Through Stripe's Financial Connections (the "Service"), you are able to access end user data to support the products and services that you provide to your end users. Accessing your end users' data should be done in a way that complies with applicable law and provides the user in question with control over and transparency regarding the data that is being collected, how it's used and how it may be shared. You should check with your legal counsel to gain a deeper understanding of your obligations with respect to using the service, but here are a few specific examples of obligations that may apply in some areas and which you should bear in mind.

Obtaining consent from end users

Obtaining valid consent from your end users to access and use their data is important to your use of the service. By providing your end users the option to link their external financial accounts via Stripe, you should:

(1) make the reasons why you are seeking to obtain end user data clear; and

(2) disclose how you will use, store and share end user data in a transparent manner.

Your user interface should convey the purpose behind collecting and using end user data, and you would then need to limit your business' use of end user data to that purpose. If you access information and initiate debits, you need to obtain separate and distinct authorisations from your end users for these separate activities. Learn more about ACH debit mandates here.

The subsequent Stripe consent pane will capture the end user's acceptance of Stripe's Terms of Service and Privacy Policy, and the end user will then be able to link their financial accounts through our consent flow. Neither you nor other merchants will be able to modify the Stripe consent pane.

When setting up your platform, you will request particular data categories from the end users, and these data categories will be disclosed to the end users in the Stripe consent flow. If your business would like to access additional types of data from your end user's account in the future, your business will need to share this new information with your end user through a consent flow, as provided by Stripe.

Recordkeeping

You will need to retain records related to your compliance with your agreement with Stripe and applicable law, including:

• Screenshots of the user interface screens or flows on which you show the purpose(s) presented to end users regarding the processing of their data, including the date range that each unique version was live; and

• Your privacy policies or other end-user facing materials related to the data sharing service, and any modifications or updates.

We may request copies of documents related to these recordkeeping obligations.

Data retention. A growing number of privacy laws prohibit companies from keeping personal data for longer than is necessary for the purpose it was obtained. It is your responsibility to create an internal retention procedure which is consistent with applicable law.

Customer support obligations

Your access to and use of end user data is subject to applicable laws and regulations that require you to take specific actions if you receive communications from the end user as described below.

1. Data subject requests. We recommend that you make internal preparations for receiving requests from end users seeking the deletion of their personal data and/or disconnection of their linked financial account. For jurisdictions that require compliance with data access requests, you will also need to process such requests in accordance with applicable law.

   1. Disconnection requests:

      1. User interface: If you provide your customers with an option to disconnect their account, we recommend that you specify in your interface that disconnection will stop new financial account data from being shared but won't delete previously shared data or delete data from Stripe. This way, end users can decide whether to make a separate data deletion request.

      2. Notify Stripe: Please forward disconnection requests either 1) via Stripe's disconnection form or 2) via the disconnections API. Please bear in mind that the disconnections API does not result in your user's data being deleted from Stripe. If your user requests that their data is deleted, you should use the disconnection form.

   2. Deletion requests:

      1. User interface: We recommend that you specify in your interface what a "deletion" request means, i.e. whether a deletion request will also include a disconnection of the linked account.

      2. Notify Stripe: Please forward deletion requests to Stripe at privacy@stripe.com with the subject line, "Financial Connections: Request for account deletion". Alternatively, you can ask your customer to submit their requests directly to Stripe through our disconnection form. You should also delete any such data that you may have on your own systems or notify the end user of your legal basis for retaining that data.

2. Unauthorised connections. If you become aware that consent to share data was not authorised by one of your end users (e.g. as a result of identity theft), please submit a deletion request directly to Stripe at privacy@stripe.com.

3. Complaints. If you receive a communication from a user that meets Stripe's definition of a "complaint", please make sure that you report it to Stripe in a timely manner by contacting complaints@stripe.com or by using our complaints submission form and selecting "Linked financial accounts" from the dropdown.

   1. Stripe defines complaints as "any expression of dissatisfaction with a product, service, policy or employee related to Connections services, except those expressions made by employees of your company".

   2. Certain complaints may be considered "executive complaints" if they include threats of litigation or are submitted by regulators. These complaints should be escalated to Stripe within one day of receipt.