Through Stripe’s Financial Connections (the “Service”), you are able to access end user data to support the products and services that you provide to your end users. Accessing your end users’ data should be done in a way that is consistent with applicable law and provides that user control over and transparency regarding the data that is being collected, how it’s used, and how it may be shared. You should check with your legal counsel to understand your obligations with respect to using the Service, but here are a few specific examples of obligations that may apply in some areas that you should keep in mind.

Obtaining Consent from End Users

Obtaining valid consent from your end users to access and use their data is important to your use of the Service. By providing your end users the option to link their external financial accounts via Stripe, you should:

(1) properly surface the purpose(s) for which you are seeking to obtain end user data; and

(2) transparently disclose how you will use, store, and share end user data.

Your user interface should convey the purpose for collecting and using end user data, and correspondingly, you would need to limit your business’ use of end user data to that purpose. If you access information and initiate debits, you need to obtain separate and distinct authorizations from your end users for these separate activities. Learn more about ACH debit mandates here.

The subsequent Stripe consent pane will capture the end user’s acceptance of Stripe’s terms of service and privacy policy and through our consent flow, the end user can link their financial accounts. The Stripe consent pane will not be modifiable by you or other merchants.

When setting up your platform, you will request particular data categories from the end users, and these data categories will be disclosed to end users in the Stripe consent flow. If your business would like to access additional types of data from your end user’s account in the future, your business will need to surface this new information to your end user through a Stripe-provided consent flow.

Recordkeeping

You need to retain records related to your compliance with your agreement with Stripe and applicable law, including:

• Screenshots of the user interface screens or flows on which you surface the purpose(s) presented to end users for processing their data, including the date range that each unique version was live; and

• Your privacy policies or other end-user facing materials related to the data sharing service, and any modifications or updates.

We may request copies of documents related to these recordkeeping obligations.

Data Retention. A growing number of privacy laws prohibit companies from keeping personal data longer than necessary for the purpose it was obtained. It is your responsibility to create an internal retention procedure, consistent with applicable law.

Customer Support Obligations

Your access to, and use of end user data is subject to applicable laws and regulations that require you to take specific actions if you receive the below end user communications.

1. Data Subject Requests. We recommend that you prepare internally to receive requests from end users seeking deletion of personal data, and/or disconnection of their linked financial account. For those jurisdictions that require compliance with data access requests, you will also need to action those requests in accordance with applicable law.

   1. Disconnection Requests:

      1. User Interface: If you provide your customers with an option to disconnect their account, we recommend that you specify in your interface that disconnection will stop the sharing of new financial account data, but won't delete previously shared data or delete data from Stripe. That way, end users can decide whether to make a separate data deletion request.

      2. Notify Stripe: Please forward disconnection requests either 1) via Stripe’s disconnection form or 2) via the disconnections API. Please keep in mind that the disconnections API does not result in your user’s deletion of data from Stripe. If your user requests to delete their data, you should use the disconnection form.

   2. Deletion Requests:

      1. User Interface: We recommend that you specify in your interface what a "deletion" request means, i.e., whether a deletion request will also include a disconnection of the linked account.

      2. Notify Stripe: Please forward deletion requests to Stripe at privacy@stripe.com with the subject line, “Financial Connections: Request for Account Deletion” or ask your customer to submit their requests directly to Stripe through our disconnection form. You should also delete any such data on your own systems or notify the end user of your legal basis for retaining that data.

2. Unauthorized Connections. If you become aware that consent to share data was not authorized by one of your end users (e.g. as a result of identity theft), please submit a deletion request directly to Stripe at privacy@stripe.com.

3. Complaints. If you receive a user communication that meets Stripe’s definition of a “complaint” please make sure to report it timely to Stripe by contacting complaints@stripe.com or by using our complaints submission form and selecting “Linked Financial Accounts” from the dropdown.

   1. Stripe defines complaints as “any expression of dissatisfaction with a product, service, policy, or employee related to Connections services, except those expressions made by employees of your company.”

   2. Certain complaints may be considered “executive complaints” if they include threats of litigation or are submitted by regulators. These complaints should be escalated to Stripe within 1 day of receipt.