PRIVACY POLICY

Last updated June 19, 2024



This privacy notice for Exceptional Eye Photos (doing business as Exceptional Eye Photos) ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:
  • Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].


SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the privacy notice in full.


TABLE OF CONTENTS



1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
  • names
  • email addresses
  • phone numbers
  • mailing addresses
  • usernames
  • billing addresses
  • contact or authentication data
  • debit/credit card numbers
  • contact preferences
Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:
  • financial data
Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Stripe and Paypal. You may find their privacy notice link(s) here: https://stripe.com/privacy and https://www.paypal.com/us/legalhub/privacy-full.

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:
  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
  • To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.

  • To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.

  • To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
  • Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
  • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  • For investigations and fraud detection and prevention
  • For business transactions provided certain conditions are met
  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
  • For identifying injured, ill, or deceased persons and communicating with next of kin
  • If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
  • If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
  • If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
  • If the collection is solely for journalistic, artistic, or literary purposes
  • If the information is publicly available and is specified by the regulations

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work.

The categories of third parties we may share personal information with are as follows:
  • Ad Networks
  • Affiliate Marketing Programs
  • Data Analytics Services
  • Finance & Accounting Tools
  • Payment Processors
  • Performance Monitoring Tools
  • Sales & Marketing Tools
  • Social Networks
  • Website Hosting Service Providers
  • User Account Registration & Authentication Services
  • Communication & Collaboration Tools
  • Data Storage Service Providers
  • Order Fulfillment Service Providers

We also may need to share your personal information in the following situations:
  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API).
  • Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.
  • Other Users. When you share personal information (for example, by posting comments, contributions, or other content to the Services) or otherwise interact with public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services in perpetuity. If you interact with other users of our Services and register for our Services through a social network (such as Facebook), your contacts on the social network will see your name, profile photo, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Services, and view your profile.

5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?

In Short: We are not responsible for the safety of any information that you share with third parties that we may link to or who advertise on our Services, but are not affiliated with, our Services.

The Services may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications. The inclusion of a link towards a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this privacy notice. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Services. You should review the policies of such third parties and contact them directly to respond to your questions.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.

To the extent these online tracking technologies are deemed to be a "sale"/"sharing" (which includes targeted advertising, as defined under the applicable laws) under applicable US state laws, you can opt out of these online tracking technologies by submitting a request as described below under section "DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?"

Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or X logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

10. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at [email protected].

11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

We will consider and act upon any request in accordance with applicable data protection laws.
 
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:
  • Log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. You may also opt out of interest-based advertising by advertisers on our Services.

If you have questions or comments about your privacy rights, you may email us at [email protected].

12. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. More information is provided below.

Categories of Personal Information We Collect

We have collected the following categories of personal information in the past twelve (12) months:

CategoryExamplesCollected
A. Identifiers
Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name

YES

B. Personal information as defined in the California Customer Records statute
Name, contact information, education, employment, employment history, and financial information

YES

C. Protected classification characteristics under state or federal law
Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data

YES

D. Commercial information
Transaction information, purchase history, financial details, and payment information

YES

E. Biometric information
Fingerprints and voiceprints

NO

F. Internet or other similar network activity
Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements

YES

G. Geolocation data
Device location

YES

H. Audio, electronic, sensory, or similar information
Images and audio, video or call recordings created in connection with our business activities

NO

I. Professional or employment-related information
Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us

NO

J. Education Information
Student records and directory information

NO

K. Inferences drawn from collected personal information
Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

NO

L. Sensitive personal InformationAccount login information

YES


We only collect sensitive personal information, as defined by applicable privacy laws or the purposes allowed by law or with your consent. Sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. You may have the right to limit the use or disclosure of your sensitive personal information. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
  • Receiving help through our customer support channels;
  • Participation in customer surveys or contests; and
  • Facilitation in the delivery of our Services and to respond to your inquiries.
We will use and retain the collected personal information as needed to provide the Services or for:
  • Category A - As long as the user has an account with us
  • Category C - As long as the user has an account with us
  • Category D - As long as the user has an account with us
  • Category F - As long as the user has an account with us
  • Category G - As long as the user has an account with us
  • Category L - As long as the user has an account with us
Sources of Personal Information

Learn more about the sources of personal information we collect in "WHAT INFORMATION DO WE COLLECT?"

How We Use and Share Personal Information

Learn about how we use your personal information in the section, "HOW DO WE PROCESS YOUR INFORMATION?"

We collect and share your personal information through:
  • Targeting cookies/Marketing cookies
  • Social media cookies
  • Beacons/Pixels/Tags
  • Click redirects: Amazon affiliate link.
Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section, "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.

We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:

  • Category L. Sensitive personal information
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

We have sold or shared the following categories of personal information to third parties in the preceding twelve (12) months:

The categories of third parties to whom we sold personal information are:

The categories of third parties to whom we shared personal information with are:
  • Ad Networks
  • Affiliate Marketing Programs
  • Social Networks
  • User Account Registration & Authentication Services

Your Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:
  • Right to know whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request the deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to non-discrimination for exercising your rights
  • Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")
Depending upon the state where you live, you may also have the following rights:
  • Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including California's and Delaware's privacy law)
  • Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including Oregon’s privacy law)
  • Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including California’s privacy law)
  • Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including Florida’s privacy law)
How to Exercise Your Rights

To exercise these rights, you can contact us by submitting a data subject access request, by emailing us at [email protected], or by referring to the contact details at the bottom of this document.

You can opt out from the selling of your personal information, targeted advertising, or profiling by disabling cookies in Cookie Preference Settings.

We will honor your opt-out preferences if you enact the Global Privacy Control (GPC) opt-out signal on your browser.

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Request Verification

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at [email protected]. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

California "Shine The Light" Law

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?"

14. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this privacy notice. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:

Exceptional Eye Photos
__________
__________, PA 16859
United States

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.

Partner Policies

WordPress (Website Management)

Who we are

Our website address is: https://exceptionaleyephotos.com.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

MailPoet (Emails and Marketing)

MailPoet newsletter & emails

If you have subscribed to our newsletter or if you are a member of our website (you can log in) or if you have purchased on our website, there is a good chance you will receive emails from us.

We will only send you emails which you have signed up to receive, or which pertain to the services we provided to you.

To send you emails, we use the name and email address you provide us. Our site also logs the IP address you used when you signed up for the service to prevent abuse of the system.

This website can send emails through the MailPoet Sending Service. This service allows us to track opens and clicks on our emails. We use this information to improve the content of our newsletters.

No identifiable information is otherwise tracked outside this website except for the email address.

Below is a list of cookies that may be generated by MailPoet (note that some cookies are only utilized when WooCommerce is installed and activated):

Cookie name: mailpoet_page_view
Cookie expiry: 3,650 days.
Cookie description: The purpose of this cookie is to track the last time a subscriber viewed any page on the site.

Cookie name: mailpoet_revenue_tracking
Cookie expiry: 14 days.
Cookie description: The purpose of this cookie is to track which newsletter sent from your website has acquired a click-through and a subsequent purchase in your WooCommerce store.

