Stripe Checkout User Terms of Service — United Kingdom
Last Updated: December 15, 2015. Previous versions and diffs are available here.
1. General
The Stripe Checkout service (“Stripe Checkout”) is technology that makes it easier for merchants on the Internet (“Merchants”) to collect payment from individuals like you. Stripe Checkout also makes it easy for you to store a credit card or debit card (“Payment Credentials”) with Stripe for use across the websites of Merchants who’ve chosen to enable it.
2. Using Stripe Checkout
When you check out on the website of a Merchant that has Stripe Checkout enabled, we will ask you if you’d like us to remember you. When you allow us to remember you, Stripe will store certain identifying information, such as a password, your email address, or your mobile phone number (“Stripe Credentials”), and your Payment Credentials. The advantage of remembering you is that it will make your checkout quicker and easier if you come back to the same website, or to any of the other websites that use Stripe (a “Checkout Enabled Site”)–this can be especially handy when you’re on a mobile device or don’t have your credit card in front of you.
If you elect to allow us to remember you, Stripe will use cookies to link your web browser to your Stripe Credentials and recognize when you return to a Checkout Enabled Site. If you come to a Checkout Enabled Site and we don’t recognize you (for example, because you’ve cleared your cookies, logged out, or you’re using a different device), we will provide a way for you to identify yourself and login via your Stripe Credentials (for example, by sending you a verification code via SMS text message). While you are logged in, Stripe will give you the ability to make purchases using your stored Payment Credentials. Stripe may also allow you to make a purchase with your Payment Credentials by sending a message directly from the email address or phone number stored as your Stripe Credentials (for example, to authorize a purchase via SMS).
If you send us text messages, or have us send you one, don’t forget that your carrier might charge you for that.
3. Our Role
Stripe Checkout is a way of storing your Payment Credentials, but it doesn’t change anything else about your relationship with the Merchant you’re paying or your bank or credit card company. You are ultimately responsible for the purchases you make using Stripe Checkout. Also, the Merchant is the one responsible for providing you the goods or services that you purchase using Stripe Checkout, not Stripe. Stripe will use our reasonable efforts to keep your Payment Credentials secure.
4. Making Changes
If you want to delete your Payment Credentials, stop storing information using Stripe Checkout, or change your settings, you can send an email to support@stripe.com.
5. Representations and Warranties
By using Stripe Checkout you represent and warrant that you are at least 18 years of age and that you will not use Stripe Checkout for any fraudulent, unlawful or abusive purpose.
6. DISCLAIMERS
STRIPE CHECKOUT, INCLUDING ALL CONTENT, SOFTWARE, FUNCTIONS, MATERIALS, AND INFORMATION MADE AVAILABLE ON, PROVIDED IN CONNECTION WITH OR ACCESSIBLE THROUGH STRIPE CHECKOUT, ARE PROVIDED “AS IS.” TO THE FULLEST EXTENT PERMISSIBLE BY LAW, STRIPE, ITS AFFILIATES, AND THEIR AGENTS, MERCHANTS OR INDEPENDENT CONTRACTORS (THE “DISCLAIMING ENTITIES”), MAKE NO REPRESENTATION OR WARRANTY OF ANY KIND WHATSOEVER FOR THE SERVICES OR THE CONTENT, MATERIALS, INFORMATION AND FUNCTIONS MADE ACCESSIBLE BY STRIPE CHECKOUT, OR FOR ANY BREACH OF SECURITY ASSOCIATED WITH THE TRANSMISSION OF SENSITIVE INFORMATION THROUGH STRIPE CHECKOUT. EACH DISCLAIMING ENTITY DISCLAIMS WITHOUT LIMITATION, ANY WARRANTY OF ANY KIND WITH RESPECT TO THE SERVICES, NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. THE DISCLAIMING ENTITIES DO NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE. THE DISCLAIMING ENTITIES SHALL NOT BE RESPONSIBLE FOR ANY SERVICE INTERRUPTIONS, INCLUDING, BUT NOT LIMITED TO, SYSTEM FAILURES OR OTHER INTERRUPTIONS THAT MAY AFFECT THE RECEIPT, PROCESSING, ACCEPTANCE, COMPLETION OR SETTLEMENT OF PAYMENT TRANSACTIONS. THE DISCLAIMING ENTITIES ARE NOT RESPONSIBLE FOR THE ACCURACY OF ANY PAYMENT INSTRUMENT, OFFER, OR REWARD PROGRAM ITEM INFORMATION, INCLUDING, WITHOUT LIMITATION, WHETHER SUCH INFORMATION IS ACCURATE.
