Stripe · Stripe Privacy Policy

Data Subject Rights

Medium severity
Share 𝕏 Share in Share

What it is

Depending on where you live, you may have rights to access, correct, delete, or export your personal data held by Stripe, and you can exercise these rights through Stripe's Privacy Center.

Consumer impact (what this means for users)

EU/UK users have stronger and more comprehensive data rights (access, deletion, portability, objection) under GDPR; US users outside California have more limited rights, and in all cases some deletion requests may be refused on legal obligation or fraud prevention grounds.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Go to stripe.com/privacy-center, select the type of data rights request (deletion, access, correction, portability), verify your identity as prompted, and submit your request.
  • Export Your Data
    Visit stripe.com/privacy-center and submit a data portability request, specifying the data categories you wish to export.

How other platforms handle this

Square Medium

If you reside in California, California law gives you the following rights with respect to the personal information that Square has collected about you: The right to know what personal information we collect about you, as well as how it is used and shared; The right to correct inaccurate personal in...

Uniswap Medium

Your rights under the General Data Protection Regulations ("GDPR") include the right to (i) request access and obtain a copy of your personal data, (ii) request rectification or erasure of your personal data, (iii) object to or restrict the processing of your personal data; and (iv) request portabil...

Spotify Medium

If you're under the Age Limit, do not create or use the standard Spotify Service. Instead, we recommend asking a parent or guardian to create a Managed Account for you, where available. If you are above the Age Limit but under the age of majority in your country (a 'Minor'), you may use the Spotify ...

See all platforms with this clause type →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

These rights are legally enforceable under GDPR and CCPA, but the Policy notes they depend on 'applicable law' and 'location,' meaning the scope of rights differs significantly between US and EU users.

View original clause language
Depending on your location and applicable law, you may have certain rights related to your Personal Data, including: the right to access your Personal Data; the right to correct inaccurate data; the right to request deletion of your Personal Data; the right to data portability; the right to object to or restrict certain processing; and the right to withdraw consent. To exercise your rights, please visit our Privacy Center at stripe.com/privacy-center or contact us using the details in the 'Contact Us' section below.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Data subject rights are governed by GDPR Arts. 15–22 (access, rectification, erasure, restriction, portability, objection, automated decision-making) with one-month response deadline under Art. 12; UK GDPR equivalent provisions; CCPA §§1798.100–1798.125 (access, deletion, portability, opt-out); CPRA §1798.106 (correction right). Brazil LGPD Arts. 17–22 provide equivalent rights for Brazilian users.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC enforces CCPA-related consumer rights for US users and has jurisdiction over unfair or deceptive practices in data subject rights handling.
    File a complaint →
  • State AG
    California, Virginia, Colorado, and other state AGs enforce state privacy laws granting consumers data access and deletion rights.
    File a complaint →

Applicable regulations

EU AI Act
European Union
BIPA
Illinois, USA
CCPA/CPRA
California, USA
COPPA
United States Federal
CAN-SPAM
United States Federal
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
HIPAA
United States Federal
TCPA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
Stripe Privacy Policy
Entity
Stripe
Document last updated
March 24, 2026
Tracking information
First tracked
March 15, 2026
Last verified
April 9, 2026
Record ID
CA-P-002344
Document ID
CA-D-00106
Evidence Provenance
Source URL
https://stripe.com/privacy
Wayback Machine
View archived versions →
SHA-256
87ac9fcdb4b3be9c7831662daf59f5425643d84690f687c3e918ab83a226dd37
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Stripe | Document: Stripe Privacy Policy | Record: CA-P-002344
Captured: 2026-03-15 11:47:00 UTC | SHA-256: 87ac9fcdb4b3be9c…
URL: https://conductatlas.com/platform/stripe/stripe-privacy-policy/data-subject-rights/
Accessed: April 28, 2026
Classification
Severity
Medium
Categories
Privacy rights

Other provisions in this document