Stripe Sub-Processors and Service Providers List

We’re updating this page and the changes will be effective as of July 21, 2023.

Last updated: July 21, 2023

To support Stripe in delivering its Services, Stripe engages service providers, Sub-Processors and affiliates to assist Stripe with its data processing activities on behalf of Stripe Business Users as defined in our Stripe Services Agreement.

What is a Sub-processor?

When Stripe engages third party service providers in our capacity as a data processor for our Business Users’ personal data, the General Data Protection Regulation (“GDPR”) and a number of other global privacy frameworks call these third-party service providers sub-processors. Sub-processors are service providers who have or potentially will have access to or process personal data that Stripe processes for, and on behalf of, Stripe’s Business Users.

This page outlines the types of service providers, Sub-processors, and affiliates we utilize, where they are located, and a description of the work they carry out.

Due Diligence

Before engaging any service provider (including Sub-processors), we perform due diligence, including a vendor security assessment. Our service providers are subject to contract terms designed to ensure that these service providers process personal data only for the purposes of providing services to Stripe and in accordance with our commitments to Business Users and applicable data protection laws.

List of Service Providers

The below list of service providers are some key third parties Stripe works with across our products and services. You will also find some service providers that Stripe works with for a specific Stripe product or service.





DocuSign, Inc.

Business User data


United States

Google LLC

Business User data, End Customers’ data and Visitors’ data

Email, file storage, collaboration tools, and services to help protect our Sites (e.g. ReCAPTCHA) and to measure interactions on our Sites

United States

Marketo, Inc.

Business User data

Marketing tool

United States, Inc.

Business User data

Customer relationship management platform which stores Business User contact information as well as supporting information about the business relationship

United States

Zoom Video Communications, Inc.

Business User data, insofar as that is shared in spoken word between the conversing parties

Video conferencing system

United States

Ekata, Inc.

Business User data

Provide sanctions screening services

United States

LegitScript, LLC

Business User data

Provide merchant monitoring services

United States

User and Sales support service providers

Information included in the queries raised by the individuals contacting Stripe support

Provide user and sales support in several languages and timezones


Verification service providers

Business User data and End Customer data

Help verify the identity of Stripe Business Users and End Customers, and mitigate fraud


Stripe Issuing

Idemia America Corp.

Cardholder name, PAN, CVV, expiration date, shipping address

Printing the cards for Stripe Issuing

United States

Stripe Terminal

The Phoenix Group

Business User name and address for shipping purposes

To enable hardware ordered from Stripe to be shipped to Business Users in the US and CA

United States

Lantec (UK) Ltd

Business User name and address for shipping purposes

To enable hardware ordered from Stripe to be shipped to Business Users in Europe

United Kingdom

Updates to this Page

Due to the nature of our global business and the volume of Business Users, our business needs and services providers may change from time to time. For example, we may deprecate a service provider to consolidate and minimize our use of service providers. Similarly, we may add a service provider if we believe that doing so will enhance our ability to deliver our Services.

We will periodically update this page to reflect additions and removals to our list of service providers, Sub-processors and Affiliates. If you are a Business User, you may subscribe to receive email notifications of updates to our list of Sub-processors on this page here.

Under the terms of our Data Processing Agreement (DPA), a Business User may reasonably object in writing to the processing of its personal data by a new Sub-processor within 30 days following the update of this page. If a Business User does not object during the 30 day time period, the appointment of the new Sub-processor shall be deemed accepted by the Business User. If you are a Business User and want to know more about our DPA, please contact us.

For more information on Stripe’s privacy practices, please visit our Privacy Policy. If you have any questions regarding this page, please contact us.