No. 001 · Licensed Edition
Stripe — Security Evidence Dossier
Question
What security evidence does Stripe publish?
Answer
Stripe publishes broad public security documentation — SOC 2 Type II and PCI DSS Level 1, a GDPR-aligned data-processing agreement, AES-256 at rest with TLS in transit, single sign-on and multi-factor access, a public subprocessor list, and 48-hour incident notification. Of 55 fields, 46 are Documented and 9 are Questions surfaced for buyer follow-up.
46 Documented9 Questions surfacedof 55

Edition
Licensed Edition
Reference
Dossier No. 001
Framework
55 fields · 10 domains
Documented
46 of 55
Questions surfaced
9
Evidence date
22 June 2026
Vendor pages reviewed
14
Price
US$1,500 — Licensed Edition
Reviewer
A. Vale · SD-R01
10 domains reviewed
- Identity & legal entity
- Standards & attestations
- Privacy & compliance
- Encryption & key management
- Infrastructure & hosting
- Access control
- Vulnerability & incident response
- Subprocessors & supply chain
- AI governance
- Secure development & organization
What's inside
Evidence ledger
All 55 fields across 10 domains, each recorded in one of two states, with the vendor's own words quoted and cited where Documented.
Source register
Every vendor-published page reviewed, listed with its URL, so each line traces back to where it was found.
Integrity record
A SHA-256 record so the released document can be confirmed unchanged.
Vendor question pack
The Questions surfaced, gathered as ready-to-send follow-ups for your procurement or security conversation.
Question surfaced means: Not identified in the vendor-published sources reviewed. This does not establish absence of the control.