Stripe updated its Privacy Policy on April 18, 2026, making dozens of changes to how it describes the collection, use, and handling of your personal data. Key updates include an expanded list of financial partners (now including payment intermediaries, aggregators, and processors), a broader definition of 'Visitor' that now includes people who visit Stripe's physical offices, and a clarification that the policy covers the Stripe Credit Card Terms of Service. These changes affect how Stripe describes who it shares your data with and in what contexts your data is governed by this policy.
The expansion of Stripe's Financial Partners list means more third-party organizations may receive your personal and financial data than before, and businesses using Stripe must update their own privacy disclosures to reflect this change or risk regulatory non-compliance.
Stripe has expanded the list of third-party financial partners it may share your data with to now include payment intermediaries, payment aggregators, payment method providers, and payment processors — meaning more organizations could receive your personal and financial data. The definition of 'Visitor' has also been broadened to include people who physically visit a Stripe office, potentially subjecting in-person interactions to this policy's data collection scope. You can review Stripe's updated privacy policy at stripe.com to understand the full list of partners your data may be shared with and exercise any applicable opt-out or data access rights.
Stripe's April 18, 2026 policy update expands the categories of Financial Partners to whom personal data may be disclosed, adding payment intermediaries, aggregators, payment method providers, and processors. This directly affects the data-sharing disclosures required under GDPR Art. 13/14, CCPA §1798.100, and similar frameworks. Organizations using Stripe as a payment processor should assess whether their own customer-facing privacy notices accurately reflect this expanded third-party sharing. The inclusion of Stripe Credit Card Terms under 'Business Services' also signals a new product scope that may require vendor inventory updates. Action is required for compliance teams that maintain data flow maps or vendor DPAs referencing Stripe.
1. GDPR Art. 13(1)(e) and Art. 14(1)(e) — expanded recipient categories (payment intermediaries, aggregators, processors) must be disclosed to data subjects; failure to update downstream notices creates non-compliance exposure.
Compliance intelligence locked
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000504.
ConductAtlas Policy Archive Entity: Stripe | Document: Stripe Privacy Policy | Record: CA-C-000504 Captured: 2026-04-18 07:39:36 UTC URL: https://conductatlas.com/change/2026-04-18-stripe-stripe-privacy-policy-504/ Accessed: April 21, 2026
Stripe updated their Privacy Policy on March 16, 2026, rolling back the 'last updated' date from February 23, 2026 to …
Stripe's terms allow fund reserves, payout withholding, and account termination at their sole discretion. Here is what business owners need…
Subscribe to Watcher for $9.99/mo to get email alerts the moment Stripe updates their policies. Or try Professional free for 14 days.