# Manage compliance

Part of **Stripe**. Route queries via `POST https://www.company-skill.com/api/route`.

## What You Want to Do

You want to ensure your Stripe integration complies with financial and data privacy regulations such as GDPR, CCPA, and PSD3. This may involve automatically deleting user personal data or manually configuring payment authentication exemption rules.

**Typical User Questions**:
- How do I redact personal data for compliance?
- Can I automate data deletion requests?
- How do I handle PSD3 regulatory requirements?
- How do I configure SCA exemptions?

## Decision Tree

Pick the path that best matches your situation:

- **If** you need to programmatically batch-process GDPR/CCPA data subject deletion requests (e.g., from a script or background system) → use [Manage data redaction jobs via the API](#path-1-manage-data-redaction-jobs-via-the-api) (jump to *stripe/stripe-privacy*)
- **If** your business is in the EEA or UK and needs to configure SCA exemptions (such as TRA-based exemptions or Mark as MOTO) → use [Configure compliance settings through the console](#path-2-configure-compliance-settings-through-the-console) (jump to *stripe/stripe-compliance*)
- **If** you need to set up PSD3 funds segregation and have Stripe Connect enabled → use [Configure compliance settings through the console](#path-2-configure-compliance-settings-through-the-console)
- **Otherwise (default)** → if you're unsure or only need a one-time compliance setup, prefer **Configure compliance settings through the console** since it requires no coding and fits low-frequency operations.

## Path Comparison

| Path | Best For | Complexity | Code Required | Automation | Key Fact | Detail Skill |
|------|----------|------------|---------------|------------|----------|--------------|
| Manage data redaction jobs via the API | Automated compliance systems that need to programmatically create, validate, and run personal data deletion/redaction jobs. | high | Yes | Yes | Uses the Redaction Job API; you must explicitly call run redaction job to execute | `stripe/api/stripe-privacy` |
| Configure compliance settings through the console | Users who need to manually configure PSD3 compliance options or SCA exemption rules and prefer a graphical interface. | low | No | No | Only applies to EEA/UK businesses; MOTO exemption requires Stripe Support to enable | `stripe/guide/stripe-compliance` |

## Path Details

### Path 1: Manage data redaction jobs via the API

**Best For**: Automated compliance systems that need to programmatically create, validate, and run personal data deletion/redaction jobs.

**Brief Description**: The Stripe Privacy API is a RESTful interface for orchestrating personal-data removal from Stripe objects, supporting create, validate, run, and cancel operations on redaction jobs. Core components include the Redaction Job API (endpoint `https://api.stripe.com/v1/privacy/redaction_jobs`), which lets you control `validation_behavior` (error or fix mode) and handle `validation_errors`.

**Key technical facts**:
- Auth: Bearer Token using secret API key (`sk_test_` or `sk_live_`)

**When to Use**:
- You need to programmatically batch-process GDPR/CCPA data deletion requests
- You have an existing automated compliance system that needs to integrate Stripe data redaction
- You need precise control over the redaction job's validation behavior (error or fix mode)

**When NOT to Use**:
- Users prefer a graphical interface over writing code
- You only need a one-time compliance configuration rather than recurring redaction tasks
- You're not familiar with Stripe API authentication and parameter formats

**Known Limitations**:
- Only supported via API calls; no graphical interface option
- Redaction jobs require an explicit `run redaction job` call to execute; they do not auto-trigger
- On validation failure, you must manually handle `validation_errors` and re-validate before continuing
- Only supports redacting Stripe internal objects (e.g., customers); external data sources are not supported

### Path 2: Configure compliance settings through the console

**Best For**: Users who need to manually configure PSD3 compliance options or SCA exemption rules and prefer a graphical interface.

**Brief Description**: The Stripe Dashboard console provides a graphical interface for configuring PSD3 compliance options and SCA exemption rules — completing financial regulatory setup without writing code. Key paths include `Dashboard > Payments > Authentication` (for setting SCA Exemptions) and `Dashboard > Connect > Settings` (for Funds segregation under PSD3 Regulations). Supported operations include `Enable TRA-based exemptions`, `Mark as MOTO`, and selecting `Exemption Type`.

**Key technical facts**:
- Auth: Stripe Dashboard SSO
- Prerequisites: Business must be located in the EEA or UK; Cardholder's bank must be located in the EEA; Stripe account with access to SCA-ready products; For MOTO: PCI compliance and feature enablement via Stripe support; Stripe account with Connect enabled

**When to Use**:
- You need to quickly configure PSD3 funds segregation
- Your business is in the European Economic Area and needs to set SCA exemption rules
- You prefer a graphical interface over API integration
- One-time compliance configuration, not recurring tasks

**When NOT to Use**:
- You need to programmatically batch-process data redaction tasks
- Your business is outside the EEA/UK and cannot use SCA exemptions
- Stripe Connect is not enabled, so PSD3 compliance cannot be configured
- You need automated integration into an existing compliance system

**Known Limitations**:
- Only applies to SCA exemption configuration for EEA/UK businesses
- MOTO (mail order/telephone order) exemptions require an additional request to Stripe Support
- PSD3 compliance configuration requires Stripe Connect to be enabled
- Cannot be configured automatically via API; all operations require manual console actions

## FAQ

Q: Which path should I start with?
A: If you're configuring SCA exemptions or PSD3 settings for the first time and your business is in the EEA/UK, start with **Configure compliance settings through the console**. If you need to auto-respond to GDPR deletion requests, you must use **Manage data redaction jobs via the API**.

Q: What if my business isn't in the EEA or UK but I use the console path to configure SCA Exemptions?
A: You won't see or be able to enable the relevant options (such as `Enable TRA-based exemptions` or `Mark as MOTO`) — these features are only available to EEA/UK merchants.

Q: What if I need to process hundreds of GDPR deletion requests per day but pick the console path?
A: You won't be able to automate it, and you'd need to handle each one manually (and the console doesn't even support data redaction jobs), causing compliance delays or violations.

Q: I'm not familiar with APIs — what problems will I hit using the Redaction Job API?
A: You may misuse `sk_test_`/`sk_live_` keys, ignore `validation_errors`, or forget to call `run redaction job`, leaving jobs stuck in validation and unable to actually delete data.

Q: Can I configure PSD3 Funds segregation via the API?
A: No. PSD3-related settings (including Funds segregation) can only be configured manually under `Dashboard > Connect > Settings`, and require Stripe Connect to be enabled.

Q: Can a redaction job auto-fix validation failures?
A: No. You must inspect `validation_errors`, correct the inputs (e.g., customer ID format), and resubmit the request with the correct `validation_behavior`.

Q: What if I prefer a graphical interface but pick the API path?
A: You'll have to write and debug code to call the Redaction Job API. This path provides no graphical option, which can significantly increase implementation effort.

Q: What if my business isn't in the EEA/UK but I pick the console path?
A: You won't be able to access SCA exemption configuration features (such as TRA-based exemptions or Mark as MOTO) — those options are only shown to EEA/UK merchants.

## Related queries

how to redact personal data, GDPR compliance Stripe, automate data deletion requests, configure SCA exemptions, handle PSD3 regulations, manage financial compliance, Redaction Job API, Stripe Dashboard compliance, Mark as MOTO, Enable TRA-based exemptions, validation_behavior, run redaction job, can

---
Part of [Stripe](https://www.company-skill.com/p/stripe.md) · https://www.company-skill.com/llms.txt