Skip to main content

Stripe App - how we process your data

Data processing is a critical aspect of any application that operates on monetary transactions. In this document, we outline how the Stripe App processes your data, ensuring compliance with data protection regulations and maintaining the highest standards of security.

Data persistence

App uses its internal database to store the following data:

  • App configuration:
    • Stripe publishable key
    • Stripe restricted key (encrypted)
    • Configuration name
    • Internal configuration ID
    • Stripe webhook ID
    • Stripe webhook secret (encrypted)
    • Mapping between channel ID and configuration ID
  • Transactions recordings (history of processed transaction):
    • Transaction ID from Saleor
    • Payment Intent ID from Stripe
    • Transaction Flow that Saleor delivers with events
    • Transaction Flow that App computes to use
    • Selected payment method

Data processing

Stripe App is not processing payment details. It's done by Stripe directly on the customer-facing website (storefront).

App processes non-sensitive data regarding transactions, such as:

  • IDs of the transaction
  • Amount and currency of the transaction
  • Type of the transaction (CHARGE/AUTHORIZATION)
  • Type of request (cancel/capture/refund/initialize/process)
  • Type of payment method chosen by the customer
  • Checkout / Order ID

App is not requesting any sensitive data of the customer or a payment method.

Data field

Storefront is capable of writing sensitive information to data field when making a transaction request. App is not requesting such data but can't force the storefront to not write it. App guarantees that only requested fields are being processed and other fields are ignored.

See webhooks documentation for more details about data shape and fields.