7. Limitations of Liability; Force Majeure
IN NO EVENT SHALL ANY DISCLAIMING ENTITY BE RESPONSIBLE OR LIABLE TO YOU OR ANY THIRD PARTY UNDER ANY CIRCUMSTANCES FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, PUNITIVE OR EXEMPLARY, DAMAGES OR LOSSES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES WHICH MAY BE INCURRED IN CONNECTION WITH ANY DISCLAIMING ENTITY OR THE SERVICES, OR ANY GOODS, SERVICES, OR INFORMATION PURCHASED, RECEIVED, SOLD, OR PAID FOR BY WAY OF THE SERVICES, REGARDLESS OF THE TYPE OF CLAIM OR THE NATURE OF THE CAUSE OF ACTION, EVEN IF THE DISCLAIMING ENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE OR LOSS. IN NO EVENT SHALL THE DISCLAIMING ENTITIES’ TOTAL CUMULATIVE LIABILITY ARISING FROM OR RELATING TO these Terms of Service EXCEED $10 US Dollars. Each party acknowledges that the other party has entered into these Terms of Service relying on the limitations of liability stated herein and that those limitations are an essential basis of the bargain between the parties. In addition to and without limiting any of the foregoing, no Disclaiming Entity shall have any liability for any failure or delay resulting from any condition beyond the reasonable control of such party, including but not limited to governmental action or acts of terrorism, earthquake, fire, flood or other acts of God, labor conditions, power failures and Internet disturbances.
8. Governing Law
This Agreement is concluded in English.
This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) (a “Dispute”) will be governed by and construed in accordance with the laws of the Republic of Ireland.
Any Dispute shall be finally resolved by arbitration under the LCIA Rules by a sole arbitrator appointed in accordance with the said Rules. It is agreed that the seat of the arbitration shall be Dublin and the language of the arbitration shall be English.
Headings are included for convenience only, and shall not be considered in interpreting this Agreement. The Agreement does not limit any rights that we may have under trade secret, copyright, patent or other laws. Our failure to assert any right or provision under this Agreement shall not constitute a waiver of such right or provision. No waiver of any term of this Agreement shall be deemed a further or continuing waiver of such term or any other term.
9. Notice
Notices and other communications to you may be made by mail, email, postings on the Stripe Website or other reasonable means. We may also provide notices of changes to the Terms of Service or other matters by displaying links to notices on the Stripe Website. Notice to Stripe may be made to Stripe, Inc., 3180 18th Street, San Francisco CA 94105.
10. Modification of Terms of Service
We have the right, in our sole and absolute discretion, to change, modify, or amend any portion of these Terms of Service at any time by posting notification here or otherwise communicating the notification to you. The changes will become effective, and shall be deemed accepted by you, after the initial posting and shall apply on a going-forward basis with respect to transactions initiated after the posting date. In the event that you do not agree with any such modification, your sole and exclusive remedy is to terminate your use of the Stripe Checkout.
11. Assignment
You may not assign these Terms of Service or any rights or obligations hereunder, by operation of law or otherwise, without our prior written approval and any such attempted assignment shall be void. We reserve the right to freely assign these Terms of Service and the rights and obligations hereunder, to any third party without notice or consent. Subject to the foregoing, these Terms of Service shall be binding upon and inure to the benefit of the parties hereto, their successors and permitted assigns.
