>> View all legal agreements

PayPal Privacy Statement

 

Effective Date: January 1, 2023

Download PDF

 

1. Overview

2. Non-Account Holders

3. Categories of Personal Information We Collect

4. How is Personal Information used?

5. Do We Disclose Personal Information, and why?

6. How long does PayPal store your Personal Information?

7. How Do We Use Cookies and Tracking Technologies?

8. Your Data Protection Rights

9. How Do We Protect Your Personal Information?

10. Can Children Use Our Services?

11. Definitions

12. Our Contact Information

13. California Privacy Notice of Collection

14. US Consumer Privacy Notice

 

1. Overview

This Privacy Statement applies to PayPal and aims to provide you with sufficient information regarding our use of your Personal Information when you visit our website, apply for, or use our services (collectively, the “Services”). We encourage you to read this Privacy Statement and to use it to help you make informed decisions.

Certain capitalized terms that are not otherwise defined in the Statement are explained in Section 11 (“Definitions”).

We revise this Privacy Statement from time to time to reflect changes to our business, Services, or applicable laws. If the revised version requires notice in accordance with applicable law, we will provide you with 30 days prior notice by posting notice of the change on the "Policy Updates" or "Privacy Statement" page of our website, otherwise the revised Privacy Statement will be effective as of the published effective date.

 

2. Non-Account Holders

Our Services may be accessed by individuals without a PayPal account or profile. We will collect Personal Information from you even if you are a non-account holder when you use our Services, such as when you use our Services without a PayPal account, use Unbranded Payment Services (e.g., Braintree and Zettle), or when you receive a payment through our Services from account holders (“Recipient”). We may connect this information with your account, if you have one at the time you use the Service without logging in, or if you create an account later. With your consent, we may also save your credit card information for future use.

When you shop on Partner and Merchant sites, the partner or merchant may disclose Personal Information with PayPal that will be used in accordance with this Privacy Statement and the relevant PayPal user agreement.

 

3. Categories of Personal Information We Collect

Categories of Personal Data collected from you, including from your interactions with us and use of the Services:

  • Personal Identifiers: Such as name, Business Name, Address, Phone Number, Email, IP address, Device Information, Information collected from cookies or other tracking technologies, other information necessary to establish an account
  • Records and Financial Information: Such as, bank account and routing numbers, credit and debit card information, amount you send or request, other financial information
  • Commercial Information: Such as online shopping cart information, shopping activity on merchant sites, purchase history, and order tracking and product information
  • Geolocation: We may collect IP-based geolocation data and Global Positioning System (GPS) with your consent during your user experience or based on your mobile application settings.
  • Internet or network activity: interactions with our Services, Information about response time for web pages, download errors, date and time when you used the service, Location Information, such as your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Sites and other usage and browsing information collected through Cookies (“Technical Usage Data”)
  • Biometric: When you consent in the user experience, we collect voice identification or face scans to authenticate your account
  • Audio, electronic, visual, or similar information: Call recordings when you talk to customer service
  • Professional or employment information: including business information, contact emails, phone numbers and taxpayer ID numbers
  • Imported Contact Information: including name, address, phone number, images, email address or usernames associated with the contacts
  • Account Profile Information: username, profile picture, gender, or personal description which you add that may include sensitive Personal Information. You can set your profile to “Private” at any time
  • Information you provide when you contact us: Your response to surveys, recorded conversations, chat conversations with us, email correspondence with us, account status, repayment history, voice identification, Information about others if you choose to share it with us
  • Inferred data: We may infer information about you such as your preferences and shopping behavior, based on your transactions and interactions with our Services
  • Characteristics of Protected Classifications: including age or date of birth, national origin, disability, citizenship, military status
  • Sensitive Personal Information: Social Security number, government-issued identification, bank account and routing numbers, credit and debit card information, voice identification and Photo IDs or Precise Geolocation
  • Information from your device: including, language settings, browser ID, cookie preferences, time zone, operating system, platform, screen resolution and similar information about your device settings, data collected from cookies or other tracking technologies

We may also obtain the above categories of Personal Information from the following categories of sources:

