Startup Diligence
Diligence report Digital identity, identity proofing, authentication, and credential reuse for government, healthcare, employment, and consumer/member ecosystems Private unicorn / late-stage digital identity company

ID.me

ID.me Startup Diligence Report

ID.me appears to be a differentiated digital identity platform with real public-sector, healthcare, member-network, and employment-screening relevance, but any investment or acquisition thesis should remain conditional on private validation of revenue quality, structured capital terms, customer concentration, privacy/compliance evidence, and entity/IP ownership.

Company profile

ID.me Startup Diligence Report

ID.me remains an eligible private-company diligence target in the reviewed public record: a 2025 Series E, active careers pages, current VA integration, and broad product/industry pages support ongoing operations. The strongest public signals are product breadth, government/healthcare relevance, and ecosystem scale; the weakest are audited financial quality, customer concentration, litigation completeness, and named leadership depth.

Website
www.id.me
Sector
Digital identity, identity proofing, authentication, and credential reuse for government, healthcare, employment, and consumer/member ecosystems
Geography
United States; public sources point to Virginia-linked operations with U.S. federal, state, healthcare, employment, and retail/eCommerce use cases
Stage
Private unicorn / late-stage digital identity company
Known aliases
ID.me, ID.me, Inc., ID.me, LLC, ID.me Wallet, ID.me Network
Report version
1.0
Timezone
UTC

Executive summary

Strengths

  • Public network pages clearly verify the product family and regulated-industry coverage.
  • VA and Sterling sources verify meaningful current relationships in government and employment-related workflows.
  • The homepage publicly states large ecosystem counts across members, stores, healthcare organizations, and federal agencies.

Risks

  • Public valuation anchors mask a more complex capital stack involving secondary liquidity and line-of-credit financing.
  • Public revenue evidence exists, but audited financial quality and customer concentration do not.
  • Identity, biometrics, and public-sector workflows create elevated privacy and policy-scrutiny risk.
  • Public entity naming suggests a legal-entity/IP reconciliation item that should not be ignored.

Gaps

  • Audited 2023-2025 financial statements and monthly KPI bridge.
  • Full cap table, debt schedule, and 2024-2025 financing terms.
  • Top-customer and top-partner concentration, retention, and contract schedules.
  • Current named executive roster, board, and headcount by function/location.
  • Full litigation/open-matters schedule and trademark/patent portfolio.

Recommended next steps

  • Request audited financial, cap-table, and customer-concentration materials before relying on valuation or revenue anchors.
  • Run counsel-led litigation and IP searches and reconcile ID.me, Inc. versus ID.me, LLC across ownership and contracting.
  • Review privacy, biometric-data, and compliance audit artifacts behind public FedRAMP/NIST/ISO/SOC 2-style claims.
  • Conduct customer/partner calls across VA/public sector, healthcare, and Sterling-related employment workflows.

Risk register

high medium likelihood

R-ID-001: Valuation support and capital-structure opacity

Public sources show a $2.0B January 2025 valuation anchor, a $67M secondary, a $275M line of credit, and a $65M Series E, but the latest post-money valuation, liquidation preferences, debt covenants, and ownership stack are not public.

Diligence request: Obtain the full cap table, debt documents, investor rights agreements, and any 409A or fairness materials for 2024-2026 transactions.

high medium likelihood

R-ID-002: Revenue quality and customer-concentration opacity

A public 2023 revenue figure exists, but no audited statements, retention metrics, gross margins, or top-customer concentration disclosures were found.

Diligence request: Request monthly recurring revenue bridges, top-20 customer schedules, NRR/GRR, and audited income statements and cash flows.

high medium likelihood

R-ID-003: Public-sector dependency and policy exposure

Official and company sources show deep public-sector use cases, which creates exposure to procurement cycles, policy shifts, and public scrutiny around identity-verification approaches.

Diligence request: Map revenue by agency and program, renewal timing, termination rights, and any policy/regulatory dependencies for public-sector workflows.

high medium likelihood

R-ID-004: Privacy, biometric-data, and identity-policy scrutiny

ID.me makes strong consent and biometric-data commitments, but the identity-proofing category faces continued policy scrutiny and the company’s operating compliance cannot be verified from public pages alone.

Diligence request: Review biometric-data governance, deletion exceptions, customer DPAs, privacy-impact assessments, and any complaints, settlements, or regulator inquiries.

medium high likelihood

R-ID-006: Competitive pressure from identity-verification specialists and data platforms

CB Insights surfaces multiple well-funded alternatives including Veriff, Jumio, Socure, Incode, iDenfy, and LexisNexis Risk Solutions.

Diligence request: Obtain recent win/loss data, pricing comparisons, and the company’s evidence for differentiated pass rates, fraud capture, and credential reuse.

medium medium likelihood

R-ID-005: Execution burden across compliance-heavy product lines

The public product stack spans wallet, identity proofing, MFA, access management, healthcare, and public-sector compliance, which can increase roadmap, audit, and support complexity.

Diligence request: Request product gross margins, deployment burden by SKU, roadmap prioritization, and audit/control exceptions by compliance program.

medium medium likelihood

R-ID-007: Entity-structure and IP-ownership reconciliation risk

Public sources reference both ID.me, Inc. in SEC filings and ID.me, LLC in website copyright notices, which may be normal but requires reconciliation for IP ownership, contracting, and financing diligence.

Diligence request: Request the full legal-entity chart, IP assignments, intercompany agreements, and contracting entities by major customer and product line.

medium medium likelihood

R-ID-008: Management-depth and headcount transparency gap

Accessible public sources verified Blake Hall as founder and CEO and showed an active careers page, but did not expose a current executive roster or headcount trend.

Diligence request: Request current org chart, executive bios, functional headcount by location, attrition, and retention/refresh equity plans.

