Stripe shares your business information and transaction data with card networks like Visa and Mastercard, and with other financial partners, for purposes including risk management and regulatory compliance.
This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The terms authorize disclosure of business information and transaction data to third-party card networks and financial partners, and Users' acceptance of the agreement constitutes authorization for this sharing, which means the scope of third-party data access extends beyond Stripe itself.
Interpretive note: The scope of 'financial services partners' and the specific data categories shared are not fully enumerated in this provision; the DPA and supplemental privacy policy provide additional detail that should be reviewed alongside this clause.
This provision authorizes Stripe to share User business information and transaction data with card networks and financial partners as part of operating the payment processing services, which means data flows to third parties that are not directly contracted with the User.
How other platforms handle this
We may share your personal information with: Service providers who perform services on our behalf. Financial partners, such as banks, payment processors, and financial institutions. Professional advisors, such as lawyers, auditors, and insurers. Business partners with whom we jointly offer products ...
We may share your personal information with third parties in the following circumstances: With service providers who perform services on our behalf, such as data analytics, marketing, customer service, and technology services. With financial partners, including banks, brokerage firms, and payment pr...
Sending you information about Adobe products and services, special offers and similar information, and sharing your information with third parties for their own marketing purposes, where your consent is not required; In some cases, in order to show you more relevant ads, we disclose with social medi...
Monitoring
Stripe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share information about you and your transactions with Card Networks and our financial services partners. By accepting this agreement, you authorize Stripe to share your information with these entities for purposes including facilitating your use of the Services, complying with applicable law, and managing risk.— Excerpt from Stripe's Stripe Terms of Service
REGULATORY LANDSCAPE: Data sharing with card networks and financial service partners in the payment processing context engages GDPR and applicable EU data protection law for EU/EEA Users, the CCPA for California-based businesses and their customers, and applicable bank secrecy and financial data sharing requirements under US federal law. The FTC has jurisdiction over commercial data sharing practices and disclosure obligations. The agreement references a separate Data Processing Agreement (DPA) at stripe.com/legal/dpa, which governs data processing obligations in more detail, particularly for GDPR purposes. GOVERNANCE EXPOSURE: Medium. The provision is broadly worded to authorize sharing with card networks and financial services partners for risk management and legal compliance purposes, but does not enumerate the specific data categories shared or the specific third-party recipients. The scope of 'financial services partners' is not defined in this provision. The DPA is the primary instrument for GDPR-specific obligations and should be reviewed alongside this provision. JURISDICTION FLAGS: EU/EEA Users should confirm that data transfers to card networks and financial partners outside the EEA are governed by appropriate safeguards under GDPR Chapter V (such as standard contractual clauses or adequacy decisions). California businesses should assess whether transaction data sharing constitutes a 'sale' or 'sharing' of personal information under the CCPA and whether appropriate disclosures have been made to end consumers. UK GDPR and the UK Data Protection Act impose similar transfer restrictions. CONTRACT AND VENDOR IMPLICATIONS: Businesses that are themselves subject to data protection obligations (such as GDPR controllers) should ensure that the Stripe DPA is executed and that Stripe's data sharing practices with card networks and financial partners are documented in the business's own data processing records. Vendor assessments should include a review of the DPA and any applicable subprocessor lists. COMPLIANCE CONSIDERATIONS: Data protection compliance teams should map Stripe's data sharing practices against their own data protection impact assessments and privacy notices. EU/EEA businesses should confirm that the DPA includes appropriate provisions for onward transfers to card networks and financial partners. Businesses subject to sector-specific data protection requirements (such as financial institutions subject to Gramm-Leach-Bliley Act safeguards rules) should assess whether Stripe's data sharing practices are consistent with those obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The terms authorize disclosure of business information and transaction data to third-party card networks and financial partners, and Users' acceptance of the agreement constitutes authorization for this sharing, which means the scope of third-party data access extends beyond Stripe itself.
This provision authorizes Stripe to share User business information and transaction data with card networks and financial partners as part of operating the payment processing services, which means data flows to third parties that are not directly contracted with the User.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.