What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This document engages GDPR (EU and UK), CCPA/CPRA (California), and equivalent frameworks in multiple jurisdictions. PayPal identifies the EU Data Protection Board and national supervisory authorities under GDPR, and the California Privacy Protection Agency and California Attorney General under CCPA/CPRA as relevant authorities. The document asserts legitimate interests as a lawful basis for several processing activities under GDPR, including fraud prevention, risk managem…

How does PayPal's PayPal Privacy Statement affect users?

The document authorizes PayPal to collect and process biometric data, derive inferred attributes from transaction patterns, and share personal information with third parties including data brokers and credit reporting agencies. The statement establishes that PayPal applies automated decision-making in fraud prevention, risk analysis, and product delivery, with objection and opt-out mechanisms available through account privacy settings; these mechanisms vary by jurisdiction, with more extensive …

How often is PayPal's PayPal Privacy Statement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when PayPal updates this document?

Yes. Monitor subscribers ($19/month) can add PayPal to their watchlist and receive same-day email alerts whenever this document or any other PayPal document changes.

CA-D-000045

PayPal Privacy Statement

PayPal

Last change detected May 31, 2026 Privacy policy

SHA-256: accef85f3ccd07c4a30… 12 versions captured 12 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at PayPal ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

4 High severity

3 Medium severity

1 Low severity

Summary

This document establishes PayPal's data collection, use, and sharing practices across PayPal accounts, websites, and services including Venmo, Honey, and Fastlane. PayPal collects personal, financial, and biometric data including name, transaction history, precise location, face scans, voice identification, inferred income and creditworthiness assessments, and browsing behavior, and authorizes sharing with advertisers, data brokers, credit reporting agencies, fraud prevention firms, financial institutions, and law enforcement. The statement provides California residents and EU/UK users with specified rights including data deletion requests, opt-outs from certain data sharing, and objection mechanisms for automated decision-making.

Technical / Legal Breakdown

This document is PayPal's global Privacy Statement, governing the collection, use, and disclosure of Personal Information by PayPal, Inc. and its subsidiaries and affiliated companies in connection with PayPal accounts, websites, and services, with jurisdiction-specific provisions applying to residents of the EU, UK, California, and other regions. The statement asserts that PayPal collects personal identifiers, financial records, transaction and experience data, geolocation data, biometric data, inferred data (including gender, income, creditworthiness, and shopping behavior), and sensitive personal information, and authorizes use of this data for service delivery, AI model training, automated decision-making, targeted advertising, fraud prevention, credit assessment, and sharing with service providers, financial institutions, payment networks, data brokers, fraud prevention agencies, credit reporting agencies, authorities, and members of the PayPal corporate group. The statement authorizes the use of personal information to train AI models and discloses automated decision-making that may affect users in connection with risk analysis, fraud prevention, and product and service delivery, with limited opt-out mechanisms described primarily for EU and UK residents; the document also discloses collection of biometric data and precise geolocation data with user consent, and inferred data categories without requiring separate consent beyond account use. The statement engages GDPR (EU and UK), CCPA/CPRA (California), and equivalent frameworks across multiple jurisdictions, with PayPal asserting lawful bases under GDPR including legitimate interests for a range of processing activities; compliance obligations vary materially by jurisdiction, and certain asserted processing activities, including sharing with data brokers and use of inferred sensitive categories, may require evaluation under applicable national implementations of GDPR and CCPA. Material compliance considerations include the scope of data broker sourcing disclosed in the categories of sources section, the breadth of AI and automated decision-making disclosures, and the conditions under which biometric data collection and cross-service data association with Venmo, Honey, and Fastlane profiles are carried out.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

12 important changes detected

12 versions captured · Last updated: May 2026

May 31, 2026

low

What changed PayPal restructured the organization and navigation of its Privacy Statement on May 31, 2026. The document added a comprehensive table of contents listing detailed sections (Non-Account Holders Notice, AI and Automated Decision Making, CCPA rights, UK/EEA disclosures, Mexico ARCO rights, Singapore disclosures) that were either not previously visible or were reorganized for clarity. The core privacy overview statement itself remained substantively unchanged, but users now encounter a more detailed roadmap to jurisdiction-specific rights and data handling practices upfront.

Why this matters The updated Privacy Statement reorganizes its presentation and navigation to make rights and disclosures more accessible. A new table of contents explicitly lists sections covering AI and Automated Decision Making, CCPA privacy rights, UK/EEA data protections, Mexico ARCO rights, and Singapore disclosures. The substantive commitments and obligations described in the overview remain the same, but users can now more easily locate jurisdiction-specific rights and data handling practices.

View full change record →

May 28, 2026

unknown

What changed PayPal updated their PayPal Privacy Statement on May 28, 2026. Change detected: 1 sentence(s) added, 1 sentence(s) modified. Document contained 554 sentences after update.