Chapter 01

01Financial Information

Public financial evidence is meaningful but incomplete: CB Insights exposes 2023 revenue, a January 2025 valuation anchor, and 2024-2025 financing events, while audited statements, the latest post-money value, and detailed capital-structure terms remain private.

I.A Annual and quarterly financial information for the past three years

partially verified confidence: medium

The review located a public 2023 revenue figure and public 2024-2025 financing signals, but not audited financial statements, quarterly performance, backlog, receivables aging, or gross-profit segmentation.

Evidence gaps

  • Audited income statements, balance sheets, cash flows, backlog, AR aging, and planned-versus-actual reports were not publicly available in accessible sources.

Hidden risks

  • Revenue quality, gross margin mix, and cash conversion are still opaque from public sources.

Follow-up questions

  • What were 2024 and 2025 revenue, ARR, gross margin, burn, and operating cash flow by quarter?
Public funding-round history
date or periodround or eventamountpublic investor or contextpublic valuation signal
2011-2023Seed VC II/III/IV, Series A, Series B-II, Series C, Series Dnot_publicly_visible_in_accessible_excerptCB Insights lists these rounds in the public historical sequencenot_publicly_visible_in_accessible_excerpt
2024-11-25Secondary Market$67MRibbit Capital, CapitalG, Viking Global Investors$130M FY2023 revenue multiple shown; exact valuation gated
2025Line of Credit - II$275MAres Management appears on public investor table tied to Line of Credit - II and Series E$2,000M appears in comparison row context, but term details are gated
2025-09-03Series E$65MRibbit Capital, Ares Management, Moonshots Capital, Positive SumLatest post-money valuation referenced as September 2025 but gated

Visible public financing suggests both equity and debt/secondary complexity.

Public revenue and valuation signals
metricpublic signalverification statusdiligence note
2023 revenue$130MverifiedNeed audited statements, segment mix, and 2024-2026 updates
January 2025 valuation$2,000MverifiedNeed methodology, security class, and 409A/common-stock context
September 2025 post-money valuationReferenced, exact value gatedpartially_verifiedNeed Series E term sheet and post-money cap table
2024-2025 operating performancenot_publicly_disclosednot_publicly_verifiableNeed monthly KPIs, burn, runway, and retention

Only one revenue year was visible in the accessible public financials page.

Funding timeline from seed financing to Series E Publicly visible milestones across SEC and CB Insights financing history.

This timeline reflects only events visible in accessible public excerpts.

Public valuation trajectory anchors Public valuation signals are sparse: one disclosed January 2025 valuation and gated values around adjacent transactions.

The chart intentionally visualizes gating/opacity as part of the diligence story.

I.B Financial Projections

not publicly verifiable confidence: low

No public three-year operating model, pricing assumptions, or capital-expenditure forecast was found in the sources reviewed.

Evidence gaps

  • Quarterly projections, scenario assumptions, capex plans, working-capital assumptions, and financing assumptions were not publicly disclosed.

Hidden risks

  • A business touching government, healthcare, and employment workflows can be sensitive to policy changes and procurement timing even when top-line growth appears strong.

Follow-up questions

  • What is management's base/upside/downside plan for 2026-2028, and how sensitive is it to public-sector renewal timing or compliance-cost inflation?

I.C Capital Structure

partially verified confidence: medium

SEC and CB Insights show that ID.me is financed through private exempt offerings and later structured/private-market transactions, but the share count, preferences, option pool, and debt covenants remain non-public.

Evidence gaps

  • Current shares outstanding, option pool, warrants, liquidation preferences, and off-balance-sheet liabilities are not public.

Hidden risks

  • Secondary liquidity and debt-like capital can create seniority, pricing, or signaling issues not visible in topline valuation headlines.

Follow-up questions

  • What are the fully diluted share count, preference stack, debt covenants, and any investor veto/board rights created or amended in 2024-2025?
Capital structure and ownership snapshot
itempublic evidenceimplicationgap
Issuer identitySEC EDGAR shows ID.me, Inc., CIK 0001518117, DE incorporation, VA state location, fiscal year end 1231Supports private-company identity and legal-entity diligence starting pointNeed full entity chart and contracting entities
Investor countCB Insights says ID.me has 37 investorsLate-stage cap table is likely complexNeed full holder list and ownership percentages
Secondary liquidity$67M secondary market transaction in 2024Potential shareholder-liquidity or pricing signalNeed sellers, buyers, and pricing details
Entity namingPrivacy Bill of Rights footer says Copyright © ID.me, LLC while SEC lists ID.me, Inc.Possible multi-entity structure affecting IP and contract ownershipNeed intercompany and IP-assignment records

No public share-count or preference-stack data was visible.

I.D Other financial information

partially verified confidence: low

Publicly accessible evidence was strongest on financing history and weakest on tax positions, accounting policy details, and revenue-recognition mechanics.

Evidence gaps

  • Tax positions, accounting policies, and detailed revenue-recognition disclosures were not publicly available.

Hidden risks

  • Debt-like facilities and secondary sales can complicate runway and ownership narratives.

Follow-up questions

  • How are marketplace, verification, professional-services, and partner revenues recognized across the product portfolio?
Chapter 02

02Products

Public sources show a broad identity stack that spans consumer wallet, authentication, access management, credential validation, and policy-based identity proofing across multiple regulated workflows.

II.A Description of each product

partially verified confidence: medium

The accessible product pages verify the breadth of the suite and many use cases, but pricing, attach rates, product-level gross margins, and roadmap timing remain private.

Evidence gaps

  • SKU pricing, usage tiers, attach rates, implementation services mix, and product-specific gross margins were not public.

Hidden risks

  • The breadth of regulated use cases raises implementation and control burden across products.
  • Self-reported privacy posture still needs audit-level confirmation.

