California residents have a specific set of privacy rights under state law, including the ability to see, delete, correct, and limit the use of their personal data, and can opt out of Adyen selling or sharing their data.
This analysis describes what Adyen's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
California's CPRA provides among the strongest US consumer privacy rights, and Adyen's explicit acknowledgment of these rights means California residents have actionable tools to control their data that other US residents may not have under federal law.
If you are a California resident, you can use Adyen's privacy request form or email privacy@adyen.com to exercise rights including data access, deletion, correction, and opting out of data sale or sharing, which are enforceable rights under California law.
Cross-platform context
See how other platforms handle California Consumer Rights (CCPA/CPRA) and similar clauses.
Compare across platforms →Monitoring
Adyen has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are a California resident, you have the right to know what personal information we collect about you, the right to delete personal information we have collected from you, the right to opt-out of the sale or sharing of your personal information, the right to correct inaccurate personal information, and the right to limit the use and disclosure of sensitive personal information. To exercise these rights, you can submit a request through our privacy request form or by contacting us at privacy@adyen.com.— Excerpt from Adyen's Adyen Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages the California Consumer Privacy Act as amended by the California Privacy Rights Act. The California Privacy Protection Agency has enforcement authority, and the State Attorney General retains concurrent enforcement powers. CPRA requires businesses to respond to verified consumer requests within 45 days with a possible 45-day extension. The provision's opt-out for sale or sharing is particularly significant given CPRA's expanded definition of sharing to include cross-context behavioral advertising. GOVERNANCE EXPOSURE: Medium. Adyen's explicit CPRA compliance disclosure is appropriate but creates measurable obligations. The 45-day response window, verification requirements, and the operational infrastructure to honor opt-outs of data sharing for advertising purposes all require active compliance mechanisms. Failure to honor valid CPRA requests exposes Adyen to enforcement action by the CPPA or State AG. JURISDICTION FLAGS: California creates the primary exposure for this provision. Other US states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Texas) have analogous rights that Adyen may need to address, though the policy does not enumerate these separately. The policy's California-specific disclosure does not preclude applicability of other state privacy laws. CONTRACT AND VENDOR IMPLICATIONS: Merchants using Adyen who have California customers should confirm their service provider agreements with Adyen include CPRA-required contractual provisions, including prohibitions on Adyen using merchant customer data for Adyen's own business purposes beyond the contracted service. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the privacy request submission mechanism to confirm it meets CPRA verification requirements without being unnecessarily burdensome. The opt-out of sale or sharing mechanism should be tested to confirm it covers all tracking-based data sharing including cookie-based advertising. Response time tracking for California requests should be documented.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
California's CPRA provides among the strongest US consumer privacy rights, and Adyen's explicit acknowledgment of these rights means California residents have actionable tools to control their data that other US residents may not have under federal law.
If you are a California resident, you can use Adyen's privacy request form or email privacy@adyen.com to exercise rights including data access, deletion, correction, and opting out of data sale or sharing, which are enforceable rights under California law.
ConductAtlas has identified this type of provision across 4 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Adyen.