Cookie name: mailpoet_subscriber
Cookie expiry: 3,650 days.
Cookie description: The purpose of this cookie is to track subscriber engagement. It is used when the user logs in, signs up in a form, confirms subscription to a newsletter, or places an order through WooCommerce.
Note: User must be opted-in and a confirmed subscriber.

Cookie name: popup_form_dismissed_{$formId}
Cookie expiry: the expiration date varies and can be set per form.
Cookie description: This cookie is used to track if a user has previously dismissed a specific form, preventing the re-display of the form until the cookie’s expiration date. It is applicable for popup, slide-in, or fixed bar forms.

Woocommerce (Shop Platform)

We collect information about you during the checkout process on our store.

What we collect and store

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for XXX years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

What we share with others

We share information with third parties who help us provide our orders and store services to you; for example —

Payments

We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.

WP Mail Logging (Email)

When you use this site several actions (e.g. commenting) trigger the dispatch of emails. They contain information about you associated with your email address. Which data are part of these emails depends on the action performed. These emails are stored and accessible to the site management as log.

This website uses the Privacy Suite for WordPress by Complianz to collect and record Browser and Device-based Consent. For this functionality, your IP address is anonymized and stored in our database. This service does not process any personally identifiable information and does not share any data with the service provider. For more information, see the Complianz Privacy Statement.

Stripe (Payment Processor)


Welcome

https://stripe.com/gb/privacy

We provide financial infrastructure for the internet. Individuals and businesses of all sizes use our technology and services to facilitate purchases, accept payments, send payouts, and manage online businesses.

This Privacy Policy (“Policy”) describes the Personal Data we collect, how we use and share it, along with details on how you can reach out to us with privacy-related inquiries. Additionally, the Policy outlines your rights as a data subject and choices you have, including the right to object to certain usages of your Personal Data by us. For further information about our privacy practices, including our Supplemental U.S. Notice, please refer to our Privacy Center.

In this Policy, “Stripe”, “we”, “our,” or “us” refers to the Stripe entity responsible for the collection, use, and handling of Personal Data as described in this document. Depending on your jurisdiction, the specific Stripe entity accountable for your Personal Data might vary. Learn More.

“Personal Data” refers to any information associated with an identified or identifiable individual, which can include data that you provide to us, and we collect about you during your interaction with our Services (such as device information, IP address, etc.).

“Services” refer to the products and services provided by Stripe under the Stripe Services Agreement and the Stripe Consumer Terms of Service. This may include devices and applications provided by Stripe. Our “Business Services” are services that we provide to entities (“Business Users”) that directly and indirectly provide us with “End Customer” Personal Data in connection with their own business operations and activities. Our “End User Services” are those that Stripe provides directly to individuals for their personal use. “Sites” refer to Stripe.com, Link.com, and other Stripe websites, apps, and online services. Collectively, we refer to Sites, Business Services, and End User Services as “Services.”

“Financial Partners” are financial institutions, banks, and other partners such as payment method acquirers, payout providers, and card networks that we partner with to provide the Services.

Depending on the context, “you” might be an End Customer, End User, Representative, or Visitor:

  • When you use an End User Service for personal use, such as signing up for Link, we refer to you as an “End User.”
  • When you do business with, or otherwise engage in a transaction with a Business User, such as buying a pair of shoes from a Business User using Stripe Checkout for payment processing, but are not directly transacting with Stripe, we refer to you as an “End Customer.”
  • When you are acting on behalf of an existing or potential Business User—perhaps as a company founder, account administrator for a Business User, or a recipient of an employee credit card from a Business User via Stripe Issuing—we categorize you as a “Representative.”
  • When you interact with Stripe by visiting a Site without being logged into a Stripe account, or when your interaction with Stripe does not involve you being an End User, End Customer, or Representative, you are considered a “Visitor.” For example, you are a Visitor when you send a message to Stripe asking for more information about our Services.

In this Policy, “Transaction Data” refers to data collected and used by Stripe to facilitate transactions you request. Some Transaction Data is Personal Data and may include: your name, email address, contact number, billing and shipping address, payment method information (like credit or debit card number, bank account details, or payment card image chosen by you), merchant and location details, amount and date of purchase, and in some instances, information about what was purchased.

Depending on the activity, Stripe assumes the role of a “data controller” and/or “data processor” (or “service provider”) based on the activity. For more details about our role, the specific Stripe entity responsible under this Policy, and our legal bases for processing your Personal Data, please visit our Privacy Center.

1. Personal Data that we collect and how we use and share it

2. More ways we collect, use and share Personal Data

3. Legal bases for processing data

4. Your rights and choices

5. Security and retention

6. International data transfers

7. Updates and notifications

8. Jurisdiction-specific provisions

9. Contact us

10. US Consumer Privacy Notice

1. Personal Data we collect and how we use and share it

Our collection and use of Personal Data differs based on whether you are an End User, End Customer, Representative, or Visitor, and the specific Service being utilized. For example, if you’re a sole proprietor who wants to use our Business Services, we may collect your Personal Data to onboard your business; at the same time, you might also be an End Customer if you’ve bought goods from another Business User utilizing our Services for payment processing. You could be an End User if you used our End User Service, such as Link, for those transactions.

1.1 End Users

We provide End User Services when we provide the Services directly to you for your personal use (e.g., Link). Additional details regarding our collection, usage, and sharing of End User Personal Data, including the legal bases we rely on for processing such data, can be found in our Privacy Center.

a. Personal Data we collect about End Users

Using Link or Connecting your bank account. Stripe offers a service called “Link,” which allows you to store your payment methods with Stripe to conveniently use them across our Business Users. When you sign up for Link, you agree to store your Personal Data (such as name, contact information, payment method details) with Stripe. This will allow for a more streamlined purchasing experience when using Link in the future. If you choose to pay with Link, we will also collect Transaction Data associated with your transactions. Learn More.

Should you decide to share your bank account information (including to make payments using your bank account via Link) with us, Stripe will periodically collect and process your account information (such as bank account owner information, account balances, account number and details, account transactions, and, in some cases, log-in credentials). You can ask us to cease the collection of such data at any time. Learn More.

You may also choose to store your identity documents (such as your driver’s license) using Link and share the saved document with other Business Users in the future.

Paying Stripe. When you purchase goods or services directly from Stripe, we receive your Transaction Data. For instance, when you make a payment to Stripe Climate, we collect information about the transaction, as well as your contact and payment method details.

Identity/Verification Services. We offer an identity verification service that automates the comparison of your identity document (such as a driver’s license) with your image (such as a selfie). You can separately consent to us using your biometric data to enhance our verification technology, with the option to revoke your consent at any time. Learn More.