View full change record →

May 25, 2026 low

PayPal reorganized its Privacy Statement by adding a detailed table of contents on May 25, 2026. The document previously began with an overview paragraph immediately following the header. The updated …

View change record →

May 23, 2026 low

PayPal updated its Privacy Statement on May 23, 2026 to reflect changes in its corporate structure. The previous version listed PayPal (Europe) S.a.r.l. et Cie, S.C.A. as the responsible entity …

View change record →

May 14, 2026 low

PayPal reorganized the table of contents in its Privacy Statement on May 14, 2026. The statement previously listed all policy sections in a top-level menu, including detailed topic headings like …

View change record →

May 12, 2026 low

PayPal removed a single sentence from the footer of their Privacy Statement on May 12, 2026. The removed text was a standard footer containing navigation links, copyright information, and PayPal's …

View change record →

May 11, 2026 low

PayPal updated its Privacy Statement on May 11, 2026 by adding a detailed table of contents to the document. The previous version included only the opening overview section, while the …

View change record →

May 9, 2026 low

PayPal updated its Privacy Statement on May 9, 2026, changing the last-updated date from April 2, 2026 to May 6, 2026, and added footer information including company location, copyright notice, …

View change record →

May 5, 2026 low

PayPal removed the table of contents from the top of its Privacy Statement and restructured the document layout on May 5, 2026. The navigation menu that previously listed all sections …

View change record →

April 21, 2026 low

PayPal's Privacy Statement document structure was reorganized on April 21, 2026. The prior version presented a brief introductory overview; the updated version now leads with a detailed table of contents …

View change record →

April 18, 2026 low

PayPal updated its Privacy Statement on April 18, 2026, making four modifications and removing one sentence. The most substantive changes involve updates to PayPal's Korea contact information, replacing the previous …

View change record →

March 6, 2026 low

PayPal updated contact information for privacy inquiries in South Korea and Nevada in its Privacy Statement on March 6, 2026. The South Korea domestic agent changed from PayPal Korea Services …

View change record →

Recent Provision Changes May 31, 2026

8 provisions unchanged.

View full change record →

High — 4 provisions

Biometric Data Collection Compare →

PayPal may collect your face scan, voice, or photo to verify your identity for a range of account actions, including logging in, changing your profile, managing payments, and initiating cryptocurrency transfers, when you consent within the app.

Added April 3, 2026 Standard Seen across 284 platforms
AI Model Training Using Personal Information Compare →

PayPal states it may use your personal information to train its AI systems and applies automated decision-making to assess fraud risk and manage service delivery, which may affect decisions made about your account.

Added April 28, 2026 Standard Seen across 284 platforms
Inferred Data Collection Compare →

PayPal states it may generate inferred data about you, including your gender, estimated income, creditworthiness, and shopping preferences, derived from your transactions and browsing activity on PayPal and partner sites.

Added April 9, 2026 Standard Seen across 284 platforms
Data Sharing with Data Brokers and Third Parties Compare →

PayPal states it may obtain your personal information from data brokers, credit reporting agencies, financial institutions, government entities, and Partners and Merchants, and may also share your information with these categories of parties.

Added April 5, 2026 Standard Seen across 284 platforms

Medium — 3 provisions

Precise Geolocation Collection Compare →

PayPal may collect your precise GPS location with your consent while you are logged into your account, and states it collects precise geolocation data from users while they are logged into their financial account to enhance security and personalize services.

Added May 12, 2026 Standard Seen across 284 platforms
Cross-Service Data Association (Venmo, Honey, Fastlane) Compare →

PayPal states it may combine data from your use of Venmo, PayPal Honey, and Fastlane with your PayPal account data to personalize content, offers, and service improvements.

Added May 12, 2026 Standard Seen across 284 platforms
Non-Account Holder Data Collection Compare →

PayPal states it collects personal information from individuals who do not have a PayPal account when they use services like Pay without a PayPal Account, Braintree, Fastlane, Visa+, or Hyperwallet, and may later link that data to a PayPal account if one is created.

Added April 10, 2026 Standard Seen across 284 platforms

Low — 1 provision

Privacy Statement Update Notice Compare →

PayPal states it may update this Privacy Statement and will provide 30 days' advance notice by posting the change on its website when required by applicable law, but changes may take effect on the published date without prior notice where the law does not require it.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

PayPal has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI and Automated Decision-Making and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 31, 2026 06:37 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000045

Version ID CA-V-003212

Source URL https://www.paypal.com/us/legalhub/privacy-full

Wayback Machine View external archival references →

SHA-256 accef85f3ccd07c4a305863d07373a626c00ca7269f698263e36869b496b2969

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

PayPal Privacy Statement

May 31, 2026

May 28, 2026

Recent Provision Changes May 31, 2026

Monitor governance changes across the platforms you rely on.