Stripe uses your personal data — including transaction history and device information — in automated fraud detection systems, relying on its 'legitimate interests' as the legal basis rather than your consent.
Your financial and behavioral data may be processed by automated machine learning systems for fraud risk scoring without your consent, and this processing may affect your ability to complete transactions or use financial services if you are flagged.
How other platforms handle this
Yes, for many of our products and services. We may get information about your credit history from credit-reporting agencies and from other third parties, which may affect your credit rating, in connection with your application for a Product or Service, and to review or collect on your account. We ma...
When you interact with our online services, or open emails we send you, we obtain certain information using automated technologies, such as cookies, web server logs, web beacons and other technologies. A "cookie" is a text file that websites send to a visitor's computer or other internet-connected d...
Location information. Precise location only with your permission — for example, for features like Find My or Maps. Some location-related functionality uses Wi-Fi, Bluetooth, and cell tower locations, as well as GPS. Location can also be inferred from other data such as an IP address.
Relying on 'legitimate interests' for automated fraud processing means Stripe does not need your consent and you have a limited right to object, but this basis is subject to a balancing test under GDPR that Stripe must be able to demonstrate it has conducted.
REGULATORY FRAMEWORK: Use of automated processing for fraud detection implicates GDPR Art. 6(1)(f) (legitimate interests), Art. 22 (automated decision-making with legal or similarly significant effects), and Recital 71 (profiling). CCPA §1798.185 and CPRA §1798.100 provide consumers with opt-out rights for certain profiling. EU AI Act (Regulation 2024/1689) may classify high-risk AI systems used in payment fraud detection in a regulated category. FTC Act Section 5 applies to deceptive or unfair automated decision systems.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.