CA-C-002173
Stripe — Stripe Privacy Policy
Entity
Date detected
May 19, 2026
Effective date
May 19, 2026
Severity
Low
Direction
Neutral
Affected users
all users end users
Changes
18 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Watch Stripe Get alerts when this policy changes.
Watch — Free

Event Summary

Stripe updated its privacy policy on May 19, 2026 to replace all references to its payment service 'Link' with 'Onelink.' This is a product rebranding change that affects how the policy describes End User Services, account creation, transaction data collection, and bank account integration. No changes were made to what data Stripe collects, how it processes personal data, or users' rights and obligations.

LOW

Consumer Impact

Stripe updated its privacy policy to reflect the rebranding of its Link product to Onelink. This is purely a naming change. All references to Link—including how account creation, payment transactions, and bank account integration work—now refer to Onelink instead. The policy's substantive provisions governing what data Stripe collects, how it uses personal data, and what rights users have remain unchanged.

Governance Analysis

The updated policy reflects Stripe's product rebranding from Link to Onelink. Users and partners referencing the policy to understand how Stripe collects and processes data for account creation, payment transactions, and bank account integration will now encounter Onelink as the service name. The substantive governance—what data is collected, how it is used, and what rights exist—remains unchanged.

Key Clauses Affected

Service definition

Link product references updated to Onelink throughout the policy definition section

End User Services description

Link rebranded to Onelink in examples of how End User Services are provided for personal use

Personal Data collection sections

Link account features and data storage updated to reference Onelink service

Full clause-by-clause analysis available with Compliance.
These clauses may change again. Get alerted when they do. Watch Stripe — Free

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
4d67edcce11168502778ef5f27b9db91761257ae98bafac364f4ebec0553f77b
April 29, 2026 06:20 UTC
✓ Verified
Current Version
75784d548ae312ef3404c433596e9ade4f9edc9f3d5ae3ade71e1a6f105c97c7
May 19, 2026 00:11 UTC
✓ Verified
Change Detected
May 19, 2026 00:11 UTC
Analysis Methodology
✓ Verified
Source Document
https://stripe.com/privacy
Citation Record
Entity: Stripe
Document: Stripe Privacy Policy
Record ID: CA-C-002173
Captured: 2026-05-19 00:11:58 UTC
URL: https://conductatlas.com/change/2026-05-19-stripe-stripe-privacy-policy-2173/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
For legal and compliance teams

Institutional Analysis

Assessment

This is a product rebranding change with no material impact on data governance, processing procedures, or compliance obligations. No updates to DPAs, vendor contracts, privacy impact assessments, or regulatory notices are required. The change is editorial in nature and does not alter Stripe's stated data collection practices, retention policies, or user rights. No action required.

Full compliance analysis

Obligation analysis, escalation trigger, board language, and recommended action.

Monitor $19/mo Compliance $249/mo

Monitor: regulatory citations + obligations. Compliance: full compliance memo.

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002173.

Clause-Level Changes

New Provisions Added
Data Collection Scope
Medium

Provides explicit definition of Personal Data scope including technical identifiers, establishing broader potential data collection.

Full clause text available with Compliance. See Compliance →
Law Enforcement and Government Data Disclosure
Medium

Appears to be a placeholder or generic statement that lacks substantive detail about law enforcement data disclosure procedures and safeguards.

Full clause text available with Compliance. See Compliance →
Consumer Privacy Rights and Opt-Out
Medium

Adds acknowledgment of opt-out rights and right to object, though excerpt is largely boilerplate with limited specificity.

Full clause text available with Compliance. See Compliance →
Advertising and Analytics Partner Data Sharing
Medium

New provision category for advertising and analytics partner sharing, though the excerpt provided is generic boilerplate without substantive detail.

Full clause text available with Compliance. See Compliance →
End Customer Data Rights via Business Users
High

Introduces complexity around data subject identity and rights differentiation based on user role, potentially affecting how rights are applied to different parties.

