Last updated: October 12, 2017
The Data we collect depends on how our Services are used. Sometimes we receive Data directly, such as when a Stripe account is created, test transactions are submitted through our website, the Stripe Checkout form is used, or we receive an email. Other times, we get Data by recording interactions with our Services by, for example, using technologies like cookies and web beacons. We also get Data from third parties, like our financial partners or identity verification services.
The collection and use of data from a variety of sources is essential to our ability to provide our Services – and to help keep the Services safe. Data is critical in helping us to increase the safety of Your online payments, and reduce the risk of fraud, money laundering and other harmful activity.
2. Data We Collect
a. Personal Data. We call Data that identifies, or that could reasonably be used to identify, You as an individual “Personal Data”. We collect Personal Data in different ways. For example, we collect Personal Data when a business registers for a Stripe account, a Customer makes payments or conducts transactions through a User’s website or application, a person responds to Stripe emails or surveys, or when a Customer uses the “Remember Me” feature of Stripe Checkout. We also receive Personal Data from other sources, such as our partners, financial service providers, identity verification services, and publicly available sources. Personal Data does not include Data that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person. The Personal Data that we may collect includes:
- Contact details, such as name, postal address, telephone number, email address;
- Financial and transaction Data, such as credit or debit card number, and bank account information; and
- Other Personal Data, such as date of birth, SSN or EIN.
b. Other Data. We call Data other than Personal Data “Other Data”. We collect Other Data through a variety of sources. One of our sources for Other Data is cookies and other technologies that record Data about the use of our websites, websites that implement our Services, and the use of our Services generally. Other Data that we may collect include:
- Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the version of the Services You are using;
- Transaction data, such as purchases, purchase amount, date of purchase, and payment method;
- Cookie and tracking technology data, such as time spent on the Services, pages visited, language preferences, and other anonymous traffic data; and
- Company data, such as a company’s legal structure, product and service offerings, jurisdiction, company records, and information submitted through the Stripe Atlas service.
3. How We Use Data
a. Personal Data. We and our service providers use Personal Data to: (i) provide the Services; (ii) detect and prevent fraud; (iii) mitigate financial loss or other harm to Users, Customers, and Stripe; and (iv) promote, analyze and improve our products, systems, and tools. Examples of how we may use Personal Data include:
- To verify an identity for compliance purposes;
- To evaluate an application to use our Services;
- To conduct manual or systematic monitoring for fraud and other harmful activity;
- To respond to inquiries, send service notices and provide customer support;
- To process a payment with Stripe Checkout, communicate regarding a payment, and provide related customer service;
- For audits, regulatory purposes, and compliance with industry standards;
- To develop new products;
- To send marketing communications;
- To improve or modify our Services; and
- To conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business.
4. How We Disclose Data.
Stripe does not sell or rent Personal Data to marketers or unaffiliated third parties. We share Your Personal Data with trusted third parties, including:
a. To Stripe Affiliates. We share Data with entities worldwide that we control, are controlled by us, or are under our common control, to provide our Services. Stripe, Inc. is the party responsible for overall management and use of the Data by these affiliated parties;
b. To Stripe Service Providers. We share Data with service providers who help us provide the Services. Service providers help us with things like payment processing (i.e., banks, credit bureaus, payment method providers), website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, Stripe Atlas, and auditing;
c. To Our Users. We share Data with Users (such as merchants and application providers) as necessary to process payments or provide the Services. For example, we share Data with Users about purchases made by their Customers through the Stripe payment processing services;
e. To Third Parties. We will share Data with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings); and
f. Safety, Legal Purposes and Law Enforcement. We use and disclose Data as we believe necessary: (i) under applicable law, or payment method rules; (ii) to enforce our terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, You or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside Your country of residence.
We use reasonable organizational, technical and administrative measures to protect Personal Data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If You have reason to believe that Your interaction with us is no longer secure (for example, if You feel that the security of Your account has been compromised), please contact us immediately.
7. Choice and Access.
You have choices regarding our use and disclosure of Your Personal Data:
a. Opting out of receiving electronic communications from us. If You no longer want to receive marketing-related emails from us on a going-forward basis, You may opt-out via the unsubscribe link included in such emails. We will try to comply with Your request(s) as soon as reasonably practicable. Please note that if You opt-out of receiving marketing-related emails from us, we may still send You important administrative messages that are required to provide You with our Services.
b. How You can access or change Your Personal Data. If You would like to review, correct, or update Personal Data that You have previously disclosed to us, You may do so by signing in to Your Stripe account or by contacting us.
If emailing us Your request, please make clear in the email what Personal Data You would like to have changed. For Your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that You use to send us Your request, and we may need to verify Your identity before implementing Your request. We will try to comply with Your request as soon as reasonably practicable.
8. Retention Period.
9. Use of Services by Minors.
The Services are not directed to individuals under the age of thirteen (13), and we request that they not provide Personal Data through the Services.
10. Jurisdiction and Cross-Border Transfer.
11. Privacy Shield Certification.
If You are located in the EEA or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of Personal Data. Stripe is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework. For more, see Stripe’s Privacy Shield Policy.
12. Stripe as a Data Processor.
We may collect, use and disclose certain Personal Data about Customers when acting as the User’s service provider. Our Users are responsible for making sure that the Customer’s privacy rights are respected, including ensuring appropriate disclosures about third party data collection and use. To the extent that we are acting as a User’s data processor, we will process Personal Data in accordance with the terms of our agreement with the User and the User’s lawful instructions.
14. Contact Us
185 Berry Street, Suite 550
San Francisco, CA 94107
Attention: Stripe Legal
For EU individuals: The entity that provides Services in Europe is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin.
Sensitive Information. Because email communications are not always secure, please do not include credit card or other sensitive Data (such as racial or ethnic origin, political opinions, religion, health, or the like) in Your emails to us.