Do I need to disclose Lemon Squeezy in my privacy policy?

Yes. Since Lemon Squeezy processes customer payment and billing information as a data processor on your behalf, you must disclose this relationship in your privacy policy. This is required under GDPR Article 28 (processor disclosure) and CCPA regulations. Failing to disclose third-party payment processors can result in compliance violations.

What data does Lemon Squeezy collect from my customers?

Lemon Squeezy collects customer email addresses, billing information (name, address, payment method details), payment and subscription transaction data, tax identification information, and license key usage records. This data is necessary to process payments, generate invoices, calculate taxes, and manage subscriptions for your products.

Does Lemon Squeezy require a cookie consent banner?

No cookie banner is required specifically for Lemon Squeezy, as the platform does not use cookies for tracking. However, you should verify your overall website's cookie usage and implement appropriate consent mechanisms if you use other analytics or marketing tools alongside Lemon Squeezy.

Where is my customer data processed and who handles it?

Lemon Squeezy LLC, based in the United States, acts as your data processor and merchant of record. Customer data is transferred to and processed by Lemon Squeezy's US-based infrastructure. The company is PCI-DSS compliant and maintains security standards for payment data. Review their privacy policy at https://www.lemonsqueezy.com/privacy for complete details on data handling and your rights.

Fintech

Privacy policy clauses for Lemon Squeezy

Lemon Squeezy is a merchant of record platform that processes payments and subscriptions for SaaS and digital products. Websites use it to handle payment collection, tax compliance, and invoice generation without directly processing credit cards themselves.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data Lemon Squeezy collects

Your privacy policy must disclose each of the following data types when you use Lemon Squeezy.

Customer email and billing info

Payment and subscription data

Tax and invoice records

License key usage

When does Lemon Squeezy trigger privacy obligations?

Lemon Squeezy integration triggers privacy obligations the moment you embed its payment form or checkout on your site or app, because customer email, billing address, payment method details, and subscription data immediately flow to Lemon Squeezy's servers in the United States.

GDPR (if you serve EU customers): You become a joint data controller with Lemon Squeezy for payment and customer data. GDPR Article 13 requires you to provide a privacy notice disclosing Lemon Squeezy as a processor *before* collecting data. You must have a Data Processing Agreement (DPA) in place with Lemon Squeezy covering Standard Contractual Clauses (SCCs) or equivalent adequacy mechanism, as the US has no adequacy finding post-*Schrems II*. This is mandatory, not optional.

CCPA/CPRA (California customers):

Privacy policy clauses for Lemon Squeezy

What data Lemon Squeezy collects

When does Lemon Squeezy trigger privacy obligations?

Where data goes

Common compliance pitfalls

Missing or Incomplete Data Processing Agreement

Failing to Disclose Lemon Squeezy as a Data Recipient in Privacy Policy

Ignoring Cross-Border Data Transfer Compliance

Legal note

Sample privacy policy clause

What regulators look for

Frequently asked questions

Do I need to disclose Lemon Squeezy in my privacy policy?

What data does Lemon Squeezy collect from my customers?

Does Lemon Squeezy require a cookie consent banner?

Where is my customer data processed and who handles it?

Don't ship without Bandit.