More. For further information about other types of Personal Data that we may collect about End Users, including about your online activity and your engagement with our End User Services, please see the More ways we collect, use, and share Personal Data section below.

b. How we use and share Personal Data of End Users

Services. We use and share your Personal Data to provide the End User Services to you, which includes support, personalization (such as language preferences and setting choices), and communication about our End User Services (such as communicating Policy updates and information about our Services). For example, Stripe may use cookies and similar technologies or the data you provide to our Business Users (such as when you input your email address on a Business User’s website) to recognize you and help you use Link when visiting our Business User’s website. Learn more about how we use cookies and similar technologies in Stripe’s Cookie Policy.

Our Business Users. When you use Link to make payments, we share your Transaction Data with the Business Users you choose to do business with. Learn More. Furthermore, when you opt to connect your bank account with Stripe, you can also direct Stripe to share your account information with Business Users you do business with. Please note that these Business Users have their own privacy policies, which should describe how they use the information shared with them.

Transactions. When you use Link to make payments, we use your Personal Data (such as name, contact information, payment method details) saved with us to complete transactions with Stripe Business Users. We provide such data to Business Users and others you do business with and process it as a Data Processor for those Business Users, as detailed in Section 1.2 of this Policy.

Fraud Detection and Loss Prevention. We use your Personal Data collected across our Services (such as Stripe Radar) to detect fraud and prevent financial losses for you, us, and our Business Users and Financial Partners, including detecting unauthorized purchases. We may provide Business Users and Financial Partners that utilize our fraud prevention-related Business Services with Personal Data about you (including your attempted transactions) so that they can assess the fraud or loss risk associated with the transaction. Learn more about how we may use technology to assess the fraud risk associated with an attempted transaction and what information we share with Business Users and Financial Partners here and here.

Advertising. We may use your Personal Data to assess your eligibility for, and offer you, other End User Services or promote existing End User Services. Where allowed by law (including with your opt-in consent where required), we use and share End User Personal Data with others so that we may market our End User Services to you, including through interest-based advertising. We do not transfer your Personal Data to third parties in exchange for payment, but we may provide your data to third party partners, such as advertising partners, analytics providers, and social networks, who assist us in advertising our Services to you. Learn more.

More. For further information about additional ways by which we may use and share End Users’ Personal Data, please see the More ways we collect, use, and share Personal Data section below.

1.2 End Customers

Stripe provides various Business Services to our Business Users, which include in-person or online checkout payment processing or processing payouts for those Business Users. When acting as a service provider—also referred to as a data processor—for a Business User, we process End Customer Personal Data in accordance with our agreement with the Business User and the Business User’s lawful instructions. This happens, for example, when we process a payment for a Business User because you purchased a product from them, or when the Business User asks us to send you funds.

Business Users are responsible for ensuring that the privacy rights of their End Customers are respected, including obtaining appropriate consents and making disclosures about their own data collection and use associated with their products and services. If you’re an End Customer, please refer to the privacy policy of the Business User you’re doing business with for its privacy practices, choices, and controls.

We provide more comprehensive information about our collection, use, and sharing of End Customer Personal Data in our Privacy Center, including the legal bases we rely on for processing your Personal Data.

a. Personal Data we collect about End Customers

Transaction Data. If you’re an End Customer making payments to, receiving refunds from, initiating a purchase or donation, or otherwise transacting with our Business User, whether in-person or online, we receive your Transaction Data. We may also receive your transaction history with the Business User. Learn More. Additionally, we may collect information entered into a checkout form even if you opt not to complete the form or transact with the Business User. Learn More. A Business User who utilizes Stripe’s Terminal Service to provide its goods or services to End Customers may use the Terminal Service to collect End Customer Personal Data (like your name, email, phone number, address, signature, or age) in accordance with its own privacy policy.

Identity/Verification Information. Stripe provides a verification and fraud prevention Service that our Business Users can use to verify Personal Data about you, such as your authorization to use a particular payment method. During the process, you’d be asked to share with us certain Personal Data (like your government ID and selfie for biometric verification, Personal Data you input, or Personal Data that is apparent from the physical payment method like a credit card image). To protect against fraud and determine if somebody is trying to impersonate you, we may cross-verify this data with information about you that we’ve collected from Business Users, Financial Partners, business affiliates, identity verification services, publicly available sources, and other third party service providers and sources. Learn More.

More. For further information about other types of Personal Data that we may collect about End Customers, including about your online activity, please see the More ways we collect, use, and share Personal Data section below.

b. How we use and share Personal Data of End Customers

To provide our Business Services to our Business Users, we use and share End Customers’ Personal Data with them. Where allowed, we also use End Customers’ Personal Data for Stripe’s own purposes such as enhancing security, improving and offering our Business Services, and preventing fraud, loss, and other damages, as described further below.

Payment processing and accounting. We use your Transaction Data to deliver Payment-related Business Services to Business Users, including online payment transactions processing, sales tax calculation, invoice and bill handling, and helping them determine their revenue, settle their bills, and execute accounting tasks. Learn More. We may also use your Personal Data to provide and improve our Business Services.

During payment transactions, your Personal Data is shared with various entities in connection to your transaction. As a service provider or data processor, we share Personal Data to enable transactions as directed by Business Users. For instance, when you choose a payment method for your transaction, be it a credit card, debit card, Buy Now Pay Later, or direct debit, your payment method provider may receive your Transaction Data from transactions facilitated by Stripe. The Business User you choose to do business with also receives Transaction Data and might share the data with others. Please review their privacy policies for more information about how they use and share your Personal Data.

Financial services. Certain Business Users leverage our Services to offer financial services to you via Stripe or our Financial Partners. For example, a Business User may issue a card product with which you can purchase goods and services. Such cards could carry the brand of Stripe, the bank partner, and/or the Business User. In addition to any Transaction Data we may generate or receive when these cards are used for purchases, we also collect and utilize your Personal Data to provide and manage these products, including assisting our Business Users in preventing misuse of the cards. Please review the privacy policies of the Business User and, if applicable, our bank partners associated with the financial service (the brands of which may be shown on the card) for more information.

Identity/Verification services. We utilize Personal Data about your identity, including information provided by you and our service providers, to perform verification services for Stripe or for the Business Users that you are transacting with, to prevent fraud and enhance security. If you provide a selfie along with an image of your identity document, we may employ biometric technology to compare and calculate whether they match and verify your identity. Learn More.

Fraud detection and loss prevention. We use your Personal Data collected across our Services to detect and prevent losses for you, us, our Business Users, and Financial Partners. We may provide Business Users and Financial Partners using our fraud prevention-related Business Services with your Personal Data (including your attempted transactions) to help them assess the fraud or loss risk associated with the transaction. Learn more about how we may use technology to assess the fraud risk associated with an attempted transaction and what information we share with Business Users and Financial Partners here and here.

Our Business Users (and their authorized third parties). We share End Customers’ Personal Data with their respective Business Users and parties directly authorized by those Business Users to receive such data. Here are common examples of such sharing:

  • When a Business User instructs Stripe to provide another Business User with access to its Stripe account, including data related to its End Customers, via Stripe Connect.
  • Sharing information that you have provided to us with a Business User so that we can send payments to you on behalf of that Business User.
  • Sharing information, documents, or images provided by an End Customer with a Business User when the latter uses Stripe Identity, our identity verification Service, to verify the identity of the End Customer. 

