What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://stripe.com/privacy-center', 'difficulty': 'MODERATE', 'action_type': 'EXPORT_DATA', 'instructions': 'Visit stripe.com/privacy-center, locate the data access or portability request form, and submit your request with identity verification.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'CFPB', 'reason': 'Stripe collects financial account and payment card data, falling within CFPB jurisdiction over financial data privacy and consumer financial protection.', 'complaint_url': 'https://www.consumerfinance.gov/complaint/'}, {'agency': 'FTC', 'reason': 'Broad behavioral and financial data collection by a payment processor implicates FTC Act Section 5 unfair or deceptive practices standards.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Personal Data Collection Scope clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Personal Data Collection Scope clauses across approximately 2 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Personal Data Collection Scope — Stripe

Share 𝕏 Share in Share

What it is

Stripe collects a wide range of personal information including your name, payment card details, bank account numbers, and device/browsing data when you use any of its services.

Consumer impact (what this means for users)

Every time you pay through Stripe, your payment card or bank account details, transaction history, device identifiers, and browsing behavior are collected and retained, creating a comprehensive financial and behavioral profile.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Visit stripe.com/privacy-center, locate the data access or portability request form, and submit your request with identity verification.

How other platforms handle this

Uber Medium

Uber collects financial information including bank account details or payment information provided by drivers and delivery people. Uber shares earnings and payment data with financial institutions, payment processors, and tax authorities as required by law, including for the purposes of tax reportin...

Waze Medium

The Service is intended for use by users who are of the legal age required to hold a driving license. In any case, to use our Service you must be 16 years of age or older. If you are under 16, you may not download or use the Service.

Lyft Medium

We collect the payment information you provide us, including your bank routing numbers and tax information.

See all platforms with this clause type →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The breadth of data collected — combining financial identifiers, device fingerprints, and behavioral data — creates a detailed profile of individuals that extends well beyond what most consumers would expect from a payment processor.

View original clause language

Personal Data that we collect about you includes: Identification information, such as your name, email address, physical address, telephone number, and other similar identifiers. Financial and transaction information, such as your credit or debit card number, bank account information, payment details, and transaction history. Device, network, and technical information, such as your IP address, device identifier, browser type, and browsing activity when using our Services.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Collection of payment card and bank account data implicates GLBA 15 U.S.C. §6801 (financial privacy), PCI DSS for card data security, GDPR Art. 6 (lawful basis) and Art. 9 where financial data may constitute sensitive data in certain jurisdictions, and CCPA §1798.140 definitions of sensitive personal information including financial account numbers. Enforcement authorities include CFPB, FTC, Irish DPC, and state AGs.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

CFPB

Stripe collects financial account and payment card data, falling within CFPB jurisdiction over financial data privacy and consumer financial protection.
File a complaint →
FTC

Broad behavioral and financial data collection by a payment processor implicates FTC Act Section 5 unfair or deceptive practices standards.
File a complaint →

Applicable regulations

United States Federal

CAN-SPAM

United States Federal

DMA

European Union

FCRA

United States Federal

GDPR

European Union

GLBA

United States Federal

HIPAA

United States Federal

TCPA

United States Federal

UK GDPR

United Kingdom

Provision details

Document information

Document

Stripe Privacy Policy

Entity

Stripe

Document last updated

March 24, 2026

Tracking information

First tracked

March 15, 2026

Last verified

April 9, 2026

Record ID

CA-P-002340

Document ID

CA-D-00106

Evidence Provenance

Source URL

https://stripe.com/privacy

Wayback Machine

View archived versions →

SHA-256

87ac9fcdb4b3be9c7831662daf59f5425643d84690f687c3e918ab83a226dd37

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Stripe | Document: Stripe Privacy Policy | Record: CA-P-002340
Captured: 2026-03-15 11:47:00 UTC | SHA-256: 87ac9fcdb4b3be9c…
URL: https://conductatlas.com/platform/stripe/stripe-privacy-policy/personal-data-collection-scope/
Accessed: April 28, 2026

Classification

Severity

Medium

Personal Data Collection Scope

What it is

Consumer impact (what this means for users)

What you can do

Why it matters (compliance & risk perspective)

Institutional analysis (Compliance & legal intelligence)

Applicable agencies

Applicable regulations

Provision details

Other provisions in this document

Related Analysis