12. Data Protection
Your data may be transferred, processed and stored outside of EU member states and, as set forth in our Privacy Policy, may be subject to disclosure as required by applicable law.
13. Survival
Upon termination of your use of Stripe Checkout or termination of these Terms of Service for any reason, in addition to this section, the following sections shall survive termination: Sections 5 through 14.
14. Miscellaneous
Stripe failure to exercise or enforce any right or provision of the Terms of Service will not be considered a waiver of that right or provision. If any provision of these Terms of Service shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that these Terms of Service shall otherwise remain in full force and effect and remain enforceable between the parties. Headings are for reference purposes only and in no way define, limit, construe or describe the scope or extent of such section. these Terms of Service, including Stripe’s policies governing Stripe Checkout referenced herein, constitutes the entire agreement between you and Stripe with respect to the use of Stripe Checkout. These Terms of Service is not intended and shall not be construed to create any rights or remedies in any parties other than you and Stripe which each shall be a third party beneficiary of these Terms of Service, and no other person will have the ability to assert any rights as a third party beneficiary under these Terms of Service.
Privacy Policy — United Kingdom
This policy was last updated on December 9, 2015. Previous versions and diffs are available here
Overview
Stripe Inc. and all its subsidiaries and affiliates, including but not limited to Stripe Payments Europe Ltd (“SPEL” and, collectively with Stripe, Inc. and its other affiliates, “Stripe”, “we”, “our” or “us”) expects its employees, including those of its subsidiaries worldwide and third parties with whom Stripe does business, to maintain the highest standards of ethics and compliance with applicable laws and rules. Stripe is committed to the highest standards of privacy and data protection compliance and expects all its employees and management to adhere to these standards.
Stripe operates an online payments platform that enables merchants and vendors to send and receive funds as payments for goods and services (“Merchants”). Our services comprise all software and services that we offer, including the Stripe Checkout form that may be made available on a Merchant’s website, and other services that we offer through our website when you register for a Stripe account (collectively referred to as the “Services”).
We understand that privacy is important to our online visitors and users. We respect your privacy and will take all reasonable steps to safeguard and protect your information as if it was our own.
This Privacy Policy will help you understand what Personal Data Stripe collects; how it collects, holds, uses and discloses that information; and the purposes of collection and disclosure.
Personal Data
The term “Personal Data”, as used in this Policy, refers to any data (whether by itself or when linked with other information in the possession of, or likely to come into the possession of, Stripe) that can be used to identify a specific living person. Personal Data does not include information that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person.
This Privacy Policy will help you understand the following:
- What does this Privacy Policy apply to?
- Collection and Use of your Personal Data
- Cookies and Web Server Logs
- Sharing and Disclosure of your Personal Data
- Retention of your Personal Data
- Protection of Personal Data
- Changes to this Policy
- Access, Correction and Complaints – Contact Us
Please also review, if applicable, your agreement with Stripe, including our Terms of Service that shall govern in the event of any inconsistency with this Privacy Policy.
What does this Privacy Policy apply to?
This Policy applies to the stripe.com website, including all subpages and successor pages (collectively referred to as the “Website”), and also applies to all Services that we offer.
This Policy does not apply to any website, product or service of any third-party company even if the website links to (or from) our Website. Please always review the privacy practices of any third-party company before deciding whether to provide any information.
By using our Website or Services, you are accepting the practices described in this Policy. If you do not agree with this Policy, please delete all cookies from your browser cache after visiting our Website and do not visit or use our Website or Services. Your continued use of our Website or Services will signify your acceptance of this Policy.
Collection and Use of your Personal Data
We collect Personal Data from our Merchants and our Merchant’s customers (“Checkout Users”) in order to enable us to provide our Services.
