Stripe · Stripe Service Providers (Sub-Processors) · View original document ↗

Stripe Affiliates as Data Processors

Low severity High confidence Explicitdocumentlanguage Unique · 0 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Stripe recorded 2 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Stripe Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The document includes Stripe corporate affiliates alongside third-party sub-processors, disclosing that intra-group entities may also process personal data in connection with Stripe's services.

This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision establishes that Stripe's intra-group data sharing involves entities that are themselves subject to sub-processor disclosure obligations, which is relevant to merchant compliance with GDPR Article 28 and equivalent frameworks requiring disclosure of all processing entities.

Consumer impact (what this means for users)

The document establishes that personal data processed through Stripe may be accessed by Stripe's own affiliated corporate entities, each listed with the same disclosure format as third-party sub-processors, indicating that intra-group transfers form part of the disclosed processing chain.

Cross-platform context

See how other platforms handle Stripe Affiliates as Data Processors and similar clauses.

Compare across platforms →

Monitoring

Stripe has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Intra-group transfers remain subject to GDPR Chapter V transfer requirements when they cross EEA borders, and Stripe affiliates in non-EEA jurisdictions are subject to the same transfer mechanism requirements as third-party sub-processors. The inclusion of affiliates in the sub-processor list is consistent with GDPR Article 28 practice, which requires disclosure of all entities processing data on behalf of a controller regardless of corporate relationship. GOVERNANCE EXPOSURE: Low to Medium. The inclusion of affiliates is standard practice for GDPR-compliant sub-processor lists. However, merchant organizations should confirm that their DPA with Stripe covers affiliate processing on the same terms as third-party sub-processor processing. JURISDICTION FLAGS: EU and UK organizations must ensure that intra-group transfers to non-EEA Stripe affiliates are covered by appropriate transfer mechanisms. Organizations in countries with localization requirements should separately assess whether transfers to Stripe affiliates outside their jurisdiction are permissible. CONTRACT AND VENDOR IMPLICATIONS: Merchant DPAs should expressly confirm that the sub-processor obligations apply to Stripe affiliates as well as third-party processors. Where Stripe affiliates are located in non-EEA countries, the Data Transfer Addendum should be confirmed as covering those intra-group transfers. COMPLIANCE CONSIDERATIONS: Data mapping documentation should distinguish between third-party sub-processors and Stripe affiliates where that distinction is operationally or regulatorily relevant. Legal teams should confirm that affiliate-specific processing purposes are adequately described to satisfy records of processing requirements.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Provision details

Document information
Document
Stripe Service Providers (Sub-Processors)
Entity
Stripe
Document last updated
July 6, 2026
Tracking information
First tracked
July 6, 2026
Last verified
July 6, 2026
Record ID
CA-P-013427
Document ID
CA-D-00929
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
35932b974ac23587985419f2d0afe53bb7af26b05d44dc33afd495f516ece468
Analysis generated
July 6, 2026 23:04 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Stripe
Document: Stripe Service Providers (Sub-Processors)
Record ID: CA-P-013427
Captured: 2026-07-06 23:04:41 UTC
SHA-256: 35932b974ac23587…
URL: https://conductatlas.com/platform/stripe/stripe-service-providers-sub-processors/stripe-affiliates-as-data-processors/
Accessed: July 7, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Low
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Stripe's Stripe Affiliates as Data Processors clause do?

This provision establishes that Stripe's intra-group data sharing involves entities that are themselves subject to sub-processor disclosure obligations, which is relevant to merchant compliance with GDPR Article 28 and equivalent frameworks requiring disclosure of all processing entities.

How does this clause affect you?

The document establishes that personal data processed through Stripe may be accessed by Stripe's own affiliated corporate entities, each listed with the same disclosure format as third-party sub-processors, indicating that intra-group transfers form part of the disclosed processing chain.

Is ConductAtlas affiliated with Stripe?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.