Stripe processes payments for millions of businesses. For many, Stripe is their entire payment infrastructure. If Stripe freezes a merchant's funds, that merchant often cannot make payroll, pay suppliers, or continue operating. The authority to freeze those funds is written into Stripe's Terms of Service.
ConductAtlas has archived and classified every provision in Stripe's Terms of Service and Privacy Policy. Here is what Stripe's agreements actually permit.
Stripe can place reserves on your account at any time
The Fund Reserve and Payout Withholding provision gives Stripe authority to place a reserve on your account at any time and in their sole discretion. A reserve withholds a percentage of your incoming funds, sometimes all of them, from being paid out to your bank account. The stated trigger is elevated risk: higher than anticipated rates of disputes, refunds, chargebacks, or business patterns Stripe considers concerning.
The actual language gives Stripe broad discretion. The reserve can be imposed without advance notice. It can be increased without advance notice. It can be held for months after account closure. The determination of what constitutes elevated risk is made unilaterally.
For merchants, this creates a structural risk. A business running on thin margins can have its cash flow stopped with little warning. Stripe is not uniquely aggressive here. PayPal, Square, and Braintree have similar authorities. But Stripe's market share means this exposure affects a large fraction of digital commerce.
Settlement fund reserves can continue after you leave
Separate from ongoing reserves, the Settlement Fund Reserves and Post-Termination Hold provision authorizes Stripe to hold funds after you have closed your account. The stated purpose is to cover potential future chargebacks on transactions that occurred while the account was active.
The hold period is typically 90 to 120 days, matching card network chargeback windows. In practice, some holds extend longer. During the hold, the funds are not yours to access, not yours to earn interest on, and not guaranteed to be released in full if chargebacks occur.
For businesses planning to switch payment processors, this is worth understanding upfront. Migrating away from Stripe does not immediately release your funds. Plan cash flow accordingly.
Account termination is unilateral and does not require cause
The Unilateral Account Termination Without Cause provision is explicit. Stripe may terminate your agreement or close your account at any time for any reason effective upon providing notice. Stripe may also suspend your access at any time in their sole discretion.
The language is worth reading carefully. Without cause means Stripe does not need to have a reason. At any time means there is no minimum account tenure, no minimum transaction volume, no safe harbor. In sole discretion means the decision cannot be meaningfully appealed.
In practice, most account terminations do have a reason, usually related to risk, policy violations, or pressure from card networks or regulators. But the contractual framework does not require a reason. This is consequential for businesses whose existence depends on Stripe.
The fraud detection system uses automated decision-making
The Fraud Risk Scoring and Behavioral Profiling provision permits Stripe to use automated tools and machine learning to process your personal data for fraud detection. Stripe also operates a Cross-Merchant Fraud Detection Network that pools data across all Stripe merchants to identify patterns that may indicate fraud.
For merchants, this is mostly beneficial. Fraud detection that leverages cross-merchant data is more accurate than siloed approaches. But the same infrastructure can flag legitimate businesses as risky based on patterns Stripe's models consider problematic. A high-growth business, a business with unusual transaction sizes, or a business in an industry Stripe is reviewing more carefully can trigger the same risk flags as actual fraud.
Under GDPR Article 22, individuals have rights against solely automated decision-making. Stripe's policy permits automated processing but maintains that final decisions involve human review in significant cases. The practical scope of that human review is not documented in the policy.
Broad indemnification shifts legal costs to you
The Broad User Indemnification Obligation requires users to indemnify Stripe for losses arising from use of the services, gross negligence, willful misconduct, fraud, or material breach of the agreement. Indemnification clauses are standard, but Stripe's is broadly written and covers a wider range of circumstances than a typical SaaS agreement.
For business users, this means if a customer sues Stripe because of something that happened in your transaction, you may be on the hook for Stripe's legal costs. The practical exposure is limited by Stripe's tendency to handle most disputes internally, but the contractual exposure is real.
What to actually do
If your business uses Stripe, three concrete steps reduce your exposure.
Keep a reserve of your own outside Stripe. The single most important risk mitigation is not relying on Stripe's payout as your sole cash flow. Maintain 30 to 60 days of operating expenses in an account that Stripe cannot touch. If Stripe places a reserve on your account, this buffer keeps you operating.
Diversify your payment infrastructure. Running a second payment processor in parallel (even at low volume) means an account freeze does not stop your business. Adyen, Checkout.com, and Braintree are common secondary options. The operational overhead of maintaining two processors is substantially lower than the risk of sudden account termination.
Document your business model in your Stripe account. If your business has characteristics that Stripe's risk models may flag (high ticket sizes, international customers, subscription billing, industries under regulatory scrutiny), make sure your Stripe account has clear business descriptions and supporting documentation. This reduces the chance of a reserve or termination based on risk profile misreading.
For compliance and finance teams evaluating Stripe, the combination of reserve authority, termination authority, and broad indemnification creates meaningful counterparty risk that should be factored into vendor due diligence. Stripe is not uniquely risky, but the risk is structural and worth documenting.
ConductAtlas tracks every version of Stripe's Terms of Service and Privacy Policy. When Stripe updates these documents, we flag the changes the same day with clause-level analysis and regulatory exposure mapping.