  • Third parties: including Service Providers, Partners and Merchants, Payment Partners, such as card networks and payment processors, Credit Reporting Agencies, Government Entities, Data Brokers, and Financial Institutions
  • Connected Accounts: Non-financial or financial accounts you agree to link to PayPal, such as social network accounts, mail accounts or for open banking. You may change your mind about use of this feature and unlink your connected accounts at any time. If you choose to link these accounts or share such information with us, we will periodically collect and process it until you disconnect the account
  • Third Party Applications: Applications that you choose to use for example, the Apple App Store, Google Play Store, or social networking sites

 

4. How is Personal Information used?

We may process your Personal Information for a variety of reasons, including to provide our Services, for security and fraud prevention and to comply with law. We may also use personal data with your consent to participate in certain features that while not necessary for use of the Services may be of interest to you, such as syncing your contact list to your account, targeted advertising, or connecting to a third-party platform.

We may collect Personal Information to:

  • Provide our Services: such as to help you send or request money, initiate a payment, add monetary value to an account, pay a bill, administer your purchases, show you your account information, to assess your creditworthiness in connection with our Services, confirm your identity and your contact information, to authenticate your access to your account and to confirm your Account and financial information is accurate and up to date.
  • Provide receipts in connection with Zettle services: For buyers using our Zettle services, you may choose to provice us your contact details so that we can send you digital receipts.
  • Manage and improve our Services: for example, to develop new products and features, for customer analysis, to administer our Services, and for internal operations, for example troubleshooting, data analysis, testing, research, and statistical purposes.
  • Manage fraud and risk: We conduct risk analysis, fraud prevention and risk management to protect our customers and business, including fraud that involves our Partners and Merchants and strategic ventures.
  • Associate information about you: if you use our Services without a PayPal account (e.g., Pay without a PayPal account) or Unbranded Payment Services (e.g., such as Braintree) we may associate such transactions with your account, if you have one or later establish an account.
  • Market our Services: We may use Personal Information to market our Services including where we partner with others to offer similar services to market about our Partners and Merchants. We use Personal Information to better understand and cater to your interests.
  • Communicate with you: We may contact you when you need us, such as answering a question you sent to our customer service team.
  • Comply with Laws: to comply with applicable laws and rules and enforce our agreements with you and other people who use our Services.
  • Process information about your contacts: to make it easy for you to find and connect them, improve payment accuracy and suggest connections with people you may know. By providing us with information about your contacts you certify that you have permission to provide that information to PayPal for the purposes described in this Privacy Statement.
  • Create an account connection between your Account and a third-party account or platform: such as with a social media account or a financial institution in connection with your participation in Open Banking.
  • Send you locally relevant options: If you agree to let us track your location, we can enhance your security of our Services and customize our Services by using the right language and personalizing content such as providing location-specific options, functionality or offers, ads and search results.
  • Remember your preferences: We may remember your preferences for the next time you use the Services, such as whether you choose to receive digital receipts via email or text when you checkout.
  • Personalize your experience: When you use Services, as well as other third-party sites and services we might use tracking technologies like cookies. See our Cookie Statement for more details.

 

5. Do We Disclose Personal Information, and why?

We do not sell Personal Information to third parties for money or share your Personal Information for cross context behavioral advertising, including any Sensitive Personal Information.

However, we will disclose your Personal Information with third parties to help us provide Services, protect our customers from risk and fraud, market our products, and comply with legal obligations.

In addition, we may disclose Personal Information with:

