| Privacy Policy | | Privacy Policy |
| Cookies Policy | | Cookies Policy |
| Data Privacy Framework | | Data Privacy Framework |
| n | Sub-Processors List | n | Service Providers List |
| Data Processing Agreement | | Data Processing Agreement |
| Supplier Data Processing Agreement | | Supplier Data Processing Agreement |
| Stripe Privacy Center | | Stripe Privacy Center |
| n | Data Transfer Addendum | n | Data Processing Agreement |
| Privacy Policy | | Privacy Policy |
| n | Last updated: February 23, 2026 | n | Last updated: January 16, 2025 |
| This Privacy Policy includes important information about your personal data and | | This Privacy Policy includes important information about your personal data and |
| we encourage you to read it carefully. | | we encourage you to read it carefully. |
| Welcome | | Welcome |
| n | We provide financial infrastructure for the internet. Individuals and businesses | n | We provide financial infrastructure for the internet. Individuals and businesses |
| of all sizes use our technology and services to facilitate purchases, accept pa | | of all sizes use our technology and services to facilitate purchases, accept pa |
| yments, send payouts, and manage their online businesses. | | yments, send payouts, and manage online businesses. |
| This Privacy Policy (“Policy”) describes the Personal Data that we collect, how | | This Privacy Policy (“Policy”) describes the Personal Data that we collect, how |
| we use and share it, and how you can reach us with privacy-related inquiries. Th | | we use and share it, and details on how you can reach us with privacy-related in |
| e Policy also outlines your rights and choices as a data subject, including the | | quiries. The Policy also outlines your rights and choices as a data subject, inc |
| right to object to certain uses of your Personal Data. | | luding the right to object to certain uses of your Personal Data. |
| Depending on the activity, Stripe assumes the role of a “data controller” and/or | | Depending on the activity, Stripe assumes the role of a “data controller” and/or |
| “data processor” (or “service provider”). For more details about our privacy pr | | “data processor” (or “service provider”). For more details about our privacy pr |
| actices, including our role, the specific Stripe entity responsible under this P | | actices, including our role, the specific Stripe entity responsible under this P |
| olicy, and our legal bases for processing your Personal Data, please visit our P | | olicy, and our legal bases for processing your Personal Data, please visit our P |
| rivacy Center. | | rivacy Center. |
| Defined Terms | | Defined Terms |
| n | In this Policy, “Stripe”, “we”, “our,” or “us” refers to the Stripe entity respo | n | In this Policy, “Stripe”, “we”, “our,” or “us” refers to the Stripe entity respo |
| nsible for the collection, use, processing, and handling of Personal Data as des | | nsible for the collection, use, and handling of Personal Data as described in th |
| cribed in this document. Depending on your jurisdiction, the specific Stripe ent | | is document. Depending on your jurisdiction, the specific Stripe entity accounta |
| ity responsible for your Personal Data might vary. Learn More. | | ble for your Personal Data might vary. Learn More. |
| “Personal Data” refers to any information associated with an identified or ident | | “Personal Data” refers to any information associated with an identified or ident |
| ifiable individual, which can include data that you provide to us, and that we c | | ifiable individual, which can include data that you provide to us, and that we c |
| ollect about you during your interaction with our Services (such as device infor | | ollect about you during your interaction with our Services (such as device infor |
| mation, IP address, etc.). | | mation, IP address, etc.). |
| n | “Services” refers to the products, services, devices, and applications that we p | n | “Services” refers to the products, services, devices, and applications, that we |
| rovide under the Stripe Services Agreement or the Stripe Credit Card Terms of Se | | provide under the Stripe Services Agreement (“Business Services”) or the Stripe |
| rvice (collectively, “Business Services”), or the Stripe Consumer Terms of Servi | | Consumer Terms of Service (“End User Services”); websites (“Sites”) like Stripe. |
| ce (“End User Services”); websites (“Sites”) like Stripe.com and Link.com; and o | | com and Link.com; and other Stripe applications and online services. We provide |
| ther Stripe applications and online services. We provide Business Services to en | | Business Services to entities (“Business Users”). We provide End User Services d |
| tities (“Business Users”). We provide End User Services directly to individuals | | irectly to individuals for their personal use. |
| for their personal use. | | |
| “Financial Partners” are financial institutions, banks, and other partners such | | “Financial Partners” are financial institutions, banks, and other partners such |
| as payment method acquirers, payment intermediaries, payment aggregators, payout | | as payment method acquirers, payout providers, and card networks that we partner |
| providers, payment method providers, payment processors, and card networks that | | with to provide the Services. |
| we partner with, directly or indirectly, to provide the Services. | | |
| Depending on the context, “you” might be an End Customer, End User, Representati | | Depending on the context, “you” might be an End Customer, End User, Representati |
| ve, or Visitor: | | ve, or Visitor: |
| End Users. When you use an End User Service, such as saving a payment method wit | | End Users. When you use an End User Service, such as saving a payment method wit |
| h Link, for personal use we refer to you as an “End User.” | | h Link, for personal use we refer to you as an “End User.” |
| n | End Customers. When you are not directly transacting with Stripe, but we receive | n | End Customers. When you are not directly transacting with Stripe, but we receive |
| your Personal Data to provide Services to a Business User, including when you m | | your Personal Data to provide Services to a Business User, including when you m |
| ake a purchase from a Business User on a Stripe Checkout page or receive payment | | ake a purchase from a Business User on a Stripe Checkout page or receive payment |
| s or other services from a Business User, we refer to you as an “End Customer.” | | s from a Business User, we refer to you as an “End Customer.” |
| Representatives. When you are acting on behalf of an existing or potential Busin | | Representatives. When you are acting on behalf of an existing or potential Busin |
| ess User—perhaps as a company founder, account administrator for a Business User | | ess User—perhaps as a company founder, account administrator for a Business User |
| , or a recipient of an employee credit card from a Business User via Stripe Issu | | , or a recipient of an employee credit card from a Business User via Stripe Issu |
| ing—we refer to you as a “Representative.” | | ing—we refer to you as a “Representative.” |
| n | Visitors. When you interact with Stripe by visiting a Site without being logged | n | Visitors. When you interact with Stripe by visiting a Site without being logged |
| into a Stripe account, or when your interaction with Stripe does not involve you | | into a Stripe account, or when your interaction with Stripe does not involve you |
| being an End User, End Customer, or Representative, or when you visit a Stripe | | being an End User, End Customer, or Representative, we refer to you as a “Visit |
| office or other Stripe premises, we refer to you as a “Visitor.” For example, yo | | or.” For example, you are a Visitor when you send a message to Stripe asking for |
| u are a Visitor when you send a message to Stripe asking for more information ab | | more information about our Services. |
| out our Services. | | |
| In this Policy, “Transaction Data” refers to data collected or used by Stripe in | | In this Policy, “Transaction Data” refers to data collected and used by Stripe t |
| relation to transactions you request. Some Transaction Data is Personal Data an | | o facilitate transactions you request. Some Transaction Data is Personal Data an |
| d may include: your name, email address, contact number, billing and shipping ad | | d may include: your name, email address, contact number, billing and shipping ad |
| dress, payment method information (like credit or debit card number, bank or pay | | dress, payment method information (like credit or debit card number, bank accoun |
| ment method account details, or payment card image chosen by you), merchant and | | t details, or payment card image chosen by you), merchant and location details, |
| location details, amount and date of purchase, information about payment status, | | amount and date of purchase, and in some instances, information about what was p |
| and in some instances, information about what was purchased, order fulfillment | | urchased. |
| status, subscription status, applicable tax amounts, refund or chargeback inform | | |
| ation, and support interactions. | | |
| 1. Personal Data that we collect and how we use and share it | | 1. Personal Data that we collect and how we use and share it |
| 2. More ways we collect, use and share Personal Data | | 2. More ways we collect, use and share Personal Data |
| 3. Legal bases for processing data | | 3. Legal bases for processing data |
| 9. Contact us | | 9. Contact us |
| 10. US Consumer Privacy Notice | | 10. US Consumer Privacy Notice |
| 1. Personal Data we collect and how we use and share it | | 1. Personal Data we collect and how we use and share it |
| n | Our collection and use of Personal Data differs based on whether you are an End | n | Our collection and use of Personal Data differs based on whether you are an End |
| User, End Customer, Representative, or Visitor, and the specific Service that yo | | User, End Customer, Representative, or Visitor, and the specific Service that yo |
| u are using. For example, if you're a sole proprietor who wants to use our Busin | | u are using. For example, if you're a sole proprietor who wants to use our Busin |
| ess Services, we may collect your Personal Data to onboard your business; at the | | ess Services, we may collect your Personal Data to onboard your business; at the |
| same time, you might also be an End Customer if you've bought goods from anothe | | same time, you might also be an End Customer if you've bought goods from anothe |
| r Business User that is using our Services for payment processing. You could als | | r Business User that is using our Services for payment processing. You could als |
| o be an End User if you used our End User Services, such as Link, for those tran | | o be an End User if you used our End User Service, such as Link, for those trans |
| sactions. | | actions. |
| 1.1 End Users | | 1.1 End Users |
| n | We provide End User Services when we provide the Services directly to you for yo | n | We provide End User Services when we provide the Services directly to you for yo |
| ur personal use (e.g., Link). Additional details regarding our collection, use, | | ur personal use (e.g., Link). Additional details regarding our collection, usage |
| and sharing of End User Personal Data, including the legal bases we rely on for | | , and sharing of End User Personal Data, including the legal bases we rely on fo |
| processing such data, can be found in our Privacy Center. | | r processing such data, can be found in our Privacy Center. |
| a. Personal Data we collect about End Users | | a. Personal Data we collect about End Users |
| n | Using Link or Connecting your bank account. Stripe offers a service called ”Link | n | Using Link or Connecting your bank account. Stripe offers a service called "Link |
| ,” which allows you to create an account and store information for future intera | | ," which allows you to create an account and store information for future intera |
| ctions with Stripe’s Services and Business Users. You may save a number of diffe | | ctions with Stripe’s Services and Business Users. You may save a number of diffe |
| rent kinds of Personal Data using Link. For instance, you may save your name, pa | | rent kinds of Personal Data using Link. For instance, you may save your name, pa |
| yment method details, contact information, and address to conveniently use saved | | yment method details, contact information, and address to conveniently use saved |
| information to pay for transactions across our Business Users. When you choose | | information to pay for transactions across our Business Users. When you choose |
| to pay with Link, we will also collect Transaction Data associated with your tra | | to pay with Link, we will also collect Transaction Data associated with your tra |
| nsactions. Learn More. | | nsactions. Learn More. |
| You can also share and save bank account details to your Link account using Stri | | You can also share and save bank account details to your Link account using Stri |
| pe’s Financial Connections product. When you use Financial Connections, Stripe w | | pe’s Financial Connections product. When you use Financial Connections, Stripe w |
| ill periodically collect and process your account information (such as bank acco | | ill periodically collect and process your account information (such as bank acco |
| unt owner information, account balances, account number and details, account tra | | unt owner information, account balances, account number and details, account tra |
| nsactions, and, in some cases, log-in credentials). You can withdraw your consen | | nsactions, and, in some cases, log-in credentials). You can ask us to cease the |
| t by disconnecting your bank account and ask us to cease the collection of such | | collection of such data at any time. Learn More. |
| data at any time. Learn More. | | |
| You can also use your Link account to access services provided by Stripe’s partn | | |
| er businesses, such as Buy Now, Pay Later (BNPL) services or crypto wallet servi | | |
| ces. In these situations, we will collect and share additional Personal Data wit | | |
| h partner businesses to facilitate your use of such services. You can save this | | |
| information to your Link account to access similar services in the future. We ma | | |
| y also receive certain information about you from partner businesses in connecti | | |
