Effective Date May 24, 2022
This Stripe App Developer Agreement (“Agreement”) is a legal agreement between Stripe, Inc. (“Stripe”, “us”, or “we”) and the entity or person (“you”, “your”, or “Developer”) who uses their Stripe Account to develop an Application for Stripe Business Users.
“Business Account” means the Stripe account that chooses to install your Stripe Application.
“Business Account Data” means any information (including Personal Data) that the Business Account authorizes Stripe to share with your Stripe Application.
“Business User” means any individual who is lawfully entitled to access and operate a Business Account.
“CCPA” means the California Consumer Privacy Act of 2018, as may be amended from time to time.
“Confidential Information” means non-public information, know-how, or trade secrets in any form: (1) that a reasonable person knows or reasonably should understand to be confidential based on the nature of the information or the manner by which the information is disclosed by Stripe, or (2) that Stripe designates as confidential. Information is not Confidential Information if it: (a) is or becomes publicly available without you breaching this Agreement; (b) is already known to you lawfully without an obligation to keep it confidential; (c) is received by you from another source that has authority to disclose it lawfully and has no obligation to keep it confidential; or (d) is independently developed by you.
“Content” means information obtained by Stripe from publicly available sources or its third party content providers and made available to you through the Covered Services, as may be described in the Documentation.
“Covered Services” means Stripe Apps and the Stripe Apps Marketplace.
“Data Breach” means a breach of security associated with the Developer’s Stripe Application leading to the accidental, unlawful, or unauthorized use, destruction, loss, alteration, disclosure of, or access to, Business Account, Business Account Data, Confidential Information; or that might adversely affect the security of the Stripe systems.
“Data Controller” means the entity which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data, which may include, as applicable, a “Business” as defined under the CCPA.
“Data Processor” means the entity that Processes Personal Data on behalf of the Data Controller.
“Data Subject” means an identified or identifiable natural person to which Personal Data pertains.
“Developer” means you, your organization, its agents, employees and consultants.
“Developer Data” means electronic data and information submitted by you to the Covered Services. Developer Data includes, among other things, technical and operational data submitted by you in connection with your Stripe App and feedback provided by you to Stripe in connection with the Covered Services. Developer Data does not include: (1) Content, (2) reports, data, assessments, analyses or compilations collected by, derived from, created by or returned by the Covered Services, including any derivative works, (3) your Stripe Application(s), (4) Developer Personal Data or Confidential Information unless it is needed for your Stripe App Listing.
“Documentation” means resources and documentation that Stripe makes available to developers through Stripe’s support pages, API documentation, and other websites.
“DP Law” means all laws and regulations that apply to Processing of Personal Data under this Agreement, including applicable international, national, federal, state, provincial, and local laws, rules, regulations, directives and governmental requirements currently in effect, and as they become effective, relating in any way to privacy, data protection, or security, as well as the Payment Card Industry (“PCI”) Data Security Standards. “GA Service” means the products and services offered by Stripe, that may be governed by a separate services agreement between you and Stripe or may be made available online by Stripe, including associated Stripe offline or mobile components, which are described in the Documentation. Stripe Apps and Stripe Apps Marketplace are currently offered as a public beta, so they are not GA Services. “GA Successor Service” means any successor version of service or a product or service derived from the Stripe Apps or Stripe Apps Marketplace that Stripe may make available as a GA Service. “Listing” means the information provided for listing the Application on Stripe’s App Marketplace.
“Necessary Condition” means any of the following: (1) it is required by applicable law, rule, or regulation or otherwise required or requested by a court order or governmental authority; (2) Stripe suspects that you or your Stripe App have Processed Business Account Data in violation of the terms of this Agreement or other applicable terms or policies; (3) you enter into a change of control transaction or transfer (or request to transfer) any of your rights or obligations under the terms of this Agreement or other applicable terms or policies; (4) Stripe determines in our sole discretion it is necessary to ensure that you and your App have deleted Business Account Data in accordance with the terms of this Agreement and all other applicable terms and policies; or (5) we determine in our sole discretion it is necessary to ensure proper remediation of any non-compliance revealed by an audit.
“Records” mean books, agreements, access logs, third-party reports, policies, processes, and other records regarding the Processing of Business Account Data. “Stripe Application” or “Stripe App” means a software application, including source code, provided by Developer or a third party to Stripe that may interoperate with the Covered Services, including an application developed by or for Developer or is listed on a marketplace. “Stripe App Marketplace” or “Marketplace” means Stripe’s online marketplace site where your Application may be discovered and installed by Business Accounts.