The Business Users you choose to do business with may further share your Personal Data with third parties (like additional third party service providers other than Stripe). Please review the Business User’s privacy policy for more information.

Advertising by Business Users. If you initiate a purchasing process with a Business User, the Business User receives your Personal Data from us in connection with our provision of Services even if you don’t finish your purchase. The Business User may use your Personal Data to market and advertise their products or services, subject to the terms of their privacy policy. Please review the Business User’s privacy policy for more information, including your rights to stop their usage of your Personal Data for marketing purposes.

More. For further information about additional ways by which we may use and share  End Customers’ Personal Data, please see the More ways we collect, use, and share Personal Data section below.

1.3 Representatives

We collect, use, and share Personal Data from Representatives of Business Users (for example, business owners) to provide our Business Services. For more information about how we collect, use, and share Personal Data from Representatives, as well as the legal bases we rely on for processing such Personal Data, please visit our Privacy Center.

a. Personal Data we collect about Representatives 

Registration and contact information. When you register for a Stripe account for a Business User (including incorporation of a Business), we collect your name and login credentials. If you register for or attend an event organized by Stripe or sign up to receive Stripe communications, we collect your registration and profile data. As a Representative, we may collect your Personal Data from third parties, including data providers, to advertise, market, and communicate with you as detailed further in the More ways we collect, use, and share Personal Data section below. We may also link a location with you to tailor the Services or information effectively to your needs. Learn More.

Identification Information. As a current or potential Business User, an owner of a Business User, or a shareholder, officer, or director of a Business User, we need your contact details, such as name, postal address, telephone number, and email address, to fulfill our Financial Partner and regulatory requirements, verify your identity, and prevent fraudulent activities and harm to the Stripe platform. We collect your Personal Data, such as ownership interest in the Business User, date of birth, government-issued identity documents, and associated identifiers, as well as any history of fraud or misuse, directly from you and/or from third parties such as credit bureaus and via the Services we provide. Learn More. You may also choose to provide us with bank account information.

More. For further information about other types of Personal Data that we may collect about Representatives, including your online activity, please see the More ways we collect, use, and share Personal Data section below.

b. How we use and share Personal Data of Representatives 

We typically use the Personal Data of Representatives to provide the Business Services to the corresponding Business Users. The ways we use and share this data are further described below.

Business Services. We use and share Representatives’ Personal Data with Business Users to provide the Services requested by you or the Business User you represent.

In some instances, we may have to submit your Personal Data to a government entity to provide our Business Services, for purposes such as the incorporation of a business, or calculating and paying applicable sales tax. For our tax-related Business Services, we may use your Personal Data to file taxes on behalf of the Business User you represent. For our Atlas business incorporation Services, we may use your Personal Data to submit forms to the IRS on your behalf and file documents with other government authorities, such as articles of incorporation in your state of incorporation.

We share Representatives’ Personal Data with parties specifically authorized by the corresponding Business User, such as Financial Partners servicing a financial product, or third party apps or services the Business User chooses to use alongside our Business Services. Here are common examples of such sharing:

  • Payment method providers, like Visa or WeChat Pay, require information about Business Users and their Representatives who accept their payment methods. This information is typically required during the onboarding process or for processing transactions for these Business Users. Learn More.
  • A Business User may authorize Stripe to share your Personal Data with other Business Users to facilitate the provision of Services through Stripe Connect.
  • The use of Personal Data by a third party authorized by a Business User is subject to the third party’s privacy policy.

If you are a Business User who has chosen a name that includes Personal Data (for example, a sole proprietorship or family name in a company name), we will use and share such information for the provision of our Services in the same way we do with any company name. This may include, for example, displaying it on receipts and other transaction-identifying descriptions.

Fraud detection and loss prevention. We use Representatives’ Personal Data to identify and manage risks that our Business Services might be used for fraudulent activities causing losses to Stripe, End Users, End Customers, Business Users, Financial Partners, and others. We also use information about you obtained from third parties like credit bureaus and from our Services to address such risks, including to identify patterns of misuse and monitor for terms of service violations. Stripe may share Representatives’ Personal Data with Business Users, our Financial Partners, and third party service providers to verify the information provided by you and identify risk indicators. Learn More. We also use and share Representatives’ Personal Data to conduct due diligence, including conducting anti-money laundering and sanctions screening in accordance with applicable law.

Advertising. Where allowed by applicable law, we use and share Representatives’ Personal Data with third parties so we can advertise and market our Services. Subject to applicable law, including any consent requirements, we may advertise through interest-based advertising and track the efficacy of such ads. See our Cookie Policy. We do not transfer your Personal Data to third parties in exchange for payment. However, we may provide your data to third party partners, like advertising partners, analytics providers, and social networks, who assist us in advertising our Services. Learn more. We may also use your Personal Data, including your Stripe account activity, to evaluate your eligibility for and offer you Business Services or promote existing Business Services. Learn more.

More. For further information about additional ways by which we may use and share Representatives’ Personal Data, please see the More ways we collect, use, and share Personal Data section below.

1.4 Visitors

We collect, use, and share the Personal Data of Visitors. More details about how we collect, use, and share Visitors’ Personal Data, along with the legal bases we rely on for processing such Personal Data, can be found in our Privacy Center.

a. Personal Data we collect about Visitors

When you browse our Sites, we receive your Personal Data, either provided directly by you or collected through our use of cookies and similar technologies. See our Cookie Policy for more information. If you opt to complete a form on the Site or third party websites where our advertisements are displayed (like LinkedIn or Facebook), we collect the information you included in the form. This may include your contact information and other information pertaining to your questions about our Services. We may also associate a location with your visit. Learn More.

More. Further details about other types of Personal Data that we may collect from Visitors, including your online activity, can be found in the More ways we collect, use, and share Personal Data section below.

b. How we use and share Personal Data of Visitors

Personalization. We use the data we collect from cookies and similar technologies about you to measure user engagement with the content on the Sites, improve relevancy and navigation, customize your user experience (such as language preference and region-specific content), and curate content about Stripe and our Services that’s tailored to you. For instance, as not all of our Services are available globally, we may customize our responses based on your region.

Advertising. Where allowed by applicable law, we use and share Visitors’ Personal Data with third parties so we can advertise and market our Services. Subject to applicable law, including any consent requirements, we may advertise through interest-based advertising and track the efficacy of such ads. See our Cookie Policy. We do not transfer your Personal Data to third parties in exchange for payment. However, we may provide your data to third party partners, like advertising partners, analytics providers, and social networks, who assist us in advertising our Services. Learn more.

Engagement. As you interact with our Sites, we use the information we collect about and through your devices to provide opportunities for further interactions, such as discussions about Services or interactions with chatbots, to address your questions.