| on with the services they provide. Learn More. | | |
| Finally, you can use Link to store your identity documents (such as your driver’ | | Finally, you can use Link to store your identity documents (such as your driver’ |
| s license) and other identification information (such as tax ID) so that you can | | s license) so that you can share them in future interactions with Stripe or its |
| share them in future interactions with Stripe or its Business Users. | | Business Users. |
| Paying Stripe. When you purchase goods or services directly from Stripe, we rece | | Paying Stripe. When you purchase goods or services directly from Stripe, we rece |
| ive your Transaction Data. For instance, when you make a payment to Stripe Clima | | ive your Transaction Data. For instance, when you make a payment to Stripe Clima |
| te, we collect information about the transaction, as well as your contact and pa | | te, we collect information about the transaction, as well as your contact and pa |
| yment method details. | | yment method details. |
| Identity/Verification Services. We offer an identity verification service that a | | Identity/Verification Services. We offer an identity verification service that a |
| utomates the comparison of your identity document (such as a driver’s license) w | | utomates the comparison of your identity document (such as a driver’s license) w |
| ith your image (such as a selfie). You can separately consent to us using your b | | ith your image (such as a selfie). You can separately consent to us using your b |
| iometric data to enhance our verification technology, with the option to revoke | | iometric data to enhance our verification technology, with the option to revoke |
| your consent at any time. Learn More. | | your consent at any time. Learn More. |
| More. For further information about other types of Personal Data that we may col | | More. For further information about other types of Personal Data that we may col |
| lect about End Users, including about your online activity and your engagement w | | lect about End Users, including about your online activity and your engagement w |
| ith our End User Services, please see the More ways we collect, use, and share P | | ith our End User Services, please see the More ways we collect, use, and share P |
| ersonal Data section below. | | ersonal Data section below. |
| b. How we use and share Personal Data of End Users | | b. How we use and share Personal Data of End Users |
| Services. We use and share your Personal Data to provide the End User Services t | | Services. We use and share your Personal Data to provide the End User Services t |
| o you, which includes support, personalization (such as language preferences and | | o you, which includes support, personalization (such as language preferences and |
| setting choices), and communication about our End User Services (such as commun | | setting choices), and communication about our End User Services (such as commun |
| icating Policy updates and information about our Services). For example, Stripe | | icating Policy updates and information about our Services). For example, Stripe |
| may use cookies and similar technologies or the data you provide to our Business | | may use cookies and similar technologies or the data you provide to our Business |
| Users (such as when you input your email address on a Business User’s website) | | Users (such as when you input your email address on a Business User’s website) |
| to recognize you and help you use Link when visiting our Business User’s website | | to recognize you and help you use Link when visiting our Business User’s website |
| . Learn more about how we use cookies and similar technologies in Stripe’s Cooki | | . Learn more about how we use cookies and similar technologies in Stripe’s Cooki |
| e Policy. | | e Policy. |
| n | When you buy eligible digital goods or services using Stripe Managed Payments, S | n | Our Business Users. When you use Link to make payments with our Business Users, |
| tripe acts as Merchant of Record and collects Transaction Data and certain order | | we share your Personal Data, including name, contact information, payment method |
| -level details to provide the services, such as subscription status, fulfillment | | details, and Transaction Data with those Business Users. Learn More. You can al |
| status, tax amounts, refund or chargeback information, and support interactions | | so direct Stripe to share your saved bank account information and identity docum |
| . For any subscription purchase, a Link account is required to manage your subsc | | ents with Business Users you do business with. Once we share your Personal Data |
| ription. Learn more. | | with Business Users, we may process that Personal Data as a Data Processor for t |
| | | hose Business Users, as detailed in Section 1.2 of this Policy. You should consu |
| | | lt the privacy policies of the Business Users’ you do business with for informat |
| | | ion on how they use the information shared with them. |
| Our Business Users. When you use an End User Service, such as using Link to make | | |
| payments with our Business Users, we share your Personal Data, including name, | | |
| contact information, payment method details, and Transaction Data with those Bus | | |
| iness Users. Learn More. You can also direct Stripe to share your saved bank acc | | |
| ount information and identity documents with Business Users you do business with | | |
| . Once we share your Personal Data with Business Users, we may process that Pers | | |
| onal Data as a Data Processor for those Business Users, as detailed in Section 1 | | |
| .2 of this Policy. You should consult the privacy policies of the Business Users | | |
| with whom you do business for information on how they use the information share | | |
| d with them. | | |
| Fraud Detection and Loss Prevention. We use your Personal Data collected across | | Fraud Detection and Loss Prevention. We use your Personal Data collected across |
| our Services to detect fraud and prevent financial losses for you, us, and our B | | our Services to detect fraud and prevent financial losses for you, us, and our B |
| usiness Users and Financial Partners, including detecting unauthorized purchases | | usiness Users and Financial Partners, including detecting unauthorized purchases |
| . We may provide Business Users and Financial Partners, including those that use | | . We may provide Business Users and Financial Partners, including those that use |
| our fraud prevention-related Business Services (such as Stripe Radar), with Per | | our fraud prevention-related Business Services (such as Stripe Radar), with Per |
| sonal Data about you (including your attempted transactions) so that they can as | | sonal Data about you (including your attempted transactions) so that they can as |
| sess the fraud or loss risk associated with the transaction. Learn more about ho | | sess the fraud or loss risk associated with the transaction. Learn more about ho |
| w we may use technology to assess the fraud risk associated with an attempted tr | | w we may use technology to assess the fraud risk associated with an attempted tr |
| ansaction and what information we share with Business Users and Financial Partne | | ansaction and what information we share with Business Users and Financial Partne |
| rs here and here. | | rs here and here. |
| n | Advertising. Where permitted by applicable law, we may use your Personal Data, i | n | Advertising. Where permitted by applicable law, we may use your Personal Data, i |
| ncluding Transaction Data, to assess your eligibility for, and offer you, other | | ncluding Transaction Data, to assess your eligibility for, and offer you, other |
| End User Services or to promote existing End User Services, including through co | | End User Services or promote existing End User Services, including through co-ma |
| -marketing with partners such as Stripe Business Users. Learn more. Subject to a | | rketing with partners such as Stripe Business Users. Learn more. Subject to appl |
| pplicable law, including any consent requirements, we use and share End User Per | | icable law, including any consent requirements, we use and share End User Person |
| sonal Data with third party partners to allow us to advertise our End User Servi | | al Data with third party partners to allow us to advertise our End User Services |
| ces to you, including through interest-based advertising, and to track the effic | | to you, including through interest-based advertising, and to track the efficacy |
| acy of such ads. We do not transfer your Personal Data to third parties in excha | | of such ads. We do not transfer your Personal Data to third parties in exchange |
| nge for payment, but we may provide your data to third-party partners, such as a | | for payment, but we may provide your data to third-party partners, such as adve |
| dvertising partners, analytics providers, and social networks, who assist us in | | rtising partners, analytics providers, and social networks, who assist us in adv |
| advertising our Services to you. Learn more. | | ertising our Services to you. Learn more. |
| More. For further information about ways we may use and share End Users' Persona | | More. For further information about ways we may use and share End Users' Persona |
| l Data, please see the More ways we collect, use, and share Personal Data sectio | | l Data, please see the More ways we collect, use, and share Personal Data sectio |
| n below. | | n below. |
| 1.2 End Customers | | 1.2 End Customers |
| Stripe provides various Business Services to our Business Users, which include p | | Stripe provides various Business Services to our Business Users, which include p |
| rocessing in-person or online payments or payouts for those Business Users. When | | rocessing in-person or online payments or payouts for those Business Users. When |
| acting as a service provider—also referred to as a Data Processor—for a Busines | | acting as a service provider—also referred to as a Data Processor—for a Busines |
| s User, we process End Customer Personal Data in accordance with our agreement w | | s User, we process End Customer Personal Data in accordance with our agreement w |
| ith the Business User and the Business User's lawful instructions. This happens, | | ith the Business User and the Business User's lawful instructions. This happens, |
| for example, when we process a payment for a Business User because you purchase | | for example, when we process a payment for a Business User because you purchase |
| d a product from them, or when the Business User asks us to send you funds. | | d a product from them, or when the Business User asks us to send you funds. |
| Business Users are responsible for ensuring that the privacy rights of their End | | Business Users are responsible for ensuring that the privacy rights of their End |
| Customers are respected, including obtaining appropriate consents and making di | | Customers are respected, including obtaining appropriate consents and making di |
| sclosures about their own data collection and use associated with their products | | sclosures about their own data collection and use associated with their products |
| and services. If you're an End Customer, please refer to the privacy policy of | | and services. If you're an End Customer, please refer to the privacy policy of |
| the Business User you're doing business with for its privacy practices, choices, | | the Business User you're doing business with for its privacy practices, choices, |
| and controls. | | and controls. |
| We provide more comprehensive information about our collection, use, and sharing | | We provide more comprehensive information about our collection, use, and sharing |
| of End Customer Personal Data in our Privacy Center, including the legal bases | | of End Customer Personal Data in our Privacy Center, including the legal bases |
| we rely on for processing your Personal Data. | | we rely on for processing your Personal Data. |
| a. Personal Data we collect about End Customers | | a. Personal Data we collect about End Customers |
| n | Transaction Data. If you're an End Customer making payments to, receiving refund | n | Transaction Data. If you're an End Customer making payments to, receiving refund |
| s or payments from, or initiating a purchase, donation or otherwise transacting | | s or payments from, initiating a purchase or donation, or otherwise transacting |
| with our Business User, whether in-person or online, we receive your Transaction | | with our Business User, whether in-person or online, we receive your Transaction |
| Data. We may also receive your transaction history with the Business User. Lear | | Data. We may also receive your transaction history with the Business User. Lear |
| n More. Additionally, we may collect information entered into a checkout form ev | | n More. Additionally, we may collect information entered into a checkout form ev |
| en if you opt not to complete the form or transaction with the Business User. Le | | en if you opt not to complete the form or transaction with the Business User. Le |
| arn More. A Business User who uses Stripe’s Terminal Service to provide its good | | arn More. A Business User who uses Stripe’s Terminal Service to provide its good |
| s or services to End Customers may use the Terminal Service to collect End Custo | | s or services to End Customers may use the Terminal Service to collect End Custo |
| mer Personal Data (like your name, email, phone number, address, signature, or a | | mer Personal Data (like your name, email, phone number, address, signature, or a |
| ge) in accordance with its own privacy policy. | | ge) in accordance with its own privacy policy. |
| Identity/Verification Information. Stripe provides a verification and fraud prev | | Identity/Verification Information. Stripe provides a verification and fraud prev |
| ention Service that our Business Users can use to verify Personal Data about you | | ention Service that our Business Users can use to verify Personal Data about you |
| , such as your authorization to use a particular payment method. During the proc | | , such as your authorization to use a particular payment method. During the proc |
| ess, you’d be asked to share with us certain Personal Data (like your government | | ess, you’d be asked to share with us certain Personal Data (like your government |