Follow-up questions

  • What percentage of revenue comes from Wallet/member-network monetization versus B2B/B2G verification and authentication products?
Product and solution matrix
product or solutionaudiencepublic featuresverification status
ID.me Digital WalletConsumers, agencies, and relying partiesSingle login, credential reuse, consent-based data sharing, member access to services and offersverified
Unify AuthenticationEnterprises and agenciesSurface listed on network site as part of the platform familyverified
Access ManagementEnterprises and agenciesSurface listed on network site as part of the platform familyverified
Identity VerificationRegulated enterprises, agencies, healthcare, employersPolicy-based orchestration, assurance levels, omnichannel verification, federation back to relying partypartially_verified
Credential ValidationOrganizations needing attribute proofingAttribute exchange against sources of truth for employees, contractors, or professionalspartially_verified
Login SecurityHigh-risk account workflowsMulti-factor authentication including FIDO/WebAuthn and tokens like YubiKeyspartially_verified

Pricing and attach rates were not public.

Identity-assurance and compliance workflow matrix
assurance or policypublic descriptionexample use casepricing visibility
Community VerificationService communities such as military/veterans, first responders, teachers, students, nurse/medical, and employee verificationDiscounts, benefits, workforce/community gatingnot_publicly_disclosed
Document Verification / KBA ReplacementGovernment photo ID verification, OCR text extraction, authoritative-source validation, phone verificationCustomer onboarding and fraud reductionnot_publicly_disclosed
NIST 800-63-3 IAL2/AAL2Certified identity proofing and MFA for unsupervised remote, supervised remote, and in-person workflowsGovernment and healthcare access workflowsnot_publicly_disclosed
EPCS and TEFCA-linked workflowsDEA EPCS support and TEFCA/QHIN identity proofing for patient/provider contextsHealthcare provider and patient accessnot_publicly_disclosed
Privacy / biometric controlsConsent before sharing, revocation, credential destruction, biometric data not sold; some NIST credential data retained for fraud prevention and government auditingPrivacy-sensitive regulated deploymentsnot_publicly_disclosed

Use-case breadth is public; monetization is not.

ID.me high-level product architecture High-level view of how the wallet, relying-party integrations, and verification platform relate based on public pages.

This diagram is synthesized from public product descriptions and is not a disclosed internal architecture document.

Chapter 03

03Customer Information

Public sources support broad government, healthcare, retail/member, and employment use cases, but they do not provide a top-customer schedule or direct revenue concentration data.

III.A Top customers by application

partially verified confidence: medium

The reviewed public evidence confirms named and categorical use cases across federal agencies, healthcare providers, stores, and employers, but it does not reveal the top 15 customers by revenue or purchase timing.

Evidence gaps

  • Top-customer ARR, renewal schedules, and spend history were not publicly available.

Hidden risks

  • Public ecosystem counts do not equal diversified revenue; government or partner concentration could still be high.

Follow-up questions

  • How much revenue is concentrated in the top 10 agencies, top 10 enterprise accounts, and the Sterling-related employment channel?
Publicly known customers, partner-backed use cases, and ecosystem counts
customer or segmentpublic evidenceuse caseverification status
U.S. Department of Veterans AffairsVA says users need an ID.me or Login.gov account to sign in to VA.gov and related servicesVeteran account access and MFA/identity-verified sign-inverified
Federal agenciesHomepage says 19 federal agencies trust ID.me for secure identity verificationGovernment services and benefits accesspartially_verified
Healthcare organizationsHomepage says 65 healthcare organizations use ID.me; healthcare page says 100,000+ providers leverage ID.me for EPCSProvider access, EPCS, patient/provider proofingpartially_verified
Retail/store ecosystemHomepage says 600+ stores accept community cards in ID.me Wallet and showcases offers from brands such as Under Armour and CrocsMember discounts and commerce engagementpartially_verified
Employment / screening marketSterling partnership extended through 2028 for identity-first pre-employment screeningHiring, background checks, interview-fraud prevention, I-9 workflowspartially_verified

This table tracks visible ecosystem evidence, not customer-revenue concentration.

Disclosed ecosystem counts Publicly disclosed counts show ecosystem breadth but not revenue concentration.

This chart is intentionally descriptive, not financial.

III.B Strategic relationships

partially verified confidence: medium

Strategic relationship evidence is stronger than customer-revenue evidence: the Sterling partnership is explicit, public-sector/shared-service narratives are broad, and a Trusted Partner Network exists, but revenue-sharing and exclusivity economics are not public.

Evidence gaps

  • Partner-sourced revenue, minimum commitments, and exclusivity carve-outs were not public.

Hidden risks

  • Exclusive partnerships can help distribution while also concentrating dependency and renewal risk.

Follow-up questions

  • What share of new business is partner-originated, and what termination or exclusivity clauses exist in key partnerships?
Strategic relationships and dependency signals
relationship or dependencypublic evidencerisk or gapsource type
Sterling exclusive partnershipExclusive agreement extended through July 2028Need ARR contribution, exclusivity scope, and termination rightspartner press release
State workforce agenciesPublic-sector page says multiple state workforce agencies credited ID.me with preventing billions in unemployment fraudNeed named agencies, contract terms, and concentrationcompany source
California state agenciesCompliance page says multiple California state government agencies use the service for identity proofing/authenticationNeed named agencies and revenue contributioncompany source
Trusted Partner Network / partner directoryNetwork site exposes a partnership directory and partner-network navigationNeed partner list and partner-sourced pipeline metricscompany source
Authentication standards and tokensCompliance page cites FIDO WebAuthn and tokens like YubiKeysNeed actual component-vendor concentration and SLA exposurecompany source

Critical cloud/component suppliers remain undisclosed.

III.C Revenue by customer

not publicly verifiable confidence: low

The sources reviewed did not disclose revenue by customer or identify any customer contributing 5% or more of revenue.

Evidence gaps

  • Customer concentration schedules and revenue-by-customer data are private.