More. For further information about additional ways by which we may use and share Visitors’ Personal Data, please see the More ways we collect, use, and share Personal Data section below.

2. More ways we collect, use, and share Personal Data

In addition to the ways described above, we also process your Personal Data as follows:

a. Collection of Personal Data

Online Activity. Depending on the Service used and how our Business Services are implemented by the Business Users, we may collect information related to:

  • The devices and browsers you use across our Sites and third party websites, apps, and other online services (“Third Party Sites”).
  • Usage data associated with those devices and browsers and your engagement with our Services, including data elements like IP address, plug-ins, language preference, time spent on Sites and Third Party Sites, pages visited, links clicked, payment methods used, and the pages that led you to our Sites and Third Party Sites. We also collect activity indicators, such as mouse activity indicators, to help us detect fraud. Learn More. See also our Cookie Policy.

Communication and Engagement Information. We also collect information you choose to share with us through various channels, such as support tickets, emails, or social media. If you respond to emails or surveys from Stripe, we collect your email address, name, and any other data you opt to include in your email or responses. If you engage with us over the phone, we collect your phone number and any other information you might provide during the call. Additionally, we collect your engagement data, like your registration for, attendance at, or viewing of Stripe events and any other interactions with Stripe personnel.

Forums and Discussion Groups. If our Sites allow posting of content, we collect Personal Data that you provide in connection with the post.

b. Use of Personal Data. 

Besides the use of Personal Data described above, we use Personal Data in the ways listed below:

Improving and Developing our Services. We use analytics on our Sites to help us understand your use of our Sites and Services and diagnose technical issues. Please review our Cookie Policy to learn more about how you can control our use of cookies and third party analytics. We also collect and process Personal Data throughout our various Services, whether you are an End User, End Customer, Representative, or Visitor, to improve our Services, develop new Services, and support our efforts to make our Services more relevant and useful to you. Learn More.

Communications. We use the contact information we have about you to deliver our Services, which may involve sending codes via SMS for your authentication. Learn More. If you are an End User, Representative, or Visitor, we may communicate with you using the contact information we have about you to provide information about our Services and our affiliates’ services, invite you to participate in our events, surveys, or user research, or otherwise communicate with you for marketing purposes, in compliance with applicable law, including any consent or opt-out requirements. For example, when you provide your contact information to us or when we collect your business contact details through participation at trade shows or other events, we may use this data to follow up with you regarding an event, provide information requested about our Services, and include you in our marketing information campaigns. Where permitted under applicable law, we may record our calls with you to provide our Services, comply with our legal obligations, perform research and quality assurance, as well as for training purposes.

Social Media and Promotions. If you opt to submit Personal Data to engage in an offer, program, or promotion, we use the Personal Data you provide to manage the offer, program, or promotion. We also use the Personal Data you provide, along with the Personal Data you make available on social media platforms, for marketing purposes, unless we are not permitted to do so.

Fraud Prevention and Security. We collect and use Personal Data to help us identify and manage activities that could be fraudulent or harmful across our Services, enable our fraud detection Business Services, and secure our Services and transactions against unauthorized access, use, alteration or misappropriation of Personal Data, information, and funds. As part of the fraud prevention, detection, security monitoring, and compliance efforts for Stripe and its Business Users, we collect information from third parties (such as credit bureaus) and via the Services we offer. In some instances, we may also collect information about you directly from you, or from our Business Users, Financial Partners, and other third parties for the same purposes. Furthermore, to protect our Services, we may receive details such as IP addresses and other identifying data about potential security threats from third parties. Learn More. Such information helps us verify identities, conduct credit checks where lawfully permitted, and prevent fraud. Additionally, we might use technology to evaluate the potential risk of fraud associated with individuals seeking to procure our Business Services or arising from attempted transactions by an End Customer or End User with our Business Users or Financial Partners.

Compliance with Legal Obligations. We use Personal Data to meet our contractual and legal obligations related to anti-money laundering, Know-Your-Customer (“KYC”) laws, anti-terrorism activities, safeguarding vulnerable customers, export control, and prohibition of doing business with restricted persons or in certain business fields, among other legal obligations. For example, we may monitor transaction patterns and other online signals and use those insights to identify fraud, money laundering, and other harmful activity that could affect Stripe, our Financial Partners, End Users, our Business Users and others. Learn More. Ensuring safety, security, and compliance for our Services is a key priority for us, and collecting and utilizing Personal Data is crucial to this effort.

Minors. Our Services are not directed to children under the age of 13, and we request that they do not provide Personal Data to seek Services directly from Stripe. In certain countries, we may impose higher age limits as required by applicable law.

c. Sharing of Personal Data. 

Besides the sharing of Personal Data described above, we share Personal Data in the ways listed below:

Stripe Affiliates. We share Personal Data with other Stripe-affiliated entities for purposes identified in this Policy.

Service Providers or Processors. In order to provide, communicate, market, and advertise our Services, we depend on service providers. These providers offer critical services spanning from providing cloud infrastructure, conducting analytics for the assessment of speed, accuracy, and/or security of our Services, verifying identities, to providing customer service and audit functions. We authorize these service providers to use or disclose the Personal Data we make available to them to perform services on our behalf and comply with relevant legal obligations. We mandate these service providers to contractually commit to ensuring the security and confidentiality of the Personal Data they process on our behalf. The majority of our service providers are based in the European Union, the United States of America, and India. Learn More.

Financial Partners. We share Personal Data with certain Financial Partners to provide Services to Business Users seeking such Services as well as offer certain Services in conjunction with these Financial Partners. For instance, we share certain Personal Data about Representatives, such as loan repayment data and contact information, with institutional investors who purchase or provide credit that’s secured through the Capital loans we’ve extended to the Business Users they are associated with.

Others with Consent. In some situations, we may not offer a service, but instead refer you to others (like professional service firms that we partner with to deliver the Atlas Service). In these instances, we will disclose the identity of the third party and the information to be shared with them, and seek your consent to share the information.

Corporate Transactions. If we enter or intend to enter a transaction that modifies the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or part of our business, assets, or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity that buys us or part of our business will have the right to continue to use your Personal Data, but subject to the terms of this Policy.

