Stripe updated their Privacy Policy on April 29, 2026, making several housekeeping and substantive changes. The company's legal name reference was simplified from 'Stripe Inc., now known as Stripe, LLC' to just 'Stripe, LLC,' and a vague 'Learn More' link about their Data Privacy Framework was replaced with a clearer sentence directing users to read Stripe's full Data Privacy Framework Policy. These changes improve transparency slightly by making it easier to find Stripe's data transfer compliance documentation.
Stripe simplified its legal name reference and replaced a vague 'Learn More' link with a direct statement pointing users to its Data Privacy Framework Policy, making it easier for consumers — especially those in the EU and UK — to find information about how their data is handled when transferred internationally. The date stamp was also updated from February 23 to April 28, 2026, signaling a fresh policy revision. You can read Stripe's Data Privacy Framework Policy directly via the updated link now referenced in the Privacy Policy.
The legal entity name finalization from 'Stripe Inc.' to 'Stripe, LLC' means businesses with contracts or data agreements referencing the old name may have a counterparty mismatch that could matter in regulatory or legal proceedings. The clearer DPF Policy reference also makes it easier for EU and UK users to verify how their international data transfers are protected.
Reference to 'Stripe Inc., now known as Stripe, LLC' was simplified to 'Stripe, LLC,' completing the entity name transition and potentially requiring counterparty contract updates.
A vague 'Learn More' link was replaced with an explicit sentence directing users to read Stripe's Data Privacy Framework Policy, improving transparency for EU, UK, and Swiss data subjects.
The 'last updated' date was changed from February 23, 2026 to April 28, 2026, marking this as a new policy version.
ConductAtlas Policy Archive Entity: Stripe | Document: Stripe Privacy Policy | Record: CA-C-000702 Captured: 2026-04-29 06:20:01 UTC URL: https://conductatlas.com/change/2026-04-29-stripe-stripe-privacy-policy-702/ Accessed: May 2, 2026
Unlock the full analysis
14-day free trial available.
Stripe's April 29, 2026 update makes four sentence-level changes: (1) updates the 'last updated' date to April 28, 2026; (2) removes the transitional name 'Stripe Inc., now known as Stripe, LLC' in favor of simply 'Stripe, LLC,' completing a legal entity name migration; (3) replaces a generic 'Learn More' hyperlink with an explicit reference to 'Stripe's Data Privacy Framework Policy'; and (4) updates the date in the FACTS section header. The DPF reference improvement touches EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF transparency obligations. No new substantive obligations are created, but compliance teams should note the entity name finalization and confirm any vendor contracts, DPAs, or SCCs referencing 'Stripe Inc.' are updated accordingly.
1. EU-U.S. Data Privacy Framework (DPF) — Transparency Principle: Participants must inform individuals about their DPF participation and provide a link to the DPF Policy or its location; this change improves compliance with that requirement by replacing a vague 'Learn More' link with an explicit reference.
Compliance intelligence locked
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000702.
This new provision discloses a significant expansion in data sources and combination practices that was not previously explicitly mentioned, raising transparency concerns about third-party data acquisition.
This new provision explicitly details the use of personal data for machine learning model training and refinement, which is a more specific and potentially broader use case than the previous generic fraud prevention language.
This new provision explicitly articulates Stripe's dual role and legal relationship complexity, which is important for data subjects to understand their rights and which entity they should contact.
This new provision introduces explicit disclosure of biometric data collection (facial images) as part of KYC processes, representing a significant expansion in sensitive personal data categories requiring enhanced transparency.
The removal of this comprehensive enumeration of collected data categories makes the current policy less transparent about the specific types of personal data Stripe collects during normal operations.
The removal of explicit guidance routing end customer privacy rights through merchants may create confusion about who is responsible for handling data subject requests in multi-party transaction scenarios.
The removal of this high-severity provision explicitly stating the legal basis (legitimate interests) for fraud detection and automated processing eliminates important transparency about the lawful grounds for sensitive processing activities.
The removal of this data retention provision eliminates transparency about how long Stripe retains personal data and under what circumstances extended retention periods apply.
Expanded rationale for sharing to explicitly include fraud detection, prevention, and identity verification as separate purposes beyond generic legal compliance.
Removed broad language about 'other legally recognized transfer mechanisms' and added specific reference to the UK Extension to the EU-U.S. Data Privacy Framework, making the policy more precise about available legal bases.
Removed explicit mention of 'right to withdraw consent', added 'right to lodge a complaint with a supervisory authority', and removed reference to Privacy Center contact details.
Shifted focus from detailed enumeration of technical data points to functional purposes of tracking, added 'deliver relevant advertising' as explicit use case, and delegated detailed information to separate Cookies Policy.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Unlock full diff — Watcher $9.99/moStripe updated the 'last updated' date on their Privacy Policy from January 16, 2026 to February 23, 2026. This change …
Stripe updated their Privacy Policy on April 23, 2026. The changes include a revision to the 'last updated' date shown …
Stripe updated its Privacy Policy on April 18, 2026, making a range of clarifications and expansions to how it defines …
Stripe's terms allow fund reserves, payout withholding, and account termination at their sole discretion. Here is what business owners need…
We monitor 200+ platforms and archive every change — verified and timestamped.