Stripe · Stripe Privacy Policy

Collection from Third-Party Data Sources

High severity
Share 𝕏 Share in Share

What it is

Stripe purchases or receives your personal data from data brokers, public databases, and social media companies, then combines it with data it already has about you.

Consumer impact (what this means for users)

Stripe's use of data brokers and public databases to enrich user profiles means your personal data is processed well beyond what you directly provided, creating a more comprehensive profile of you than you may realize.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@stripe.com to request deletion of personal data sourced from third parties. Reference your right to erasure and specify that you want third-party sourced data included in the deletion request.

Cross-platform context

See how other platforms handle Collection from Third-Party Data Sources and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Even if you have never created a Stripe account, Stripe may hold a profile on you assembled from third-party data sources, which is then enriched with your transaction behavior.

View original clause language
We collect Personal Data about you from third-party sources, including data brokers, public databases, social media platforms, and other sources. We may combine this information with other Personal Data we collect about you to improve our Services, prevent fraud, and for other purposes described in this Policy.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Art. 14 requires data controllers to provide transparency notices to individuals whose data was obtained from third parties, including data brokers — failure to do so is a material compliance gap. CCPA §1798.100 grants California residents the right to know about all sources of personal information including third-party sources. The FTC Act Section 5 and FTC's 2014 Data Broker Report establish expectations around third-party data acquisition. GDPR Art. 5(1)(b) purpose limitation principles apply to combination of third-party data with first-party data.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has enforcement authority over data broker practices and unfair data collection under FTC Act Section 5.
    File a complaint →

Provision details

Document information
Document
Stripe Privacy Policy
Entity
Stripe
Document last updated
March 24, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003370
Document ID
CA-D-00106
Evidence Provenance
Source URL
https://stripe.com/privacy
Wayback Machine
View archived versions →
SHA-256
44d69cd19e1ca6f2b31785fb53f7c219f512832c75cd8b17d2cae72b6a1516d6
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Stripe | Document: Stripe Privacy Policy | Record: CA-P-003370
Captured: 2026-04-27 12:23:52 UTC | SHA-256: 44d69cd19e1ca6f2…
URL: https://conductatlas.com/platform/stripe/stripe-privacy-policy/collection-from-third-party-data-sources/
Accessed: April 29, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document