The policy states that data subjects have rights including the right to object to certain uses of their personal data, with specific rights varying by jurisdiction including EU GDPR rights and California CCPA rights.
This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy confirms that consumers have rights to access, correct, delete, and object to processing of their personal data, with the mechanism for exercising those rights provided through Stripe's Privacy Center.
Interpretive note: The specific rights available to each user category and the complete procedures for exercising them are referenced to the Privacy Center rather than fully detailed in the policy text provided, creating some uncertainty about the scope of available remedies.
Consumers, particularly EU/EEA users and California residents, have rights to access, correct, delete, or object to processing of their personal data as described in this policy, exercisable through Stripe's Privacy Center at stripe.com/legal/privacy-center.
How other platforms handle this
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...
California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...
Monitoring
Stripe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"This Privacy Policy describes the Personal Data that we collect, how we use and share it, and how you can reach us with privacy-related inquiries. The Policy also outlines your rights and choices as a data subject, including the right to object to certain uses of your Personal Data.— Excerpt from Stripe's Stripe Privacy Policy
(1) REGULATORY LANDSCAPE: Consumer rights disclosures engage GDPR Articles 15-22 (access, rectification, erasure, restriction, portability, objection), CCPA and CPRA rights for California residents, and equivalent rights under UK GDPR and other applicable national laws. The Irish DPC, UK ICO, and California Privacy Protection Agency are relevant supervisory authorities. Stripe's designation of a Privacy Center as the rights request mechanism should be assessed for compliance with applicable response timeframe requirements. (2) GOVERNANCE EXPOSURE: Medium. The routing of rights requests through the Privacy Center creates a centralized mechanism, but the controller/processor split means some requests must be routed to Business Users rather than handled directly by Stripe. Legal teams should confirm that Stripe's response procedures meet the 30-day GDPR and 45-day CCPA response timeframes. (3) JURISDICTION FLAGS: EU/EEA and UK users have the most extensive rights under GDPR and UK GDPR. California residents have CCPA and CPRA rights including the right to know, delete, correct, and opt out of data sale or sharing. Other US state privacy laws (Virginia, Colorado, Texas, etc.) may also create rights obligations for Stripe depending on user location. (4) CONTRACT AND VENDOR IMPLICATIONS: Business Users should ensure their contracts with Stripe cover the obligation to relay data subject rights requests from End Customers to Stripe within legally required timeframes. Failure to establish this procedure may result in Business User liability for missed response deadlines. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Stripe's Privacy Center rights request mechanism is accessible, functional, and results in responses within applicable regulatory timeframes. The mechanism for verifying requestor identity (required under CCPA and GDPR) should be assessed for adequacy and non-discrimination.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy confirms that consumers have rights to access, correct, delete, and object to processing of their personal data, with the mechanism for exercising those rights provided through Stripe's Privacy Center.
Consumers, particularly EU/EEA users and California residents, have rights to access, correct, delete, or object to processing of their personal data as described in this policy, exercisable through Stripe's Privacy Center at stripe.com/legal/privacy-center.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.