“Personal Data” means any information relating to a Data Subject (who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person) that is collected, disclosed, stored, accessed or otherwise Processed under the Agreement.
“Process”, “Processing” or “Processed” means to perform any operation or set of operations on data (including Personal Data and Business Account Data), such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destroying.
“Sell” means the definition prescribed to it in the CCPA.
“Service Provider” means an entity you use to provide you services in connection with your Stripe App.
2. Developer Responsibilities to Stripe.
You agree to: (1) be solely responsible for the accuracy, quality, integrity and legality of Your Stripe Application; (2) use commercially reasonable efforts to prevent unauthorized access to or use of Your Stripe Application, and notify us promptly of any such unauthorized access or use; and (3) use the Covered Services only in accordance with the terms of this Agreement, all other applicable terms and policies, Documentation, and applicable laws and government regulations.
3. Beta Service and Content.
During the Stripe Apps beta period, we will make the Covered Services available to you at no charge, subject to: (1) the terms of this Agreement; (2) the Documentation and (3) your agreement to process payments triggered by core functionality of your app on Stripe unless another payment processor is approved in writing by Stripe.
4. Developer Code of Conduct.
Stripe’s users always come first. If you upload your application to Stripe, you agree: (1) you will not make any misrepresentations to or mislead our users or any third party; (2) you will avoid any conflict of interest or engage in any intentional unethical conduct; and (3) you will not cause any reputational harm to Stripe.
5. License Granted by Developer.
You grant Stripe the license to host, copy, transmit and display your Stripe Application and Developer Data for use with the Covered Services. In addition, you grant Stripe a revocable, non-exclusive, worldwide, royalty-free license to host your Application on Stripe servers and publish all information you provide to Stripe in furtherance of Stripe’s hosting and distributing of a your Stripe Application, including your logos and marks, subject to reasonable restrictions communicated to Stripe in writing.
6. Data Uses.
Stripe may use Developer Data solely to the extent necessary to fulfill its obligations under this Agreement. Stripe will not sell, disclose, or share any Developer Data, in whole or in part, to or with any third-party. Once you upload your Application, Stripe will maintain appropriate, industry-standard technical and organizational measures to protect any data and information, including Personal Data, that it collects, accesses, processes or receives from you under the terms of this Agreement in accordance with applicable DP Laws. Stripe agrees to comply with all applicable DP Laws in performing its obligations under this Agreement.
7. Proprietary Rights.
Subject to the rights granted under this Agreement, Stripe and its licensors reserve all rights, title and interest in and to the Covered Services (including reports, data, assessments, analyses or compilations of Developer Data, collected by, derived from, created by or returned by the Covered Services, including any derivative works thereof) and Content, including all related intellectual property rights. No rights are granted to the Developer other than as set forth in this Agreement. Subject to the limited licenses granted herein, Stripe acquires no right, title or interest from Developer or its licensors under this Agreement in or to the Stripe Applications. You represent and warrant that your Stripe Applications do not and will not violate, misappropriate or infringe upon the intellectual property or other rights of any third party. You also agree to defend, indemnify, and hold harmless Stripe and its affiliates from and against any third-party claim alleging that your Stripe Application infringes any third party rights.
You may provide and we encourage ongoing feedback directly to us regarding the Covered Services. Stripe shall have a royalty-free, worldwide, irrevocable, perpetual license to use and incorporate into the Covered Services and GA Successor Services any suggestion, enhancement request, recommendation, correction or other feedback provided by Developer relating to the operation of the Covered Services and GA Successor Services for use by Stripe and users of its offerings.
9. Protection of Confidential Information.
You, as a Stripe Apps Developer, may receive from Stripe updates and information that is Confidential Information. You agree not to disclose such Confidential Information or any announcements that Stripe notes as embargoed regarding the Stripe Apps Marketplace.
10. Relationship between Parties and Sale.
Stripe and Developer agree that neither is the Data Processor of the other party, nor are the parties acting together as joint Data Controllers. Stripe and Developer agree that no monetary or other valuable consideration is provided to either party in exchange for Personal Data and that data sharing conducted pursuant to this Agreement does not constitute a Sale of Personal Data.
