Depending on the activity, Stripe assumes the role of a 'data controller' and/or 'data processor' (or 'service provider'). For more details about our privacy practices, including our role, the specific Stripe entity responsible under this Policy, and our legal bases for processing your Personal Data, please visit our Privacy Center.
When Stripe acts as a processor, your privacy rights are primarily directed at the merchant, not Stripe — which can make it harder for consumers to know who is responsible for their data and where to direct complaints.
Stripe collects extensive personal data — including device identifiers, IP addresses, browsing behavior, and inferred fraud risk scores — not only from direct Stripe users but also from individuals who simply complete a payment on any merchant site powered by Stripe, without ever creating a Stripe account. This data is shared with a broad ecosystem of Financial Partners, affiliates, and service providers for fraud prevention, compliance, and business improvement purposes, meaning your payment behavior may be profiled and shared across the financial system without your explicit awareness. You can exercise your rights to access, correct, delete, or restrict your data by visiting stripe.com/privacy-center or emailing privacy@stripe.com.