Library / Vendor directory

Paypal

paypal.com · facts updated 19 hours ago

Privacy facts at a glance
Jurisdictions
US · EU · AU · CA · HK · BR · SG · UK · LU
Retention
PayPal must comply with legal or regulatory obligations applicable to the processing and retention of payment data, but no specific retention period is stated.
Breach notification
If PayPal determines it must notify affected Customers in connection with a security incident, Merchant shall use commercially reasonable efforts to provide PayPal with Customer contact information for that purpose, but no specific notification timeframe is stated.
Transfer mechanism
Binding Corporate Rules, EU Standard Contractual Clauses (Module 1), and UK Transfer Clauses
SCC modules
Module 1
DPA available
Yes
GDPR addressed
Yes
CCPA addressed
Yes

Tracked documents

Privacy policy
https://www.paypal.com/us/legalhub/paypal/privacy-full checked 21 hours ago
Terms of service
https://www.paypal.com/us/legalhub/paypal/home checked 20 hours ago
Data processing agreement
https://www.paypal.com/us/legalhub/paypal/data-protection?locale.x=en_US checked 20 hours ago
Security / trust page
https://www.paypal.com/us/security checked 16 hours ago

Recent changes

major Data processing agreement 20 hours ago

PayPal added a new Data Protection Addendum for Payment Processing Products covering controller roles, cross-border data transfers, customer data definitions, and applicable Data Protection Laws across multiple jurisdictions.

Security / trust page 1 week ago

Document updated.

minor Security / trust page 3 weeks ago

PayPal's security/trust page underwent navigation menu reformatting with minor structural whitespace and line-break changes but no substantive content additions or removals.

minor Security / trust page 1 month ago

PayPal's security/trust page navigation menu was reformatted, consolidating previously line-broken menu items into continuous text and removing the standalone 'Sign Up' link from the header.

minor Terms of service 1 month ago

PayPal's Terms of Service document shows only removals of website navigation elements, header/footer UI text, and a table of contents listing of existing legal agreements, with no substantive policy content changed.

Public summary; per-account review history visible to subscribers tracking this vendor.

Track Paypal in your workspace.

Get notified when Paypal adds a subprocessor, changes retention, updates their DPA, or quietly amends their privacy posture.

Start tracking — 14-day trial
No card required.