This privacy statement explains how and why we collects, stores, uses, and shares personal data when you visit our websites or use our services. Reading it will help you understand your privacy rights and choices.
“Personal data” in this statement means information about you, including your identity, finances, and online behavior.
Your privacy rights and choices
When it comes to how your personal data is collected, stored, used, and shared, you have rights and choices.
Understanding your rights
You have the right to request a copy of the personal data we’ve collected about you in the past 12 months. You also have the right to ask us to delete your personal data we have collected about you. If you want to see or delete your personal data, contact us. We will not deny you services, charge you different prices, or provide you with a different level of service solely for exercising your privacy rights.
If you request to see or delete your personal data, we’ll first need to verify who you are before we can respond to your request. If we can’t verify your identity, we will not be able to fulfill your request.
If you want to delete your personal data, you have choices:
- Log in to your account and delete information you previously added. For example, you can delete your profile picture and non-primary addresses in your settings
- Call us and request that we delete specific information
- Close your account
If you close your account or request that we delete personal data, we still need to keep some personal data so we can:
- Complete a transaction, provide goods or services you requested, or comply with our promises to you in the User Agreement or other contract you have with us
- Detect and prevent malicious, fraudulent, or illegal activity
- Protect your (or another person’s) legal rights, including the right to free speech
- Manage our internal business processes that are reasonably related to your expectations when using our services
- Comply with laws
Depending on where you live and what type of account you use, you may have different rights and choices for managing your personal data. For example, certain State privacy laws do not apply to personal data collected, processed, or disclosed by a financial institution according to federal laws, such as the Gramm-Leach-Bliley Act. Consumers may read our Consumer Privacy Notice for more information about their rights under US federal law.
Understanding your choices
You can control how personal data is collected or shared, as well as how we communicate with you. Here are some of the ways you can customize your choices.
Choose how we collect personal data
You may choose to limit the personal data you provide when our apps or services request it. To help make choices that are right for you, it’s important to understand that personal data helps us provide a richer, more personalized experience for you. Also, some personal data is required for our services to function at all.
For example, sharing your contacts helps make it easier for you to find the people you want to send money to. If you choose not to share your contacts with us, you can still use our mobile apps, but some actions may not be as fast or easy as it would be if shared your contacts. Another example is creating an account with us. If you choose not to provide information that is required for an account to function, like your name and email address, we will not be able to create an account for you.
Choose how connected accounts collect and use personal data
If you connect your account to a third-party service, you may be able to manage how your personal data is collected, used, and shared by them. Read the third parties’ privacy policies to see the choices they offer you.
You can control which third-party services you connect to your account and what personal data they can collect about you. For example, to manage the permissions, go to the Security settings in your PayPal account.
Choose how we communicate with you
Your choices about how we communicate with you differ depending on the purpose of the message and how it is delivered. Some messages are considered optional and some are necessary for you to manage your accounts with us. We use email, text messages, push notifications on your mobile device, and even paper mail depending on the situation and your preferences.
You can click the unsubscribe link in a marketing email, opt out of a text message by replying “STOP,” or turn off notifications on your device. You can also change your account’s notification settings or the notification preferences on your device.
You won’t be able to opt out of messages that are considered necessary for you to manage your account, such as receipts and emails that alert you to changes in your account’s status that require your attention. You may be able to decide how we send those messages, such as by email, text message, or a notification on your mobile device.
The personal data we collect
We may collect your personal data when you register for or use our services, such as when you create an account, make a payment, or make a purchase on a merchant’s website.
If you use our services without creating or logging into an account, we’ll still collect personal data, which may include your payment information, device information, and location. When you use our services without creating or logging into an account, we will use this information to process transactions, prevent fraud and comply with the law. We may connect this information with your account, if you have one or if you create an account at a later date.