Hidden risks

  • A public-sector or large-enterprise identity platform can still carry outsized renewal risk even when customer logos appear diverse.

Follow-up questions

  • Which agencies, health systems, retailers, or partners contribute 5% or more of revenue?

III.D Significant relationships severed within the last two years

not publicly verifiable confidence: low

This review did not find a structured public disclosure of recently severed customer, partner, or supplier relationships.

Evidence gaps

  • No accessible public schedule of severed relationships was found.

Hidden risks

  • A reported partner or agency loss could be material but may not be public until after a revenue impact becomes visible.

Follow-up questions

  • Have any large agencies, commercial partners, or strategic suppliers exited in 2024-2026, and if so why?

III.E Top suppliers

not publicly verifiable confidence: low

Public sources expose standards, protocols, and partner surfaces, but not a ranked supplier list or cloud/vendor concentration.

Evidence gaps

  • Cloud spend, biometric/document-verification component vendors, and supplier contract terms were not public.

Hidden risks

  • Critical component providers or infrastructure vendors may be concentrated even when go-to-market relationships appear diversified.

Follow-up questions

  • Who are the top five suppliers by spend, and what business-continuity dependencies do they create?
Chapter 04

04Competition

CB Insights public comparison surfaces a crowded identity-verification field; ID.me's main public differentiation appears to be public-sector compliance plus a reusable member/wallet network.

IV.A Competitive landscape by market segment

partially verified confidence: medium

Public evidence supports a competition set of identity-verification specialists and risk-data platforms; what remains private is win-rate data, pricing pressure, and how much reusable-wallet scale translates into durable advantage.

Evidence gaps

  • No public win/loss, pricing, or retention-by-competitor data was found.

Hidden risks

  • Competitors may undercut on price or focus, while larger platforms may bundle adjacent capabilities.

Follow-up questions

  • Where does ID.me win because of member-network reuse versus compliance credibility versus price?
Competitor comparison matrix
competitorpublic descriptionsegmentoverlap with idme
VeriffIdentity and document verification, proof of address, age validation, AML screening, biometrics, fraud preventionIdentity verification specialistDocument/identity verification and fraud prevention
JumioIdentity verification, risk assessment, compliance monitoring with automation, biometrics, AI/ML, liveness detectionIdentity and compliance specialistProofing, biometrics, regulated identity workflows
SocureDigital identity verification and risk decisioning for financial services, government, and e-commerceIdentity + risk decisioningGovernment/commercial identity workflows
IncodeDeterministic verification, deepfake protection, orchestration, fraud prevention for public sector and enterprise sectorsIdentity orchestrationProofing orchestration and public-sector use cases
iDenfyKYC/KYB/AML with AI and biometric verificationCompliance-focused verificationFraud prevention and identity proofing
LexisNexis Risk SolutionsData analytics with identity verification, fraud prevention, compliance, and credit-risk supportRisk-data platformIdentity verification and compliance decisioning

This is a public comparison-set snapshot, not a validated win/loss ranking.

Basis-of-competition scoring
axisidme public positioncompetitor pressureevidence
Public-sector and regulated-workflow depthStrong public narrative around NIST, FedRAMP, VA, healthcare, and workforce-agency flowsSpecialists and government-capable vendors may still compete on procurement, price, or implementation easeCompany and VA sources
Reusable member network / credential reuse136M+ members and 30M+ preverified IAL2 users claimed on public pagesSpecialists may compete without a wallet network but can emphasize narrower workflowsHomepage and identity-verification page
Privacy and consent narrativeExplicit Privacy Bill of Rights and no biometric-sale statementRivals may market privacy differently or rely on alternative architecturesPrivacy Bill of Rights
Employment workflow leverageExclusive Sterling extension through 2028Competitors may still win direct employer or HR-tech integrationsSterling press release

Qualitative scoring only; no public price/win-rate data was found.

Public competitor market map A qualitative market map built from public competitor descriptions and ID.me's own product positioning.

This figure is a qualitative positioning aid, not an analyst-scorecard output.

Chapter 05

05Marketing, Sales, and Distribution

The public footprint suggests a hybrid go-to-market model: consumer/member acquisition, partner-led distribution, and direct sales into regulated government and enterprise workflows.

V.A Strategy and implementation

partially verified confidence: medium

ID.me publicly positions itself across consumer savings and benefits access, public-sector digital identity, healthcare workflows, and employment screening; however, channel economics and CAC efficiency are not public.

Evidence gaps

  • Sales productivity, CAC, partner-sourced pipeline, and regional channel mix were not publicly disclosed.

Hidden risks

  • A mixed B2C/B2B/B2G motion can obscure segment-level unit economics and elongate enterprise procurement cycles.

Follow-up questions

  • How are marketing and sales resources allocated across consumer/member growth, agency relationships, and enterprise verticals?
Distribution channels and GTM motions
channel or motionpublic evidencebuyer or usergap
Consumer/member acquisitionHomepage and privacy navigation emphasize discounts, cash back, jobs, and government-service accessConsumers, communities, benefit recipientsNeed CAC, engagement, and monetization by member cohort
Public-sector direct sales/shared servicePublic-sector page positions ID.me as a shared authentication and identity-proofing service across agenciesFederal, state, and local agenciesNeed procurement cycle, ACV, and renewal terms
Healthcare/provider workflow salesHealthcare page targets providers, EHRs, and patient/provider identity workflowsHealth systems, payers, EHR/app partners, providersNeed pricing and compliance-driven sales-cycle data
Employment / background-check channelSterling exclusive partnership and pre-employment screening narrativeEmployers and screening providersNeed partner-sourced revenue split and exclusivity economics
Trusted Partner Network / integrationsNetwork site exposes a partnership directory and product/integration surfacesPartners and relying partiesNeed partner counts, referral mechanics, and API economics

Public evidence supports channel existence more than unit economics.

