CA-D-000045

PayPal Privacy Statement

PayPal
Last change detected April 21, 2026 Privacy policy
🔔 Get change alerts
9 Total
6 High severity
3 Medium severity
0 Low severity
Summary

This is PayPal's privacy policy explaining what personal data they collect about you — including your financial records, transaction history, location, biometric data like face scans, inferred income and creditworthiness, and browsing habits — and how they use and share it. The most important thing to know is that PayPal shares your personal and financial data with a very wide range of parties including merchants, partners, credit bureaus, data brokers, fraud agencies, law enforcement, and other financial institutions, and also uses your transaction data to train its AI models. You can limit some data sharing and targeted advertising by reviewing your privacy settings at paypal.com/us/myaccount/privacy/profiles/search.

Technical Summary

This document is PayPal's global Privacy Statement governing the collection, use, and disclosure of Personal Information for users of PayPal accounts, websites, and services (excluding Venmo, PayPal Honey, and other designated 'Excluded Services'), with legal bases including consent, contractual necessity, legitimate interests, and legal compliance under GDPR, CCPA, and equivalent frameworks. The statement creates significant obligations for PayPal to disclose data to an expansive range of third parties — including service providers, payment networks, credit reporting agencies, fraud prevention agencies, data brokers, Partners and Merchants, and law enforcement — and imposes on users a certification that they have obtained third-party consent before submitting contact information. Notable provisions include PayPal's explicit use of biometric data (face scans, voice identification) with user consent, the use of Personal Information to train AI models, automated decision-making affecting creditworthiness and fraud determinations, and the collection and inferral of sensitive data categories including income, creditworthiness, and purchasing habits from transaction history. The statement engages GDPR (Arts. 6, 9, 13, 22), UK GDPR, CCPA/CPRA (§1798.100 et seq.), COPPA, GLBA, BSA/AML, and KYC regulatory frameworks, and users in California, the EU, and UK have specific enumerated rights. Material compliance considerations include the breadth of data sharing with Partners and Merchants for targeted advertising and personalized recommendations, the use of automated decision-making without clearly disclosed opt-out mechanisms in all jurisdictions, and cross-border data transfers requiring appropriate safeguards under Chapter V of the GDPR.

Evidence Provenance
Captured April 21, 2026 06:03 UTC
Document ID CA-D-000045
Version ID CA-V-000852
Source URL https://www.paypal.com/us/legalhub/privacy-full
Wayback Machine View archived versions →
SHA-256 7b873ec1e80e1ff4c0d1ef7eb270cbe8ff0fa5a3ca71afe47a269024383d91f8
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed
Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo
Change Timeline
View full version history (0 captures) →
Analyzed Changes

2 changes analyzed since monitoring began.

Updated April 21, 2026

low
What changed PayPal updated their PayPal Privacy Statement on April 21, 2026. Change detected: 1 sentence(s) modified. Document contained 553 sentences after update.
Consumer impact PayPal added a table of contents to the top of its Privacy Statement on April 21, 2026, making it easier to navigate to specific sections such as data rights, cookie use, and international transfer disclosures. No underlying privacy terms, data collection practices, or consumer rights appear to have been altered by this change. This is a presentational update with no direct impact on how your data is used.
Why it matters While this change has no material impact on privacy rights or data practices, the added table of contents makes it easier for users to locate sections about their data rights, AI use, and regional disclosures. Compliance teams should verify no substantive changes were made elsewhere in the document.

Updated April 18, 2026

low
What changed PayPal updated their PayPal Privacy Statement on April 18, 2026. Change detected: 1 sentence(s) removed, 4 sentence(s) modified. Document contained 553 sentences after update.
Consumer impact PayPal replaced its Korean domestic agent contact from General Agent Co., Ltd. (represented by Eun-Mi Kim) to PayPal Korea Services LLC (represented by Mun Yat Wong), with a new address and contact details in Seoul. This change affects how South Korean users can contact PayPal's designated local privacy representative. The Nevada Attorney General contact email was also corrected to Aginfo@ag.nv.gov. If you are a South Korean PayPal user with privacy concerns, you can now contact PayPal Korea Services LLC at (+82) 02 737 5775 or skrprivacy@paypal.com.
Why it matters South Korean PayPal users now have a different local representative to contact for privacy concerns under Korean law, so previously saved contact details are no longer accurate. All other users are minimally affected by this update.

Recent Clause-Level Changes Apr 21, 2026

Modified (1)
Cross-Service Data Association (Fastlane, Venmo, Honey)

Severity escalated from high to high in current version, indicating increased concern about cross-service data linking practices.

9 provisions unchanged.

View full change record →
High Severity — 6 provisions
Medium Severity — 3 provisions

Cross-platform context

See how other platforms handle AI and Automated Decision-Making and similar clauses.

Compare across platforms →

Applicable Regulations

CCPA/CPRA
California, USA
CFAA
United States Federal
CAN-SPAM
United States Federal
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
TCPA
United States Federal
UK GDPR
United Kingdom