Broadly speaking, we collect information in three ways: (1) when you provide it directly to us, (2) when we obtain verification information about you or your company through trusted third parties (e.g. banks, credit bureaus), and (3) passively through technology such as “cookies” (cookie collection is described below in Section 3 (“Cookies and Web Server Logs”).
The types of Personal Data that we collect and our use of that Personal Data will depend on whether you are a Checkout User or Merchant.
Checkout Users
Checkout enables Merchants to collect payment information from Checkout Users for a number of payment methods. When you use a Merchant’s website to make a purchase, the Merchant will collect your Personal Data and provide it to us. This Personal Data includes your payment card information, your email address, your mobile phone number, and billing and shipping address. We will use this Personal Data as part of the payment processing process. When you use Stripe Checkout on a Merchant’s website to store your payment credentials, we will use the Personal Data disclosed to us by the Merchant to complete purchases that you choose to make on other websites or applications that also use Stripe Checkout, but only with your permission. Checkout Users can view our Privacy Policy via a hyperlink and are asked to confirm that their Personal Data be remembered.
This Personal Data described above will be shared and disclosed only as described below in Section 4 (“Sharing and Disclosure of Personal Data”).
Merchants
When you visit our Website, you have the ability to conduct a limited number of live “test” transactions and experience our Services working without registering for a Stripe account. To monitor these test transactions, we collect your IP address, information about your computer, and other standard web log information. We also collect any Personal Data and credit card information that you provide to conduct the test transactions. We will not use this information to target any advertisements to you.
To gain full access to our Website and Services, you must register for a Stripe account. When you register for an account, we collect the Personal Data you provide, such as the following:
- Your name, company name, location, email address, phone number, and account password, to set up your account
- Your business and personal tax, or other government-issued identification numbers, as well as your date of birth, to verify your identity for underwriting purposes
- Your bank account information, to settle funds for your transactions
- Your IP addresses, devices, and locations used to access Stripe, which will be linked to your account for fraud detection/prevention purposes
If you elect to not provide Personal Data in optional fields it may limit your ability to use our Services. We may retrieve additional Personal Data about you from third parties and other identification/verification services such as credit bureaus. In addition, we may collect Personal Data from you in other ways including emails, surveys, and other forms of communication. Once you begin using our Services through your Stripe account, we will keep records of your transactions and collect information of your other activities related to our Services.
This Personal Data described above will be shared and disclosed only as described below in Section 4 (“Sharing and Disclosure of Personal Data”).
Website Visitors
To simply browse our Website, you are not required to provide any Personal Data. However, we may gather non-personally-identifiable information, as described directly above, solely for the purposes of monitoring and improving our Website and Services. We will not share this information with third parties or use it to target any advertisements to you.
Our Website and Services are directed to the general public. We do not knowingly collect information from children under 15 years of age or have any reasonable grounds for believing that children under the age of 15 are accessing our Website or using our Services. If we learn that we have inadvertently collected Personal Data from a child under age 15, we will delete that information as quickly as possible. If you believe that we might have any information from a child under age 15, please contact us at privacy@stripe.com.
Cookies and Web Server Logs
“Cookies” are a feature of web browser software that allows web servers to recognise the computer used to access a website. Cookies can remember what information a computer accessed on one web page to streamline activities on related web pages and to make the online experience easier and more personalised. Log files are used to monitor, measure, analyse, improve, and troubleshoot our Services.
We utilise “cookies” and other technologies to collect non-personally-identifiable information from our Website and from other websites that use our Services. Where you request that your payment credentials be remembered by our checkout system, the cookies will also collect Personal Data about you. Information gathered through cookies and web-server log files may include information such as the date and time of visits, the pages viewed, IP addresses, links to/from any page, and time spent at our site.
We use cookie data to measure web traffic and usage activity on our Website for purposes of monitoring, troubleshooting and improving our Website and Services, to look for possible fraudulent activity, and to better understand the sources of traffic and transactions on our Website and the websites of Merchants that use our Services. Cookies also allow our servers to remember your account information for future visits and to provide personalised and streamlined information across related pages on our Website and also across other websites or applications that use our Services. You can choose to disable cookies for our Website but this may limit your ability to use our Website and Services.
