PayPal states it collects personal information from individuals who do not have a PayPal account when they use services like Pay without a PayPal Account, Braintree, Fastlane, Visa+, or Hyperwallet, and may later link that data to a PayPal account if one is created.
This analysis describes what PayPal's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision discloses that data collection and the associated Privacy Statement obligations apply even to individuals who have not affirmatively created a PayPal account, and that historical transaction data collected before account creation may be linked to a new account retroactively.
Under this provision, personal information collected when you pay without a PayPal account, including through Braintree-powered merchant checkouts, may be retained and later linked to a PayPal account you create; individuals who use PayPal-powered checkout on merchant sites without creating an account may not be aware that this statement governs their data.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
PayPal has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our Services may be accessed by individuals without a PayPal account or profile. We will collect Personal Information from you even if you are a non-account holder when you use our Services, such as when you use our Pay without a PayPal Account, use Unbranded Payment Services (e.g., Braintree), use a Fastlane profile, or when you receive a payment through the Visa+ service from a PayPal account holder or a payment from a payor using the Hyperwallet services. If you Pay without a PayPal account, we may link your transaction information with your PayPal account if you create a PayPal account later.— Excerpt from PayPal's PayPal Privacy Statement
REGULATORY LANDSCAPE: This provision engages CCPA/CPRA, which applies to personal information collected from California residents regardless of whether they have a formal account relationship with the business. GDPR similarly applies to the processing of EU/EEA residents' personal information regardless of account status. The retroactive linking of pre-account transaction data to a new account may require evaluation under GDPR's purpose limitation principle and CCPA's notice-at-collection requirements, as the original notice provided at the time of collection may not have disclosed the possibility of future account linkage. The FTC and CFPB are relevant enforcement authorities for non-account data collection in payment services contexts. GOVERNANCE EXPOSURE: Medium. The Braintree unbranded payment services disclosure is particularly significant because consumers making purchases on third-party merchant sites may not realize PayPal is processing their data in the background, creating a notice and transparency gap that regulators have addressed in related contexts. JURISDICTION FLAGS: California (CCPA notice-at-collection for non-account holders), EU/EEA and UK (GDPR Article 14 indirect collection notice obligations), and any jurisdiction where Visa+ or Hyperwallet services operate create heightened exposure for non-account data collection practices. CONTRACT AND VENDOR IMPLICATIONS: Merchant agreements for Braintree and other unbranded payment services should specify PayPal's data collection practices and require that merchants provide appropriate notice to consumers at the point of checkout. If merchants fail to provide adequate notice, the data processing chain may have compliance gaps under GDPR and CCPA. COMPLIANCE CONSIDERATIONS: Compliance teams should (1) review whether adequate notice is provided to non-account holders at the point of data collection through Braintree and other unbranded services; (2) assess whether retroactive account linkage of pre-account transaction data satisfies GDPR purpose limitation requirements; (3) verify that merchant agreements for unbranded services include consumer notice obligations; and (4) map non-account holder data flows across Braintree, Fastlane, Visa+, and Hyperwallet to confirm CCPA and GDPR compliance.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision discloses that data collection and the associated Privacy Statement obligations apply even to individuals who have not affirmatively created a PayPal account, and that historical transaction data collected before account creation may be linked to a new account retroactively.
Under this provision, personal information collected when you pay without a PayPal account, including through Braintree-powered merchant checkouts, may be retained and later linked to a PayPal account you create; individuals who use PayPal-powered checkout on merchant sites without creating an account may not be aware that this statement governs their data.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by PayPal.