| ID and selfie for biometric verification, Personal Data you input, or Personal | | ID and selfie for biometric verification, Personal Data you input, or Personal |
| Data that is apparent from the physical payment method, like a credit card image | | Data that is apparent from the physical payment method like a credit card image) |
| ). To protect against fraud and determine if somebody is trying to impersonate y | | . To protect against fraud and determine if somebody is trying to impersonate yo |
| ou, we may cross-verify this data with information about you that we've collecte | | u, we may cross-verify this data with information about you that we've collected |
| d from Business Users, Financial Partners, business affiliates, identity verific | | from Business Users, Financial Partners, business affiliates, identity verifica |
| ation services, publicly available sources, and other third-party service provid | | tion services, publicly available sources, and other third party service provide |
| ers and sources. Learn More. | | rs and sources. Learn More. |
| End Customer Credit Card Services. Stripe offers services to enable our Business | | |
| Users, on behalf of an Issuing Bank, to provide credit cards to consumers. If y | | |
| ou apply for a credit card for your personal, family, or household purposes thro | | |
| ugh one of our Business Users using Stripe’s Issuing service, Stripe will collec | | |
| t your Personal Data, including your name, address, email address, and identity | | |
| documents, tax ID, and self-reported income. We may also obtain credit reports a | | |
| bout you from credit bureaus to determine your eligibility. When you use a credi | | |
| t card issued through Stripe’s Issuing service, Stripe will also collect Transac | | |
| tion Data associated with your transactions. | | |
| More. For further information about other types of Personal Data that we may col | | More. For further information about other types of Personal Data that we may col |
| lect about End Customers, including about your online activity, please see the M | | lect about End Customers, including about your online activity, please see the M |
| ore ways we collect, use, and share Personal Data section below. | | ore ways we collect, use, and share Personal Data section below. |
| b. How we use and share Personal Data of End Customers | | b. How we use and share Personal Data of End Customers |
| n | To provide our Business Services to our Business Users, we use and share End Cus | n | To provide our Business Services to our Business Users, we use and share End Cus |
| tomers' Personal Data with them. Where allowed, we also use End Customers' Perso | | tomers' Personal Data with them. Where allowed, we also use End Customers' Perso |
| nal Data for Stripe’s own purposes such as enhancing security; offering, persona | | nal Data for Stripe’s own purposes such as enhancing security, improving and off |
| lizing, and improving our Business Services; and preventing fraud, loss, and oth | | ering our Business Services, and preventing fraud, loss, and other damages, as d |
| er damages, as described further below. | | escribed further below. |
| Payment processing and accounting. We use your Transaction Data to deliver Payme | | Payment processing and accounting. We use your Transaction Data to deliver Payme |
| nt-related Business Services to Business Users — including online payment transa | | nt-related Business Services to Business Users — including online payment transa |
| ctions processing, sales tax calculation, and invoice, bill, and dispute handlin | | ctions processing, sales tax calculation, and invoice, bill, and dispute handlin |
| g — and to help them determine their revenue, settle their bills, and execute ac | | g — and to help them determine their revenue, settle their bills, and execute ac |
| counting tasks. Learn More. We may also use your Personal Data to provide and im | | counting tasks. Learn More. We may also use your Personal Data to provide and im |
| prove our Business Services. | | prove our Business Services. |
| n | During payment transactions, your Personal Data is shared with various entities | n | During payment transactions, your Personal Data is shared with various entities |
| in connection with your transaction. As a service provider or data processor, we | | in connection with your transaction. As a service provider or data processor, we |
| share Personal Data to enable transactions as directed by Business Users. For i | | share Personal Data to enable transactions as directed by Business Users. For i |
| nstance, when you choose a payment method for your transaction, we may share you | | nstance, when you choose a payment method for your transaction, we may share you |
| r Transaction Data with your bank, other payment method provider, or payment pro | | r Transaction Data with your bank or other payment method provider, including as |
| cessor(s), including as necessary to authenticate you (Learn More), process your | | necessary to authenticate you, Learn More, process your transaction, prevent fr |
| transaction, prevent fraud, and handle disputes. The Business User you choose t | | aud, and handle disputes. The Business User you choose to do business with also |
| o do business with also receives Transaction Data and might share the data with | | receives Transaction Data and might share the data with others. Please review yo |
| others. Please review your merchant’s, bank’s, and payment method provider’s pri | | ur merchant’s, bank’s, and payment method provider’s privacy policies for more i |
| vacy policies for more information about how they use and share your Personal Da | | nformation about how they use and share your Personal Data. |
| ta. | | |
| Financial services. Certain Business Users leverage our Services to offer financ | | Financial services. Certain Business Users leverage our Services to offer financ |
| ial services to you via Stripe or our Financial Partners. For example, a Busines | | ial services to you via Stripe or our Financial Partners. For example, a Busines |
| s User may issue a card product with which you can purchase goods and services. | | s User may issue a card product with which you can purchase goods and services. |
| Such cards could carry the brand of Stripe, the bank partner, and/or the Busines | | Such cards could carry the brand of Stripe, the bank partner, and/or the Busines |
| s User. In addition to any Transaction Data we may generate or receive when thes | | s User. In addition to any Transaction Data we may generate or receive when thes |
| e cards are used for purchases, we also collect and use your Personal Data to pr | | e cards are used for purchases, we also collect and use your Personal Data to pr |
| ovide and manage these products, including assisting our Business Users in preve | | ovide and manage these products, including assisting our Business Users in preve |
| nting misuse of the cards. Please review the privacy policies of the Business Us | | nting misuse of the cards. Please review the privacy policies of the Business Us |
| er and, if applicable, our bank partners associated with the financial service ( | | er and, if applicable, our bank partners associated with the financial service ( |
| the brands of which may be shown on the card) for more information. | | the brands of which may be shown on the card) for more information. |
| Identity/Verification services. We use Personal Data about your identity to perf | | Identity/Verification services. We use Personal Data about your identity to perf |
| orm verification services for Stripe or for the Business Users that you are tran | | orm verification services for Stripe or for the Business Users that you are tran |
| sacting with, to prevent fraud, and to enhance security. For these purposes we m | | sacting with, to prevent fraud, and to enhance security. For these purposes we m |
| ay use Personal Data you provide directly or Personal Data we obtain from our se | | ay use Personal Data you provide directly or Personal Data we obtain from our se |
| rvice providers, including for phone verification. Learn More. If you provide a | | rvice providers, including for phone verification. Learn More. If you provide a |
| selfie along with an image of your identity document, we may employ biometric te | | selfie along with an image of your identity document, we may employ biometric te |
| chnology to compare and calculate whether they match and verify your identity. L | | chnology to compare and calculate whether they match and verify your identity. L |
| earn More. | | earn More. |
| n | Fraud detection and loss prevention. We use your Personal Data collected across | n | Fraud detection and loss prevention. We use your Personal Data collected across |
| our Services to detect and prevent losses for you, us, our Business Users, and F | | our Services to detect and prevent losses for you, us, our Business Users, and F |
| inancial Partners. We may provide Business Users and Financial Partners, includi | | inancial Partners. We may provide Business Users and Financial Partners, includi |
| ng those using our fraud prevention-related Business Services, with your Persona | | ng those using our fraud prevention-related Business Services, with your Persona |
| l Data (including your attempted transactions) to help them assess the fraud or | | l Data (including your attempted transactions) to help them assess the fraud or |
| loss risk. Learn more about how we may use technology to assess the fraud risk a | | loss risk associated with a transaction. Learn more about how we may use technol |
| ssociated with an attempted transaction and what information we share with Busin | | ogy to assess the fraud risk associated with an attempted transaction and what i |
| ess Users and Financial Partners here and here. | | nformation we share with Business Users and Financial Partners here and here. |
| Our Business Users (and their authorized third parties). We share End Customers' | | Our Business Users (and their authorized third parties). We share End Customers' |
| Personal Data with their respective Business Users and parties directly authori | | Personal Data with their respective Business Users and parties directly authori |
| zed by those Business Users to receive such data. Here are common examples of su | | zed by those Business Users to receive such data. Here are common examples of su |
| ch sharing: | | ch sharing: |
| When a Business User instructs Stripe to provide another Business User with acce | | When a Business User instructs Stripe to provide another Business User with acce |
| ss to its Stripe account, including data related to its End Customers, via Strip | | ss to its Stripe account, including data related to its End Customers, via Strip |
| e Connect. | | e Connect. |
| Sharing information that you have provided to us with a Business User so that we | | Sharing information that you have provided to us with a Business User so that we |
| can send payments to you on behalf of that Business User. | | can send payments to you on behalf of that Business User. |
| Sharing information, documents, or images provided by an End Customer with a Bus | | Sharing information, documents, or images provided by an End Customer with a Bus |
| iness User when the latter uses Stripe Identity, our identity verification Servi | | iness User when the latter uses Stripe Identity, our identity verification Servi |
| ce, to verify the identity of the End Customer. | | ce, to verify the identity of the End Customer. |
| n | The Business Users you choose to do business with may further share your Persona | n | The Business Users you choose to do business with may further share your Persona |
| l Data with third parties (like additional third-party service providers other t | | l Data with third parties (like additional third party service providers other t |
| han Stripe). Please review the Business User’s privacy policy for more informati | | han Stripe). Please review the Business User’s privacy policy for more informati |
| on about how they collect, use, process, and handle your Personal Data. | | on. |
| Advertising by Business Users. If you initiate a purchasing process with a Busin | | Advertising by Business Users. If you initiate a purchasing process with a Busin |
| ess User, the Business User receives your Personal Data from us in connection wi | | ess User, the Business User receives your Personal Data from us in connection wi |
| th our provision of Services even if you don't finish your purchase. The Busines | | th our provision of Services even if you don't finish your purchase. The Busines |
| s User may use your Personal Data to market and advertise their products or serv | | s User may use your Personal Data to market and advertise their products or serv |
| ices, subject to the terms of their privacy policy. Please review the Business U | | ices, subject to the terms of their privacy policy. Please review the Business U |
| ser’s privacy policy for more information, including your rights to stop their u | | ser’s privacy policy for more information, including your rights to stop their u |
| se of your Personal Data for marketing purposes. | | se of your Personal Data for marketing purposes. |
| n | More. For further information about additional ways in which we may use and shar | n | More. For further information about additional ways by which we may use and shar |
| e End Customers' Personal Data, please see the More ways we collect, use, and sh | | e End Customers' Personal Data, please see the More ways we collect, use, and sh |
| are Personal Data section below. | | are Personal Data section below. |
| 1.3 Representatives | | 1.3 Representatives |
| We collect, use, and share Personal Data from Representatives of Business Users | | We collect, use, and share Personal Data from Representatives of Business Users |
| (for example, business owners) to provide our Business Services. For more inform | | (for example, business owners) to provide our Business Services. For more inform |
| ation about how we collect, use, and share Personal Data from Representatives, a | | ation about how we collect, use, and share Personal Data from Representatives, a |
| s well as the legal bases we rely on for processing such Personal Data, please v | | s well as the legal bases we rely on for processing such Personal Data, please v |
| isit our Privacy Center. | | isit our Privacy Center. |