Marketing and Cookies Opt-Out
We may occasionally email you with information about offers or new services. If you do not wish to receive this marketing material then please email privacy@stripe.com. You can also opt out of these email communications by replying with unsubscribe in the subject line, or via an unsubscribe link included in such communications. However, you will continue to receive certain email communications related to your account and your relationship with Stripe.
If you wish to opt out of having cookies set on your browser, the only way to ensure that this happens is to manage the settings on your web browser to delete all cookies and disallow further acceptance of cookies. Note that disabling cookies on your browser prevents Stripe from tracking your activities in relation to our Website and Services. However, it may also disable many of the features available through our Websites and Services and some aspects of our Services may not work properly if you do so. For more information, refer to your browser’s technical information. You may also consider visiting aboutcookies.org, which provides helpful information about cookies.
In order to understand and improve the effectiveness of our advertising, we may also use web beacons, cookies, and other technology to identify the fact that you have visited our Website or seen one of our advertisements, and we may provide that information to one or more third party advertising networks. The information we provide may include the time and date of your visit to our Website, pages viewed, links clicked and other non-personally identifying information. Those advertising networks may recognise the web beacon or cookie associated with your visit to our Website when you visit other websites on which they serve advertising, and they may make decisions about the advertisements you see based on it. We may choose to work with Google AdWords, Doubleclick, AdRoll or other advertising networks. Each of these companies has its own privacy policy, which we encourage you to review. For more information about advertising and tracking online, visit the Network Advertising Initiative. This website allows consumers to “opt out” of the behavioural advertising delivered by member companies. Additional information on that program can be found here.
Appendix 1 lists the types of Cookies we use and their purpose.
Sharing and Disclosure of your Personal Data
Stripe does not sell or rent your Personal Data to marketers or third parties. Stripe may disclose Personal Data it collects about you to trusted third parties who are integral to the operation of our Website and Services for a variety of purposes in connection with providing our Services, operating our Website and special offers to you. These third parties may include our agents, related bodies corporate, contractors, financial institutions, payment processors, verification services and credit bureaus, as well as any third parties that you have directly authorised to receive your Personal Data.
We may share Checkout User’s contact information, but not their card information, with Merchants as part of the Checkout User’s purchases.
Stripe Connect allows Merchants selling on partner websites, e.g. online marketplaces, to directly accept credit card payments. If you authorise an application to access your Stripe account using Stripe Connect, you acknowledge that we may share payment transaction data and related information with the third party that provides the authorised application. The use of your information by such third party will be subject to their applicable privacy policy, which you should carefully review.
We may store your Personal Data in locations outside the direct control of Stripe, for instance, on servers or databases co-located with hosting providers. Some of our the related bodies corporate or third parties to whom we disclose your Personal Data are located outside of United Kingdom. These countries may include the United States of America and Ireland.
We may also disclose your Personal Data to law enforcement, government officials, or other third parties if required by law or we believe in good faith that the disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Service.
In addition, in the event of a merger, acquisition, reorganisation, bankruptcy, or other similar events, certain information in our possession may be transferred to our successor or assign.
Any sharing or disclosure of your Personal Data will be in compliance with applicable data protection laws and regulations.
Retention of your Personal Data
Personal Data that we collect and use for any purpose or purposes shall not be retained for longer than is necessary for that purpose or those purposes. This includes the Personal Data of Checkout Users.
Stripe has a variety of obligations to retain the data that you provide us, both to ensure that transactions can be appropriately processed, settled, refunded or charged back, to identify fraud, and also to comply with laws applicable to us and to our banking providers and credit card processors. Accordingly, even if you close your Stripe account we will retain certain information as necessary to meet our obligations. However, we will identify your account in our database as “inactive” or “closed”.
