Stripe purchases or receives your personal data from data brokers, public databases, and social media companies, then combines it with data it already has about you.
This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause establishes the scope of data collection beyond direct user interactions, allowing the entity to augment its own data holdings with external data sources. This operational authority affects the volume and diversity of personal information maintained in Stripe's systems and the purposes for which such combined data may be processed.
Removal of explicit disclosure regarding third-party data broker sourcing and combination with first-party data, reducing transparency about data collection methods.
View full change record →Stripe's use of data brokers and public databases to enrich user profiles means your personal data is processed well beyond what you directly provided, creating a more comprehensive profile of you than you may realize.
Cross-platform context
See how other platforms handle Collection from Third-Party Data Sources and similar clauses.
Compare across platforms →Monitoring
Stripe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect Personal Data about you from third-party sources, including data brokers, public databases, social media platforms, and other sources. We may combine this information with other Personal Data we collect about you to improve our Services, prevent fraud, and for other purposes described in this Policy.— Excerpt from Stripe's Stripe Privacy Policy
REGULATORY FRAMEWORK: GDPR Art. 14 requires data controllers to provide transparency notices to individuals whose data was obtained from third parties, including data brokers — failure to do so is a material compliance gap. CCPA §1798.100 grants California residents the right to know about all sources of personal information including third-party sources. The FTC Act Section 5 and FTC's 2014 Data Broker Report establish expectations around third-party data acquisition. GDPR Art. 5(1)(b) purpose limitation principles apply to combination of third-party data with first-party data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause establishes the scope of data collection beyond direct user interactions, allowing the entity to augment its own data holdings with external data sources. This operational authority affects the volume and diversity of personal information maintained in Stripe's systems and the purposes for which such combined data may be processed.
Stripe's use of data brokers and public databases to enrich user profiles means your personal data is processed well beyond what you directly provided, creating a more comprehensive profile of you than you may realize.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.