Public marketing and positioning signals
signaldetailsourceimplication
Community/discount positioningHomepage spotlights offers for military, medical providers, first responders, and teachersHomepageConsumer/community affinity remains a visible acquisition surface
Government/benefits positioningPrivacy and wallet pages emphasize secure access to government and commercial benefits and servicesPrivacy and wallet pagesCross-market positioning bridges B2C and B2G narratives
Industry-led enterprise positioningNetwork site groups solutions into public sector, healthcare, retail/eCommerce, employment/background checks, and financial servicesNetwork siteVerticalized B2B/B2G motion
Privacy/trust messagingPrivacy Bill of Rights and homepage emphasize consumer control and no data saleHomepage and Privacy Bill of RightsTrust narrative is central to brand positioning
Employer-brand signalingCareers page emphasizes mission, culture, benefits, and equityCareers pageRecruiting and mission branding are public GTM-support assets for talent

No public campaign-spend or funnel-conversion metrics were found.

Public go-to-market funnel scaffold Conceptual funnel based on public member and credential-reuse signals.

Counts mix dated and undated company claims and should not be used as an operational funnel without management confirmation.

V.B Major Customers

partially verified confidence: low

Major-customer relationship quality cannot be assessed from public revenue data, but official and company sources indicate durable relevance in veteran, healthcare, tax, and employment-adjacent journeys.

Evidence gaps

  • Pipeline detail, major-account expansion, and customer health metrics are private.

Hidden risks

  • Public logos and program descriptions do not reveal contract value or renewal risk.

Follow-up questions

  • Which large customers are expanding, at risk, or renewal-bound in the next 12 months?

V.C Principal avenues for generating new business

partially verified confidence: medium

The clearest public new-business avenues are public-sector logins, healthcare/provider workflows, employment screening with Sterling, and merchant/community-card ecosystem expansion.

Evidence gaps

  • Lead sources, quotas, and channel-conversion rates were not public.

Hidden risks

  • New business may rely heavily on regulated-policy inflections and partner distribution timing.

Follow-up questions

  • What percent of new ARR is sourced by partners, agencies, or self-serve/member-network conversion?

V.D Sales force productivity model

not publicly verifiable confidence: low

No public information was found on sales compensation, quota, productivity, or sales-cycle benchmarks.

Evidence gaps

  • Quota, pay mix, sales cycle, and hiring plan were not publicly disclosed.

Hidden risks

  • Without productivity data, investors cannot judge whether public growth claims rely on efficient acquisition or heavy human-assisted implementation.

Follow-up questions

  • What are quota attainment, CAC payback, average contract duration, and implementation burden by segment?

V.E Ability to implement marketing plan with current and projected budgets

not publicly verifiable confidence: low

The active careers page, public partner ecosystem, and 2025 financing signals support continued execution capacity, but actual sales-and-marketing budgets are not public.

Evidence gaps

  • Sales-and-marketing budget, budget variance, and projected hiring by function were not public.

Hidden risks

  • Recent financing can mask budget inefficiency if growth requires high-touch onboarding or policy-specific support.

Follow-up questions

  • How much of the recent financing is earmarked for growth versus compliance, fraud operations, and working capital?
Chapter 06

06Research and Development

Public technical sources show investment in identity orchestration, open protocols, MFA, healthcare/public-sector compliance, and omnichannel verification, but engineering headcount and roadmap economics remain private.

VI.A Description of R&D organization

partially verified confidence: medium

The accessible public evidence is strongest on technical capabilities rather than org design: orchestration, protocol support, MFA, document and biometric flows, and regulated-workflow compliance are clearly described.

Evidence gaps

  • Named engineering/security leaders, R&D budget, and engineering productivity metrics were not publicly available from accessible sources.

Hidden risks

  • A capability-rich platform can accumulate technical debt and control complexity across public sector, healthcare, and enterprise use cases.

Follow-up questions

  • Who leads engineering, security, and product today, and how is R&D resourced across consumer, government, and enterprise workflows?
R&D and technical capability matrix
capabilitypublic evidencewhy it mattersgap
Identity orchestrationID.me orchestrates component vendors and dynamically routes users through proofing flowsCore differentiator if pass rates and fraud capture are strongNeed pass rates, failure modes, and vendor dependency map
Open federation protocolsSAML 2.0, OAuth 2.0, and OpenID Connect are explicitly citedLowers integration friction for relying partiesNeed implementation burden and compatibility matrix
Document and biometric proofingGovernment photo ID checks, OCR, selfie/PAD, phone verification, multiple evidence typesCritical for fraud prevention and complianceNeed accuracy, bias, appeals, and vendor-component details
MFA and login securityFIDO/WebAuthn and tokens like YubiKeys are listedImportant for account takeover resistanceNeed adoption metrics and account-recovery policy details
Credential and attribute validationPublic-sector and healthcare pages describe validating employees, contractors, providers, and other attributes from sources of truthEnables higher-value workflows beyond simple proofingNeed source coverage, match rates, and failure-resolution procedures

This table emphasizes public capability claims, not independent technical validation.

Identity-proofing and compliance stack Technical stack synthesized from public proofing, compliance, and sector pages.

Detailed component vendors and data flows remain private.

VI.B New Product Pipeline

partially verified confidence: medium

Pipeline signals are directional rather than complete: public sources mention ongoing omnichannel/in-person verification work, interview-fraud and I-9 expansion with Sterling, and continued sector-specific compliance support.

Evidence gaps

  • Public sources did not disclose development cost, ship dates, or product-retirement plans.

Hidden risks

  • Roadmap breadth may outrun engineering focus if product-market fit differs across sectors.

