Personal Information The term “Personal Information,” as used in this Policy, refers to any information (whether by itself or when linked with other information reasonably available to Stripe) that can be used to identify a specific person. Personal information does not include information that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person.
- Collection and use of your Personal Information
- Cookies and Web Server Logs
- Sharing and disclosure of your Personal Information
- Retention of your Personal Information
- Marketing and cookies opt-out
- Protection of information
- Changes to this policy
- Contact us - Access, Correction and Complaints
1. Collection and use of your personal information
We collect Personal Information from our merchants that use our service to process customer payments (“Merchants”) and the Merchant’s customers (“Checkout Users”) to enable us to provide our services. Our services comprise all software and services that we offer, including the Stripe Checkout form that may be made available on a Merchant’s website, or other services that we offer through our website when you register for a Stripe account (collectively referred to as the “Services”).
Broadly speaking, we collect information in three ways: (1) when you provide it directly to us, (2) when we obtain verification information about you or your company through trusted third parties (e.g. banks, credit bureaus), and (3) passively through technology such as “cookies” (cookie collection is described below in Section 2 Cookies and Web Server Logs). The types of Personal Information that we collect and our use of that information will depend on whether you are a Checkout User or Merchant.
When you use a Merchant’s website to make a purchase, the Merchant will collect your Personal Information and provide it to us. This Personal Information includes your payment card information, your email address, your mobile phone number, and billing and shipping address. We will use this information as part of the payment processing process. When you use Stripe Checkout on a merchant’s website to store your payment credentials, we will use the Personal Information disclosed to us by the Merchant (outlined above) to complete purchases that you choose to make on other websites or applications that also use Stripe Checkout, but only with your permission.
When you visit the Stripe website, you have the ability to conduct a limited number of “test” transactions and experience our Services working — without registering for a Stripe account. To monitor these test transactions, we collect your IP address, information about your computer, and other standard web log information. We also collect your Personal Information and any credit card information you provide to conduct the test transactions. We will not use this information to target any advertisements to you. To gain full access to our website and Services, you must register for a Stripe account. When you register for an account, we collect the Personal Information you provide, such as the following:
- Your name, company name, location, email address, phone number, and account password, to set up your account
- Your business and personal tax, or other government-issued identification numbers, as well as your date of birth, to verify your identity for underwriting purposes
- Your bank account information, to settle funds for your transactions
- Your IP addresses, devices, and locations used to access Stripe, which will be linked to your account for fraud detection/prevention purposes If you elect to not provide Personal Information in optional fields it may limit your ability to use our Services. We may retrieve additional Personal Information about you from third parties and other identification/verification services such as credit bureaus. In addition, we may collect Personal Information from you in other ways including emails, surveys, and other forms of communication. Once you begin using the Service through your Stripe account, we will keep records of your transactions and collect information of your other activities related to our Services.
2. Cookies and web server logs
We utilize “cookies” and other technologies to collect non-personally-identifiable information from our website and from other websites that use our Services. Where you request that your payment credentials be remembered by our checkout system, the cookies will also collect Personal Information about you. Information gathered through cookies and web-server log files may include information such as the date and time of visits, the pages viewed, IP addresses, links to/from any page, and time spent at our site.
We use cookie data to measure web traffic and usage activity on our website for purposes of monitoring, troubleshooting and improving our website and Services, to look for possible fraudulent activity, and to better understand the sources of traffic and transactions on our website and the websites of merchants that use our Services. Cookies also allow our servers to remember your account information for future visits and to provide personalized and streamlined information across related pages on our website and also across other websites or applications that use Services.
3. Sharing and disclosure of your personal information
Stripe does not sell or rent your Personal Information to marketers or third parties. Stripe may disclose personal information it collects about you to third parties for a variety of purposes in connection with providing its Services and special offers to you and operating our website. These third parties may include our agents, related bodies corporate, contractors, financial institutions, payment processors, verification services and credit bureaus, as well as any third parties that you have directly authorized to receive your Personal Information. We may share Checkout User’s contact information, but not their card information, with Merchants as part of the Checkout User’s purchases.
We may store your Personal Information in locations outside the direct control of Stripe, for instance, on servers or databases co-located with hosting providers.
Some of our the related bodies corporate or third parties to whom we disclose your Personal Information are located outside of Australia. These countries may include the United States of America, Ireland or the United Kingdom.
We may also disclose your Personal Information to law enforcement, government officials, or other third parties if required by law or we believe in good faith that the disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Service.
4. Retention of your personal information
Stripe has a variety of obligations to retain the data that you provide us, both to ensure that transactions can be appropriately processed, settled, refunded or chargedback, to identify fraud, and also to comply with laws applicable to us and to our banking providers and credit card processors. Accordingly, even if you close your Stripe account we will retain certain information as necessary to meet our obligations. However, we will identify your account in our database as “inactive” or “closed”.
5. Marketing and cookies opt-out
We may occasionally email you with information about offers or new services. If you do not wish to receive this marketing material then please email firstname.lastname@example.org. You can also opt out of these email communications by replying with unsubscribe in the subject line, or via an unsubscribe link included in such communications. However, you will continue to receive certain email communications related to your account and your relationship with Stripe.
If you wish to opt out of having cookies set on your browser (as described above in Section 3), the only way to ensure that this happens is to manage the settings on your web browser to delete all cookies and disallow further acceptance of cookies. Some aspects of our service may not work properly if you do so. You may also consider visiting aboutcookies.org, which provides helpful information about cookies.
6. Protection of information
We take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date and relevant and stored securely.
Although no data transmission can be guaranteed to be 100% secure, we take reasonable steps to ensure that your Personal Information is accurate, complete, up-to-date, relevant and stored securely. We also take all reasonable steps to ensure that the personal information we hold is protected from misuse, interference and loss and unauthorised access, modification or disclosure by the use of various methods including access limitation, and Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information.
7. Changes to this policy
We reserve the right to make changes to this Policy from time to time. Please review this Policy periodically to check for updates. If any changes are material and/or retroactive, we may provide additional notice and/or an opportunity to “opt-in,” as appropriate under the circumstances. We may also advise you of changes to this policy by emailing and/or mailing the revised policy to the addresses you provide us.
8. Contact us - access, correction and complaints
You can update your account information by signing on to our Website with your Stripe account.
If you would like to access or seek correction of your Personal Information, or if you have complaints regarding our privacy practices, please contact our privacy officer by emailing email@example.com. Alternatively, you may contact us at the following address: Privacy Officer, Stripe Australia, Level 46, MLC Centre, 19-29 Martin Place, Sydney, NSW 2000.
We aim to:
- Acknowledge receipt of all complaints within 5 business days. • Resolve all complaints within 45 days. This may not be possible in all circumstances.
- Where we cannot resolve a complaint within 45 business days, we will notify you of the reason for the delay as well as an indication of when we expect to resolve the complaint.
For more information about privacy issues in Australia, visit the Australian Information Commissioner’s website.