  • PayPal and PayPal Companies, including our brands such as Venmo to provide you with the Services and to manage our business or with PayPal Honey to manage our Rewards program.
  • Authorities, when accompanied by a subpoena or other legal documentation that requires PayPal or PayPal Companies to respond. Such authorities include courts, governments, law enforcement, and regulators. We may also be required to provide other third parties information about your use of our Services, for example to comply with card association rules, to investigate or enforce violations of our user agreement or to prevent physical harm or illegal activity.
  • Other financial institutions, to jointly offer a product, such as PayPal Credit, PayPal Savings, PayPal Cashback Mastercard and PayPal Extra Mastercard.
  • Card networks and payment processors, to facilitate payment processing or to add cards to your electronic wallet.
  • Fraud prevention and identity verification agencies, for example to assist us in detecting activities suggestive of fraud.
  • Credit reporting and debt collection agencies, for example to collect unpaid overdue debts through a third party such as a debt collection agency.
  • Service providers that operate at our direction and on our behalf to perform services we outsource to them, such as processing payments, marketing, research, compliance, audits, corporate governance, communications, IT development, maintenance, hosting and support and customer service operations.
  • Other Users in accordance with your Account Settings. You may choose to display or make certain information available to other Users, such as your profile photo, first and last name, username, or city in accordance with your Account Settings.
  • Connected accounts, for example any social media accounts you asked us to connect or when you initiate an Account connection with another bank or financial institutions, card account, or aggregator in connection with your participation in Open Banking, so we can check if you have sufficient funds or confirm your ownership of the account.
  • Partners and Merchants, their service providers and others involved in a transaction, for example when you use the Services to initiate online purchases, pay other Users, or return goods we may disclose information about you and your Account with the other parties (or their service providers) involved in processing your transactions. Please note that Personal Information shared with Partners and Merchants (or their service providers) involved in a transaction is subject to the Partners and Merchants own privacy policy and procedures.
  • Other third parties, for example we disclose Personal Information to advertising platforms at your direction, or security service providers to help prevent unauthorized access to our Services. Please be aware that these parties’ privacy notice applies to the Personal Information that you share directly with them. For example, we use Google’s reCAPTCHA to prevent misuse of our Services, when you access our mobile application. We may also use Google Address Autofill to ensure accuracy of your address. Google’s Privacy Policy and Terms of Use apply to the Personal Information you share with them.
  • Buyers or in connection with business transfer, for example if we are involved in a merger, a purchase or sale of all or part of our business or assets, we may disclose your Personal Information to a buyer of those business or assets. If PayPal or a significant portion of PayPal’s assets are acquired by a third party, Personal Information may also be disclosed.

We may disclose your sensitive personal information as appropriate to carry out legitimate business activities allowed by law.

 

6. How long does PayPal store your Personal Information?

We retain Personal Information for as long as needed or permitted in context of the purpose for which it was collected and consistent with applicable law.

The criteria used to determine our retention period is as follows:

  • Personal Information used for the ongoing relationship between you and PayPal is stored for the duration of the relationship plus a period of 10 years, unless we need to keep it longer, such as:
    • a legal obligation or compliance with laws to which we are subject is retained consistent with the applicable law, such as under applicable bankruptcy laws and AML obligations
    • litigation, investigations, audit and compliance practices, or to protect against legal claims.

 

7. How Do We Use Cookies and Tracking Technologies?

When you interact with our Services, open email we send you, or visit a third-party website for which we provide Services, we and our partners use cookies and other tracking technologies such as pixel tags, web beacons, and widgets (collectively, “Cookies”) to recognize you as a user, customize your online experiences and online content, including to serve you interest-based advertising, perform analytics; mitigate risk and prevent potential fraud, and promote trust and safety across our Services.

We use Cookies to collect your device information, internet activity information, and inferences as described above.

You can disable or decline some cookies for our Services. But, since some parts of our service rely on cookies to work, those services could become difficult or impossible to use.

Some web browsers have an optional setting called “Do Not Track” (DNT) that lets you opt-out of being tracked by advertisers and some third parties. Because many of our services won’t function without tracking data, we do not respond to DNT settings.

If you want to know more about how we use cookies, please review our Statement on Cookies and Tracking Technologies to learn more about our use of Cookies. To learn how to opt-out of this kind of tracking technology, visit About Ads.

 

8. Your Data Protection Rights

Your rights to access, correction, deletion, and restriction to use or share your information.

Under applicable data protection law, you have certain rights to how your Personal Information is collected, stored, used and shared.

We recognize the importance of your ability to control the use of your Personal Information and provide several ways for you to exercise your rights to access (right to know), correction, deletion (erasure), and to restrict certain information (right to opt out of sharing and right to limit use and disclosure of sensitive personal information).