Follow-up questions

  • What roadmap items are contractual, revenue-linked, or required to maintain compliance trust marks?
Public product pipeline and technical unknowns
initiative or signalpublic statuspublic date or contextrisk or gap
Interview-fraud solutionsPlanned/expanding with Sterling2023 press releaseNeed shipped status, adoption, and economics
I-9 document verificationPlanned/expanding with Sterling2023 press releaseNeed product readiness and compliance scope
In-person and omnichannel verificationCurrent capability with evolving compliance referencesIdentity-verification pageNeed current certification status and operational scale
TEFCA/QHIN and patient-access workflowsCurrent healthcare use caseHealthcare and compliance pagesNeed customer count, attach rate, and roadmap dependencies
Roadmap cost and deprecation risknot_publicly_disclosedNo public roadmap artifact locatedNeed cost of development, sunset plans, and technical debt review

Forward-looking items are sourced from public statements, not management forecasts.

Chapter 07

07Management and Personnel

Accessible public leadership detail is thinner than product or market detail: Blake Hall is publicly named as founder and CEO, while the broader current org chart and headcount need direct confirmation.

VII.A Organization Chart

partially verified confidence: medium

A minimal public org picture can be assembled around founder/CEO Blake Hall and standard operating functions, but a complete named org chart was not available in accessible public sources.

Evidence gaps

  • A named org chart and board observer/committee structure were not publicly accessible in this review.

Hidden risks

  • Leadership transparency is lower than product transparency, which can hide succession or control-person risk.

Follow-up questions

  • Please provide the current org chart, board roster, and executive tenure table.
Management and legal-entity visibility snapshot
person or rolepublic signalsourcecaveat
Blake Hall — founder & CEONamed in Sterling partnership press releaseSterling/ID.me press releaseBroader executive roster still needs confirmation
ID.me, Inc. legal issuerSEC CIK record with DE incorporation and VA state locationSEC EDGAROperating/contracting entities may include other affiliates
Current executive rosterAccessible public sources in this review did not yield a complete rosterPublic-source limitationNeed current leadership page or company deck
Board / committeesnot_publicly_compiled_from_accessible_sourcesPublic-source limitationNeed charter, investor-rights, and committee materials

Leadership transparency was lower than product transparency in the accessible public record.

Public-management scaffold org chart Minimal public org chart centered on the founder/CEO and standard functional boxes that still require confirmation.

Only the founder/CEO node was directly named in accessible public sources during this review.

VII.B Historical and projected headcount by function and location

not publicly verifiable confidence: low

The active careers page signals ongoing hiring and employee-benefit investment, but it does not disclose workforce size or distribution.

Evidence gaps

  • Historical headcount, location mix, and projected hiring by function were not public.

Hidden risks

  • Headcount opacity makes it difficult to assess operating leverage or whether growth is supported by sustainable staffing.

Follow-up questions

  • What is headcount by engineering, fraud operations, government sales, enterprise sales, support, and G&A, and how is it expected to change?
Hiring, benefits, and retention signals
signalpublic evidenceimplicationverification status
Mission and cultureCareers page says ID.me aims to fix the identity layer of the internet and emphasizes mission-driven cultureRecruiting brand appears mission-centricverified
Healthcare and wellness benefitsMedical, dental, vision, parental leave, life insurance, mental-health resourcesSuggests standard late-stage private-company benefits investmentverified
401(k) and equity401(k) match and employee equity incentive plan are publicly advertisedPublic evidence of long-term retention leversverified
Headcount by function/locationnot_publicly_disclosedOperating leverage cannot be assessed from public sources alonenot_publicly_verifiable

This table is a public hiring/retention signal table, not a headcount census.

Public headcount-disclosure timeline A deliberate visualization of missing workforce-count disclosure across the public sources reviewed.

This figure is intentionally a disclosure-gap visualization.

VII.C Senior management biographies

partially verified confidence: low

The accessible public record in this review confirmed Blake Hall as founder and CEO, but did not yield a current accessible executive-biography list.

Evidence gaps

  • Current executive biographies, prior roles, tenure, and age disclosures were not compiled from accessible sources.

Hidden risks

  • The lack of accessible current biographies increases diligence reliance on direct company materials.

Follow-up questions

  • Who currently leads finance, product, security, legal, operations, and people functions?

VII.D Compensation arrangements

partially verified confidence: medium

Public personnel evidence is limited to broad employee benefits and compensation-signaling language on the careers page.

Evidence gaps

  • Executive contracts, severance, bonus plans, and change-of-control terms were not public.

Hidden risks

  • Public benefits marketing does not disclose executive employment agreements or retention obligations.

Follow-up questions

  • What executive compensation, bonus, and retention structures are currently in force?

VII.E Incentive stock plans

partially verified confidence: medium

A public employee equity incentive plan is advertised, but its size, valuation basis, and vesting provisions were not public.

Evidence gaps

  • Option-pool size, strike-price history, and vesting terms were not public.

Hidden risks

  • Equity-refresh needs can be material after secondary sales or in fast-moving private valuation environments.

Follow-up questions

  • What is the current option pool, refresh cadence, and 409A support for current grants?

VII.F Significant employee relations problems, past or present

not publicly verifiable confidence: low

The reviewed sources did not expose a public schedule of employee-relations disputes or labor actions.

Evidence gaps

  • No accessible public employee-relations schedule was found.

Hidden risks

  • If fraud operations or support teams are under strain, employee-relations issues may not be visible publicly until they affect service levels or lawsuits.

Follow-up questions

  • Have there been material labor, discrimination, wage, or employee-safety disputes in the last three years?

VII.G Personnel Turnover

not publicly verifiable confidence: low

No public turnover dataset or executive-departure schedule was identified in accessible sources.

Evidence gaps

  • Turnover, retention, and benefit-plan effectiveness data were not public.

Hidden risks

  • Turnover risk matters because the product suite spans highly specialized policy, fraud, and engineering workflows.

