Link: Privacy Policy (original) (raw)

This Privacy Policy will be updated on January 16, 2025. Please review the upcoming changes here.

Last updated: January 16, 2024

This Privacy Policy includes important information about your personal data and we encourage you to read it carefully. You can also find more details about our privacy policies and processes in the Link Privacy Center

Welcome

We provide financial infrastructure for the internet. Individuals and businesses of all sizes use our technology and services to facilitate purchases, accept payments, send payouts, and manage online businesses.

This Privacy Policy (“Policy”) describes the Personal Data we collect, how we use and share it, along with details on how you can reach out to us with privacy-related inquiries. Additionally, the Policy outlines your rights as a data subject and choices you have, including the right to object to certain usages of your Personal Data by us. For further information about our privacy practices, including our Supplemental U.S. Notice, please refer to our Link Privacy Center.

In this Policy, “Stripe”, “we”, “our”, or “us” refers to the Stripe entity responsible for the collection, use, and handling of Personal Data as described in this document. Depending on your jurisdiction, the specific Stripe entity accountable for your Personal Data might vary. Learn More.

Personal Data” refers to any information associated with an identified or identifiable individual, which can include data that you provide to us, and we collect about you during your interaction with our Services (such as device information, IP address, etc.).

Services” refer to the products and services provided by Stripe under the Stripe Services Agreement and the Stripe Consumer Terms of Service. This may include devices and applications provided by Stripe. Our “Business Services” are services that we provide to entities (“Business Users”) that directly and indirectly provide us with “End Customer” Personal Data in connection with their own business operations and activities. Our “End User Services” are those that Stripe provides directly to individuals for their personal use. “Sites” refer to Stripe.com, Link.com, and other Stripe websites, apps, and online services. Collectively, we refer to Sites, Business Services, and End User Services as “Services”.

“Financial Partners” are financial institutions, banks, and other partners such as payment method acquirers, payout providers, and card networks that we partner with to provide the Services.

Depending on the context, “you” might be an End Customer, End User, Representative, or Visitor:

In this Policy, “Transaction Data” refers to data collected and used by Stripe to facilitate transactions you request. Some Transaction Data is Personal Data and may include: your name, email address, contact number, billing and shipping address, payment method information (like credit or debit card number, bank account details, or payment card image chosen by you), merchant and location details, amount and date of purchase, and in some instances, information about what was purchased.

Depending on the activity, Stripe assumes the role of a “data controller” and/or “data processor” (or “service provider”) based on the activity. For more details about our role, the specific Stripe entity responsible under this Policy, and our legal bases for processing your Personal Data, please visit our Link Privacy Center.

Our collection and use of Personal Data differs based on whether you are an End User, End Customer, Representative, or Visitor, and the specific Service being utilized. For example, if you're a sole proprietor who wants to use our Business Services, we may collect your Personal Data to onboard your business; at the same time, you might also be an End Customer if you've bought goods from another Business User utilizing our Services for payment processing. You could be an End User if you used our End User Service, such as Link, for those transactions.

1.1 End Users

We provide End User Services when we provide the Services directly to you for your personal use (e.g., Link). Additional details regarding our collection, usage, and sharing of End User Personal Data, including the legal bases we rely on for processing such data, can be found in our Link Privacy Center.

a. Personal Data we collect about End Users

1.2 End Customers

Stripe provides various Business Services to our Business Users, which include in-person or online checkout payment processing or processing payouts for those Business Users. When acting as a service provider—also referred to as a data processor—for a Business User, we process End Customer Personal Data in accordance with our agreement with the Business User and the Business User's lawful instructions. This happens, for example, when we process a payment for a Business User because you purchased a product from them, or when the Business User asks us to send you funds.

Business Users are responsible for ensuring that the privacy rights of their End Customers are respected, including obtaining appropriate consents and making disclosures about their own data collection and use associated with their products and services. If you're an End Customer, please refer to the privacy policy of the Business User you're doing business with for its privacy practices, choices, and controls.

We provide more comprehensive information about our collection, use, and sharing of End Customer Personal Data in our Link Privacy Center, including the legal bases we rely on for processing your Personal Data.

a. Personal Data we collect about End Customers

To provide our Business Services to our Business Users, we use and share End Customers' Personal Data with them. Where allowed, we also use End Customers' Personal Data for Stripe’s own purposes such as enhancing security, improving and offering our Business Services, and preventing fraud, loss, and other damages, as described further below.

