Inquiry on Vision API Restrictions for Analyzing Selfies and Identity Document

Hello OpenAI Developer Community,

I am engaged in a project that involves using the OpenAI Vision API to compare selfies with photos of identity documents to verify user identities. Additionally, we aim to extract data from these documents. It is pertinent to note that we have explicit user consent for this process.

However, we are encountering restrictions when attempting to upload selfies and identity document photos via the Vision API, which hampers our ability to perform comparisons and data extraction.

On the other hand, we have developed custom GPTs models that perform this task without issues, but we are looking to integrate the capabilities of the OpenAI Vision API as well.

Could you provide information regarding the current restrictions related to processing selfies and identity documents, and whether there is a way for our project to comply with OpenAI policies while using these features?

Any guidance or suggestions you can offer would be greatly appreciated.

Best regards,

This is a developer forum, which has really lost it’s meaning. We are not going to give you legal advice, except:

All data sent to GPTs can be used for training data, and may inadvertently appear in the future models. This just seems like a terrible idea.

These should have been questions to ask before even starting, you need to read their privacy policies and contact them. The Vision model is not supposed to be used to read identity documents.

Strictly speaking as a developer. I don’t see why you would use GPT-4V for this task. There are robust identity document verification tools that return data, can be trained, already exist, and properly handle the data to protect you, and the people that use your service.


The response from @RonaldGRuckus is excellent but I feel the need to specify this statement:

Anything you send to the API will not be used to train future models. Anything send to the ChatGPT web interface will be used for training unless the user opts out.


While that may sound comforting to some it seems to me like people tend to think it means a lot more than it actually states.

Please be responsible with your users’ data.