| a. Personal Data we collect about Representatives | | a. Personal Data we collect about Representatives |
| Registration and contact information. When you register for a Stripe account for | | Registration and contact information. When you register for a Stripe account for |
| a Business User (including incorporation of a Business), we collect your name a | | a Business User (including incorporation of a Business), we collect your name a |
| nd login credentials. If you register for or attend an event organized by Stripe | | nd login credentials. If you register for or attend an event organized by Stripe |
| or sign up to receive Stripe communications, we collect your registration and p | | or sign up to receive Stripe communications, we collect your registration and p |
| rofile data. As a Representative, we may collect your Personal Data from third p | | rofile data. As a Representative, we may collect your Personal Data from third p |
| arties, including data providers, to advertise, market, and communicate with you | | arties, including data providers, to advertise, market, and communicate with you |
| as detailed further in the More ways we collect, use, and share Personal Data s | | as detailed further in the More ways we collect, use, and share Personal Data s |
| ection below. We may also link a location with you to tailor the Services or inf | | ection below. We may also link a location with you to tailor the Services or inf |
| ormation effectively to your needs. Learn More. | | ormation effectively to your needs. Learn More. |
| n | Identification Information. As a current or potential Business User, an owner of | n | Identification Information. As a current or potential Business User, an owner of |
| a Business User, or a shareholder, officer, or director of a Business User, we | | a Business User, or a shareholder, officer, or director of a Business User, we |
| need your contact details, such as name, postal address, telephone number, and e | | need your contact details, such as name, postal address, telephone number, and e |
| mail address, to fulfill our Financial Partner and regulatory requirements, veri | | mail address, to fulfill our Financial Partner and regulatory requirements, veri |
| fy your identity, and prevent fraudulent activities and harm to the Stripe platf | | fy your identity, and prevent fraudulent activities and harm to the Stripe platf |
| orm. We collect your Personal Data, such as ownership interest in the Business U | | orm. We collect your Personal Data, such as ownership interest in the Business U |
| ser, date of birth, government-issued identity documents, and associated identif | | ser, date of birth, government-issued identity documents, and associated identif |
| iers, as well as any history of fraud or misuse, directly from you and/or from p | | iers, as well as any history of fraud or misuse, directly from you and/or from p |
| ublicly available sources, third parties such as credit bureaus and via the Serv | | ublicly available sources, third parties such as credit bureaus and via the Serv |
| ices we provide. Learn More. You may also provide us with bank account informati | | ices we provide. Learn More. You may also choose to provide us with bank account |
| on. | | information. |
| More. For further information about other types of Personal Data that we may col | | More. For further information about other types of Personal Data that we may col |
| lect about Representatives, including your online activity, please see the More | | lect about Representatives, including your online activity, please see the More |
| ways we collect, use, and share Personal Data section below. | | ways we collect, use, and share Personal Data section below. |
| b. How we use and share Personal Data of Representatives | | b. How we use and share Personal Data of Representatives |
| We typically use the Personal Data of Representatives to provide the Business Se | | We typically use the Personal Data of Representatives to provide the Business Se |
| rvices to the corresponding Business Users. The ways we use and share this data | | rvices to the corresponding Business Users. The ways we use and share this data |
| are further described below. | | are further described below. |
| Business Services. We use and share Representatives’ Personal Data with Business | | Business Services. We use and share Representatives’ Personal Data with Business |
| Users to provide the Services requested by you or the Business User you represe | | Users to provide the Services requested by you or the Business User you represe |
| nt. | | nt. |
| n | In some instances, we may have to submit your Personal Data to a government enti | n | In some instances, we may have to submit your Personal Data to a government enti |
| ty to provide our Business Services, for purposes such as the incorporation of a | | ty to provide our Business Services, for purposes such as the incorporation of a |
| business, or calculating and paying applicable sales tax. For our tax-related B | | business, or calculating and paying applicable sales tax. For our tax-related B |
| usiness Services, we may use and share with authorized third parties your Person | | usiness Services, we may use your Personal Data to prepare tax documents and fil |
| al Data to prepare tax documents, register for taxes, and file taxes on behalf o | | e taxes on behalf of the Business User you represent. For our Atlas business inc |
| f the Business User you represent. For our Atlas business incorporation Services | | orporation Services, we may use your Personal Data to submit forms to the IRS on |
| , we may use your Personal Data to submit forms to the IRS on your behalf and fi | | your behalf and file documents with other government authorities, such as artic |
| le documents with other government authorities, such as articles of incorporatio | | les of incorporation in your state of incorporation. |
| n in your state of incorporation. We may also use and share your Personal Data t | | |
| o determine the eligibility of the Business User you represent for certain Strip | | |
| e services. | | |
| We share Representatives’ Personal Data with parties authorized by the correspon | | We share Representatives’ Personal Data with parties authorized by the correspon |
| ding Business User, such as Financial Partners servicing a financial product, or | | ding Business User, such as Financial Partners servicing a financial product, or |
| third party apps or services the Business User chooses to use alongside our Bus | | third party apps or services the Business User chooses to use alongside our Bus |
| iness Services. Here are common examples of such sharing: | | iness Services. Here are common examples of such sharing: |
| Payment method providers, like Visa or WeChat Pay, require information about Bus | | Payment method providers, like Visa or WeChat Pay, require information about Bus |
| iness Users and their Representatives who accept their payment methods. This inf | | iness Users and their Representatives who accept their payment methods. This inf |
| ormation is typically required during the onboarding process or for processing t | | ormation is typically required during the onboarding process or for processing t |
| ransactions and handling disputes for these Business Users. Learn More. | | ransactions and handling disputes for these Business Users. Learn More. |
| A Business User may authorize Stripe to share your Personal Data with other Busi | | A Business User may authorize Stripe to share your Personal Data with other Busi |
| ness Users to facilitate the provision of Services through Stripe Connect. | | ness Users to facilitate the provision of Services through Stripe Connect. |
| The use of Personal Data by a third party authorized by a Business User is subje | | The use of Personal Data by a third party authorized by a Business User is subje |
| ct to the third party’s privacy policy. | | ct to the third party’s privacy policy. |
| If you are a Business User who has chosen a name that includes Personal Data (fo | | If you are a Business User who has chosen a name that includes Personal Data (fo |
| r example, a sole proprietorship or family name in a company name), we will use | | r example, a sole proprietorship or family name in a company name), we will use |
| and share such information for the provision of our Services in the same way we | | and share such information for the provision of our Services in the same way we |
| do with any company name. This may include, for example, displaying it on receip | | do with any company name. This may include, for example, displaying it on receip |
| ts and other transaction-identifying descriptions. | | ts and other transaction-identifying descriptions. |
| n | Fraud detection and loss prevention. We use Representatives’ Personal Data to id | n | Fraud detection and loss prevention. We use Representatives’ Personal Data to id |
| entify and manage risks that our Business Services might be used for fraudulent | | entify and manage risks that our Business Services might be used for fraudulent |
| activities causing losses to Stripe, End Users, End Customers, Business Users, F | | activities causing losses to Stripe, End Users, End Customers, Business Users, F |
| inancial Partners, and others. We also use information about you obtained from p | | inancial Partners, and others. We also use information about you obtained from p |
| ublicly available sources, third parties like credit bureaus and from our Servic | | ublicly available sources, third parties like credit bureaus and from our Servic |
| es to address such risks, including to identify patterns of misuse and monitor f | | es to address such risks, including to identify patterns of misuse and monitor f |
| or terms of service violations. Stripe may share Representatives' Personal Data | | or terms of service violations. Stripe may share Representatives' Personal Data |
| with Business Users, our Financial Partners, and third party service providers, | | with Business Users, our Financial Partners, and third party service providers, |
| including phone verification providers, Learn More, to verify the information pr | | including phone verification providers, Learn More, to verify the information pr |
| ovided by you and identify risk indicators on a recurring basis. Learn More. We | | ovided by you and identify risk indicators. Learn More. We also use and share Re |
| also use and share Representatives' Personal Data to conduct due diligence, incl | | presentatives' Personal Data to conduct due diligence, including conducting anti |
| uding conducting anti-money laundering and sanctions screening in accordance wit | | -money laundering and sanctions screening in accordance with applicable law. |
| h applicable law. | | |
| Advertising. Where permitted by applicable law, and where required with your con | | Advertising. Where permitted by applicable law, and where required with your con |
| sent, we use and share Representatives’ Personal Data with third parties, includ | | sent, we use and share Representatives’ Personal Data with third parties, includ |
| ing Partners, so we can advertise and market our Services and Partner integratio | | ing Partners, so we can advertise and market our Services and Partner integratio |
| ns. Subject to applicable law, including any consent requirements, we may advert | | ns. Subject to applicable law, including any consent requirements, we may advert |
| ise through interest-based advertising and track the efficacy of such ads. See o | | ise through interest-based advertising and track the efficacy of such ads. See o |
| ur Cookie Policy. We do not transfer your Personal Data to third parties in exch | | ur Cookie Policy. We do not transfer your Personal Data to third parties in exch |
| ange for payment. However, we may provide your data to third party partners, lik | | ange for payment. However, we may provide your data to third party partners, lik |
| e advertising partners, analytics providers, and social networks, who assist us | | e advertising partners, analytics providers, and social networks, who assist us |
| in advertising our Services. Learn more. We may also use your Personal Data, inc | | in advertising our Services. Learn more. We may also use your Personal Data, inc |
| luding your Stripe account activity, to evaluate your eligibility for and offer | | luding your Stripe account activity, to evaluate your eligibility for and offer |
| you Business Services or promote existing Business Services. Learn more. | | you Business Services or promote existing Business Services. Learn more. |
| More. For further information about additional ways by which we may use and shar | | More. For further information about additional ways by which we may use and shar |
| e Representatives’ Personal Data, please see the More ways we collect, use, and | | e Representatives’ Personal Data, please see the More ways we collect, use, and |
| share Personal Data section below. | | share Personal Data section below. |
| 1.4 Visitors | | 1.4 Visitors |
| We collect, use, and share the Personal Data of Visitors. More details about how | | We collect, use, and share the Personal Data of Visitors. More details about how |
| we collect, use, and share Visitors’ Personal Data, along with the legal bases | | we collect, use, and share Visitors’ Personal Data, along with the legal bases |
| we rely on for processing such Personal Data, can be found in our Privacy Center | | we rely on for processing such Personal Data, can be found in our Privacy Center |
| . | | . |
| a. Personal Data we collect about Visitors | | a. Personal Data we collect about Visitors |
| When you browse our Sites, we receive your Personal Data, either provided direct | | When you browse our Sites, we receive your Personal Data, either provided direct |
| ly by you or collected through our use of cookies and similar technologies. See | | ly by you or collected through our use of cookies and similar technologies. See |
| our Cookie Policy for more information. If you opt to complete a form on the Sit | | our Cookie Policy for more information. If you opt to complete a form on the Sit |
| e or third party websites where our advertisements are displayed (like LinkedIn | | e or third party websites where our advertisements are displayed (like LinkedIn |
| or Facebook), we collect the information you included in the form. This may incl | | or Facebook), we collect the information you included in the form. This may incl |
