The policy states that data subjects have rights including the right to object to certain uses of their personal data, with specific rights varying by jurisdiction including EU GDPR rights and California CCPA rights.
This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy confirms that consumers have rights to access, correct, delete, and object to processing of their personal data, with the mechanism for exercising those rights provided through Stripe's Privacy Center.
Interpretive note: The specific rights available to each user category and the complete procedures for exercising them are referenced to the Privacy Center rather than fully detailed in the policy text provided, creating some uncertainty about the scope of available remedies.
Adds acknowledgment of opt-out rights and right to object, though excerpt is largely boilerplate with limited specificity.
View full change record →Consumers, particularly EU/EEA users and California residents, have rights to access, correct, delete, or object to processing of their personal data as described in this policy, exercisable through Stripe's Privacy Center at stripe.com/legal/privacy-center.
How other platforms handle this
We may also collect your personal data from other people or companies.
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are a California resident, you have the right to: Know what personal information is being collected about you; Know whether your personal information is sold or disclosed and to whom; Say no to the sale of personal information; Access your personal information; Request deletion of your person...
Monitoring
Stripe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"This Privacy Policy describes the Personal Data that we collect, how we use and share it, and how you can reach us with privacy-related inquiries. The Policy also outlines your rights and choices as a data subject, including the right to object to certain uses of your Personal Data.— Excerpt from Stripe's Stripe Privacy Policy
(1) REGULATORY LANDSCAPE: Consumer rights disclosures engage GDPR Articles 15-22 (access, rectification, erasure, restriction, portability, objection), CCPA and CPRA rights for California residents, and equivalent rights under UK GDPR and other applicable national laws. The Irish DPC, UK ICO, and California Privacy Protection Agency are relevant supervisory authorities. Stripe's designation of a Privacy Center as the rights request mechanism should be assessed for compliance with applicable response timeframe requirements. (2) GOVERNANCE EXPOSURE: Medium. The routing of rights requests through the Privacy Center creates a centralized mechanism, but the controller/processor split means some requests must be routed to Business Users rather than handled directly by Stripe. Legal teams should confirm that Stripe's response procedures meet the 30-day GDPR and 45-day CCPA response timeframes. (3) JURISDICTION FLAGS: EU/EEA and UK users have the most extensive rights under GDPR and UK GDPR. California residents have CCPA and CPRA rights including the right to know, delete, correct, and opt out of data sale or sharing. Other US state privacy laws (Virginia, Colorado, Texas, etc.) may also create rights obligations for Stripe depending on user location. (4) CONTRACT AND VENDOR IMPLICATIONS: Business Users should ensure their contracts with Stripe cover the obligation to relay data subject rights requests from End Customers to Stripe within legally required timeframes. Failure to establish this procedure may result in Business User liability for missed response deadlines. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Stripe's Privacy Center rights request mechanism is accessible, functional, and results in responses within applicable regulatory timeframes. The mechanism for verifying requestor identity (required under CCPA and GDPR) should be assessed for adequacy and non-discrimination.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy confirms that consumers have rights to access, correct, delete, and object to processing of their personal data, with the mechanism for exercising those rights provided through Stripe's Privacy Center.
Consumers, particularly EU/EEA users and California residents, have rights to access, correct, delete, or object to processing of their personal data as described in this policy, exercisable through Stripe's Privacy Center at stripe.com/legal/privacy-center.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.