BBAA Atlas

Does Stripe offer EU data residency?

Stripe, Inc. · Payments · official site ↗

No EU data residencyEU-US DPF + SCCsDPA available
Where does Stripe store EU data — and who can touch it?
Stripe does not offer EU data residency — data is hosted outside the EEA, and relies on the EU-US Data Privacy Framework plus SCCs for transfers.
Stripe offers no customer-selectable EU-only data residency — payment data is processed globally, including in the US — but it is certified to the EU-US Data Privacy Framework and incorporates SCCs into its DPA.

EU data residency

Can you keep data in the EU?
Stripe's DPA states personal data may be transferred to Stripe, LLC in the United States and to Stripe affiliates and sub-processors in other jurisdictions. There is no customer-facing option to keep payment data at rest in the EU only; processing is global by design.
Transfer mechanism
Stripe self-certifies to the EU-US Data Privacy Framework and defines the EEA SCCs and UK International Data Transfer Addendum as its fallback transfer mechanisms in the DPA for personal data leaving the EEA.

Sub-processors

Who else processes your data?
Stripe publishes a service-providers / sub-processor list (AWS, Google, Twilio, identity-verification vendors such as LexisNexis and Ekata, and others). A business user may object in writing within 30 days of an update to the page; absent objection the appointment is deemed accepted. current sub-processor list ↗

Data Processing Agreement (DPA)

Does Stripe sign a DPA?
The DPA is a click-through document incorporated into Stripe's Services Agreement and applies automatically to all users; a dated PDF is also published for download. No separate negotiation or plan tier is required. DPA ↗
What the trust-badge pages don't tell you
Stripe is a payments processor, not a hostable app — there is no 'EU region' to pick. The control that matters here is the transfer mechanism (DPF + SCCs) and the 30-day sub-processor objection window, not residency.
Last checked 2026-06-02confidence: high · GDPR terms, residency regions and sub-processors change — confirm current terms with Stripe, Inc. and run your own transfer impact assessment. This is not legal advice.
$249/moto monitor up to 25 vendors' DPA & residency
$3,000/yr, incl. cited bulk export

Monitor your whole vendor list for DPA & residency changes

The free lookup answers one vendor at a time. Teams running EU vendor intake track dozens and need to know the moment a sub-processor, residency region or DPA term changes. Leave your work email and we'll set up monitoring + a cited export for your list.

We'll reply to set up your vendor list and confirm pricing. No card, no checkout here.

Get notified when this changes

Compliance isn't one-and-done. Leave your email and we'll alert you when any vendor's BAA or HIPAA status we cover changes.

One email per change. No newsletter, no selling your address.

Frequently asked questions

Does Stripe offer EU data residency?
No. Stripe's DPA states personal data may be transferred to Stripe, LLC in the United States and to Stripe affiliates and sub-processors in other jurisdictions. There is no customer-facing option to keep payment data at rest in the EU only; processing is global by design.
Where does Stripe send my data, and does it rely on SCCs?
Stripe self-certifies to the EU-US Data Privacy Framework and defines the EEA SCCs and UK International Data Transfer Addendum as its fallback transfer mechanisms in the DPA for personal data leaving the EEA.
Who are Stripe's sub-processors?
Stripe publishes a service-providers / sub-processor list (AWS, Google, Twilio, identity-verification vendors such as LexisNexis and Ekata, and others). A business user may object in writing within 30 days of an update to the page; absent objection the appointment is deemed accepted. See the current list at https://stripe.com/service-providers/legal.
Does Stripe sign a GDPR Data Processing Agreement (DPA)?
Yes — The DPA is a click-through document incorporated into Stripe's Services Agreement and applies automatically to all users; a dated PDF is also published for download. No separate negotiation or plan tier is required.
Is Stripe GDPR compliant?
Stripe can be used in a GDPR-compliant way, but compliance depends on your configuration, not just the vendor: Stripe offers no customer-selectable EU-only data residency — payment data is processed globally, including in the US — but it is certified to the EU-US Data Privacy Framework and incorporates SCCs into its DPA. You are the controller — confirm the current DPA, residency and sub-processor terms with Stripe, Inc. and run a transfer impact assessment before processing EU personal data. This is not legal advice.

Sources

Stripe — Data Processing Agreement
https://stripe.com/legal/dpa
Supports: Click-through DPA; global transfer to Stripe, LLC (US); SCCs + UK addendum as transfer mechanismdated: 2026-06-02
Stripe — Service Providers / Sub-Processors
https://stripe.com/service-providers/legal
Supports: Public sub-processor list with a 30-day written objection windowdated: 2026-06-02
Stripe — Privacy Center
https://stripe.com/legal/privacy-center
Supports: EU-US Data Privacy Framework certification; global data storage, no EU-only residency optiondated: 2026-06-02
This page is cited public information, not legal or compliance advice. Whether Stripe can lawfully process your EU personal data depends on your plan, configured region, contract and a transfer impact assessment you control. Always confirm current terms with Stripe, Inc. before sending EU personal data.

Check another vendor

AirtableEU residency on higher tiersAmplitudeEU data residency availableAsanaEU residency on higher tiersAtlassian (Jira & Confluence)EU data residency availableBoxEU residency on higher tiersCalendlyNo EU data residency

Browse all 25 vendors →