| ude your contact information and other information pertaining to your questions | | ude your contact information and other information pertaining to your questions |
| about our Services. We may also associate a location with your visit. Learn More | | about our Services. We may also associate a location with your visit. Learn More |
| . | | . |
| n | When you visit our offices or other Stripe premises or attend Stripe events, we | n | |
| may collect registration information (including access requirements) and photo a | | |
| nd audio-visual data captured on CCTV or other video systems. | | |
| More. Further details about other types of Personal Data that we may collect fro | | More. Further details about other types of Personal Data that we may collect fro |
| m Visitors, including your online activity, can be found in the More ways we col | | m Visitors, including your online activity, can be found in the More ways we col |
| lect, use, and share Personal Data section below. | | lect, use, and share Personal Data section below. |
| b. How we use and share Personal Data of Visitors | | b. How we use and share Personal Data of Visitors |
| Personalization. We use the data we collect about you using cookies and similar | | Personalization. We use the data we collect about you using cookies and similar |
| technologies to measure engagement with the content on the Sites, improve releva | | technologies to measure engagement with the content on the Sites, improve releva |
| ncy and navigation, customize your experience (such as language preference and r | | ncy and navigation, customize your experience (such as language preference and r |
| egion-specific content), and curate content about Stripe and our Services that's | | egion-specific content), and curate content about Stripe and our Services that's |
| tailored to you. For instance, as not all of our Services are available globall | | tailored to you. For instance, as not all of our Services are available globall |
| y, we may customize our responses based on your region. | | y, we may customize our responses based on your region. |
| In addition to the ways described above, we also process your Personal Data as f | | In addition to the ways described above, we also process your Personal Data as f |
| ollows: | | ollows: |
| a. Collection of Personal Data | | a. Collection of Personal Data |
| Online Activity. Depending on the Service used and how our Business Services are | | Online Activity. Depending on the Service used and how our Business Services are |
| implemented by the Business Users, we may collect information related to: | | implemented by the Business Users, we may collect information related to: |
| n | The devices and browsers you use across our Sites and third-party websites, apps | n | The devices and browsers you use across our Sites and third party websites, apps |
| , and other online services (“Third-Party Sites”). | | , and other online services (“Third Party Sites”). |
| Usage data associated with those devices and browsers and your engagement with o | | Usage data associated with those devices and browsers and your engagement with o |
| ur Services, including data elements like IP address, plug-ins, language prefere | | ur Services, including data elements like IP address, plug-ins, language prefere |
| nce, time spent on Sites and Third-Party Sites, pages visited, links clicked, pa | | nce, time spent on Sites and Third Party Sites, pages visited, links clicked, pa |
| yment methods used, and the pages that led you to our Sites and Third-Party Site | | yment methods used, and the pages that led you to our Sites and Third Party Site |
| s. We also collect activity indicators, such as mouse activity indicators, to he | | s. We also collect activity indicators, such as mouse activity indicators, to he |
| lp us detect fraud. Learn More. See also our Cookie Policy. | | lp us detect fraud. Learn More. See also our Cookie Policy. |
| Communication and Engagement Information. We also collect information you choose | | Communication and Engagement Information. We also collect information you choose |
| to share with us through various channels, such as support tickets, emails, or | | to share with us through various channels, such as support tickets, emails, or |
| social media. If you respond to emails or surveys from Stripe, we collect your e | | social media. If you respond to emails or surveys from Stripe, we collect your e |
| mail address, name, and any other data you opt to include in your email or respo | | mail address, name, and any other data you opt to include in your email or respo |
| nses. If you engage with us over the phone, we collect your phone number and any | | nses. If you engage with us over the phone, we collect your phone number and any |
| other information you might provide during the call. Calls with Stripe or Strip | | other information you might provide during the call. Calls with Stripe or Strip |
| e representatives may be recorded and transcribed. Learn More. Additionally, we | | e representatives may be recorded. Learn More. Additionally, we collect your eng |
| collect your engagement data, like your registration for, attendance at, or view | | agement data, like your registration for, attendance at, or viewing of Stripe ev |
| ing of Stripe events and any other interactions with Stripe personnel. | | ents and any other interactions with Stripe personnel. |
| Forums and Discussion Groups. If our Sites allow posting of content, we collect | | Forums and Discussion Groups. If our Sites allow posting of content, we collect |
| Personal Data that you provide in connection with the post. | | Personal Data that you provide in connection with the post. |
| b. Use of Personal Data. | | b. Use of Personal Data. |
| Besides the use of Personal Data described above, we use Personal Data in the wa | | Besides the use of Personal Data described above, we use Personal Data in the wa |
| ys listed below: | | ys listed below: |
| Analyzing, Improving, and Developing our Services. We collect and process Person | | Analyzing, Improving, and Developing our Services. We collect and process Person |
| al Data throughout our various Services, whether you are an End User, End Custom | | al Data throughout our various Services, whether you are an End User, End Custom |
| er, Representative, or Visitor, to improve our Services, develop new Services, a | | er, Representative, or Visitor, to improve our Services, develop new Services, a |
| nd support our efforts to make our Services more efficient, relevant, and useful | | nd support our efforts to make our Services more efficient, relevant, and useful |
| to you. Learn More. We may use Personal Data to generate aggregate and statisti | | to you. Learn More. We may use Personal Data to generate aggregate and statisti |
| cal information to understand and explain how our Services are used. Examples of | | cal information to understand and explain how our Services are used. Examples of |
| how we use Personal Data to analyze, improve, and develop our products and serv | | how we use Personal Data to analyze, improve, and develop our products and serv |
| ices include: | | ices include: |
| Using analytics on our Sites, including as described in our Cookie Policy, to he | | Using analytics on our Sites, including as described in our Cookie Policy, to he |
| lp us understand your use of our Sites and Services and diagnose technical issue | | lp us understand your use of our Sites and Services and diagnose technical issue |
| s. | | s. |
| n | Training artificial intelligence models to power our Services and protect agains | n | Training artificial intelligence models to power our Services and protect agains |
| t fraud and other harm. Learn More. | | t fraud and other harm. Learn more. |
| Analyzing and drawing inferences from Transaction Data to reduce costs, fraud, a | | Analyzing and drawing inferences from Transaction Data to reduce costs, fraud, a |
| nd disputes and increase authentication and authorization rates for Stripe and o | | nd disputes and increase authentication and authorization rates for Stripe and o |
| ur Business Users. | | ur Business Users. |
| n | Analyzing call recordings and call and chat transcripts for quality assurance, t | n | Communications. We use the contact information we have about you to deliver our |
| raining, and operational purposes. Learn More. | | Services, Learn More, which may involve sending codes via SMS for your authentic |
| | | ation. Learn More. If you are an End User, Representative, or Visitor, we may co |
| | | mmunicate with you using the contact information we have about you to provide in |
| | | formation about our Services and our affiliates’ services, invite you to partici |
| | | pate in our events, surveys, or user research, or otherwise communicate with you |
| | | for marketing purposes, in compliance with applicable law, including any consen |
| | | t or opt-out requirements. For example, when you provide your contact informatio |
| | | n to us or when we collect your business contact details through participation a |
| | | t trade shows or other events, we may use this data to follow up with you regard |
| | | ing an event, provide information requested about our Services, and include you |
| | | in our marketing information campaigns. Where permitted under applicable law, we |
| | | may record our calls with you to provide our Services, comply with our legal ob |
| | | ligations, perform research and quality assurance, and for training purposes. |
| Communications. We use the contact information we have about you to deliver our | | |
| Services, which may involve sending codes via SMS for your authentication. Learn | | |
| More. We do not share mobile data we collect for authentication purposes with t | | |
| hird parties for marketing or promotional purposes. If you are an End User, Repr | | |
| esentative, or Visitor, we may communicate with you using the contact informatio | | |
| n we have about you to provide information about our Services and our affiliates | | |
| ’ services, invite you to participate in our events, surveys, or user research, | | |
| or otherwise communicate with you for marketing purposes, in compliance with app | | |
| licable law, including any consent or opt-out requirements. For example, when yo | | |
| u provide your contact information to us or when we collect your business contac | | |
| t details through participation at trade shows or other events, we may use this | | |
| data to follow up with you regarding an event, provide information requested abo | | |
| ut our Services, and include you in our marketing information campaigns. Where p | | |
| ermitted under applicable law, we may record and transcribe our calls with you t | | |
| o provide our Services, comply with our legal obligations, perform research and | | |
| quality assurance, and for training purposes. Learn More. | | |
| Social Media and Promotions. If you opt to submit Personal Data to engage in an | | Social Media and Promotions. If you opt to submit Personal Data to engage in an |
| offer, program, or promotion, we use the Personal Data you provide to manage the | | offer, program, or promotion, we use the Personal Data you provide to manage the |
| offer, program, or promotion. We also use the Personal Data you provide, along | | offer, program, or promotion. We also use the Personal Data you provide, along |
| with the Personal Data you make available on social media platforms, for marketi | | with the Personal Data you make available on social media platforms, for marketi |
| ng purposes, unless we are not permitted to do so. | | ng purposes, unless we are not permitted to do so. |
| Fraud Prevention and Security. We collect and use Personal Data to help us ident | | Fraud Prevention and Security. We collect and use Personal Data to help us ident |
| ify and manage activities that could be fraudulent or harmful across our Service | | ify and manage activities that could be fraudulent or harmful across our Service |
| s, enable our fraud detection Business Services, and secure our Services and tra | | s, enable our fraud detection Business Services, and secure our Services and tra |
| nsactions against unauthorized access, use, alteration or misappropriation of Pe | | nsactions against unauthorized access, use, alteration or misappropriation of Pe |
| rsonal Data, information, and funds. As part of the fraud prevention, detection, | | rsonal Data, information, and funds. As part of the fraud prevention, detection, |
| security monitoring, and compliance efforts for Stripe and its Business Users, | | security monitoring, and compliance efforts for Stripe and its Business Users, |
| we collect information from publicly available sources, third parties (such as c | | we collect information from publicly available sources, third parties (such as c |
| redit bureaus), and via the Services we offer. In some instances, we may also co | | redit bureaus), and via the Services we offer. In some instances, we may also co |
| llect information about you directly from you, or from our Business Users, Finan | | llect information about you directly from you, or from our Business Users, Finan |
| cial Partners, and other third parties for the same purposes. Furthermore, to pr | | cial Partners, and other third parties for the same purposes. Furthermore, to pr |
| otect our Services, we may receive details such as IP addresses and other identi | | otect our Services, we may receive details such as IP addresses and other identi |
| fying data about potential security threats from third parties. Learn More. Such | | fying data about potential security threats from third parties. Learn More. Such |
| information helps us verify identities, conduct credit checks where lawfully pe | | information helps us verify identities, conduct credit checks where lawfully pe |
| rmitted, and prevent fraud. Additionally, we might use technology to evaluate th | | rmitted, and prevent fraud. Additionally, we might use technology to evaluate th |
| e potential risk of fraud associated with individuals seeking to procure our Bus | | e potential risk of fraud associated with individuals seeking to procure our Bus |
| iness Services or arising from attempted transactions by an End Customer or End | | iness Services or arising from attempted transactions by an End Customer or End |
| User with our Business Users or Financial Partners. | | User with our Business Users or Financial Partners. |
