Stripe processes payments for millions of businesses. For many, Stripe is their entire payment infrastructure. If Stripe restricts a merchant's funds, it can significantly affect the business's cash flow and operations. The authority to freeze those funds is written into Stripe's Terms of Service.
ConductAtlas has archived and classified every provision in Stripe's Terms of Service and Privacy Policy. Here is what Stripe's agreements actually permit.
Stripe's reserve authority under the agreement
The Fund Reserve and Payout Withholding provision authorizes Stripe to place a reserve on your account at its discretion. A reserve withholds a percentage of your incoming funds, sometimes all of them, from being paid out to your bank account. The stated trigger is elevated risk: higher than anticipated rates of disputes, refunds, chargebacks, or business patterns Stripe considers concerning.
The agreement language gives Stripe broad discretion. The reserve can be imposed without advance notice, increased without advance notice, and held for months after account closure. The determination of what constitutes elevated risk is made at Stripe's discretion. However, payment processor conduct is subject to card network rules, state money transmitter regulations, and in some jurisdictions consumer protection statutes that may impose constraints on how reserves are applied.
For merchants, this creates a structural consideration. Businesses dependent on Stripe for cash flow should be aware of the scope of this authority. PayPal, Square, and Braintree have similar authorities in their respective agreements. Stripe's market share means these terms affect a significant portion of digital commerce.
Settlement fund reserves can continue after you leave
Separate from ongoing reserves, the Settlement Fund Reserves and Post-Termination Hold provision authorizes Stripe to hold funds after you have closed your account. The stated purpose is to cover potential future chargebacks on transactions that occurred while the account was active.
The hold period is typically 90 to 120 days, matching card network chargeback windows. In practice, some holds extend longer. During the hold period, access to these funds is restricted, and release may depend on chargeback outcomes.
For businesses planning to switch payment processors, this is worth understanding upfront. Migrating away from Stripe does not immediately release your funds. Plan cash flow accordingly.
Account termination is unilateral and does not require cause
The Unilateral Account Termination Without Cause provision is explicit. The agreement authorizes Stripe to terminate or close accounts upon providing notice, without specifying required cause. Stripe may also suspend access at its discretion.
The agreement uses broad language: termination "without cause" and "at any time" suggest no minimum account tenure or transaction threshold is required. "At its discretion" limits the grounds for appeal under the agreement, though applicable law or regulatory frameworks may impose additional constraints on how these terms are applied in practice.
In practice, most account terminations do have a reason, usually related to risk, policy violations, or pressure from card networks or regulators. The contractual framework does not require a reason, though state money transmitter laws and card network operating regulations may impose notice or process requirements that are not reflected in the agreement language. This is a significant consideration for businesses that rely on Stripe as their primary payment infrastructure.
The fraud detection system uses automated decision-making
The Fraud Risk Scoring and Behavioral Profiling provision permits Stripe to use automated tools and machine learning to process your personal data for fraud detection. Stripe also operates a Cross-Merchant Fraud Detection Network that pools data across all Stripe merchants to identify patterns that may indicate fraud.
For merchants, this is mostly beneficial. Fraud detection that leverages cross-merchant data is more accurate than siloed approaches. But the same infrastructure can flag legitimate businesses as risky based on patterns Stripe's models consider problematic. A high-growth business, a business with unusual transaction sizes, or a business in an industry Stripe is reviewing more carefully can trigger the same risk flags as actual fraud.
Under GDPR Article 22, individuals have rights against solely automated decision-making. Stripe's policy permits automated processing but maintains that final decisions involve human review in significant cases. The practical scope of that human review is not documented in the policy.
Broad indemnification shifts legal costs to you
The Broad User Indemnification Obligation requires users to indemnify Stripe for losses arising from use of the services, gross negligence, willful misconduct, fraud, or material breach of the agreement. Indemnification clauses are standard, but Stripe's is broadly written and covers a wider range of circumstances than a typical SaaS agreement.
For business users, this means if a customer sues Stripe because of something that happened in your transaction, you may be on the hook for Stripe's legal costs. The practical exposure is limited by Stripe's tendency to handle most disputes internally, but the contractual exposure is real.
What to actually do
If your business uses Stripe, three concrete steps reduce your exposure.
Keep a reserve of your own outside Stripe. The single most important risk mitigation is not relying on Stripe's payout as your sole cash flow. Maintain 30 to 60 days of operating expenses in an account that Stripe cannot touch. If Stripe places a reserve on your account, this buffer keeps you operating.
Diversify your payment infrastructure. Running a second payment processor in parallel (even at low volume) means an account freeze does not stop your business. Adyen, Checkout.com, and Braintree are common secondary options. The operational overhead of maintaining two processors is substantially lower than the risk of sudden account termination.
Document your business model in your Stripe account. If your business has characteristics that Stripe's risk models may flag (high ticket sizes, international customers, subscription billing, industries under regulatory scrutiny), make sure your Stripe account has clear business descriptions and supporting documentation. This reduces the chance of a reserve or termination based on risk profile misreading.
For compliance and finance teams evaluating Stripe, the combination of reserve authority, termination authority, and broad indemnification creates meaningful counterparty risk that should be factored into vendor due diligence. The exposure is structural and worth documenting in vendor due diligence.
ConductAtlas tracks every version of Stripe's Terms of Service and Privacy Policy. When Stripe updates these documents, we flag the changes the same day with clause-level analysis and regulatory exposure mapping.