GDPR Questions about Stripe Payments Plugin

  • Resolved D

    (@clocksaysnow)


    6 years, 6 months ago

    Hi, I’m getting my website ready for GDPR (the new EU privacy law), and your plugin—Stripe Payments—is one that I use on my website. In order for me to accurately write my privacy policy, would you please answer the following?

    1. Does your plugin collect personally identifiable information (that includes IP addresses)?

    2. If so, what types of personally identifiable information does your plugin collect?

    3. For what purpose(s) does your plugin collect personally identifiable information?

    4. Does your plugin have a privacy policy that explains how you use my website visitors’ personally identifiable information?

    5. Do your plugin use cookies or collect various types of data-usage information?

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Alexander C.

    (@alexanderfoxc)

    Hi.

    1. Yes, it does.

    2. If you look in the Orders section of the plugin, you can see that email address of the customer is collected.

    3. To send product purchase notifications, deliver link for digital product that was purchased (if any).

    4. Nope. However, in the upcoming version (which should be released shortly, within a day or two) there will be an option for you to make your customer accept Terms of Service and\or Privacy Policy before they can make any purchase on your site. This way you will be able to comply with GDPR.

    5. Plugin does not use cookies. Please define meaning of “data-usage information” (with examples, if possible).

    Side note: I’m plugin contributor, not the owner. So this is just my reply from technical point of view mostly. I will bring plugin’s owner attention to this thread.

    Thread Starter D

    (@clocksaysnow)

    Thank you. That was very helpful. By “data usage,” I just meant any miscellaneous information about the website visitor that the plugin might collect, such as IP addresses.

    Thread Starter D

    (@clocksaysnow)

    A quick follow-up question: You said the Stripe Payments plugin doesn’t generate cookies. But I notice that on the page of my website where I’m using the Stripe Payments plugin, the following cookies are being generated: https://checkout.stripe.com, https://js.stripe.com, and https://m.stripe.network. Is the Stripe Payments plugin creating those cookies? Or is Stripe (the company) creating them? Thanks!

    Plugin Contributor Alexander C.

    (@alexanderfoxc)

    Yep, those are set by Stripe itself, not our plugin. Our plugin cannot set cookies for other domains, only for the domain it’s running on (e.g. your website), which it does not (the plugin itself isn’t using cookies).

    Stripe has a guide related to GDPR, perhaps you can get some useful info from it https://stripe.com/guides/general-data-protection-regulation

    • This reply was modified 6 years, 6 months ago by Alexander C..
    Plugin Author mra13

    (@mra13)

    Here is a documentation on how the terms and conditions feature of the plugin works:
    https://stripe-plugins.com/enabling-terms-and-conditions-on-your-stripe-payments-buttons/

    You can use it to explain what you do with their transaction data and take consent from them at the time of purchase. The plugin also allows you to delete any of the transaction data in the admin interface. So if a customer request deletion, you can go to the orders menu and delete their records.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘GDPR Questions about Stripe Payments Plugin’ is closed to new replies.