PayPal Privacy Statement — PayPal

10 Total

8 High severity

2 Medium severity

0 Low severity

Summary

PayPal's privacy policy explains how PayPal collects a very wide range of information about you—including your financial details, location, browsing habits, and even biometric data like face scans—and shares it with many third parties including merchants, advertisers, credit agencies, and law enforcement. Even if you don't have a PayPal account, PayPal may still collect data about you when you use services powered by PayPal. You have rights to access, delete, or opt out of certain uses of your data, depending on where you live.

Technical Summary

PayPal's Privacy Statement governs the collection, use, and disclosure of Personal Information across PayPal's suite of services, including accounts, websites, and affiliated products such as Venmo, Fastlane, Hyperwallet, and Braintree. The document details an exceptionally broad range of data categories collected—including biometric data, precise geolocation, inferred behavioral data, financial records, and Sensitive Personal Information—and discloses sharing with an extensive network of third parties including service providers, credit reporting agencies, debt collectors, law enforcement, financial institutions, partners, and merchants. Key rights provisions address data access, deletion, correction, and opt-out of targeted advertising and data sales, with jurisdiction-specific supplements for California, EU/UK, and other regions. The policy also discloses the use of AI and automated decision-making for fraud prevention, risk management, and personalization, and permits collection from non-account holders. Material compliance obligations arise under GDPR, CCPA/CPRA, and various financial services regulations including AML and KYC requirements.

Institutional Analysis

This policy engages GDPR and UK GDPR (with explicit lawful basis disclosures), CCPA/CPRA (with data sale opt-out and sensitive data provisions), and U.S. financial services regulations including AML, KYC, and Gramm-Leach-Bliley Act obligations. Compliance teams should note the broad scope of automa…

🔒

Compliance intelligence locked

Regulatory exposure, material risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Evidence Provenance

Captured March 6, 2026 18:27 UTC

Document ID CA-D-000045

Version ID CA-V-000037

Source URL https://www.paypal.com/us/legalhub/privacy-full

Wayback Machine View archived versions →

SHA-256 ea79c626973b1df9b94500b48517f42e4715fcd155aaad570ad58be1ff7c8bfd

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Change Timeline

March 6, 2026 — Initial capture

First snapshot archived

ea79c626…

High Severity — 8 provisions

Biometric Data Collection
PayPal may collect biometric data such as face scans, voice identification, and photo identification when you consent during the app experience, for purposes like identity verification, password recovery, and initiating cryptocurrency transfers.

Added March 6, 2026
Non-Account Holder Data Collection and Account Linking
Even if you don't have a PayPal account, PayPal will still collect your personal information when you transact through PayPal-powered services, and may later link that transaction data to a PayPal account if you create one.

Added March 6, 2026
Inferred Data Profiling
PayPal may infer information about you — such as your income, gender, creditworthiness, browsing habits, and shopping preferences — based on your transactions and interactions with PayPal, its partners, and merchants.

Added March 6, 2026
AI and Automated Decision-Making
PayPal uses artificial intelligence and automated systems to make decisions about you, including for fraud detection, risk analysis, and personalization, and also uses your personal data to train its AI models.

Added March 6, 2026
Data Sharing with Credit Reporting and Debt Collection Agencies
PayPal may share your personal and financial information with credit reporting agencies (CRAs) and debt collectors, which can affect your credit score and your ability to get credit in the future.

Added March 6, 2026
Data Sharing with Partners and Merchants for Personalization
PayPal shares your transaction history, profile, and behavioral insights with partner companies and merchants to power personalized product recommendations, targeted ads, and shopping experiences on their platforms.

Added March 6, 2026
Sensitive Personal Information Collection and Use
PayPal collects highly sensitive information including Social Security numbers, government-issued IDs, bank account details, credit card information, biometric data, and precise location, using it for a wide range of purposes including service delivery, fraud prevention, and compliance.

Added March 6, 2026
Law Enforcement and Authority Disclosure
PayPal may share your personal information with courts, governments, law enforcement, and regulators if required by a legal process, or when PayPal believes disclosure is reasonably necessary to prevent harm or comply with law.

Added March 6, 2026

Medium Severity — 2 provisions

Precise Geolocation Tracking
PayPal may collect your precise GPS location while you are logged into financial account services, and uses this data for personalization, security, and location-based advertising.

Added March 6, 2026
Privacy Statement Change Notice (30-Day Notice)
PayPal may update this Privacy Statement at any time, and will provide 30 days' prior notice only when required by applicable law; otherwise changes take effect on the published effective date without advance notice.

Added March 6, 2026