Thomas Wilson
UX Researcher
Building trust in PayPal's privacy center
The business problem
PayPal was about to send emails to 300M+ users announcing updated terms and conditions, which would drive traffic to the Privacy Center.
The challenge: we knew from past research that people usually only visit the Privacy Center when they're having an issue. It's a high-scrutiny touchpoint—people go there to scrutinize how we use their data. Now we were about to send millions of people there.
The risk: if the Privacy Center felt confusing or evasive, users could leave PayPal entirely. It hadn't been updated in a while, and needed a refresh.
My role and approach
I joined to lead the research effort. With a one-year global policy rollout timeline, we couldn’t rely on iterative A/B testing after launch, and every decision needed strong evidence upfront. I recommended starting with interviews to understand trust drivers, then validating patterns with a survey.
Constraints included:
High-stakes global rollout — no room for post-launch iteration
Long policy timeline — research had to align with the one-year rollout
Stakeholder skepticism / preference for surveys — needed persuasion and evidence-building
Navigating constraints to determine methodology
Stakeholders initially preferred surveys for their perceived objectivity and scale. However, these methods wouldn’t reveal why users mistrusted or misunderstood the Privacy Center, an important insight before the global launch.
To navigate this, I first aligned stakeholders by:
Highlighting the risk of validating assumptions with surveys alone
Showing example user tasks and scenarios to illustrate the insights qualitative research could uncover
Explaining how the two-phase mixed-method approach would combine depth (interviews) and scale (survey)
Once aligned, I ran a two-phase plan:
Phase 1 – qualitative interviews: 12 in-depth sessions uncovered trust drivers, points of confusion, and reactions to design choices.
Phase 2 – survey validation: After patterns emerged, we scaled findings with a survey to quantify trust shifts and satisfy stakeholder concerns about scale.
This let us get the depth we needed while giving stakeholders the scaled validation they wanted.
Key findings & design changes
Unclear data protection messaging → Users were unsure if financial info was shared or sold.
Change: Added explicit statements like “We never share your full financial information” near sensitive points.
Example of highlighting the protection of financial information
Vague terminology → Users didn’t know whether “data” meant personal, financial, or both.
Change: Defined personal vs. financial data clearly, using concise language and real-world examples.
High clarity examples of what data is shared, when you use PayPal
Clear and upfront definitions of common terms
Hidden privacy controls → Users felt settings were concealed, undermining trust.
Change: Redesigned navigation to make privacy controls visible, adding a “Manage your privacy settings” section.
New section: 'How you can manage your privacy settings'
Outcome & business impact
The survey validated qualitative findings and measured trust metrics using PayPal’s internal benchmarking framework. Results showed:
10% increase in internal trust scores (measured using an internal rating, TRUE), giving leadership confidence to launch globally to 300M+ users.
Recognition of trust-building content and fewer negative perceptions compared to the previous Privacy Center.