1.3 Representatives

We collect, use, and share Personal Data from Representatives of Business Users (for example, business owners) to provide our Business Services. For more information about how we collect, use, and share Personal Data from Representatives, as well as the legal bases we rely on for processing such Personal Data, please visit our Link Privacy Center.

a. Personal Data we collect about Representatives

We typically use the Personal Data of Representatives to provide the Business Services to the corresponding Business Users. The ways we use and share this data are further described below.

1.4 Visitors

We collect, use, and share the Personal Data of Visitors. More details about how we collect, use, and share Visitors’ Personal Data, along with the legal bases we rely on for processing such Personal Data, can be found in our Link Privacy Center.

a. Personal Data we collect about Visitors

When you browse our Sites, we receive your Personal Data, either provided directly by you or collected through our use of cookies and similar technologies. See our Cookie Policy for more information. If you opt to complete a form on the Site or third party websites where our advertisements are displayed (like LinkedIn or Facebook), we collect the information you included in the form. This may include your contact information and other information pertaining to your questions about our Services. We may also associate a location with your visit. Learn More.

In addition to the ways described above, we also process your Personal Data as follows:

a. Collection of Personal Data

b. Use of Personal Data.

Besides the use of Personal Data described above, we use Personal Data in the ways listed below:

c. Sharing of Personal Data.

Besides the sharing of Personal Data described above, we share Personal Data in the ways listed below:

For purposes of the General Data Protection Regulation and other applicable data protection laws, we rely on a number of legal bases to process your Personal Data. Learn More. For some jurisdictions, there may be additional legal bases, which are outlined in the Jurisdiction-Specific Provisions section below.

4. Your rights and choices

Depending on your location and subject to applicable law, you may have choices regarding our collection, use, and disclosure of your Personal Data:

a. Opting out of receiving electronic communications from us

If you wish to stop receiving marketing-related emails from us, you can opt-out by clicking the unsubscribe link included in such emails or as described here. We'll try to process your request(s) as quickly as reasonably practicable. However, it's important to note that even if you opt out of receiving marketing-related emails from us, we retain the right to communicate with you about the Services you receive (like support and important legal notices) and our Business Users might still send you messages or instruct us to send you messages on their behalf.

b. Your data protection rights

Depending on your location and subject to applicable law, you may have the following rights regarding the Personal Data we control about you:

You may have additional rights, depending on applicable law, over your Personal Data. For example, see the Jurisdiction-specific provisions section under United States below.

c. Process for exercising your data protection rights

To exercise your data protection rights, visit our Link Privacy Center or contact us as outlined below.

5. Security and Retention

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organizational, technical, and administrative measures designed to protect the Personal Data covered by this Policy from unauthorized access, destruction, loss, alteration, or misuse. Learn More. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

We encourage you to assist us in protecting your Personal Data. If you hold a Stripe account, you can do so by using a strong password, safeguarding your password against unauthorized use, and avoiding using identical login credentials you use for other services or accounts for your Stripe account. If you suspect that your interaction with us is no longer secure (for instance, you believe that your Stripe account's security has been compromised), please contact us immediately.

We retain your Personal Data for as long as we continue to provide the Services to you or our Business Users, or for a period in which we reasonably foresee continuing to provide the Services. Even after we stop providing Services directly to you or to a Business User that you're doing business with, and even after you close your Stripe account or complete a transaction with a Business User, we may continue to retain your Personal Data to:

In cases where we keep your Personal Data, we do so in accordance with any limitation periods and record retention obligations imposed by applicable law. Learn More.

6. International Data Transfers

As a global business, it's sometimes necessary for us to transfer your Personal Data to countries other than your own, including the United States. These countries might have data protection regulations that are different from those in your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. In certain situations, we may be required to disclose Personal Data in response to lawful requests from officials, such as law enforcement or security authorities. Learn More.

If you are located in the European Economic Area (“EEA”), the United Kingdom ("UK"), or Switzerland, please refer to our Link Privacy Center for additional details. When a data transfer mechanism is mandated by applicable law, we employ one or more of the following:

Stripe, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce and as applicable. Learn More.