Compliance and Harm Prevention. We share Personal Data when we believe it is necessary to comply with applicable law; to abide by rules imposed by Financial Partners in connection with the use of their payment method; enforce our contractual rights; secure and protect the Services, rights, privacy, safety, and property of Stripe, you, and others, including against malicious or fraudulent activity; and to respond to valid legal requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

For purposes of the General Data Protection Regulation and other applicable data protection laws, we rely on a number of legal bases to process your Personal Data. Learn More. For some jurisdictions, there may be additional legal bases, which are outlined in the Jurisdiction-Specific Provisions section below.

a. Contractual and Pre-Contractual Business Relationships. We process Personal Data to enter into business relationships with prospective Business Users and End Users and fulfill our respective contractual obligations with them. These processing activities include:

  • Creation and management of Stripe accounts and Stripe account credentials, including the assessment of applications to initiate or expand the use of our Services;
  • Creation and management of Stripe Checkout accounts;
  • Accounting, auditing, and billing activities; and

Processing of payments and related activities, which include fraud detection, loss prevention, transaction optimization, communications about such payments, and related customer service activities.

b. Legal Compliance. We process Personal Data to verify the identities of individuals and entities to comply with obligations related to fraud monitoring, prevention, and detection, laws associated with identifying and reporting illicit and illegal activities, such as those under the Anti-Money Laundering (“AML”) and Know-Your-Customer (“KYC”) regulations, and financial reporting obligations. For example, we may be required to record and verify a Business User’s identity to comply with regulations designed to prevent money laundering, fraud, and financial crimes. These legal obligations may require us to report our compliance to third parties and subject ourselves to third party verification audits.

c. Legitimate Interests. Where allowed under applicable law, we rely on our legitimate business interests to process your Personal Data. The following list provides an example of the business purposes for which we have a legitimate interest in processing your data:

  • Detection, monitoring, and prevention of fraud and unauthorized payment transactions;
  • Mitigation of financial loss, claims, liabilities or other harm to End Customers, End Users, Business Users, Financial Partners, and Stripe;
  • Determination of eligibility for and offering new Stripe Services (Learn More);
  • Response to inquiries, delivery of Service notices, and provision of customer support;
  • Promotion, analysis, modification, and improvement of our Services, systems, and tools, as well as the development of new products and services, including enhancing the reliability of the Services;
  • Management, operation, and improvement of the performance of our Sites and Services, through understanding their effectiveness and optimizing our digital assets;
  • Analysis and advertisement of our Services, and related improvements;
  • Aggregate analysis and development of business intelligence that enable us to operate, protect, make informed decisions about, and report on the performance of our business;
  • Sharing of Personal Data with third party service providers that offer services on our behalf and business partners that help us in operating and improving our business (Learn More);
  • Enabling network and information security throughout Stripe and our Services; and
  • Sharing of Personal Data among our affiliates.

d. Consent. We may rely on consent or explicit consent to collect and process Personal Data regarding our interactions with you and the provision of our Services such as Link, Financial Connections, Atlas, and Identity. When we process your Personal Data based on your consent, you have the right to withdraw your consent at any time, and such a withdrawal will not impact the legality of processing performed based on the consent prior to its withdrawal.

e. Substantial Public Interest. We may process special categories of Personal Data, as defined by the GDPR, when such processing is necessary for reasons of substantial public interest and consistent with applicable law, such as when we conduct politically-exposed person checks. We may also process Personal Data related to criminal convictions and offenses when such processing is authorized by applicable law, such as when we conduct sanctions screening to comply with AML and KYC obligations.

4. Your rights and choices

Depending on your location and subject to applicable law, you may have choices regarding our collection, use, and disclosure of your Personal Data:

a. Opting out of receiving electronic communications from us

If you wish to stop receiving marketing-related emails from us, you can opt-out by clicking the unsubscribe link included in such emails or as described here. We’ll try to process your request(s) as quickly as reasonably practicable. However, it’s important to note that even if you opt out of receiving marketing-related emails from us, we retain the right to communicate with you about the Services you receive (like support and important legal notices) and our Business Users might still send you messages or instruct us to send you messages on their behalf.

b. Your data protection rights

Depending on your location and subject to applicable law, you may have the following rights regarding the Personal Data we control about you:

  • The right to request confirmation of whether Stripe is processing Personal Data associated with you, and if so, request access to that Personal Data (Learn More);
  • The right to request that Stripe rectify or update your Personal Data if it’s inaccurate, incomplete, or outdated;
  • The right to request that Stripe erase your Personal Data in certain circumstances as provided by law (Learn More);
  • The right to request that Stripe restrict the use of your Personal Data in certain circumstances, such as while Stripe is considering another request you’ve submitted (for instance, a request that Stripe update your Personal Data);
  • The right to request that we export the Personal Data we hold about you to another company, provided it’s technically feasible;
  • The right to withdraw your consent if your Personal Data is being processed based on your previous consent;
  • The right to object to the processing of your Personal Data if we are processing your data based on our legitimate interests; unless there are compelling legitimate grounds or the processing is necessary for legal reasons, we will cease processing your Personal Data upon receiving your objection (Learn More); 
  • The right not to be discriminated against for exercising these rights; and 
  • The right to appeal any decision by Stripe relating to these rights by contacting Stripe’s Data Protection Officer (“DPO”) at [email protected].

You may have additional rights, depending on applicable law, over your Personal Data. For example, see the Jurisdiction-specific provisions section under United States below.

c. Process for exercising your data protection rights 

To exercise your data protection rights, visit our Privacy Center or contact us as outlined below.

5. Security and Retention

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organizational, technical, and administrative measures designed to protect the Personal Data covered by this Policy from unauthorized access, destruction, loss, alteration, or misuse. Learn More. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.  

We encourage you to assist us in protecting your Personal Data. If you hold a Stripe account, you can do so by using a strong password, safeguarding your password against unauthorized use, and avoiding using identical login credentials you use for other services or accounts for your Stripe account. If you suspect that your interaction with us is no longer secure (for instance, you believe that your Stripe account’s security has been compromised), please contact us immediately.

We retain your Personal Data for as long as we continue to provide the Services to you or our Business Users, or for a period in which we reasonably foresee continuing to provide the Services. Even after we stop providing Services directly to you or to a Business User that you’re doing business with, and even after you close your Stripe account or complete a transaction with a Business User, we may continue to retain your Personal Data to:

  • Comply with our legal and regulatory obligations;
  • Enable fraud monitoring, detection, and prevention activities; and
  • Comply with our tax, accounting, and financial reporting obligations, including when such retention is required by our contractual agreements with our Financial Partners (and where data retention is mandated by the payment methods you’ve used).

In cases where we keep your Personal Data, we do so in accordance with any limitation periods and record retention obligations imposed by applicable law. Learn More.

6. International Data Transfers

As a global business, it’s sometimes necessary for us to transfer your Personal Data to countries other than your own, including the United States. These countries might have data protection regulations that are different from those in your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. In certain situations, we may be required to disclose Personal Data in response to lawful requests from officials, such as law enforcement or security authorities. Learn More.

If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, please refer to our Privacy Center for additional details. When a data transfer mechanism is mandated by applicable law, we employ one or more of the following:

  • Transfers to certain countries or recipients that are recognized as having an adequate level of protection for Personal Data under applicable law.  
  • EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner’s Office. You can obtain a copy of the relevant Standard Contractual Clauses. Learn More.
  • Other lawful methods available to us under applicable law. 

Stripe, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce and as applicable. Learn More.

7. Updates and notifications

We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective the latter of when we post the revised Policy on the Services or otherwise provide notice of the update as required by law.

We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and, if you are an End User or Representative, by contacting you through your Stripe Dashboard, email address and/or the physical address listed in your Stripe account.

