When you pay for a Medium subscription or other purchase, Medium collects your card number and billing details and passes this through a third-party payment processor.
This analysis describes what Medium's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your financial data is involved in this transaction, and understanding that it flows through a third-party processor helps you assess the security and privacy risks associated with paying on the platform.
Your credit or debit card number and billing address are collected at the time of payment and processed by a third-party payment company, meaning your financial data is subject to both Medium's and the payment processor's privacy and security practices.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Medium has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you make a payment on Medium, we collect your payment information, including your credit or debit card number, billing address, and other information necessary to process your payment. We use third-party payment processors to handle payment transactions on our behalf.— Excerpt from Medium's Medium Privacy Policy
REGULATORY LANDSCAPE: Payment data collection and processing implicates PCI DSS compliance standards for card data security, as well as applicable state consumer protection laws regarding financial data. The FTC has authority over deceptive or unfair practices related to payment data handling. Where European users make payments, GDPR applies to the processing of payment data as personal data. GOVERNANCE EXPOSURE: Low to Medium. Use of a third-party payment processor is standard industry practice and typically reduces PCI DSS scope for the primary merchant. However, the policy does not name the payment processor, which limits users' ability to assess the security posture of the entity handling their card data. JURISDICTION FLAGS: EU/EEA users making payments are protected by GDPR's requirements for lawful processing of financial data. California residents have CCPA rights that extend to financial information. States with specific financial data protection statutes (e.g., New York SHIELD Act) may create additional obligations. CONTRACT AND VENDOR IMPLICATIONS: Medium's contract with its payment processor should include appropriate data security requirements and liability provisions. Enterprise procurement teams engaging with Medium on a paid basis should confirm that payment data flows do not create additional contractual obligations or audit requirements under their own vendor management frameworks. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm Medium's PCI DSS compliance level and whether the payment processor relationship is governed by a current service agreement with appropriate security standards. Users with concerns about payment data security should review the named payment processor's own privacy policy and security certifications.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your financial data is involved in this transaction, and understanding that it flows through a third-party processor helps you assess the security and privacy risks associated with paying on the platform.
Your credit or debit card number and billing address are collected at the time of payment and processed by a third-party payment company, meaning your financial data is subject to both Medium's and the payment processor's privacy and security practices.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Medium.