Full clause text available with Compliance. See Compliance →
Provisions Removed
Collection from Third-Party Data Sources
High

Removal of explicit disclosure regarding third-party data broker sourcing and combination with first-party data, reducing transparency about data collection methods.

Removed clause text available with Compliance. See Compliance →
Use of Transaction Data for Fraud Prevention and Machine Learning
Medium

Removal of specific disclosure about using transaction data for machine learning model training, reducing transparency about automated decision-making and model development practices.

Removed clause text available with Compliance. See Compliance →
Consumer Data Subject Rights
Medium

Removal of comprehensive enumeration of GDPR-based data subject rights (access, correction, deletion, objection, restriction, portability, supervisory complaint), replaced with vague references.

Removed clause text available with Compliance. See Compliance →
Cookies and Tracking Technologies
Medium

Removal of explicit disclosure regarding cookie usage purposes (authentication, preference storage, usage analytics, targeted advertising), reducing transparency about tracking practices.

Removed clause text available with Compliance. See Compliance →
Identity Verification and Know Your Customer Data
High

Removal of explicit disclosure about collection and use of sensitive biometric data (facial images, government IDs) for KYC/identity verification, reducing transparency about sensitive data handling.

Removed clause text available with Compliance. See Compliance →
Provisions Modified
Dual Controller and Processor Role
High

Severity increased from medium to high; quotation marks changed from single to double quotes with no substantive content change.

Before/after clause text available with Compliance. See Compliance →
Financial Partners Data Sharing
Medium

Removed specific uses of data sharing (transaction processing, fraud detection, identity verification, compliance) and replaced with generic reference to 'provide the Services'.

Before/after clause text available with Compliance. See Compliance →
Cross-Border Data Transfers
Medium

Significantly reduced scope from detailed explanation of cross-border transfer mechanisms (SCCs, DPF, UK Extension) to vague statement about entity responsibility variation by jurisdiction.

Before/after clause text available with Compliance. See Compliance →

Cross-platform context

See how other platforms handle similar provisions across the ConductAtlas archive.

Compare across platforms → Browse regulations →

Full Changes

See the full side-by-side comparison of every sentence added, removed, and modified.

🔒 Full diff — Monitor

Document Context

Version history → Policy drift analysis → Document page →
Document
Stripe Privacy Policy
Entity
Stripe
Captured
May 19, 2026
Source URL
https://stripe.com/privacy
Other changes to Stripe Privacy Policy
Previous change Apr 29, 2026
Stripe updated its Privacy Policy on April 29, 2026 with four minor editorial changes. The policy's last-updated date was changed …
Low Neutral
View full version history →
More from Stripe
Jul 1, 2026 Unknown
Stripe Connect Platform Agreement
Jul 1, 2026 Unknown
Stripe Terms of Service
Apr 29, 2026 Low
Stripe Privacy Policy

Stripe updated its Privacy Policy on April 29, 2026 with four minor editorial changes. The policy's last-updated date was changed …

Related Analysis
Dependency Governance · June 11, 2026
When AI Agents Start Paying for Things: Who Governs Machine-to-Machine Commerce?

Mastercard, Stripe, and Cloudflare are building payment infrastructure for autonomous AI agents. The governance layer is not keeping pace.

Dependency Governance · May 27, 2026
When Infrastructure Providers Govern Platforms

The Kickstarter-Stripe controversy reveals how payment processors, cloud providers, and AI platforms quietly shape downstream policy decisi…

Consumer Rights · April 21, 2026
Stripe's Reserve and Hold Authority: What the Terms Authorize

Stripe's terms authorize fund reserves, payout withholding, and account termination. Here is what the agreement states and what business ow…

Track Stripe policy changes

Get alerted when this policy changes again — including what changed and why it matters.

Prefer a weekly summary instead?

Get the biggest policy changes across 320+ platforms every Sunday.