Baseten uses third-party payment processors to handle payment card transactions and states it does not store your payment card information directly; your payment data is governed by the payment processor's own privacy policy.
This analysis describes what Baseten's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that Baseten does not store payment card data directly, which limits Baseten's liability for payment card data breaches, but also means users must review the payment processor's separate privacy policy to understand how their financial data is handled.
Your payment card information is processed by a third-party payment processor, not stored by Baseten directly; the terms governing your payment data are set by the processor's own privacy policy, not this document.
Cross-platform context
See how other platforms handle Payment Data Processing and similar clauses.
Compare across platforms →Monitoring
Baseten has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors). We will not store or collect Your payment card information. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy.— Excerpt from Baseten's Baseten Privacy Policy
(1) REGULATORY LANDSCAPE: Payment card data processing engages PCI DSS standards for card data security, which apply to merchants and their payment processors. The FTC Act applies to representations about data security practices. If the payment processor is a covered entity or business associate under financial privacy regulations, additional obligations may apply. (2) GOVERNANCE EXPOSURE: Low. The policy's statement that Baseten does not store payment card information and delegates this processing to third-party processors is consistent with common industry practice and limits direct PCI DSS scope for Baseten. However, the policy does not name the specific payment processors, which may affect the adequacy of disclosure under CCPA. (3) JURISDICTION FLAGS: California residents may request disclosure of which third-party payment processors receive their personal information under CCPA. EU/EEA users may require identification of payment processors as data processors or controllers under GDPR. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should confirm that data processing agreements are in place with all payment processors and that those processors maintain PCI DSS compliance. The policy's statement that the processor's own privacy policy governs means users have limited visibility into downstream payment data handling without reviewing each processor's policy separately. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the payment processors used are named in the Detailed Information section and that applicable data processing agreements include required security and confidentiality terms.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that Baseten does not store payment card data directly, which limits Baseten's liability for payment card data breaches, but also means users must review the payment processor's separate privacy policy to understand how their financial data is handled.
Your payment card information is processed by a third-party payment processor, not stored by Baseten directly; the terms governing your payment data are set by the processor's own privacy policy, not this document.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Baseten.