identity, and identifying a good deal". TechCrunch. May 9, 2023. Retrieved November 15, 2025.
  5. "Reddit introduces age verification in the UK ahead of new rules". BBC News. July 14, 2025. Retrieved July 24, 2025.
  6. McConvey, Joel R. (July 15, 2025). "Reddit deploys selfie and document age verification from Persona". Biometric Update. Retrieved July 15, 2025.
  7. Yeo, Amanda (July 15, 2025). "Reddit users in the UK must now upload selfies to access NSFW subreddits". Mashable. Retrieved July 24, 2025.
  8. Malik, Aisha (January 7, 2026). "Roblox now requires all users globally to complete age checks to access chat". TechCrunch. Retrieved January 13, 2026.
  9. Capoot, Ashley (January 20, 2026). "OpenAI is rolling out age prediction for ChatGPT consumer plans". CNBC . Retrieved February 15, 2026.
  10. Carpenter, Lincoln (February 13, 2026). "Oh, good: Discord's age verification rollout has ties to Palantir co-founder and panopticon architect Peter Thiel". PC Gamer . Retrieved February 15, 2026.
  11. 1 2 3 4 5 6 7 8 9 vmfunc. "the watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds". vmfunc.re. Retrieved February 21, 2026.
  12. "USAspending.gov". www.usaspending.gov. Archived from the original on January 7, 2026. Retrieved February 21, 2026.
  13. Quintin, Cooper (January 7, 2026). "ICE Is Going on a Surveillance Shopping Spree". Electronic Frontier Foundation. Retrieved February 21, 2026.
  14. 1 2 3 4 "Same company verifies mugshots for ChatGPT, and offers 269 surveillance checks for US government". Cybernews. February 19, 2026. Retrieved February 21, 2026.
  15. Cser, Andras (April 17, 2025). "OpenAI Requires Identity Verification For Access To Its Latest Models". Forrester. Retrieved February 21, 2026.
  16. "Privacy Policy". OpenAI. November 4, 2024. Archived from the original on November 5, 2024.
  17. 1 2 Persona. "Persona Achieves FedRAMP® Authorized Status to Expand Identity Verification Solutions for Federal Agencies". www.prnewswire.com. Retrieved February 21, 2026.
  18. Cagle, Marissa Gerchick, Matt (February 7, 2024). "When it Comes to Facial Recognition, There is No Such Thing as a Magic Number | ACLU". American Civil Liberties Union. Retrieved February 21, 2026.{{cite web}}: CS1 maint: multiple names: authors list (link)
  19. Arntz, Pieter (February 20, 2026). "Age verification vendor Persona left frontend exposed, researchers say". Malwarebytes. Retrieved February 21, 2026.
  20. "Privacy Policy". withpersona.com. Retrieved February 21, 2026.
  21. "Persona raises $150M, renews development efforts in digital ID solutions and infrastructures". Biometric Update. September 16, 2021. Retrieved November 15, 2025.
  22. "AI Is Making The Internet's Bot Problem Worse. This $2 Billion Startup Is On The Front Lines". Forbes. April 30, 2025. Retrieved November 15, 2025.
  23. "Identity verification startup Persona raises $200M at $2B valuation". SiliconANGLE. April 30, 2025. Retrieved November 15, 2025.
  24. Forristal, Lauren (July 15, 2025). "Reddit rolls out age verification in the UK to comply with new rules". TechCrunch. Retrieved November 15, 2025.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.