Depending on where you live, you have rights to see, fix, delete, or export your personal data that Stripe holds, and to complain to a regulator if you think Stripe has mishandled your data.
Consumer impact (what this means for users)
EU, UK, and California residents have legally enforceable rights to access, delete, correct, and port their personal data held by Stripe; US residents in other states may have limited rights, creating an uneven protection landscape depending on where you live.
What you can do
⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
Export Your Data
Visit Stripe's Privacy Center at stripe.com/legal/privacy-center and submit a data portability or access request. Select the appropriate right (access, deletion, correction, or portability) and complete the form; Stripe must respond within 30 days (GDPR) or 45 days (CCPA).
Delete Your Data
Email privacy@stripe.com with a request to delete your personal data. Include your full name, email address associated with your Stripe account (if any), and specify what data you want deleted. Stripe must acknowledge and process the request within statutory deadlines.
Cross-platform context
See how other platforms handle Consumer Data Subject Rights and similar clauses.
These rights allow you to understand what data Stripe holds about you and take action to control it, but the availability of these rights depends on your jurisdiction — US users outside California have fewer guaranteed rights than EU or California users.
View original clause language
Depending on your location and subject to applicable law, you may have the following rights with regard to your Personal Data: the right to request access to your Personal Data; the right to request correction or deletion of your Personal Data; the right to object to or restrict our processing of your Personal Data; the right to data portability; and the right to lodge a complaint with a supervisory authority.
REGULATORY FRAMEWORK: GDPR Arts. 15-22 establish the full suite of data subject rights (access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making); these are enforceable by the Irish DPC and other EU supervisory authorities. UK GDPR mirrors these rights, enforced by the ICO. CCPA §§1798.100-1798.125 and CPRA amendments grant California residents rights to know, delete, correct, and opt out of sale/sharing, enforced by the California AG and CPPA. State privacy laws in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and others provide additional frameworks for US residents.
🔒
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Applicable agencies
FTC
The FTC enforces consumer privacy rights in the US under FTC Act Section 5, particularly relevant for US residents without state-specific privacy laws.