8. Jurisdiction-specific provisions

  • Australia. If you are an Australian resident and dissatisfied with our handling of any complaint you raise under this Policy, you may consider contacting the Office of the Australian Information Commissioner.
  • Brazil. You may exercise your rights by contacting our DPO at [email protected]. Brazilian residents, for whom the Lei Geral de Proteção de Dados Pessoais (“LGPD”) applies, have rights set forth in Article 18 of the LGPD.
  • Canada. As used in this Policy, “applicable law” includes the Federal Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Information Protection Act, SBC 2003 c 63, in British Columbia, the Personal Information Protection Act, SA 2003 c P-6.5, in Alberta, and the Act Respecting the Protection of Personal Information in the Private Sector, CQLR c P-39-1 (Quebec Private Sector Act), in Quebec. Learn more.  “Personal Data” includes “personal information” as defined under those laws.
    • Stripe’s Chief Privacy Officer is the person in charge of personal information, including under the Quebec Private Sector Act.  You may contact them via email at [email protected].  When Stripe collects Personal Data belonging to Canadian (including Quebec) residents, it transfers that data to data centers in the United States.  When Stripe relies on service providers to process Personal Data as described herein, those service providers may also be located outside of Canada or Quebec.
    • You have the right to request access or rectification of the Personal Data Stripe holds related to you or to withdraw any consent given to the processing of such personal data.  You may exercise those rights by contacting Stripe’s Chief Privacy Officer at [email protected].  If you are an End Customer, you should contact the Business User with which you transacted to exercise your rights.
  • EEA and UK. You may exercise your rights by contacting our DPO at [email protected]. If you are a resident of the EEA or if Stripe Payments Europe Limited is identified as your data controller, and you believe our processing of your information contradicts the General Data Protection Regulation (GDPR), you may direct your questions or complaints to the Irish Data Protection Commission. If you are a resident of the UK, direct your questions or concerns to the UK Information Commissioner’s Office. Where Personal Data is used for regulated financial activities in Europe, Stripe Payments Europe Limited and Stripe’s local regulated entities are considered joint controllers. Learn More. You also have additional rights under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Learn More.
  • India. In this Policy, “applicable law” includes the Digital Personal Data Protection Act (DPDPA) once the DPDPA is enacted. Further, the term “data controller” includes “data fiduciaries,” and the term “data subject” includes “data principal,” both as defined in the DPDPA.
    • In some cases, and as permitted under the DPDPA, we may rely on “legitimate use” as a legal basis. For example, we do so when you voluntarily provide your Personal Data to us. “Consent Managers” as defined under the DPDPA may submit a request to revoke or provide consent using the methods described in the Contact Us section below, or as set out in the following paragraph, or via other means made available by Stripe in the future. We may ask for proof of authorization and identity before processing such a request.
    • In certain cases, you may be asked to consent to the collection and processing of your Aadhaar number by Stripe India Private Limited and/or its third party verification partner(s). The purpose of this collection is to facilitate the identification verification process as required under applicable laws. Your provision of Aadhaar details is purely voluntary, and you may provide other identification documents as may be accepted by us from time to time. You will not be denied service merely for not submitting Aadhaar details.
    • If you have any questions or complaints regarding the processing of your Personal Data in India, or if you want to receive this Policy or communicate with us about privacy in one of India’s official languages, please contact our Nodal and Grievance OfficerLearn More. Alternatively, you may contact our DPO at [email protected]. If we are unable to address your complaint or grievance, you have the right to escalate the matter to the Data Protection Board of India.
  • Indonesia. In this Policy, “applicable law” includes Law No. 11 of 2008 as amended by Law No. 19 of 2016 on Electronic Information and Transactions, Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions, and Minister of Communication and Informatics Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems, and from September 2024, Law No. 27 of 2022 concerning Personal Data Protection (PDP Law). If you have any questions or complaints about this Policy, please contact our DPO at [email protected].
  • Japan. In this Policy, “applicable law” includes the Act on the Protection of Personal Information (APPI). When we transfer Personal Data of data subjects in Japan to jurisdictions not recognized as ‘adequate’ by the Personal Information Protection Commission, we enter into written agreements with any third parties located outside of Japan. These written agreements provide rights and obligations equivalent to those provided under the Japanese Act on the Protection of Personal Information. For more information on how we ensure that third parties protect your data and where your data is located, please see above or contact us as described below. For a description of foreign systems and frameworks that may affect the implementation of equivalent measures by the third party, see here. In some cases, and as permitted under the APPI, we may rely on “public interest” as a legal basis, such as fraud detection and loss prevention.
  • Malaysia. If you have any questions or complaints about this Policy, please contact our DPO at [email protected].
  • Singapore. In this Policy, “applicable law” includes the Personal Data Protection Act 2012 (PDPA) (No. 26 of 2012) as amended from time to time. In some cases, and as permitted under the PDPA, we may rely on “deemed consent” as a legal basis. For example, we do so when you voluntarily provide your personal data to us. If you have any questions or complaints about this Policy, please contact our DPO at [email protected].
  • Switzerland. In this Policy, “applicable law” includes the Swiss Federal Act on Data Protection (FADP), as revised. To exercise your rights under the FADP, please contact our DPO at [email protected]. You may also have additional rights under the Swiss-U.S. Data Privacy Framework when it comes into force. Learn More.
  • Thailand. In this Policy, “applicable law” includes the Personal Data Protection Act 2019 (PDPA). If we rely on certain legal bases (such as “legal obligation” or “contractual necessity” and you do not provide us with your Personal Data, we may not be able to lawfully provide you services. If you have any questions or complaints about this Policy, please contact our DPO at [email protected].
  • United States. If you are a consumer located in the United States (“US”), we process your personal information in accordance with US privacy laws, including the California Consumer Privacy Act ( “CCPA”), Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Florida Digital Bill of Rights, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act. For specific details, please see here. Stripe uses cookies, including advertising cookies, as described in our Cookie Policy.
    • Your Rights and Choices. As a US consumer and subject to certain limitations under US privacy laws, you may have choices regarding our use and disclosure of your Personal Data (learn more about data subject rights metrics). In addition to the above rights, other rights include:
      • Exercising the right to know: You have a right to request additional information about the categories of personal information collected, sold, disclosed, or shared; purposes for which this personal information was collected, sold, or shared; categories of sources of personal information; and categories of third parties with whom we disclosed or shared this personal information.
      • Exercising the right to opt-out from a sale or sharing: We do not transfer your personal data to third parties in exchange for payment. However, as noted above, we may provide the data to third party partners, such as advertising partners, analytics providers, and social networks, who assist us in advertising our products and Services to you. Because these third parties may use the data Stripe provides for their own purposes, Stripe’s provision of data to these parties may be considered a data “sale” or “sharing” as those terms are defined under the CCPA and other applicable US privacy laws. You can opt out of targeted advertising and any related data “sales” or “sharing” here.
      • Exercising the right to limit the use or sharing of Sensitive Personal Information: We do not sell or share Sensitive Personal Information as defined by US privacy laws and have not done so in the past 12 months. Learn more about our collection and use of Sensitive Personal Information over the last 12 months here.
    • To submit a request to exercise any of the rights described above, please contact us using the methods described in the Contact Us section below. Please note that rights under some U.S. state laws do not apply to Personal Data we collect, process, and disclose when you act as a consumer to obtain financial products or services from Stripe for individual or household purposes. The federal Gramm-Leach Bliley Act may govern how Stripe shares and protects that data instead. See our US Consumer Privacy Notice below for more information.
    • We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your identity, including name, address, transaction history, photo identification, and other information associated with your account.
    • You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Your agent may submit a request on your behalf by contacting us using the methods described in the Contact Us section below. We may still require you to directly verify your identity and confirm that you gave the authorized agent permission to submit the request.
  • Global Privacy Control signals. Stripe honors the Global Privacy Control (GPC) opt-out preference signals. Learn More.

