Lime collects your credit card and billing information when you pay for rides, but passes the actual card processing to third-party payment companies and says it does not store full card numbers.
This analysis describes what Lime's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
While Lime states it does not store full credit card numbers, billing addresses and payment metadata are retained, and your payment data is processed by third-party processors whose security standards and data practices are governed by separate agreements.
Your payment information including billing address is shared with third-party payment processors to complete ride transactions, and while Lime states it does not store full card numbers, residual payment metadata is retained and subject to Lime's broader data practices.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Lime has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect payment information when you use our Services, including credit card numbers, billing address, and other financial information necessary to process your transactions. Payment information is processed by our third-party payment processors, and we do not store complete credit card numbers on our servers.— Excerpt from Lime's Lime Privacy Policy
REGULATORY LANDSCAPE: Payment data collection engages PCI DSS (Payment Card Industry Data Security Standard) obligations for card data handling, CPRA's treatment of financial information as personal data subject to consumer rights, and potentially state-level financial data protection laws. The CFPB has jurisdiction over payment processing practices where they relate to consumer financial products. Tokenization and non-storage of full card numbers is consistent with PCI DSS requirements. GOVERNANCE EXPOSURE: Low-Medium. The statement that Lime does not store complete credit card numbers is consistent with standard industry PCI DSS compliance and reduces direct financial data breach risk. However, the identity of third-party payment processors is not disclosed, making it difficult to assess the full data security posture for payment processing. Billing address data retained by Lime is subject to CCPA/GDPR deletion and access rights. JURISDICTION FLAGS: US (PCI DSS, state financial data laws, CFPB oversight), EU (GDPR applies to payment metadata), California (CPRA covers financial information). New York's SHIELD Act requires reasonable safeguards for financial data of NY residents. CONTRACT AND VENDOR IMPLICATIONS: Payment processor contracts should include PCI DSS compliance attestations, data breach notification obligations, and restrictions on secondary use of payment data. Audit whether processor contracts meet GDPR Article 28 requirements for EU user payment data. COMPLIANCE CONSIDERATIONS: Confirm PCI DSS attestation of compliance is current, verify payment processor DPAs include GDPR Article 28 requirements for EU users, map which payment metadata fields are retained by Lime versus the processor, and confirm breach notification procedures cover payment processor incidents.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
While Lime states it does not store full credit card numbers, billing addresses and payment metadata are retained, and your payment data is processed by third-party processors whose security standards and data practices are governed by separate agreements.
Your payment information including billing address is shared with third-party payment processors to complete ride transactions, and while Lime states it does not store full card numbers, residual payment metadata is retained and subject to Lime's broader data practices.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Lime.