7. Updates and notifications

We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective the latter of when we post the revised Policy on the Services or otherwise provide notice of the update as required by law.

We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and, if you are an End User or Representative, by contacting you through your Stripe Dashboard, email address and/or the physical address listed in your Stripe account.

8. Jurisdiction-specific provisions

If you have any questions or complaints about this Policy, please contact us. If you are an End Customer (i.e., an individual doing business or transacting with a Business User), please refer to the privacy policy or notice of the Business User for information regarding the Business User’s privacy practices, choices and controls, or contact the Business User directly.

10. US Consumer Privacy Notice

The following Consumer Privacy Notice applies to you if you are an individual who resides in the United States and obtains financial services from Stripe primarily for your own personal family or household purposes.
Last updated: January 16, 2024

FACTS WHAT DOES STRIPE DO WITH YOUR PERSONAL INFORMATION?
Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What? The types of personal information we collect and share depend on the product or service you have with us. This information can include:Social Security NumberContact detailsAccount balances and transaction historyPayment, transaction, and purchase information and historyWhen you are no longer our customer, we continue to share your information as described in this notice.
How? All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Stripe chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information Does Stripe Share? Can you limit this sharing
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus Yes No
For our marketing purposes - to offer our products and Services to you Yes No
For joint marketing with other financial companies Yes No
For our affiliates' everyday business purposes - information about your transactions and experiences Yes No
For our affiliates' everyday business purposes - information about your creditworthiness No We don’t share
For our affiliates to market to you No We don’t share
For nonaffiliates to market to you if you are a Link user Yes Yes
For nonaffiliates to market to you if you are a Financial Connections user No We don’t share
To limit our sharing Login to your Link account at app.link.com/settings and toggle off data sharing from the Messaging menu.Please note:If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice.However, you can contact us at any time to limit our sharing.
Questions? Contact us at privacy@stripe.com or visit us at https://support.link.com
Who we are
Who is providing this notice? Stripe, Inc., Stripe Payments Company, and their affiliates that provide consumers services in the U.S.
What we do
How does Stripe protect my personal information? To protect your personal information from unauthorized access, destruction, loss, alteration, or misuse we use security measures to comply with federal law. These measures include computer safeguards and secured files and buildings. We impose access controls along with ongoing monitoring to prevent data misuse, and we require our service providers to take similar steps to protect your information.
How does Stripe collect my personal information? We collect your personal information, for example, when youopen a Link account;ask Stripe to process a payment for goods or services;provide bank account information to Stripe using Financial ConnectionsWe also collect your personal information from others, such as affiliates or other companies.
Why can’t I limit all sharing? Federal law gives you the right to limit onlysharing for affiliates’ everyday business purposes — information about your creditworthinessaffiliates from using your information to market to yousharing for nonaffiliates to market to you.State laws and individual companies may give you additional rights to limit sharing. See the Other Important Information section below for more information on your rights under state law.
What happens when I limit sharing for an account I hold jointly with someone else? Your choices will apply to everyone on your account.
Definitions
Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies.Our affiliates include companies operating under the Stripe name, such as Stripe Payments Europe, Limited and Stripe Payments UK Ltd.
Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies.Nonaffiliates with which we share personal information include service providers that perform services or functions on our behalf, Business Users with which you choose to transact, partners with which we share data to provide you with services, and advertising partners, analytics providers, and social networks, who assist us in advertising our Services to you.
Joint Marketing A formal agreement between non-affiliated financial companies that together market financial products or services to you.Our joint marketing partners include financial companies we partner with to provide you with financial services.
Other important information
Vermont: If your account with us is associated with a Vermont billing address, we will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures. For joint marketing, we will only disclose your name, contact information, and information about your transactions. Additional information concerning our privacy policies can be found in our Privacy Policy and Link Privacy Center.California: If your account with us is associated with a California billing address, we will not disclose Personal Data we collect about you except to the extent permitted under California law. For instance, we may disclose your Personal Data as necessary to process transactions or provide products and services you request, at your instruction, as required for institution risk control, and to safeguard against fraud, identity theft, and unauthorized transactions.

For additional information about our privacy practices, please visit the Link Privacy Center.