| Compliance with Legal Obligations. We use Personal Data to meet our contractual | | Compliance with Legal Obligations. We use Personal Data to meet our contractual |
| and legal obligations related to anti-money laundering, Know-Your-Customer ("KYC | | and legal obligations related to anti-money laundering, Know-Your-Customer ("KYC |
| ") laws, anti-terrorism activities, safeguarding vulnerable customers, export co | | ") laws, anti-terrorism activities, safeguarding vulnerable customers, export co |
| ntrol, and prohibition of doing business with restricted persons or in certain b | | ntrol, and prohibition of doing business with restricted persons or in certain b |
| usiness fields, among other legal obligations. For example, we may monitor trans | | usiness fields, among other legal obligations. For example, we may monitor trans |
| action patterns and other online signals and use those insights to identify frau | | action patterns and other online signals and use those insights to identify frau |
| d, money laundering, and other harmful activity that could affect Stripe, our Fi | | d, money laundering, and other harmful activity that could affect Stripe, our Fi |
| nancial Partners, End Users, Business Users and others. Learn More. Safety, secu | | nancial Partners, End Users, Business Users and others. Learn More. Safety, secu |
| rity, and compliance for our Services are key priorities for us, and collecting | | rity, and compliance for our Services are key priorities for us, and collecting |
| and using Personal Data is crucial to this effort. | | and using Personal Data is crucial to this effort. |
| The right to object to the processing of your Personal Data if we are processing | | The right to object to the processing of your Personal Data if we are processing |
| your data based on our legitimate interests; unless there are compelling legiti | | your data based on our legitimate interests; unless there are compelling legiti |
| mate grounds or the processing is necessary for legal reasons, we will cease pro | | mate grounds or the processing is necessary for legal reasons, we will cease pro |
| cessing your Personal Data upon receiving your objection (Learn More); | | cessing your Personal Data upon receiving your objection (Learn More); |
| The right not to be discriminated against for exercising these rights; and | | The right not to be discriminated against for exercising these rights; and |
| The right to appeal any decision by Stripe relating to your rights by contacting | | The right to appeal any decision by Stripe relating to your rights by contacting |
| Stripe’s Data Protection Officer (“DPO”) at dpo@stripe.com, and/or relevant reg | | Stripe’s Data Protection Officer (“DPO”) at dpo@stripe.com, and/or relevant reg |
| ulatory agencies. | | ulatory agencies. |
| n | You may have additional rights, depending on applicable law, over your Personal | n | You may have additional rights, depending on applicable law, over your Personal |
| Data. See the Jurisdiction-specific provisions section below. | | Data. For example, see the Jurisdiction-specific provisions section under United |
| | | States below. |
| c. Process for exercising your data protection rights | | c. Process for exercising your data protection rights |
| To exercise your data protection rights related to Personal Data we process as a | | To exercise your data protection rights related to Personal Data we process as a |
| data controller, visit our Privacy Center or contact us as outlined below. For | | data controller, visit our Privacy Center or contact us as outlined below. For |
| Personal Data we process as a data processor, please reach out to the relevant d | | Personal Data we process as a data processor, please reach out to the relevant d |
| ata controller (Business User) to exercise your rights. If you contact us regard | | ata controller (Business User) to exercise your rights. If you contact us regard |
| ing your Personal Data we process as a data processor, we will refer you to the | | ing your Personal Data we process as a data processor, we will refer you to the |
| relevant data controller to the extent we are able to identify them. | | relevant data controller to the extent we are able to identify them. |
| 5. Security and Retention | | 5. Security and Retention |
| We make reasonable efforts to provide a level of security appropriate to the ris | | We make reasonable efforts to provide a level of security appropriate to the ris |
| k associated with the processing of your Personal Data. We maintain organization | | k associated with the processing of your Personal Data. We maintain organization |
| al, technical, and administrative measures designed to protect the Personal Data | | al, technical, and administrative measures designed to protect the Personal Data |
| covered by this Policy from unauthorized access, destruction, loss, alteration, | | covered by this Policy from unauthorized access, destruction, loss, alteration, |
| or misuse. Learn More. Unfortunately, no data transmission or storage system ca | | or misuse. Learn More. Unfortunately, no data transmission or storage system ca |
| n be guaranteed to be 100% secure. | | n be guaranteed to be 100% secure. |
| n | We encourage you to assist us in protecting your Personal Data. If you hold a St | n | We encourage you to assist us in protecting your Personal Data. If you hold a St |
| ripe account, you can do so by using a strong password, safeguarding your passwo | | ripe account, you can do so by using a strong password, safeguarding your passwo |
| rd or API key against unauthorized use, and avoiding using identical login crede | | rd against unauthorized use, and avoiding using identical login credentials you |
| ntials you use for other services or accounts for your Stripe account. If you su | | use for other services or accounts for your Stripe account. If you suspect that |
| spect that your interaction with us is no longer secure (for instance, you belie | | your interaction with us is no longer secure (for instance, you believe that you |
| ve that your Stripe account's security has been compromised), please contact us | | r Stripe account's security has been compromised), please contact us immediately |
| immediately. | | . |
| We retain your Personal Data for as long as we continue to provide the Services | | We retain your Personal Data for as long as we continue to provide the Services |
| to you or our Business Users, or for a period in which we reasonably foresee con | | to you or our Business Users, or for a period in which we reasonably foresee con |
| tinuing to provide the Services. Even after we stop providing Services directly | | tinuing to provide the Services. Even after we stop providing Services directly |
| to you or to a Business User that you're doing business with, and even after you | | to you or to a Business User that you're doing business with, and even after you |
| close your Stripe account or complete a transaction with a Business User, we ma | | close your Stripe account or complete a transaction with a Business User, we ma |
| y continue to retain your Personal Data to: | | y continue to retain your Personal Data to: |
| Comply with our legal and regulatory obligations; | | Comply with our legal and regulatory obligations; |
| Enable fraud monitoring, detection, and prevention activities; and | | Enable fraud monitoring, detection, and prevention activities; and |
| n | Comply with our tax, accounting, and financial reporting obligations, including | n | Comply with our tax, accounting, and financial reporting obligations, including |
| when such retention is required by our contractual agreements with our Financial | | when such retention is required by our contractual agreements with our Financial |
| Partners, and where data retention is mandated by the payment methods you've us | | Partners (and where data retention is mandated by the payment methods you've us |
| ed. | | ed). |
| In cases where we keep your Personal Data, we do so in accordance with any limit | | In cases where we keep your Personal Data, we do so in accordance with any limit |
| ation periods and record retention obligations imposed by applicable law. Learn | | ation periods and record retention obligations imposed by applicable law. Learn |
| More. | | More. |
| 6. International Data Transfers | | 6. International Data Transfers |
| n | As a global business, it's sometimes necessary for us to transfer your Personal | n | As a global business, it's sometimes necessary for us to transfer your Personal |
| Data to countries other than your own, including the United States and India. Th | | Data to countries other than your own, including the United States. These countr |
| ese countries might have data protection regulations that are different from tho | | ies might have data protection regulations that are different from those in your |
| se in your country. When transferring data across borders, we take measures to c | | country. When transferring data across borders, we take measures to comply with |
| omply with applicable data protection laws related to such transfer. In certain | | applicable data protection laws related to such transfer. In certain situations |
| situations, we may be required to disclose Personal Data in response to lawful r | | , we may be required to disclose Personal Data in response to lawful requests fr |
| equests from officials, such as law enforcement or security authorities. Learn M | | om officials, such as law enforcement or security authorities. Learn More. |
| ore. | | |
| If you are located in the European Economic Area (“EEA”), the United Kingdom (”U | | If you are located in the European Economic Area (“EEA”), the United Kingdom ("U |
| K”), or Switzerland, please refer to our Privacy Center for additional details. | | K"), or Switzerland, please refer to our Privacy Center for additional details. |
| When a data transfer mechanism is mandated by applicable law, we employ one or m | | When a data transfer mechanism is mandated by applicable law, we employ one or m |
| ore of the following: | | ore of the following: |
| Transfers to certain countries or recipients that are recognized as having an ad | | Transfers to certain countries or recipients that are recognized as having an ad |
| equate level of protection for Personal Data under applicable law. | | equate level of protection for Personal Data under applicable law. |
| EU Standard Contractual Clauses approved by the European Commission and the UK I | | EU Standard Contractual Clauses approved by the European Commission and the UK I |
| nternational Data Transfer Addendum issued by the Information Commissioner’s Off | | nternational Data Transfer Addendum issued by the Information Commissioner’s Off |
| ice. You can obtain a copy of the relevant Standard Contractual Clauses. Learn M | | ice. You can obtain a copy of the relevant Standard Contractual Clauses. Learn M |
| ore. | | ore. |
| Other lawful methods available to us under applicable law. | | Other lawful methods available to us under applicable law. |
| n | Stripe Inc., now known as Stripe, LLC complies with the EU-U.S. Data Privacy Fra | n | Stripe, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), t |
| mework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. | | he UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as |
| Data Privacy Framework as set forth by the U.S. Department of Commerce and as ap | | set forth by the U.S. Department of Commerce and as applicable. Learn More. |
| plicable. Learn More. | | |
| Stripe’s privacy practices, as described in this Privacy Policy, comply with the | | Stripe’s privacy practices, as described in this Privacy Policy, comply with the |
| Cross Border Privacy Rules System (“CBPR”) and Privacy Rules for Processor (“PR | | Cross Border Privacy Rules System (“CBPR”) and Privacy Rules for Processor (“PR |
| P”) systems. These systems provide a framework for organizations to ensure prote | | P”) systems. These systems provide a framework for organizations to ensure prote |
| ction of personal data transferred among participating economies. Where CBPR and | | ction of personal data transferred among participating economies. Where CBPR and |
| /or PRP are recognized as a valid transfer mechanism under applicable law, Strip | | /or PRP are recognized as a valid transfer mechanism under applicable law, Strip |
| e will transfer Personal Data in accordance with the CBPR and PRP certifications | | e will transfer Personal Data in accordance with the CBPR and PRP certifications |
| Stripe has obtained. More information about the framework can be found here and | | Stripe has obtained. More information about the framework can be found here and |
| here. If you have unresolved privacy or data use concerns that we have not addr | | here. If you have unresolved privacy or data use concerns that we have not addr |
| essed satisfactorily, please contact our U.S. based third-party dispute resoluti | | essed satisfactorily, please contact our U.S. based third-party dispute resoluti |
| on provider (free of charge) at https://feedback-form.truste.com/watchdog/reques | | on provider (free of charge) at https://feedback-form.truste.com/watchdog/reques |
| t. To view the status of our certifications, please click here (CBPR) and here ( | | t. To view the status of our certifications, please click here (CBPR) and here ( |
| PRP). | | PRP). |
| 7. Updates and notifications | | 7. Updates and notifications |
| n | We may change this Policy from time to time to reflect new services or changes i | n | We may change this Policy from time to time to reflect new services, changes in |
| n our privacy practices or relevant laws. The “Last updated” legend at the top o | | our privacy practices or relevant laws. The “Last updated” legend at the top of |
| f this Policy indicates when this Policy was last materially revised. Any change | | this Policy indicates when this Policy was last materially revised. Any changes |
| s are effective the latter of when we post the revised Policy on the Services or | | are effective the latter of when we post the revised Policy on the Services or o |
| otherwise provide notice of the update as required by law. | | therwise provide notice of the update as required by law. |
| We may provide you with disclosures and alerts regarding the Policy or Personal | | We may provide you with disclosures and alerts regarding the Policy or Personal |
