Stripe works with third-party service providers who are subject to contractual requirements and restrictions on the use of data accessed through Stripe. Our service providers include third-party data aggregators, such as Finicity and MX. We may work with service providers to obtain the information from the financial accounts that users have consented to share with Stripe and your business. When users input their login information in the credential pane, Stripe and one of our service providers may collect, store, and use the login information or authorization to maintain an active connection to the user’s account. Our service providers use industry-leading security to protect data. Learn more about security practices at Finicity and MX.

Stripe does not sell your users’ financial account information to third parties, including marketers, and we require the same of our service providers. When our service providers obtain your users’ personal data, they can only use it to perform services for Stripe or to comply with legal requirements.

In cases where Stripe has an OAuth (Open Authentication) connection to a financial institution, your user will log in directly to their institution to grant access to their information. This means that your user does not share their login credentials with Stripe or with our service providers.