PayPal shares your personal information with a wide range of third parties including merchants, data brokers, credit agencies, and payment networks — and once shared, PayPal's privacy policy no longer governs how those parties use your data.
This analysis describes what PayPal's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the scope of entities that may receive personal information through PayPal's operations and clarifies that PayPal's privacy obligations do not extend to how merchants and partners subsequently manage shared data. The authorization encompasses both transaction-specific recipients and third-party data brokers, creating separate data governance regimes depending on the recipient category.
Your name, address, email, phone number, and transaction details are shared with merchants, data brokers, and payment processors, and once disclosed, those parties govern your data under their own policies — not PayPal's.
How other platforms handle this
Sending you information about Adobe products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes, where your consent is not required; In some cases, in order to show you more relevant ads, we disclose with social medi...
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
PayPal has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may disclose Personal Information with the following categories of service providers... Third parties, including service providers, Partners and Merchants, payment partners, such as payment networks and processors, credit reporting agencies and public and private credit databases ("CRAs"), government entities, data brokers, and financial institutions... Please note that once Personal Information is shared with Partners and Merchants (or their service providers) involved in a transaction, the handling of your Personal Information by the Partners and Merchants (or their service provider) is subject to the Partners' and Merchants' own privacy policies and procedures.— Excerpt from PayPal's PayPal Privacy Statement
REGULATORY FRAMEWORK: CCPA/CPRA §1798.115 requires disclosure of third-party sharing categories and purposes; §1798.120 provides opt-out rights for sale or sharing for cross-context behavioral advertising. GDPR Arts. 13–14 require disclosure of recipients or categories of recipients; Art. 26 governs joint controller arrangements where two parties jointly determine purposes. GLBA 16 C.F.R. Part 313 (Privacy of Consumer Financial Information) requires opt-out rights for non-affiliated third-party sharing. FTC Act Section 5 applies to deceptive disclosures about third-party data sharing scope.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the scope of entities that may receive personal information through PayPal's operations and clarifies that PayPal's privacy obligations do not extend to how merchants and partners subsequently manage shared data. The authorization encompasses both transaction-specific recipients and third-party data brokers, creating separate data governance regimes depending on the recipient category.
Your name, address, email, phone number, and transaction details are shared with merchants, data brokers, and payment processors, and once disclosed, those parties govern your data under their own policies — not PayPal's.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by PayPal.