We will not deny you services, charge you different prices, or provide you with a different level of service solely for exercising your privacy rights. If you are a California resident, learn more about how we have handled your Privacy Rights.

How do you exercise your rights?

If you, or an authorized agent, want to exercise any of your rights relating to your Personal Information, contact us or submit your request from your Account Settings. If you have an account, you can exercise your privacy rights by accessing “Data and Privacy” from Account Settings in the PayPal app.

Even if you do not have an account (for example, where you use Payment without a PayPal account), you can submit a request for access, correction, or deletion of your information for your Payment without a PayPal account by contacting us at the number provided in the Contact Us section.

If you or an authorized agent submit a request, we’ll first need to verify who you are before we can respond to your request. We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. We will compare the information you submit against our internal business records to verify your identity. If we can’t verify your identity, we will not be able to fulfill your request. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process.

Your right to request a copy of the Personal Information. If you want to make a request to know about the data we’ve collected about you in the past 12 months, you have choices:

  • Log in to your account and submit a request
  • Call or contact us and request that we provide you with the data we’ve collected.

Your right to correct your Personal Information:

  • Log in to your account and correct information you previously added. For example, you can edit your addresses in your settings
  • Call or contact us and request that we correct specific information

Your right to delete your Personal Information:

  • Log in to your account and delete information you previously added. For example, you can delete your profile picture and non-primary addresses in your settings
  • Call us or contact us and request that we delete specific information
  • Close your account

If you close your account or request that we delete Personal Information, we still need to keep some Personal Information as explained in How long does PayPal store your Personal Information section so we can:

  • Complete a transaction, provide goods or services you requested, or comply with our promises to you in the user agreement or other contract you have with us
  • Detect and prevent malicious, fraudulent, or illegal activity
  • Protect your (or another person’s) legal rights, including the right to free speech
  • Manage our internal business processes that are reasonably related to your expectations when using our Services
  • Comply with laws and other legal or governmental processes

California also offers a right to opt out of “Selling” and “Sharing” Personal Information. Global Privacy Control setting is a browser setting that notifies website owners of users' privacy preferences regarding selling or sharing their personal information. PayPal does not respond to these settings because we do not sell or share data. Some Personal Information collected, processed, or disclosed by a financial institution are subject to federal laws, such as the Gramm-Leach-Bliley Act. Consumers may read our Consumer Privacy Notice for more information about their rights under US federal law.

Understanding your choices

You can control how Personal Information is collected or disclosed, as well as how we communicate with you. Here are some of the ways you can customize your choices.

Choose how we collect Personal Information

You may choose to limit the Personal Information you provide when our apps or Services request it. To help make choices that are right for you, it’s important to understand that Personal Information helps us provide a richer, more personalized experience for you. Also, some Personal Information is required for our Services to function at all.

For example, sharing your contacts helps make it easier for you to find the people you want to send money to. If you choose not to share your contacts with us, you can still use our mobile apps, but some actions may not be as fast or easy as it would be if shared your contacts. Another example is creating an account with us. If you choose not to provide information that is required for an account to function, like your name and email address, we will not be able to create an account for you.

Choose how connected accounts collect and use Personal Information

If you connect your account to a third-party service, you may be able to manage how your Personal Information is collected, used, and shared by them. Read the third parties’ privacy policies to see the choices they offer you.

You can control which third-party services you connect to your account and what Personal Information they can collect about you. For example, to manage the permissions, go to the Security settings in your PayPal account.

Choose how we communicate with you

Your choices about how we communicate with you differ depending on the purpose of the message and how it is delivered. Some messages are considered optional, and some are necessary for you to manage your accounts with us. We use email, text messages, push notifications on your mobile device, and even phone or paper mail depending on the situation and your preferences.

You can click the unsubscribe link in a PayPal marketing email, opt out of a text message by replying “STOP,” or turn off notifications on your device. You can also change your account’s notification settings or the notification preferences on your device.

You won’t be able to opt out of messages that are considered necessary for the Services, such as digital receipts and emails that alert you to changes in your account’s status. You may be able to decide how we send those messages, such as by email, phone, text message, or a notification on your mobile device.