Follow-up questions

  • What were annualized attrition and regretted-loss rates by function in 2024 and 2025?
Chapter 08

08Legal and Related Matters

Legal/public-policy diligence is active rather than complete: the public record supports privacy, compliance, and policy-context claims, but comprehensive litigation, IP, insurance, and contract schedules remain private or uncompiled.

VIII.A Pending lawsuits against the Company

not publicly verifiable confidence: low

This review did not complete a counsel-grade litigation search. CourtListener results showed many generic or agency-context mentions of ID.me verification, but did not by themselves establish a reliable schedule of pending lawsuits against the company.

Evidence gaps

  • A comprehensive docket, reserves schedule, and outside-counsel summary were not public.

Hidden risks

  • Absence of a clean public party-name result is not evidence that no litigation exists.

Follow-up questions

  • Please provide all pending, threatened, and settled lawsuits against the company and its affiliates, plus reserves and insurance coverage.
Public litigation-context search results — potential matters against the company
search surfaceobservationdate or contextdiligence gap
CourtListener search for "ID.me"41 published-opinion results were returned, but many are generic text matches or agency-context references rather than clear corporate-party casesSearch accessed 2026-06-17Need party-name and affiliate-name search across docket systems
V.D. Corbin v. UCBR (Pa. Commw. Ct. 2026)Opinion excerpt says claimant was required to verify identity through ID.meFiled 2026-04-10This shows adjudicative context around agency use, not necessarily a suit against ID.me
P. Pham v. UCBR (Pa. Commw. Ct. 2025)Opinion excerpt references completion of an online ID.me identification verification processFiled 2025-06-18Again, contextual mention only; comprehensive litigation inventory still required

This is not a complete docket review and should not be treated as a no-litigation conclusion.

VIII.B Pending lawsuits initiated by Company

not publicly verifiable confidence: low

No reliable public schedule of lawsuits initiated by ID.me was assembled from the accessible sources reviewed.

Evidence gaps

  • Targeted plaintiff-side docket searching was not completed.

Hidden risks

  • Affirmative IP, contract, or collection litigation could matter even if it is not obvious from quick public review.

Follow-up questions

  • Has ID.me initiated any IP, contract, fraud-recovery, or employment-related litigation in the last three years?
Public litigation-context search results — matters initiated by the company
search surfaceobservationstatusnext step
Accessible public quick searchNo reliable public schedule of suits initiated by ID.me was compiled from reviewed pagesnot_publicly_verifiableRun counsel-led docket search using party names and affiliates
SEC and company pagesReviewed sources did not enumerate affirmative litigation or claims schedulesnot_publicly_verifiableRequest legal schedule and outside-counsel summaries
CourtListener result qualityText-match results alone are insufficient to infer plaintiff-side litigation postureinconclusiveUse PACER/Westlaw/Lexis and company affiliate names

Included to avoid overstating what the public quick search could prove.

VIII.C Environmental and employee safety issues and liabilities

partially verified confidence: low

For a digital identity platform, the more material public-safety and liability vectors are cybersecurity, account takeover, privacy harm, and identity misuse rather than traditional environmental exposure.

Evidence gaps

  • No public schedule of incidents, claims, or employee safety disputes was found.

Hidden risks

  • Cybersecurity or misidentification failures can create quasi-safety and reputational liabilities despite limited traditional environmental exposure.

Follow-up questions

  • What material incident, indemnity, or safety claims have been reported internally or to customers/regulators?

VIII.D Material patents, copyrights, licenses, and trademarks

partially verified confidence: medium

Public evidence is stronger on privacy/compliance trust marks and website copyright notices than on a full patent or trademark schedule.

Evidence gaps

  • A complete patent/trademark/license inventory and IP-assignment chain were not publicly compiled.

Hidden risks

  • Without a verified IP schedule, trademark ownership and patent coverage may be narrower or held by different entities than public branding implies.

Follow-up questions

  • Provide all registered/pending trademarks and patents, open-source policy, key inbound/outbound licenses, and IP-assignment documents.
Material IP, privacy, compliance, and entity-structure signals
asset or signalpublic evidencewhy it mattersgap
Privacy Bill of Rights / biometric-data commitmentsConsent, revocation, credential destruction, and no sale/lease/trade of biometric data are publicly statedCore legal/regulatory trust surface for the business modelNeed operational testing, retention logs, and exception handling
Compliance trust marks and standardsPublic references to NIST, FedRAMP, ISO 27001, SOC 2 Type II, EPCS, TEFCA, and CCPA-related positioningImportant for government, healthcare, and enterprise procurementNeed underlying certificates, audit reports, and scope statements
Entity structureSEC issuer is ID.me, Inc.; website copyright notice references ID.me, LLCCould affect IP ownership, contracting, and financing diligenceNeed full legal-entity chart and IP assignments
Trademark / patent scheduleUSPTO TSDR portal is available, but a company-specific portfolio was not compiled in this reviewTrademark and patent ownership should be verified directly, not inferred from brandingNeed targeted trademark/patent search and counsel schedule

Compliance/brand signals are public; authoritative IP schedules still require direct retrieval.

VIII.E Insurance coverage and material exposures

not publicly verifiable confidence: low

No public cyber, E&O, D&O, or crime-insurance schedule was found in accessible sources.

Evidence gaps

  • Insurance tower, retentions, claims history, and exclusions were not public.

Hidden risks

  • A company handling identity verification, benefits access, and healthcare/provider workflows likely needs robust cyber and privacy insurance.

Follow-up questions

  • What are the limits, exclusions, and claims history across cyber, E&O, D&O, and crime policies?

VIII.F Material contracts

partially verified confidence: medium

Public contract evidence is limited to relationship narratives and at least one named partnership extension; most customer, supplier, and government contracts remain private.

Evidence gaps

  • Material customer, supplier, and government contract schedules were not public.

Hidden risks

  • Public relationship narratives do not expose termination rights, SLAs, indemnities, or pricing resets.

