Stripe Data Privacy Framework Policy
Effective date: September 29, 2023
Stripe, Inc. (“Stripe”, “we”, “our” or “us”) complies with the U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the “DPF”).*
What this disclosure covers
- The types of Personal Data processed
- The purposes of data processing;
- Third parties who may receive Personal Data;
- An individual’s right to access Personal Data; and
- Any choices and means to limit the use and disclosure of Personal Data.
Stripe may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Stripe’s compliance with the DPF is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In accordance with the DPF, Stripe is also liable for onward transfers to third parties that process personal information in a way that does not follow the DPF unless Stripe was not responsible for the event giving rise to any alleged damage.
Questions and complaints
If you have any questions or concerns about our DPF certification, please contact us at firstname.lastname@example.org or please write to us at the following address:
354 Oyster Point Boulevard
South San Francisco, California, 94080
Attention: Stripe Legal
In the event we are unable to resolve your concerns, you can contact our third party dispute resolution provider JAMS (free of charge).
In some cases, the DPF gives you the right to pursue binding arbitration. You can do this to resolve complaints not resolved by Stripe or our third party dispute resolution provider, as described in Annex I to the DPF Framework.
Changes to this policy
*Stripe will not rely on the UK Extension to the EU-U.S. Data DPF or the Swiss-U.S. Data Privacy Framework until each enters into force, but we adhere to their required commitments in anticipation of their doing so.