Stripe shares your business information and transaction data with card networks like Visa and Mastercard, and with other financial partners, for purposes including risk management and regulatory compliance.
This analysis describes what Stripe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The terms authorize disclosure of business information and transaction data to third-party card networks and financial partners, and Users' acceptance of the agreement constitutes authorization for this sharing, which means the scope of third-party data access extends beyond Stripe itself.
Interpretive note: The scope of 'financial services partners' and the specific data categories shared are not fully enumerated in this provision; the DPA and supplemental privacy policy provide additional detail that should be reviewed alongside this clause.
This provision authorizes Stripe to share User business information and transaction data with card networks and financial partners as part of operating the payment processing services, which means data flows to third parties that are not directly contracted with the User.
How other platforms handle this
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
In order to provide you with services, Valve needs to share some data with the publisher or developer of the game (for example to verify your ownership of the game and register your Steam ID with the publisher), or with other third parties that Valve works with to provide services to you. Valve will...
Zoom may share personal data with third-party advertising partners and analytics providers to deliver targeted advertising and measure the effectiveness of advertising campaigns. This may include sharing identifiers, device information, and behavioral data with partners such as advertising networks.
Monitoring
Stripe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share information about you and your transactions with Card Networks and our financial services partners. By accepting this agreement, you authorize Stripe to share your information with these entities for purposes including facilitating your use of the Services, complying with applicable law, and managing risk.— Excerpt from Stripe's Stripe Terms of Service
REGULATORY LANDSCAPE: Data sharing with card networks and financial service partners in the payment processing context engages GDPR and applicable EU data protection law for EU/EEA Users, the CCPA for California-based businesses and their customers, and applicable bank secrecy and financial data sharing requirements under US federal law. The FTC has jurisdiction over commercial data sharing practices and disclosure obligations. The agreement references a separate Data Processing Agreement (DPA) at stripe.com/legal/dpa, which governs data processing obligations in more detail, particularly for GDPR purposes. GOVERNANCE EXPOSURE: Medium. The provision is broadly worded to authorize sharing with card networks and financial services partners for risk management and legal compliance purposes, but does not enumerate the specific data categories shared or the specific third-party recipients. The scope of 'financial services partners' is not defined in this provision. The DPA is the primary instrument for GDPR-specific obligations and should be reviewed alongside this provision. JURISDICTION FLAGS: EU/EEA Users should confirm that data transfers to card networks and financial partners outside the EEA are governed by appropriate safeguards under GDPR Chapter V (such as standard contractual clauses or adequacy decisions). California businesses should assess whether transaction data sharing constitutes a 'sale' or 'sharing' of personal information under the CCPA and whether appropriate disclosures have been made to end consumers. UK GDPR and the UK Data Protection Act impose similar transfer restrictions. CONTRACT AND VENDOR IMPLICATIONS: Businesses that are themselves subject to data protection obligations (such as GDPR controllers) should ensure that the Stripe DPA is executed and that Stripe's data sharing practices with card networks and financial partners are documented in the business's own data processing records. Vendor assessments should include a review of the DPA and any applicable subprocessor lists. COMPLIANCE CONSIDERATIONS: Data protection compliance teams should map Stripe's data sharing practices against their own data protection impact assessments and privacy notices. EU/EEA businesses should confirm that the DPA includes appropriate provisions for onward transfers to card networks and financial partners. Businesses subject to sector-specific data protection requirements (such as financial institutions subject to Gramm-Leach-Bliley Act safeguards rules) should assess whether Stripe's data sharing practices are consistent with those obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The terms authorize disclosure of business information and transaction data to third-party card networks and financial partners, and Users' acceptance of the agreement constitutes authorization for this sharing, which means the scope of third-party data access extends beyond Stripe itself.
This provision authorizes Stripe to share User business information and transaction data with card networks and financial partners as part of operating the payment processing services, which means data flows to third parties that are not directly contracted with the User.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stripe.