11. Data Use by Developer.
You agree to comply with all applicable DP Laws. Including and without limitation, you will:
(1) provide notices of Data Breach to the Data Subject and appropriate government authorities as required by applicable DP Law;
(4) not Sell Business Account Data;
(5) not use Business Account Data to determine eligibility for credit or insurance, to be used primarily for personal, family, or household purposes, or in any other way that would cause the Business Account Data to constitute a “consumer report” under Fair Credit Reporting Act, 15 U.S.C. § 1681, et seq. (“FCRA”); nor use Business Account Data to take “adverse action” as that term is described in FCRA and the Equal Credit Opportunity Act, 15 U.S.C. § 1681, et seq. (ECOA) and their implementation regulations, against any individual,
(6) only share Business Account Data with a third party: (a) when required under applicable law or regulations; (b) when the third-party is a Service Provider that satisfies the terms of this Agreement; and (c) when a Business User expressly directs you to share its Business Account Data with the third party and;
(7) not direct the Stripe Application to users under the age of 13 or collect Personal Data from users known to be under the age of 13 (or such age that would require parental consent under applicable DP Laws).
12. Service Providers.
13. Data Breach Reporting to Stripe.
You agree to implement a data security incident management program which addresses how you and your Stripe App will detect and manage data security incidents, including Data Breaches. You will notify Stripe at firstname.lastname@example.org without undue delay - but in no event later than 48 hours - after becoming aware of a Data Breach. Upon becoming aware of the Data Breach, you will, at your own cost, immediately begin remediation of the incident leading to the Data Breach and reasonably cooperate with Stripe, including by informing Stripe in reasonable detail of the impact of the incident upon Business Account Data, specific Business Accounts and Business Users affected by the incident, and corrective actions being taken, and keeping Stripe updated about your compliance with any notification or other requirements under applicable DP Laws.
14. Security Measures.
You will implement and maintain technical and organizational safeguards for your Stripe App that: (1) meet or exceed industry standards proportionate to the sensitivity of Business Account Data it processes, (2) comply with applicable DP Laws, and (3) are designed to prevent any Data Breach or unauthorized Processing of Business Account Data under the terms of this Agreement or any other applicable terms or policies.
15. Data Storage.
To the extent that Developer uses Stripe Apps interfaces to store data, Developer agrees that it will not store Personal Data (unless it is needed for your Stripe App Listing), personal health data, and data that could be construed to infringe intellectual property law.
This Agreement begins on the Date you accept these terms and is effective until terminated in accordance with Section 20 (Termination and Notices). As a result of your use of the Covered Services and the grants given by the Developer under this Agreement, Stripe may develop GA Services utilizing Developer Data which may be made available beyond the Term.
17. Retention and deletion of data.
Unless required to keep Business Account Data under applicable law or regulation, you must delete all Business Account Data as soon as reasonably possible: (1) when retaining the Business Account Data is no longer necessary for a legitimate business purpose that is consistent with the terms of this Agreement and all other applicable terms and policies; (2) when you stop operating the Stripe Application through which the Business Account Data was acquired; (3) when we request you delete the Business Account Data; (4) when the Business User requests their Business Account Data to be deleted or no longer has an account with you; and (5) when required by applicable law or regulations, including DP Laws.
18. Compliance Review.
We may conduct an audit from time to time, but no more than once a calendar year unless there is a Necessary Condition, to ensure that your and your Stripe App’s Processing of Business Account Data is and has been in compliance with the terms of this Agreement and all other applicable terms and policies upon reasonable notice. You will cooperate (and cause your Service Providers to cooperate) with the audits, including by providing information and assistance as reasonably requested (including making your personnel who are knowledgeable about your or your App’s Processing of Business Account Data available for our questioning). If an audit reveals any non-compliance by you or your Service Provider(s) then you will reimburse us for all of our reasonable costs and expenses associated with conducting the audit and any related follow-up audits.
From time to time, we may request you to certify, in writing, that you are in compliance with these Terms and all other applicable terms and policies, and the purpose or use of the Business Account Data you have access to, and that each such purpose or use complies with these Terms and all other applicable terms and policies. All such certifications and attestations must be provided by an authorized representative of yours.
