Library / Vendor directory

Stripe

stripe.com · facts updated 14 minutes ago

Privacy facts at a glance
Jurisdictions
US · IE · CO · MY · PH · IN · GB · JP · CA · AU
Subprocessors
37
Retention
Stripe processes Personal Data for the Term and any period required to perform post-termination obligations, and will delete or return Personal Data following termination unless retention is required by law or the Agreement.
Breach notification
For Data Incidents affecting Personal Data subject to GDPR or UK GDPR, Stripe will notify the User no later than 48 hours after becoming aware of the incident.
Transfer mechanism
EU-US Data Privacy Framework, UK Extension to EU-US DPF, Swiss-US Data Privacy Framework, and Data Transfer Addendum (SCCs implied via DTA)
DPA available
Yes
Certifications
PCI Service Provider Level 1 · SOC 1 Type II · SOC 2 Type II · SOC 3 · EMVCo Level 1 · EMVCo Level 2 · PCI PA-DSS · NIST Cybersecurity Framework · CBPR · PRP · EU-US Data Privacy Framework · Swiss-US Data Privacy Framework
GDPR addressed
Yes
CCPA addressed
Yes
Named subprocessors
Amazon Web Services, Inc. Amazon Internet Services Private Limited Sprinklr, Inc. Salesforce, Inc. Twilio, Inc. Intuition Machines, Inc. Verifi, Inc. Jack Henry & Associates, Inc. Mitek Systems, Inc. TELUS International (Cda) AML Rightsource Teleperformance Colombia S.A.S.

Tracked documents

Privacy policy
https://www.stripe.com/privacy checked 1 hour ago
Data processing agreement
https://stripe.com/legal/dpa checked 24 minutes ago
Subprocessor list
https://stripe.com/service-providers/legal checked 24 minutes ago
Security / trust page
https://stripe.com/docs/security checked 1 hour ago

Recent changes

minor Subprocessor list 24 minutes ago

Stripe's subprocessor list diff shows only the addition of a sales chat widget UI element ('8 sales reps available', 'Chat now with sales'), with no subprocessors added or removed.

minor Data processing agreement 24 minutes ago

Stripe added a sales contact widget (availability indicator, sales pitch text, and chat link) to the data processing agreement page.

minor Privacy policy 1 hour ago

Stripe added a sales contact widget or banner to the privacy policy page, indicating availability of sales representatives and a chat option.

Public summary; per-account review history visible to subscribers tracking this vendor.

Track Stripe in your workspace.

Get notified when Stripe adds a subprocessor, changes retention, updates their DPA, or quietly amends their privacy posture.

Start tracking — 14-day trial
No card required.