| Data collected by posting them on our website and, if you are an End User or Rep | | Data collected by posting them on our website and, if you are an End User or Rep |
| resentative, by contacting you through your Stripe Dashboard, email address and/ | | resentative, by contacting you through your Stripe Dashboard, email address and/ |
| or the physical address listed in your Stripe account. | | or the physical address listed in your Stripe account. |
| 8. Jurisdiction-specific provisions | | 8. Jurisdiction-specific provisions |
| Australia. “Personal Data” includes “personal information” as defined under appl | | Australia. “Personal Data” includes “personal information” as defined under appl |
| icable privacy laws in Australia, including the Privacy Act 1988 (Cth) as amende | | icable privacy laws in Australia, including the Privacy Act 1988 (Cth) as amende |
| d from time to time. | | d from time to time. |
| If we use personal information to make automated decisions that could reasonably | | If we use personal information to make automated decisions that could reasonably |
| be expected to significantly affect your rights or interests, we will provide t | | be expected to significantly affect your rights or interests, we will provide t |
| he legally required information and transparency via our Privacy Center, and/or | | he legally required information and transparency via our Privacy Center, and/or |
| on a case by case basis. | | on a case by case basis. |
| If you are an Australian resident and dissatisfied with our handling of any comp | | If you are an Australian resident and dissatisfied with our handling of any comp |
| laint you raise under this Policy, you may consider contacting the Office of the | | laint you raise under this Policy, you may consider contacting the Office of the |
| Australian Information Commissioner. | | Australian Information Commissioner. |
| n | Brazil. You may exercise your rights by contacting our DPO Adi Gilad at dpo@stri | n | Brazil. You may exercise your rights by contacting our DPO Adi Gilad at dpo@stri |
| pe.com. Brazilian residents, for whom the Lei Geral de Proteção de Dados Pessoai | | pe.com. Brazilian residents, for whom the Lei Geral de Proteção de Dados Pessoai |
| s (“LGPD”) applies, have rights set forth in Article 18 of the LGPD. If the LGPD | | s (“LGPD”) applies, have rights set forth in Article 18 of the LGPD. |
| is applicable to the processing of your Personal Data, you may have the right t | | |
| o: | | |
| Confirm the existence of the data processing; | | |
| Access your Personal Data; | | |
| Correct incomplete, inaccurate or outdated data; | | |
| Anonymize, block, or delete data that is unnecessary, excessive or processed in | | |
| violation of the LGPD; | | |
| Transfer your data to another service or product provider; | | |
| Delete data processed with your consent; | | |
| Obtain information about the public or private entities with which Stripe has sh | | |
| ared your Personal Data; | | |
| Obtain information about how to and the consequences of refusing consent; and | | |
| Withdraw consent. | | |
| Where required, we have put in place appropriate safeguards for the cross-border | | |
| transfer of Personal Data from Brazil, including the Brazilian Standard Contrac | | |
| tual Clauses. | | |
| Canada. As used in this Policy, “applicable law” includes the Federal Personal I | | Canada. As used in this Policy, “applicable law” includes the Federal Personal I |
| nformation Protection and Electronic Documents Act (“PIPEDA”), the Personal Info | | nformation Protection and Electronic Documents Act (“PIPEDA”), the Personal Info |
| rmation Protection Act, SBC 2003 c 63, in British Columbia, the Personal Informa | | rmation Protection Act, SBC 2003 c 63, in British Columbia, the Personal Informa |
| tion Protection Act, SA 2003 c P-6.5, in Alberta, and the Act Respecting the Pro | | tion Protection Act, SA 2003 c P-6.5, in Alberta, and the Act Respecting the Pro |
| tection of Personal Information in the Private Sector, CQLR c P-39-1 (“Quebec Pr | | tection of Personal Information in the Private Sector, CQLR c P-39-1 (“Quebec Pr |
| ivate Sector Act”), in Quebec. Learn more. “Personal Data” includes “personal in | | ivate Sector Act”), in Quebec. Learn more. “Personal Data” includes “personal in |
| formation” as defined under those laws. | | formation” as defined under those laws. |
| n | Stripe’s Global Head of Privacy is the person in charge of personal information, | n | Stripe’s Chief Privacy Officer is the person in charge of personal information, |
| including under the Quebec Private Sector Act. You may contact them via email a | | including under the Quebec Private Sector Act. You may contact them via email at |
| t privacy@stripe.com. When Stripe collects Personal Data belonging to Canadian ( | | privacy@stripe.com. When Stripe collects Personal Data belonging to Canadian (i |
| including Quebec) residents, it transfers that data to data centers in the Unite | | ncluding Quebec) residents, it transfers that data to data centers in the United |
| d States. When Stripe relies on service providers to process Personal Data as de | | States. When Stripe relies on service providers to process Personal Data as des |
| scribed herein, those service providers may also be located outside of Canada or | | cribed herein, those service providers may also be located outside of Canada or |
| Quebec. | | Quebec. |
| You have the right to request access or rectification of the Personal Data Strip | | You have the right to request access or rectification of the Personal Data Strip |
| e holds related to you or to withdraw any consent given to the processing of suc | | e holds related to you or to withdraw any consent given to the processing of suc |
| h personal data. You may exercise those rights by contacting Stripe’s Global Hea | | h personal data. You may exercise those rights by contacting Stripe’s Chief Priv |
| d of Privacy at privacy@stripe.com. If you are an End Customer, you should conta | | acy Officer at privacy@stripe.com. If you are an End Customer, you should contac |
| ct the Business User with which you transacted to exercise your rights. | | t the Business User with which you transacted to exercise your rights. |
| EEA and UK. You may exercise your rights by contacting our DPO at dpo@stripe.com | | EEA and UK. You may exercise your rights by contacting our DPO at dpo@stripe.com |
| . If you are a resident of the EEA or the Stripe entity accountable for your Per | | . If you are a resident of the EEA or the Stripe entity accountable for your Per |
| sonal Data is otherwise subject to the GDPR, and you believe our processing of y | | sonal data is otherwise subject to the GDPR, and you believe our processing of y |
| our information contradicts the GDPR, you may direct your questions or complaint | | our information contradicts the GDPR, you may direct your questions or complaint |
| s to the Irish Data Protection Commission. If you are a resident of the UK, dire | | s to the Irish Data Protection Commission. If you are a resident of the UK, dire |
| ct your questions or concerns to the UK Information Commissioner’s Office. You a | | ct your questions or concerns to the UK Information Commissioner’s Office. You a |
| lso have additional rights under the EU-U.S. DPF and the UK Extension to the EU- | | lso have additional rights under the EU-U.S. DPF and the UK Extension to the EU- |
| U.S. DPF. Learn More. | | U.S. DPF. Learn More. |
| India. In this Policy, “applicable law” includes the Digital Personal Data Prote | | India. In this Policy, “applicable law” includes the Digital Personal Data Prote |
| ction Act (“DPDPA”) once the DPDPA enters into effect, and rules issued thereund | | ction Act (“DPDPA”) once the DPDPA enters into effect. Further, the term “data c |
| er. Further, the term “data controller” includes “data fiduciaries,” and the ter | | ontroller” includes “data fiduciaries,” and the term “data subject” includes “da |
| m “data subject” includes “data principal,” both as defined in the DPDPA. | | ta principal,” both as defined in the DPDPA. |
| Your acceptance of this Policy constitutes a clear affirmative action and signif | | In some cases, and as permitted under the DPDPA, we may rely on “legitimate use” |
| ies your agreement to Stripe’s processing of your Personal Data for the purposes | | as a legal basis. For example, we might do so when you voluntarily provide your |
| outlined in this Privacy Policy. If you do not agree with any part of this Poli | | Personal Data to us. Where we are required to obtain your explicit and informed |
| cy, you should refrain from accessing or using our services. | | consent, we will do so on a case by case basis. “Consent Managers” as defined u |
| | | nder the DPDPA may submit a request to revoke or provide consent using the metho |
| | | ds described in the Contact Us section below, or as set out in the following par |
| | | agraph, or via other means made available by Stripe in the future. We may ask fo |
| | | r proof of authorization and identity before processing such a request. |
| In some cases, and as permitted under the DPDPA, we may rely on “legitimate use” | | |
| as a legal basis as permitted under Section 7 of the DPDPA. For example, we mig | | |
| ht do so for the following: | | |
| When you voluntarily provide your Personal Data to us without indicating that yo | | |
| u do not consent to its use, you will be deemed to have given your consent. | | |
| For fulfilling any obligation under any law for the time being in force in India | | |
| that requires Stripe to disclose information to the state or its instrumentalit | | |
| ies, provided such processing complies with applicable provisions regarding disc | | |
| losure under such law. | | |
| For compliance with any judgment, decree, or order issued under any law in force | | |
| in India or by any court or tribunal in India. | | |
| Where we are required to obtain your explicit and informed consent, we will do s | | |
| o on a case by case basis. “Consent Managers” as defined under the DPDPA may sub | | |
| mit a request to revoke or provide consent using the methods described in the Co | | |
| ntact Us section below, or as set out in the following paragraph, or via other m | | |
| eans made available by Stripe in the future. We may ask for proof of authorizati | | |
| on and identity before processing such a request. | | |
| In addition to other rights set forth in this Policy, you have the right to cont | | |
| act Stripe to obtain a summary of your personal data being processed and the rel | | |
| ated processing activities. | | |
| You have the right to contact Stripe to nominate another individual, who may, in | | You have the right to contact Stripe to nominate another individual, who may, in |
| the event of your death or incapacity, exercise your rights under this Privacy | | the event of your death or incapacity, exercise your rights under this Privacy |
| Policy and under the DPDPA and implementing regulations. | | Policy and under the DPDPA and implementing regulations. |
| n | In certain cases, you may be asked to consent to the collection and processing o | n | In certain cases, you may be asked to consent to the collection and processing o |
| f your Aadhaar number by our third-party verification partner(s), to the extent | | f your Aadhaar number by Stripe India Private Limited and/or its third party ver |
| permitted under applicable law. The purpose of this collection is to facilitate | | ification partner(s). The purpose of this collection is to facilitate the identi |
| the identification verification process as required under applicable laws. Your | | fication verification process as required under applicable laws. Your provision |
| provision of Aadhaar details is purely voluntary, and you may provide other iden | | of Aadhaar details is purely voluntary, and you may provide other identification |
| tification documents as may be accepted by us from time to time. You will not be | | documents as may be accepted by us from time to time. You will not be denied se |
| denied service merely for not submitting Aadhaar details. The collection, use, | | rvice merely for not submitting Aadhaar details. |
| processing and storage of your Aadhaar data will be in accordance with the terms | | |
| and policies of such third-party verification partner(s). | | |
| If you have any questions or complaints regarding the processing of your Persona | | If you have any questions or complaints regarding the processing of your Persona |
| l Data in India, or if you want to receive this Policy or communicate with us ab | | l Data in India, or if you want to receive this Policy or communicate with us ab |
| out privacy in one of India’s official languages, please contact our Nodal and G | | out privacy in one of India’s official languages, please contact our Nodal and G |
| rievance Officer. Learn More. Alternatively, you may contact our DPO at dpo@stri | | rievance Officer. Learn More. Alternatively, you may contact our DPO at dpo@stri |
| pe.com. We will endeavor to address your grievance within a reasonable period of | | pe.com. If we are unable to address your complaint or grievance, you have the ri |
| time and, in any event, as soon as possible from the date of receipt of the com | | ght to escalate the matter to the Data Protection Board of India. |
| plaint. If we are unable to address your complaint or grievance, you have the ri | | |
| ght to escalate the matter to the Data Protection Board of India. | | |
| Stripe may transfer your Personal Data to third parties or service providers loc | | |
| ated outside your jurisdiction. We ensure that any such transfers comply with ap | | |
| plicable laws. Where authorities restrict transfers to certain countries or terr | | |
| itories, we will adhere to those restrictions and take appropriate measures. | | |
| Indonesia. In this Policy, “applicable law” includes Law No. 11 of 2008 as amend | | Indonesia. In this Policy, “applicable law” includes Law No. 11 of 2008 as amend |
| ed by Law No. 19 of 2016 on Electronic Information and Transactions, Government | | ed by Law No. 19 of 2016 on Electronic Information and Transactions, Government |
| Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transa | | Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transa |