Here are the kinds of personal data that we may collect when you create an account or use our services:
1. Information that identifies you, for example:
- First and last name
- Phone number
- IP address
- Information collected from cookies or other tracking technologies
2. Records and financial information, for example:
- Social Security Number
- Government-issued identification
- Bank account and routing numbers
- Credit and debit card information
- Financial information
3. Personal characteristics, for example:
- National origin
- Military status
4. Commercial information, for example:
- Online shopping cart information
- Purchase history
5. Internet or network activity, for example:
- Interactions with our services or sites
- Shopping history
6. Geolocation data, for example:
- Global Positioning System (GPS) information when you give us permission through your device settings
- IP-based geolocation
7. Audio, electronic, visual, or similar information, for example:
- Call recordings when you talk to customer service
- Photo IDs and profile pictures you provide
8. Professional or employment information, for example:
- Business information, contact emails and phone numbers
- Tax IDs
9. Information we infer based on your personal data, for example:
- Fraud and risk assessments
- Personalization preferences
Where personal data comes from
We may collect personal information about you from various sources, for example from:
- Our payment partners, such as card networks and payment processors
- Financial institutions, such as banks
- Credit bureaus
- Service providers, such as companies that help us manage risk and fraud, deliver services to you, and market our services
We do not knowingly collect personal information from people who are not allowed to use our sites and services, such as children under the age of 13. Contact us if you believe that we’ve mistakenly collected personal data from someone not allowed to use our services. We’ll delete it immediately, unless we’re legally required to keep it.
Why we collect personal data
We collect personal data for many reasons, including to improve your experience, and to run our business. Specific reasons why we collect your personal data include:
- Run our sites and provide better services, for example to help you send or request money, make purchases, show you your account information, verify access to your account, and keep your account and payment information up to date.
- Manage and improve our business. For example, we do user research to improve our products’ performance and abilities. We also monitor and analyze our sites to help ensure they work as expected.
- Protect our business and our customers from risk and fraud, including fraud that involves our business partners, strategic ventures, or other individuals and merchants, such as eBay, Inc.
- Send you marketing information about our products and services. We may use personal data to market about our partners, such as merchants. We use personal data to better understand and cater to your interests.
- Personalize your experience when you use our sites and services, as well as other third-party sites and services. In this case, we might use tracking technologies like cookies.
- Send you locally relevant options, but only if you agree to let us track your location. If you do, this can help us enhance the security of our sites and services, and customize our services by using the right language and personalizing content such as ads and search results.
- Make it easy for you to find and connect with others. For instance, if you let us access your contacts, we can suggest connections with people you may know.
- Contact you when you need us, such as answering a question you sent to our customer service team.
- Comply with laws and enforce our agreements with you and other people who use our services.
How and why we share personal data
We do not sell your personal data. However, we may share personal data across our services and with other members of the PayPal corporate family. Sometimes we share the personal data we collect with third parties to help us provide services, protect our customers from risk and fraud, market our products, and comply with legal obligations.
You can review the personal data that we may share by reviewing The personal data we collect section.
We may share personal data with:
- Other members of the PayPal corporate family
- Service providers that help us with processing payments, marketing, research, compliance, audits, corporate governance, communications, and security
- Card networks and payment processors
- Financial institutions, such as banks we partner with to offer joint products, like Synchrony Bank in connection with PayPal Credit, the PayPal Cashback Mastercard, and the PayPal Extras Mastercard
- Credit reporting and collections agencies
- Courts, governments, regulators and law enforcement when accompanied by a subpoena or other legal documentation that requires PayPal or members of our corporate family to respond
- People involved in a transaction, such as other users or merchants and their service providers.
- Third parties that you asked us to connect with, such as other financial or social media apps. If you want us to stop sharing information with a third party, disconnect your account from that third party.
- Other third parties to:
- Comply with laws
- Investigate or enforce violations of our user agreement
- Facilitate a merger, purchase, or sale of part or all of our business
- Comply with card association rules
- To prevent physical harm or illegal activity
How we protect your personal data
Helping to keep your personal data safe against loss, misuse, unauthorized access, disclosure, and alteration is our top priority.
To protect your personal data, we use technical, physical, and administrative security measures that include:
- Data encryption
- Physical access controls at our data centers
While we protect our systems and services, you’re responsible for keeping your password(s) and account information private. You are also responsible for making sure your personal information is accurate and up to date.
If your account is closed, we may keep your personal data and other information as required by law and according to our data retention policy. If we do, we’ll continue to handle it as we describe in this statement.
How this statement changes over time
We’ll make changes to this privacy statement from time to time. This helps us stay up to date with changes to our business and the most current laws. After a new version is published, we’ll collect, store, use, and protect your personal data as we outline in that revised statement.
If the new version reduces your rights or increases your responsibilities, we’ll post it on the Policy Updates or Privacy Statement page of our website at least 21 days before it becomes effective.
We may notify you about these changes through email or other communications.