Follow-up questions

  • Provide top customer and partner contracts, public-sector templates, DPAs, SLAs, and change-of-control provisions.

VIII.G Regulatory agency problems

partially verified confidence: medium

The clearest public policy signal in reviewed sources is category-level scrutiny of third-party facial-recognition verification, while no company-specific enforcement action was verified from accessible sources.

Evidence gaps

  • Company-specific regulator correspondence, audits, complaints, and remediation logs were not public.

Hidden risks

  • Policy scrutiny can shift quickly even when agency adoption remains active.

Follow-up questions

  • Have any regulators, agencies, or large customers issued findings, corrective-action requests, or privacy/security escalations since 2023?
Legal and policy context timeline Public legal/policy events and context relevant to diligence, without overstating company-specific enforcement.

The timeline includes policy context that affects the category even when it is not a verified company-specific enforcement action.

Risk heatmap Visual summary of the full risk register based on public evidence strength and diligence importance.

The heatmap prioritizes diligence urgency, not legal certainty.

Evidence

Evidence claims
IDClaimStatusSources
EC-ID-001 ID.me appears to remain privately financed, with SEC browse results showing exempt-offering filings and CB Insights still showing late-2025 private financing rather than a public-market event. partially verified medium SRC-ID-002SRC-ID-003
EC-ID-002 CB Insights publicly lists ID.me's latest funding round as a $65M Series E on September 3, 2025. verified high SRC-ID-002
EC-ID-003 CB Insights publicly shows a January 2025 valuation of $2,000M and notes that the latest post-money valuation is from September 2025, although the exact later figure is gated. partially verified medium SRC-ID-002
EC-ID-004 CB Insights publicly lists ID.me's 2023 revenue as $130M. verified high SRC-ID-002
EC-ID-005 The public financials page shows structured/private-market complexity beyond a simple equity history, including a $275M line of credit, a $67M secondary market transaction, 37 investors, and a historical round list through Series E. verified medium SRC-ID-002
EC-ID-006 ID.me publicly claims 136M+ members, 600+ stores, 65 healthcare organizations, and 19 federal agencies as of November 26, 2024. partially verified medium SRC-ID-001
EC-ID-007 ID.me publicly says it never sells user data and frames the wallet as a single login that lets users control where data is shared. partially verified medium SRC-ID-001SRC-ID-005SRC-ID-006
EC-ID-008 ID.me's Privacy Bill of Rights states that users control their data, must consent before sharing, can revoke access, can destroy credentials, and that the company does not sell, lease, or trade biometric data, while retaining some NIST-related credential data for fraud prevention and government auditing purposes. partially verified medium SRC-ID-012
EC-ID-009 The ID.me Network homepage lists Digital Wallet, Unify Authentication, Access Management, Identity Verification, Credential Validation, and Login Security, and groups solutions into public sector, healthcare, retail/eCommerce, employment/background checks, and financial services. verified high SRC-ID-007
EC-ID-010 The identity-verification page describes policy-based orchestration, multiple assurance levels, federation via SAML/OAuth/OIDC, and more than 30 million Americans already verified at NIST IAL2 with ID.me Wallet. partially verified medium SRC-ID-008
EC-ID-011 The regulatory-compliance page publicly represents support for NIST 800-63-3 IAL2/AAL2, FIDO/WebAuthn and YubiKeys, FedRAMP, ISO 27001, SOC 2 Type II, DEA EPCS, TEFCA/QHIN workflows, and CCPA-related use cases. partially verified medium SRC-ID-009
EC-ID-012 The public-sector solutions page positions ID.me's Digital Wallet as a shared service across agencies and says multiple state workforce agencies credited ID.me with preventing billions of dollars of unemployment fraud. partially verified medium SRC-ID-014
EC-ID-013 The healthcare solutions page says more than 100,000 providers leverage ID.me for EPCS and describes healthcare workflows tied to patient portal proofing, payer interactions, TEFCA, HIPAA-sensitive onboarding, and provider/contractor verification. partially verified medium SRC-ID-015
EC-ID-014 The Sterling partnership press release says the firms extended an exclusive agreement through July 2028, described their identity-first employment-screening solution, and reported that more than 1 in 3 job candidates have already confirmed identity with ID.me because of the network's 100M+ verified Americans. partially verified medium SRC-ID-011
EC-ID-015 CB Insights accessible public competitor text surfaces Veriff, Jumio, Socure, Incode, iDenfy, and LexisNexis Risk Solutions as relevant comparison points, each offering overlapping identity-verification, fraud, and compliance capabilities. verified high SRC-ID-016
EC-ID-016 The careers page presents a mission-driven employer brand and advertises medical, dental, vision, parental leave, 401(k) matching, life insurance, mental-health resources, and an employee equity incentive plan. verified high SRC-ID-004
EC-ID-017 The IRS publicly announced a transition away from using a third-party service for facial recognition in creating new online accounts, highlighting policy sensitivity around facial-recognition-based identity verification. verified medium SRC-ID-013
EC-ID-018 Public sources reference both ID.me, Inc. and ID.me, LLC, implying a multi-entity structure that should be reconciled during legal and IP diligence. partially verified medium SRC-ID-003SRC-ID-012
EC-ID-019 The VA officially describes ID.me as a non-government account provider that contracts with government and non-government organizations and continues to support it as one of two secure sign-in options. verified high SRC-ID-010
EC-ID-020 A quick CourtListener search for "ID.me" returned 41 published-opinion results, including 2025-2026 unemployment-benefit appeals that mention ID.me verification, which shows adjudicative context around agency use but not a reliable company-party litigation schedule. verified medium SRC-ID-017
EC-ID-021 The USPTO TSDR portal is an authoritative trademark-status source, but a company-specific ID.me trademark or patent portfolio was not compiled from accessible public pages in this workflow. not publicly verifiable low SRC-ID-018

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.