| ctions, and Minister of Communication and Informatics Regulation No. 20 of 2016 | | ctions, and Minister of Communication and Informatics Regulation No. 20 of 2016 |
| on Personal Data Protection in Electronic Systems, and from September 2024, Law | | on Personal Data Protection in Electronic Systems, and from September 2024, Law |
| No. 27 of 2022 concerning Personal Data Protection (“PDP Law”). If you have any | | No. 27 of 2022 concerning Personal Data Protection (“PDP Law”). If you have any |
| questions or complaints about this Policy, please contact our DPO at dpo@stripe. | | questions or complaints about this Policy, please contact our DPO at dpo@stripe. |
| com. | | com. |
| Japan. In this Policy, “applicable law” includes the Act on the Protection of Pe | | Japan. In this Policy, “applicable law” includes the Act on the Protection of Pe |
| rsonal Information (“APPI”). When we transfer Personal Data of data subjects in | | rsonal Information (“APPI”). When we transfer Personal Data of data subjects in |
| Japan to jurisdictions not recognized as ‘adequate’ by the Personal Information | | Japan to jurisdictions not recognized as ‘adequate’ by the Personal Information |
| Protection Commission, we enter into written agreements with any third parties l | | Protection Commission, we enter into written agreements with any third parties l |
| ocated outside of Japan. These written agreements provide rights and obligations | | ocated outside of Japan. These written agreements provide rights and obligations |
| equivalent to those provided under the Japanese Act on the Protection of Person | | equivalent to those provided under the Japanese Act on the Protection of Person |
| al Information. For more information on how we ensure that third parties protect | | al Information. For more information on how we ensure that third parties protect |
| your data and where your data is located, please see above or contact us as des | | your data and where your data is located, please see above or contact us as des |
| cribed below. For a description of foreign systems and frameworks that may affec | | cribed below. For a description of foreign systems and frameworks that may affec |
| t the implementation of equivalent measures by the third party, see here. In som | | t the implementation of equivalent measures by the third party, see here. In som |
| e cases, and as permitted under the APPI, we may rely on “public interest” as a | | e cases, and as permitted under the APPI, we may rely on “public interest” as a |
| legal basis, such as fraud detection and loss prevention. | | legal basis, such as fraud detection and loss prevention. |
| n | Malaysia. In this Policy, “applicable law” includes the Malaysian Personal Data | n | Malaysia. If you have any questions or complaints about this Policy, please cont |
| Protection Act 2010 as amended from time to time. If you have any questions or c | | act our DPO at dpo@stripe.com. |
| omplaints about this Policy, please contact our DPO at dpo@stripe.com. | | |
| New Zealand. In this Policy, “applicable law” includes the New Zealand Privacy A | | |
| ct 2020 as amended from time to time. Our processing of biometric data via Strip | | |
| e Identity complies with the Biometric Privacy Processing Code. When you use thi | | |
| s service, we collect and use a photo of your ID and a selfie to verify your ide | | |
| ntity and prevent fraud. This biometric data is retained for one year. If you ha | | |
| ve concerns, you have the right to contact us or the New Zealand Privacy Commiss | | |
| ioner. For more details on what data we collect, our specific purposes for colle | | |
| ction, and alternative verification options, please see our full Privacy Policy, | | |
| our Privacy Center, and Stripe Identity documentation. | | |
| Singapore. In this Policy, “applicable law” includes the Personal Data Protectio | | Singapore. In this Policy, “applicable law” includes the Personal Data Protectio |
| n Act 2012 (“PDPA”) (No. 26 of 2012) as amended from time to time. In some cases | | n Act 2012 (“PDPA”) (No. 26 of 2012) as amended from time to time. In some cases |
| , and as permitted under the PDPA, we may rely on “deemed consent” as a legal ba | | , and as permitted under the PDPA, we may rely on “deemed consent” as a legal ba |
| sis. For example, we do so when you voluntarily provide your personal data to us | | sis. For example, we do so when you voluntarily provide your personal data to us |
| . If you have any questions or complaints about this Policy, please contact our | | . If you have any questions or complaints about this Policy, please contact our |
| DPO at dpo@stripe.com. | | DPO at dpo@stripe.com. |
| Switzerland. In this Policy, “applicable law” includes the Swiss Federal Act on | | Switzerland. In this Policy, “applicable law” includes the Swiss Federal Act on |
| Data Protection (“FADP”), as revised. To exercise your rights under the FADP, pl | | Data Protection (“FADP”), as revised. To exercise your rights under the FADP, pl |
| ease contact our DPO at dpo@stripe.com. You may also have additional rights unde | | ease contact our DPO at dpo@stripe.com. You may also have additional rights unde |
| r the Swiss-U.S. Data Privacy Framework. Learn More. | | r the Swiss-U.S. Data Privacy Framework. Learn More. |
| n | Thailand. In this Policy, “applicable law” includes the Personal Data Protection | n | Thailand. In this Policy, “applicable law” includes the Personal Data Protection |
| Act 2019 (“PDPA”). If we rely on certain legal bases (such as “legal obligation | | Act 2019 (“PDPA”). If we rely on certain legal bases (such as “legal obligation |
| ” or “contractual necessity”) and you do not provide us with your Personal Data, | | ” or “contractual necessity” and you do not provide us with your Personal Data, |
| we may not be able to lawfully provide you services. If you have any questions | | we may not be able to lawfully provide you services. If you have any questions o |
| or complaints about this Policy, please contact our DPO at dpo@stripe.com. Where | | r complaints about this Policy, please contact our DPO at dpo@stripe.com. Where |
| required, we have put in place appropriate safeguards for the cross-border tran | | required, we have put in place appropriate safeguards for the cross-border trans |
| sfer of Personal Data from Thailand, including the EU Standard Contractual Claus | | fer of Personal Data from Thailand, including the EU Standard Contractual Clause |
| es as adapted for Thailand data transfers in accordance with the Notification of | | s as adapted for Thailand data transfers in accordance with the Notification of |
| the Personal Data Protection Committee on Criteria for the Protection of Person | | the Personal Data Protection Committee on Criteria for the Protection of Persona |
| al Data Sent or Transferred to a Foreign Country Pursuant to Section 29 of the P | | l Data Sent or Transferred to a Foreign Country Pursuant to Section 29 of the Pe |
| ersonal Data Protection Act, B.E. 2562 B.E. 2566 (2023). | | rsonal Data Protection Act, B.E. 2562 B.E. 2566 (2023). |
| United States. If you are a consumer located in the United States (“US”), we pro | | United States. If you are a consumer located in the United States (“US”), we pro |
| cess your personal information in accordance with US federal and state privacy l | | cess your personal information in accordance with US federal and state privacy l |
| aws. For additional details, please review the information below and see our add | | aws. For additional details, please review the information below and see our add |
| itional U.S. Privacy Disclosures here. Stripe uses cookies, including advertisin | | itional U.S. Privacy Disclosures here. Stripe uses cookies, including advertisin |
| g cookies, as described in our Cookie Policy. | | g cookies, as described in our Cookie Policy. |
| Your Rights and Choices. As a US consumer and subject to certain limitations und | | Your Rights and Choices. As a US consumer and subject to certain limitations und |
| er US privacy laws, you may have choices regarding our use and disclosure of you | | er US privacy laws, you may have choices regarding our use and disclosure of you |
| r Personal Data. In addition to the above rights, you may also have the rights l | | r Personal Data. In addition to the above rights, you may also have the rights l |
| isted in this section. Please see our Privacy Center to learn more about data su | | isted in this section. Please see our Privacy Center to learn more about data su |
| bject rights metrics and learn more about the laws under which these rights may | | bject rights metrics and learn more about the laws under which these rights may |
| apply. | | apply. |
| Exercising the right to know: You have a right to request additional information | | Exercising the right to know: You have a right to request additional information |
| about the categories of personal information collected, sold, disclosed, or sha | | about the categories of personal information collected, sold, disclosed, or sha |
| red; purposes for which this personal information was collected, sold, or shared | | red; purposes for which this personal information was collected, sold, or shared |
| ; categories of sources of personal information; and categories of third parties | | ; categories of sources of personal information; and categories of third parties |
| with whom we disclosed or shared this personal information. | | with whom we disclosed or shared this personal information. |
| Exercising the right to opt-out from a sale or sharing: We do not transfer your | | Exercising the right to opt-out from a sale or sharing: We do not transfer your |
| personal data to third parties in exchange for payment. However, as noted above, | | personal data to third parties in exchange for payment. However, as noted above, |
| we may provide the data to third party partners, such as advertising partners, | | we may provide the data to third party partners, such as advertising partners, |
| analytics providers, and social networks, who assist us in advertising our produ | | analytics providers, and social networks, who assist us in advertising our produ |
| cts and Services to you. Because these third parties may use the data Stripe pro | | cts and Services to you. Because these third parties may use the data Stripe pro |
| vides for their own purposes, Stripe's provision of data to these parties may be | | vides for their own purposes, Stripe's provision of data to these parties may be |
| considered a data “sale” or “sharing” (for behavioral advertising) as those ter | | considered a data “sale” or “sharing” (for behavioral advertising) as those ter |
| ms are defined under the CCPA and other applicable US privacy laws. You can opt | | ms are defined under the CCPA and other applicable US privacy laws. You can opt |
| out of targeted advertising and any related data “sales” or “sharing” (for behav | | out of targeted advertising and any related data “sales” or “sharing” (for behav |
| ioral advertising) here. | | ioral advertising) here. |
| Exercising the right to limit the use or sharing of Sensitive Personal Informati | | Exercising the right to limit the use or sharing of Sensitive Personal Informati |
| on: We do not sell or share (for behavioral advertising) Sensitive Personal Info | | on: We do not sell or share (for behavioral advertising) Sensitive Personal Info |
| rmation as defined by US privacy laws and have not done so in the past 12 months | | rmation as defined by US privacy laws and have not done so in the past 12 months |
| . Learn more about our collection and use of Sensitive Personal Information over | | . Learn more about our collection and use of Sensitive Personal Information over |
| the last 12 months here. | | the last 12 months here. |
| n | Profiling with legal or similarly significant effects: In the event that we enga | n | Profiling with legal or similarly significant effects: In the event that we enga |
| ge in profiling or automated decision making for which applicable law entitles y | | ge in profiling or automated decision making for which applicable law entitles y |
| ou to an opt out, we will provide you with notice of how to exercise that opt-ou | | ou to an opt out we will provide you with notice of how to exercise that opt-out |
| t right. | | right. |
| Appeal: If you wish to appeal any of our decisions regarding a rights request un | | Appeal: If you wish to appeal any of our decisions regarding a rights request un |
| der US privacy laws, you may do so by contacting Stripe’s Data Protection Office | | der US privacy laws, you may do so by contacting Stripe’s Data Protection Office |
| r (“DPO”) at dpo@stripe.com. | | r (“DPO”) at dpo@stripe.com. |
| To submit a request to exercise any of the rights described above, please contac | | To submit a request to exercise any of the rights described above, please contac |
| t us using the methods described in the Contact Us section below. Please note th | | t us using the methods described in the Contact Us section below. Please note th |
| at rights under some U.S. state laws do not apply to Personal Data we collect, p | | at rights under some U.S. state laws do not apply to Personal Data we collect, p |
| rocess, and disclose when you act as a consumer to obtain financial products or | | rocess, and disclose when you act as a consumer to obtain financial products or |
| services from Stripe for personal, family, or household purposes. The federal Gr | | services from Stripe for personal, family, or household purposes. The federal Gr |
| amm-Leach Bliley Act may govern how Stripe shares and protects that data instead | | amm-Leach Bliley Act may govern how Stripe shares and protects that data instead |
| . See our US Consumer Privacy Notice below for more information. | | . See our US Consumer Privacy Notice below for more information. |
| We will verify your request by asking you to send it from the email address asso | | We will verify your request by asking you to send it from the email address asso |
| ciated with your account or requiring you to provide information necessary to ve | | ciated with your account or requiring you to provide information necessary to ve |
| rify your identity, including name, address, transaction history, photo identifi | | rify your identity, including name, address, transaction history, photo identifi |
| cation, and other information associated with your account. | | cation, and other information associated with your account. |