Handling customer deletion requests

Stripe offers multiple tools for businesses to remove data from your Dashboard and API.

• Redaction is the ability for businesses to permanently remove personal data from view, making the redacted object’s data inaccessible to you in the Dashboard and API. We recommend using redaction jobs to remove your users’ data for consumer data deletion requests. It identifies multiple objects related to any you configured, and provides a centralised programmable interface to remove data.

• Deletion is a capability that some Stripe features offer for object lifecycle management. The best way to view its behaviour is through the feature’s documentation and API reference. The delete API endpoints operate on the specified object only and offer detailed controls. For example, if you use the Customers API, review the Delete a customer endpoint.

Review the documentation of the Stripe features your business uses and identify the best solution for your business needs.

As your payments and service provider, Stripe complies with legal and operational requirements imposed by the local authorities where your business operates and might retain data as legally required, after redaction. We might need you to finalise an object’s usage or wait for risk periods to end before redaction.

Reasons that an object might not be immediately eligible for redaction include:

• Incomplete object state - Stripe objects might require the business to finalise its usage before deleting or redacting. Here are a few examples:
  • Cancel unused PaymentIntent and SetupIntent objects
  • Detach payment methods from a Customer object
  • Void open Invoice objects
  • Close any open Dispute objects
• Fraud - Transactions don’t support deletion and can only be redacted after 90 days.