We use Standard Contractual Clauses approved by the European Commission and the UK Data Transfer Addendum to transfer Personal Data from the EU/EEA and the UK to other countries... Stripe also participates in the EU-US Data Privacy Framework and the UK Extension.
EU and UK users' data is transferred internationally and protected by contractual safeguards, but those safeguards have faced legal challenges and may be subject to US government surveillance laws.
Stripe collects extensive personal data β including device identifiers, IP addresses, browsing behavior, and inferred fraud risk scores β not only from direct Stripe users but also from individuals who simply complete a payment on any merchant site powered by Stripe, without ever creating a Stripe account. This data is shared with a broad ecosystem of Financial Partners, affiliates, and service providers for fraud prevention, compliance, and business improvement purposes, meaning your payment behavior may be profiled and shared across the financial system without your explicit awareness. You can exercise your rights to access, correct, delete, or restrict your data by visiting stripe.com/privacy-center or emailing privacy@stripe.com.