What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://stripe.com/privacy-center', 'difficulty': 'MODERATE', 'action_type': 'EXPORT_DATA', 'instructions': 'Visit stripe.com/privacy-center, locate the data access or portability request form, and submit your request with identity verification.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'CFPB', 'reason': 'Stripe collects financial account and payment card data, falling within CFPB jurisdiction over financial data privacy and consumer financial protection.', 'complaint_url': 'https://www.consumerfinance.gov/complaint/'}, {'agency': 'FTC', 'reason': 'Broad behavioral and financial data collection by a payment processor implicates FTC Act Section 5 unfair or deceptive practices standards.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Personal Data Collection Scope clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Personal Data Collection Scope clauses across approximately 14 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Personal Data Collection Scope — Stripe

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Stripe Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Stripe collects a wide range of personal information including your name, payment card details, bank account numbers, and device/browsing data when you use any of its services.

ⓘ

This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause establishes the scope of data collection activities authorized under the agreement, defining what information Stripe may process to operate payment processing services and maintain account records.

Clause Stability Stable

Changes

Months Monitored

Apr 9, 2026

First Seen

Apr 10, 2026

Last Seen

This clause type exists across 967 other provisions on other platforms.

Consumer impact (what this means for users)

Every time you pay through Stripe, your payment card or bank account details, transaction history, device identifiers, and browsing behavior are collected and retained, creating a comprehensive financial and behavioral profile.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Visit stripe.com/privacy-center, locate the data access or portability request form, and submit your request with identity verification.

How other platforms handle this

Paramount+ Medium

"By clicking 'Next', you are indicating that you have read and agree to the TERMS OF USE AND PRIVACY POLICY"

OpenAI Medium

We automatically collect certain information from your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Service, we collect information about the individual web pages or products th...

Microsoft Azure Medium

Location data. Data about your device's location, which can be either precise or imprecise. For example, we collect location data using Global Navigation Satellite System (GNSS) (e.g., GPS) and data about nearby cell towers and Wi-Fi hotspots. Location can also be inferred from a device's IP address...

See all platforms with this clause type →

Monitoring

Stripe has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Personal Data that we collect about you includes: Identification information, such as your name, email address, physical address, telephone number, and other similar identifiers. Financial and transaction information, such as your credit or debit card number, bank account information, payment details, and transaction history. Device, network, and technical information, such as your IP address, device identifier, browser type, and browsing activity when using our Services.

— Excerpt from Stripe's Stripe Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY FRAMEWORK: Collection of payment card and bank account data implicates GLBA 15 U.S.C. §6801 (financial privacy), PCI DSS for card data security, GDPR Art. 6 (lawful basis) and Art. 9 where financial data may constitute sensitive data in certain jurisdictions, and CCPA §1798.140 definitions of sensitive personal information including financial account numbers. Enforcement authorities include CFPB, FTC, Irish DPC, and state AGs.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

CFPB

Stripe collects financial account and payment card data, falling within CFPB jurisdiction over financial data privacy and consumer financial protection.
File a complaint →
FTC

Broad behavioral and financial data collection by a payment processor implicates FTC Act Section 5 unfair or deceptive practices standards.
File a complaint →

Applicable regulations

CCPA/CPRA

California, USA

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

ePrivacy Directive

European Union

FCRA

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

GLBA

United States Federal

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

UK GDPR

United Kingdom

Universal Opt-Out Mechanism Expansion 2026

Provision details

Document information

Document

Stripe Privacy Policy

Entity

Stripe

Document last updated

May 5, 2026

Tracking information

First tracked

March 15, 2026

Last verified

April 9, 2026

Record ID

CA-P-002340

Document ID

CA-D-00106

Evidence Provenance

Source URL

https://stripe.com/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

87ac9fcdb4b3be9c7831662daf59f5425643d84690f687c3e918ab83a226dd37

Analysis generated

March 15, 2026 11:47 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Stripe
Document: Stripe Privacy Policy
Record ID: CA-P-002340
Captured: 2026-03-15 11:47:00 UTC
SHA-256: 87ac9fcdb4b3be9c…
URL: https://conductatlas.com/platform/stripe/stripe-privacy-policy/personal-data-collection-scope/
Accessed: June 17, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Data Sharing with Financial Partners medium
End Customer Rights Routed Through Merchants medium
Fraud Prevention and Legitimate Interests Basis high
Cross-Border Data Transfers medium
Data Subject Rights medium
Device and Behavioral Data Collection via Cookies and Tracking medium

Related Analysis

Netflix Updated Terms Authorize Voice Data Collection: April 2026
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
What Google Actually Knows About You
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Stripe's Personal Data Collection Scope clause do?

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 14 platforms. See the full comparison.

Is ConductAtlas affiliated with Stripe?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.