Stripe, Inc.’s privacy practices, as described in this Privacy Policy, comply with the APEC Cross Border Privacy Rules System (“CBPR”) and Privacy Rules for Processor (“PRP”) systems. These systems provide a framework for organizations to ensure protection of personal data transferred among participating economies. More information about the framework can be found here. If you have unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S. based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. To view the status of our certifications, please click here (CBPR) and here (PRP).

9. Contact us

If you have any questions or complaints about this Policy, please contact us. If you are an End Customer (i.e., an individual doing business or transacting with a Business User), please refer to the privacy policy or notice of the Business User for information regarding the Business User’s privacy practices, choices and controls, or contact the Business User directly.

10. US Consumer Privacy Notice

The following Consumer Privacy Notice applies to you if you are an individual who resides in the United States and obtains financial services from Stripe primarily for your own personal family or household purposes.

Last updated: January 16, 2024

FACTS

WHAT DOES STRIPE DO WITH YOUR PERSONAL INFORMATION?

Why?

Financial companies choose how they share your personal information.  Federal law gives consumers the right to limit some but not all sharing.  Federal law also requires us to tell you how we collect, share, and protect your personal information.  Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

• Social Security Number

• Contact details

• Account balances and transaction history

• Payment, transaction, and purchase information and history

When you are no longer our customer, we continue to share your information as described in this notice.

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Stripe chooses to share; and whether you can limit this sharing.

 

Reasons we can share your personal information

Does Stripe Share?

Can you limit this sharing

For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus

Yes

No

For our marketing purposes – to offer our products and Services to you

Yes

No

For joint marketing with other financial companies

Yes

No

For our affiliates’ everyday business purposes – information about your transactions and experiences

Yes

No

For our affiliates’ everyday business purposes – information about your creditworthiness

No

We don’t share

For our affiliates to market to you

No

We don’t share

For nonaffiliates to market to you if you are a Link user

Yes

Yes

For nonaffiliates to market to you if you are a Financial Connections user

No

We don’t share

 

To limit our sharing

Login to your Link account at app.link.com/settings and toggle off data sharing from the Messaging menu.

Please note: If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice.

However, you can contact us at any time to limit our sharing.

 

Questions?

Contact us at [email protected] or visit us at https://support.link.com

Who we are

Who is providing this notice?

Stripe, Inc., Stripe Payments Company, and their affiliates that provide consumers services in the U.S.

What we do

How does Stripe protect my personal information?

To protect your personal information from unauthorized access, destruction, loss, alteration, or misuse we use security measures to comply with federal law.  These measures include computer safeguards and secured files and buildings.  We impose access controls along with ongoing monitoring to prevent data misuse, and we require our service providers to take similar steps to protect your information.

How does Stripe collect my personal information?

We collect your personal information, for example, when you

• open a Link account;

• ask Stripe to process a payment for goods or services;

• provide bank account information to Stripe using Financial Connections

We also collect your personal information from others, such as affiliates or other companies.

Why can’t I limit all sharing?

Federal law gives you the right to limit only

• sharing for affiliates’ everyday business purposes — information about your creditworthiness

• affiliates from using your information to market to you

• sharing for nonaffiliates to market to you.

State laws and individual companies may give you additional rights to limit sharing. See the Other Important Information section below for more information on your rights under state law.

What happens when I limit sharing for an account I hold jointly with someone else?

Your choices will apply to everyone on your account.

 

Definitions

Affiliates

Companies related by common ownership or control. They can be financial and nonfinancial companies.

• Our affiliates include companies operating under the Stripe name, such as Stripe Payments Europe, Limited and Stripe Payments UK Ltd.

Nonaffiliates

Companies not related by common ownership or control.  They can be financial and nonfinancial companies.

• Nonaffiliates with which we share personal information include service providers that perform services or functions on our behalf, Business Users with which you choose to transact, partners with which we share data to provide you with services, and advertising partners, analytics providers, and social networks, who assist us in advertising our Services to you.

Joint Marketing

A formal agreement between non-affiliated financial companies that together market financial products or services to you.

• Our joint marketing partners include financial companies we partner with to provide you with financial services.

Other important information

Vermont: If your account with us is associated with a Vermont billing address, we will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.  For joint marketing, we will only disclose your name, contact information, and information about your transactions.  Additional information concerning our privacy policies can be found in our Privacy Policy and Privacy Center.

California: If your account with us is associated with a California billing address, we will not disclose Personal Data we collect about you except to the extent permitted under California law.  For instance, we may disclose your Personal Data as necessary to process transactions or provide products and services you request, at your instruction, as required for institution risk control, and to safeguard against fraud, identity theft, and unauthorized transactions.

For additional information about our privacy practices, please visit the Stripe Privacy Center

Google for Woocommerce (Marketing, Advertising)

https://support.google.com/adspolicy/answer/54817

Woocommerce Shipping and Tax

The WooCommerce Shipping & Tax feature gets your WooCommerce store “ready to sell” as quickly as possible by taking care of tax calculation, payment processing, and shipping label printing.

Data used: For payments with PayPal or Stripe: purchase total, currency, billing information. For taxes: the value of goods in the cart, the value of shipping, and destination address. For checkout rates: destination address, purchased product IDs, dimensions, weight, and quantities. For shipping labels: customer’s name, address as well as the dimensions, weight, and quantities of purchased products.

Data synced: For payments, we send the purchase total, currency, and customer billing information to the respective payment processor. For more details, please see the respective third party’s privacy policy (Stripe’s Privacy Policy and PayPal’s Privacy Policy). For automated taxes, we send the value of goods in the cart, the value of shipping, and the destination address to TaxJar. Please see TaxJar’s Privacy Policy for details about how they handle this information. For checkout rates, we send the destination ZIP/postal code and purchased product dimensions, weight and quantities to the carrier directly or via EasyPost, depending on the service used. For shipping labels, we send the customer’s name, address, as well as the dimensions, weight, and quantities of purchased products to EasyPost. We also store the purchased shipping labels on our server to make it easy to reprint them and handle support requests.