 

9. How Do We Protect Your Personal Information?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Information against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Information we maintain about you is accurate and current. We are not responsible for protecting any Personal Information that we share with a third-party based on an account connection that you have authorized.

 

10. Can Children Use Our Services?

We do not knowingly collect information, including Personal Information, from children under the age of 13 or other individuals who are not legally able to use our Services. If we obtain actual knowledge that we have collected Personal Information from someone not allowed to use our Services, we will promptly delete it, unless we are legally obligated to retain such data.

Please contact us if you believe that we have mistakenly or unintentionally collected information from someone not allowed to use our Services.

We do not sell to third parties for money or share Personal Information of anyone under 16 years of age for cross context behavioral advertising.

 

11. Definitions

  • Device Information means data that can be automatically collected from any device used to access the Services. Such information may include, but is not limited to, your device type; your device’s network connections; your device’s name; your device IP address; information about your device’s web browser and internet connection you use to access the Services; Geolocation Information; information about apps downloaded to your device; and biometric data.
  • Geolocation Information means information that identifies, with precise specificity, your location by using, for instance, longitude and latitude coordinates obtained through your GPS, or your device settings.
  • Location Information means information that identifies, with reasonable specificity, your approximate location by using, for instance, longitude and latitude coordinates obtained through GPS or Wi-Fi or cell site triangulation.
  • Partners and Merchants means our partners and the merchants, partners or businesses that our Users transact with for the purpose of obtaining goods or services.
  • Pay without a PayPal account means our Services may be accessed by individuals without a PayPal account or profile.
  • PayPal means PayPal, Inc. which includes Braintree, Xoom and Zettle.
  • PayPal Companies means companies or separate brands, affiliates or subsidiaries of PayPal, and who process Personal Information in accordance with their terms of service and privacy statements. PayPal Companies include Honey Science LLC, Chargehound LLC, Happy Returns, LLC, Hyperwallet, Simility, Swift Financial LLC, Bill Me Later, Inc., and Venmo.
  • Personal Information in this Privacy Statement means information about you, including your identity, finances and online behavior.
  • Sell under California law is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration.
  • Services means any PayPal branded or Unbranded Payment Services, Pay without a PayPal account, Xoom services, bill pay, Rewards, sending or receiving money, credit products and services, content, features, technologies, or functions, and all related websites, applications and services offered to you by PayPal. Your use of the Services includes use of our Sites.
  • Sharing under California law is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites.
  • Sites means the websites, mobile apps, official social media platforms, or other online properties through which PayPal offers the Services and which has posted or linked to this Privacy Statement.
  • Unbranded Payment Services means when you are interacting with and making payments to Partners and Merchants using our card processing services that do not carry the PayPal brand or when you use our Zettle services.
  • User is any person who uses the Services as a consumer for personal or household use. For the purposes of this Notice, “User” includes “you” and “your.”

 

12. Our Contact Information

If you have questions about this Privacy Statement or your Personal Information, contact us so we can help.

To talk about your PayPal account or Unbranded Payment Services:

To talk about your Xoom account:

 

13. California Privacy Notice of Collection

Under the laws of California and certain other US states (i.e., Virginia), we are required to provide you with the following additional information about: (1) the purpose for which we use each category of “personal information” we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) “share” personal information for “cross-context behavioral advertising,” and/or (c) “sell” such personal information.

Under California law, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. We do not sell or share your Personal Information, including any Sensitive Personal Information. We also do not sell or share and have no actual knowledge that we have sold or shared any Personal Information of anyone under 16 years of age.

For more information about each category, purpose of use, and the third parties to which we disclose information, please see the “Categories of Personal Information We Collect”, “How is Personal Information used,” and “Do We Disclose Personal Information” sections.

 

14. US Consumer Privacy Notice

The following Consumer Privacy Notice applies to you if you are an individual who resides in the United States and uses PayPal Services for your own personal, family, or household purposes.

This Consumer Privacy Notice does not apply to Unbranded Payment Services.

Rev. January 2023