P L E X

Legal & Privacy

Important information about how we operate, protect data, and respect user privacy.

Stripe

How we use Stripe for payments and what data is processed.

Information about how Plexevent uses Stripe for payment processing, including data controller roles, data handling, and privacy considerations.

Last Updated: [Month Day, 2026]

1. Who is the Data Controller for Payments?

Plexevent

Controller for:

  • user account data
  • subscription management
  • billing information (basic info)

Stripe

Independent data controller for payment data.

Meaning:

Stripe processes:

  • credit card numbers
  • payment authorization
  • fraud detection
  • banking compliance

Never store card numbers yourself.

Stripe handles that.

2️⃣ What Data Stripe Receives

When a user subscribes, Stripe may receive:

User data:

  • name
  • email

Payment data:

  • card details
  • payment token
  • transaction details

Most of this is processed directly by Stripe.

Your server usually only receives:

  • customer_id
  • subscription_id

3️⃣ What You Must Write in Privacy Policy

Your Privacy Policy should say something like:

Plexevent uses Stripe for payment processing. Payment information is processed directly by Stripe and is not stored on Plexevent servers.

Also add:

Stripe may process personal data in accordance with its own privacy policy.

Stripe privacy page:

https://stripe.com/privacy

4️⃣ Stripe as a Subprocessor

On your Subprocessors Page, include:

Provider Purpose

Stripe Payment processing and subscription billing

Stripe processes payments on your behalf.

5️⃣ GDPR Legal Basis

Your legal basis for Stripe processing is:

Contract

Processing payments is necessary to provide the service.

Example:

User subscribes → Stripe processes payment → service is activated.

6️⃣ Stripe Data Transfers

Stripe is a global company.

They may process data in:

  • EU

But Stripe uses:

  • ✔ Standard Contractual Clauses
  • ✔ GDPR compliance frameworks

This is why most SaaS companies use Stripe.

7️⃣ Security Benefits

Stripe also protects you because:

never store:

  • card numbers
  • CVV
  • banking credentials

This reduces your PCI compliance burden.

8️⃣ What Must Implement

Use Stripe Checkout or Stripe Elements

Not custom card storage.

Recommended:

Stripe Checkout

or

Stripe Elements

These keep payment data on Stripe servers.

9️⃣ Webhook Security

Stripe will send webhooks to your backend when payments happen.

must:

  • verify Stripe signatures
  • not trust client-side payment status

Example:

  • checkout.session.completed
  • invoice.payment_succeeded
  • invoice.payment_failed

🔟 Email Receipts

Stripe may send payment receipts.

You can configure:

Stripe sends them

or

Plexevent sends invoice email

Both are allowed.

⚠️ Common Stripe Mistake

Many SaaS platforms accidentally store sensitive data.

Make sure your system does NOT store:

  • ❌ card number
  • ❌ CVV
  • ❌ full billing details

Only store:

  • stripe_customer_id
  • subscription_id
  • plan
  • status

For payment compliance and GDPR, please ensure Stripe is implemented correctly.

Requirements:

  • Use Stripe Checkout or Stripe Elements (do not store card data).
  • Store only Stripe customer ID and subscription ID.
  • Implement Stripe webhook verification for payment events.
  • Do not store card numbers or sensitive payment information in our database.
  • Add Stripe as payment provider in privacy and subprocessors documentation.

Legal documents

Have Any Project?

Don’t hesitate to send us message.

Get Started Today!
Product
Company
Resources
legal