20. Termination and Notices.
Either party may terminate this Agreement at any time without cause upon thirty (30) days’ written notice to the other. Either party may terminate Developer’s right to use any particular Covered Service by providing written notice (email acceptable) of such termination to the other party; the notifying party will provide such notice thirty (30) days before the termination date. Notices to Stripe will be addressed to the attention of email@example.com or as updated by Stripe via written notice to Developer. Notices to Developer will be addressed to the signatory below. If Stripe makes a request under this termination section, Developer will cooperate reasonably with Stripe to disable access.Stripe may terminate this Agreement for cause immediately upon written notice in the event that: (1) Developer breaches this Agreement; (2) Developer breaches the terms of the Stripe Apps Marketplace Agreement (3) Developer becomes insolvent or discontinues business operations; or (4) Developer makes a general assignment for the benefit of creditors or commences any proceeding under any reorganization, liquidation or bankruptcy law, or is subject to resolution procedures by any Regulatory Authority. Upon termination of this Agreement for any reason, Stripe shall have sixty (60) days to wind-down its use of Developer’s name and trademarks.
21. Developer Responsibilities in Stripe Accounts.
You are responsible for all activities that occur in your Stripe account(s) and for compliance with this Agreement. You are also responsible for all activity your Stripe Application executes within the Stripe’s Business User dashboard.
22. No Warranty.
THE COVERED SERVICES AND CONTENT ARE PROVIDED “AS-IS,” EXCLUSIVE OF ANY WARRANTY WHATSOEVER WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. STRIPE DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. STRIPE DISCLAIMS ALL LIABILITY FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD- PARTY HOSTING PROVIDERS. The Covered Services may contain bugs or errors. Any participation in or use of the Covered Services or Content is at your sole risk. You acknowledge that Stripe may discontinue the Covered Services at any time in its sole discretion, and may never make an applicable GA Successor Service available.
23. Updates to this Agreement.
We reserve the right to change this Agreement at any time at our discretion. We will give you notice of the changes by posting an updated version of this Agreement online or by emailing you at an email address you have provided. Any other changes to the Agreement will be effective 15 days after we post them or otherwise notify you of them, unless we specify a different effective date when we make a particular change. However, we may change this Agreement with effect as of the date we post the changes or otherwise notify you of them, to change existing features or add additional features to the Covered Services that do not materially adversely affect your Application, or for legal, regulatory, fraud or abuse prevention, or security reasons. You are responsible for checking for Agreement updates. If you continue to make your Stripe App available after the effective date of any changes, it constitutes your acceptance of the changes. If you do not agree to a change, you must delete your Stripe Application and terminate this Agreement.
24. No Damages.
EXCEPT AS MAY BE REQUIRED BY APPLICABLE LAW, IN NO EVENT SHALL STRIPE HAVE ANY LIABILITY TO DEVELOPER FOR ANY DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR DAMAGES BASED ON LOST PROFITS, DATA OR USE, HOWEVER CAUSED AND, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, WHETHER OR NOT DEVELOPER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
25. Relationship to Other Agreements.
Developer may be or become entitled to receive access to other Stripe services or the GA Successor Service under a separate agreement with Stripe. In that case, that separate agreement will govern your access to the other Stripe services or the GA Successor Service, but will not govern your access to the Stripe App Beta Program or Content accessed via the Covered Services, except as otherwise noted in this Agreement.
Developer may not assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of Stripe (not to be unreasonably withheld). This Agreement shall be governed exclusively by the internal laws of the State of California, without regard to its conflicts of laws rules. Each party hereby consents to the exclusive jurisdiction of the state and federal courts located in San Francisco County, California to adjudicate any dispute arising out of or relating to this Agreement. Notwithstanding the foregoing, Stripe will be entitled to seek injunctive remedies or other types of urgent legal relief in any jurisdiction. There are no third-party beneficiaries under this Agreement. This Agreement constitutes the entire agreement between the parties, and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the change is to be asserted. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) any exhibit, schedule or addendum to this Agreement, (2) the body of this Agreement, and (3) the Documentation. This Agreement may be executed by facsimile and in counterparts. Titles and headings of sections of this Agreement are for convenience only and shall not affect the construction of any provision of this Agreement. You[p] understand Stripe may be independently creating (or may receive from third parties) features, applications, content, or other products or services that may be similar to or competitive with the Application, and nothing in these Terms will be construed as restricting or preventing Stripe from doing so.
The following provisions: “Proprietary Rights,” “Protection of Confidential Information,” “Developer Responsibilities,” “No Warranty,” “No Damages,” “Relationship to Other Agreements” and “Miscellaneous” shall survive the termination of this agreement.