Stripe collects a broad range of personal information including identifiers, financial data, device information, and behavioral data from anyone who interacts with its services, including people who have never signed up for a Stripe account.
This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy's collection scope covers individuals who interact with Stripe only indirectly through merchant checkouts, meaning many consumers may not be aware that Stripe is collecting their device and behavioral data during purchases.
Interpretive note: The full enumeration of data categories collected is referenced to the Privacy Center rather than fully stated in the policy text provided, creating some uncertainty about the complete scope of collection.
The policy authorizes collection of identifiers, payment card and bank account information, transaction history, device identifiers, IP addresses, browsing behavior on Stripe-hosted pages, and inferred data from any individual who uses a Stripe-powered service, including third-party merchant checkouts.
How other platforms handle this
We collect the following information when you register for and use our services: Account information. You can create a Discord account by providing an email address and creating a username and password. When you create an account, we will assign you a unique identifier. If you choose to, you may pro...
We collect information you provide directly to us, such as when you create an account, make a purchase, or contact us for support. This includes: Account information (name, email address, password); Payment information (credit card details, billing address); Profile information (company name, job ti...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Stripe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
""Personal Data" refers to any information associated with an identified or identifiable individual, which can include data that you provide to us, and that we collect about you during your interaction with our Services (such as device information, IP address, etc.).— Excerpt from Stripe's Stripe Privacy Policy
(1) REGULATORY LANDSCAPE: The breadth of data collection engages GDPR's data minimization principle (Article 5(1)(c)), CCPA's disclosure requirements, and applicable financial data protection rules including GLBA for US financial data. The FTC Act's unfair or deceptive practices prohibition also applies to data collection representations. The Irish DPC and CFPB are relevant authorities for financial and consumer data. (2) GOVERNANCE EXPOSURE: Medium. The collection of device identifiers and behavioral data from End Customers who have no direct relationship with Stripe may raise questions about adequacy of notice and consent, particularly under GDPR and CCPA. Inferred data and profiling disclosures also engage GDPR's profiling provisions. (3) JURISDICTION FLAGS: EU/EEA users benefit from GDPR rights including access to inferred data and the right to object to profiling. California residents have CCPA rights to know what categories of personal information are collected. Illinois and other state privacy laws may also apply depending on data categories collected. (4) CONTRACT AND VENDOR IMPLICATIONS: Business Users integrating Stripe into their checkout flows should ensure their privacy notices disclose Stripe's data collection on their pages, as failure to do so may create liability for the Business User under applicable consumer protection and privacy laws. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should review whether Stripe's data collection practices on merchant-hosted or Stripe-hosted checkout pages are accurately reflected in the merchant's own privacy notice, and whether appropriate consent mechanisms are in place for behavioral and inferred data collection in EU/EEA contexts.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy's collection scope covers individuals who interact with Stripe only indirectly through merchant checkouts, meaning many consumers may not be aware that Stripe is collecting their device and behavioral data during purchases.
The policy authorizes collection of identifiers, payment card and bank account information, transaction history, device identifiers, IP addresses, browsing behavior on Stripe-hosted pages, and inferred data from any individual who uses a Stripe-powered service, including third-party merchant checkouts.
ConductAtlas has identified this type of provision across 12 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.