Protection of Personal Data
Although no data transmission can be guaranteed to be 100% secure, we take all reasonable steps to ensure that the Personal Data we collect, use or disclose is accurate, complete, up-to-date, relevant and stored securely.
We also take all reasonable steps to ensure that the Personal Data we hold is protected from misuse, interference, loss, unauthorised access, modification or disclosure by the use of various methods including access limitation, and industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to building and files.
Stripe will provide some or all of its Services from systems located outside of Europe. As such, Merchants are required to disclose to Checkout Users that personally identifiable information may be transferred, processed and stored outside of Europe.
Stripe maintains strict administrative, technical and physical procedures to protect information stored in our servers, which are located in the United States. Access to information is limited (through user/password credentials and software systems) to those employees who require it to perform their job functions.
Changes to this Policy
We reserve the right to make changes to this Policy from time to time. Please review this Policy periodically to check for updates. If any changes are material and/or retroactive, we may provide additional notice and/or an opportunity to “opt-in,” as appropriate under the circumstances. We may also advise you of changes to this policy by emailing and/or mailing the revised policy to any addresses you provide us.
Access, Correction and Complaints – Contact Us
Merchants can update their account information by signing on to our Website with their Stripe account.
If you have any questions or suggestions about this Privacy Policy or would like to access or seek correction of your Personal Data, or if you have complaints regarding our privacy practices, please contact our Privacy Officer by emailing privacy@stripe.com.
We aim to acknowledge receipt of all complaints within five business days and to resolve all complaints within 40 business days (although this may not be possible in all circumstances, and is dependent on the complexity of the issue). Where we cannot resolve a complaint within 40 business days, we will notify you of the reason for the delay as well as an indication of when we expect to resolve the complaint.
Appendix 1 – Cookies and Purpose
Cookies enable us to identify your device, or you when you have logged in. We use cookies that are strictly necessary to enable you to move around the site or to provide certain basic features. We use cookies to enhance the functionality of the Website by storing your preferences, for example. We also use cookies to help us to improve the performance of our Website to provide you with a better user experience.
Strictly necessary cookies: These cookies are necessary in order for you to move around Stripe.com and use the site:
Cookie Name | Purpose |
accounts | A list of Stripe accounts you have access to |
livemode_{ACCOUNT_ID} | Several cookies that indicate whether or not livemode should be selected in that account’s dashboard by default. |
stripe.csrf | A random token to prevent cross site request forgery |
rack.session | A unique session identifier |
session | A unique session identifier if you’re logged into your Stripe dashboard |
machine_identifier | A random string used to identify your machine |
Functionality: Functionality cookies record information about choices you’ve made and allow us to tailor the Website to you.
Cookie Name | Purpose |
country | The country you’re currently viewing the site for |
lang | The programming language you last viewed docs in |
checkout-test-session, checkout-dashboard-session | A random string used to associate a user with a particular “Remember Me” account. When a user opts to save their payment information or log into an account they’ve already created, we use these cookies to keep them logged in between requests. Each cookie maintains this state for a somewhat different context. |
last-used-checkout-name | The value of the “name” parameter passed to Checkout by the merchant the last time Checkout was opened. We use this to customize the content of “https://stripe.com/checkout/info”. |
cookiesEnabled | A random value we set to determine whether we’re able to set cookies for the user |
logged_in | whether or not you’re currently logged in |
Performance: We use performance cookies to help us to provide a better user experience for you.
Cookie Name | Purpose |
stripe_orig_pros | Tracking of the referrer the user entered the site with |
mp_{RANDOM_STRING}_mixpanel | A random identifier and some analytics information on how you use your account |
cid | A random value we set to track user metrics. We especially use this to ensure that users consistently see the same Checkout experience when we are running an A/B test of new features. |
__utma, __utmb, __utmc, __utmz | Analytics information used to track user metrics. Please see [this table](https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#gajs) for more details. |