What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This document engages GDPR (EU and UK), CCPA/CPRA (California), and equivalent frameworks in multiple jurisdictions. PayPal identifies the EU Data Protection Board and national supervisory authorities under GDPR, and the California Privacy Protection Agency and California Attorney General under CCPA/CPRA as relevant authorities. The document asserts legitimate interests as a lawful basis for several processing activities under GDPR, including fraud prevention, risk managem…

How does PayPal's PayPal Privacy Statement affect users?

The document authorizes PayPal to collect and process biometric data, derive inferred attributes from transaction patterns, and share personal information with third parties including data brokers and credit reporting agencies. The statement establishes that PayPal applies automated decision-making in fraud prevention, risk analysis, and product delivery, with objection and opt-out mechanisms available through account privacy settings; these mechanisms vary by jurisdiction, with more extensive …

How often is PayPal's PayPal Privacy Statement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when PayPal updates this document?

Yes. Watcher subscribers ($9.99/month) can add PayPal to their watchlist and receive same-day email alerts whenever this document or any other PayPal document changes.

CA-D-000045

PayPal Privacy Statement

PayPal

Last change detected May 14, 2026 Privacy policy

SHA-256: beab4107fed8ebdde6a… 8 versions captured 8 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at PayPal ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

4 High severity

3 Medium severity

1 Low severity

Summary

This document establishes PayPal's data collection, use, and sharing practices across PayPal accounts, websites, and services including Venmo, Honey, and Fastlane. PayPal collects personal, financial, and biometric data including name, transaction history, precise location, face scans, voice identification, inferred income and creditworthiness assessments, and browsing behavior, and authorizes sharing with advertisers, data brokers, credit reporting agencies, fraud prevention firms, financial institutions, and law enforcement. The statement provides California residents and EU/UK users with specified rights including data deletion requests, opt-outs from certain data sharing, and objection mechanisms for automated decision-making.

Technical / Legal Breakdown

This document is PayPal's global Privacy Statement, governing the collection, use, and disclosure of Personal Information by PayPal, Inc. and its subsidiaries and affiliated companies in connection with PayPal accounts, websites, and services, with jurisdiction-specific provisions applying to residents of the EU, UK, California, and other regions. The statement asserts that PayPal collects personal identifiers, financial records, transaction and experience data, geolocation data, biometric data, inferred data (including gender, income, creditworthiness, and shopping behavior), and sensitive personal information, and authorizes use of this data for service delivery, AI model training, automated decision-making, targeted advertising, fraud prevention, credit assessment, and sharing with service providers, financial institutions, payment networks, data brokers, fraud prevention agencies, credit reporting agencies, authorities, and members of the PayPal corporate group. The statement authorizes the use of personal information to train AI models and discloses automated decision-making that may affect users in connection with risk analysis, fraud prevention, and product and service delivery, with limited opt-out mechanisms described primarily for EU and UK residents; the document also discloses collection of biometric data and precise geolocation data with user consent, and inferred data categories without requiring separate consent beyond account use. The statement engages GDPR (EU and UK), CCPA/CPRA (California), and equivalent frameworks across multiple jurisdictions, with PayPal asserting lawful bases under GDPR including legitimate interests for a range of processing activities; compliance obligations vary materially by jurisdiction, and certain asserted processing activities, including sharing with data brokers and use of inferred sensitive categories, may require evaluation under applicable national implementations of GDPR and CCPA. Material compliance considerations include the scope of data broker sourcing disclosed in the categories of sources section, the breadth of AI and automated decision-making disclosures, and the conditions under which biometric data collection and cross-service data association with Venmo, Honey, and Fastlane profiles are carried out.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

8 important changes detected

8 versions captured · Last updated: May 2026

May 14, 2026

low

What changed PayPal reorganized the table of contents in its Privacy Statement on May 14, 2026. The statement previously listed all policy sections in a top-level menu, including detailed topic headings like 'Non-Account Holders Notice at Collection', 'Categories of Personal Information We Collect', and regional disclosures. The updated version consolidates the menu to show only 'Menu', 'Back To Home Page', and 'Download Printable PDF', moving detailed section headings below the opening overview. The substantive privacy policy text itself remains unchanged; this is a formatting and navigation restructuring of how users access the policy sections.

Why this matters The substance of PayPal's privacy practices and disclosures remains unchanged. However, the updated formatting moves detailed section headings from a top-level menu into a secondary position, requiring users to navigate past the overview statement before accessing specific topics like 'Categories of Personal Information We Collect' or regional data rights sections. The policy's legal commitments, data handling practices, and consumer rights are preserved unchanged.

