Some passes that you can create with Google Wallet may contain sensitive user data. These passes have extra protection to help keep your users data safe and are managed differently in the Wallet API. The generic private pass vertical should be used in cases where sensitive data (as defined in the Wallet API Acceptable Use Policy) is included in your Pass.
The generic private pass vertical supports use cases such as:
- Health Insurance Cards
- National Identification Cards
- Other Government IDs
Some countries and jurisdictions require that sensitive data is managed in a particular way. As such, the list of use cases highlighted here may vary depending on your country or other regulations. If your user data is subject to legal regulation in your country of origin (e.g. the Health Insurance Portability and Accountability Act in the United States), it will have to use the generic private pass vertical and may be subject to additional review.
What is different?
Generic private passes use a self-contained method for defining and distributing the pass. As the developer, you define the pass layout and contents in a single JSON Web Token that is then distributed directly to the user for them to save it into their Wallet.
Passes which process sensitive data (known as generic private pass) may be subject to additional privacy controls during onboarding. We do not allow the APIs to be used for processing sensitive data in Google Wallet without explicit permission from Google, as described in the as defined in the Wallet API Acceptable Use Policy.
You will be required to provide the following:
- Eligibility Document verifying your identity and attesting you are a valid entity
- A URL to your logo
- A URL to your website
After you have received approval to issue generic private pass, get started with your implementation to add passes to Google Wallet.