View full change record →

May 12, 2026

low

What changed PayPal removed a single sentence from the footer of their Privacy Statement on May 12, 2026. The removed text was a standard footer containing navigation links, copyright information, and PayPal's registered address in San Jose, California. This is a formatting or structural change with no material impact on the substantive privacy terms or user obligations.

Why this matters This change is a formatting update with no material impact on PayPal's privacy practices or user rights. The removed text was footer content including navigation links and the company's registered address. The substantive privacy terms, data collection practices, and user protections remain unchanged.

View full change record →

May 11, 2026 low

PayPal updated its Privacy Statement on May 11, 2026 by adding a detailed table of contents to the document. The previous version included only the opening overview section, while the …

View change record →

May 9, 2026 low

PayPal updated its Privacy Statement on May 9, 2026, changing the last-updated date from April 2, 2026 to May 6, 2026, and added footer information including company location, copyright notice, …

View change record →

May 5, 2026 low

PayPal removed the table of contents from the top of its Privacy Statement and restructured the document layout on May 5, 2026. The navigation menu that previously listed all sections …

View change record →

April 21, 2026 low

PayPal's Privacy Statement document structure was reorganized on April 21, 2026. The prior version presented a brief introductory overview; the updated version now leads with a detailed table of contents …

View change record →

April 18, 2026 low

PayPal updated its Privacy Statement on April 18, 2026, making four modifications and removing one sentence. The most substantive changes involve updates to PayPal's Korea contact information, replacing the previous …

View change record →

March 6, 2026 low

PayPal updated contact information for privacy inquiries in South Korea and Nevada in its Privacy Statement on March 6, 2026. The South Korea domestic agent changed from PayPal Korea Services …

View change record →

High — 4 provisions

Biometric Data Collection Compare →

PayPal may collect your face scan, voice, or photo to verify your identity for a range of account actions, including logging in, changing your profile, managing payments, and initiating cryptocurrency transfers, when you consent within the app.

Added April 3, 2026 Standard Seen across 251 platforms
AI Model Training Using Personal Information Compare →

PayPal states it may use your personal information to train its AI systems and applies automated decision-making to assess fraud risk and manage service delivery, which may affect decisions made about your account.

Added April 28, 2026 Common Seen across 104 platforms
Inferred Data Collection Compare →

PayPal states it may generate inferred data about you, including your gender, estimated income, creditworthiness, and shopping preferences, derived from your transactions and browsing activity on PayPal and partner sites.

Added April 9, 2026 Standard Seen across 251 platforms
Data Sharing with Data Brokers and Third Parties Compare →

PayPal states it may obtain your personal information from data brokers, credit reporting agencies, financial institutions, government entities, and Partners and Merchants, and may also share your information with these categories of parties.

Added April 5, 2026 Standard Seen across 246 platforms

Medium — 3 provisions

Precise Geolocation Collection Compare →

PayPal may collect your precise GPS location with your consent while you are logged into your account, and states it collects precise geolocation data from users while they are logged into their financial account to enhance security and personalize services.

Added May 12, 2026 Standard Seen across 251 platforms
Cross-Service Data Association (Venmo, Honey, Fastlane)

PayPal states it may combine data from your use of Venmo, PayPal Honey, and Fastlane with your PayPal account data to personalize content, offers, and service improvements.

Added May 12, 2026 Rare
Non-Account Holder Data Collection Compare →

PayPal states it collects personal information from individuals who do not have a PayPal account when they use services like Pay without a PayPal Account, Braintree, Fastlane, Visa+, or Hyperwallet, and may later link that data to a PayPal account if one is created.

Added April 10, 2026 Standard Seen across 251 platforms

Low — 1 provision

Privacy Statement Update Notice Compare →

PayPal states it may update this Privacy Statement and will provide 30 days' advance notice by posting the change on its website when required by applicable law, but changes may take effect on the published date without prior notice where the law does not require it.

Added May 10, 2026 Standard Seen across 262 platforms

Monitoring

PayPal has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle AI and Automated Decision-Making and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 14, 2026 04:11 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000045

Version ID CA-V-002600

Source URL https://www.paypal.com/us/legalhub/privacy-full

Wayback Machine View external archival references →

SHA-256 beab4107fed8ebdde6a20dd0e2a4ee3f2d17f66e0031f79b0d0d4dece54980a7

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

PayPal Privacy Statement

May 14, 2026

May 12, 2026

Monitor governance changes across the platforms you rely on.