Thomas Wilson

UX Researcher

About
Work

Building trust in PayPal's privacy center

PayPal was mandated to notify 300M+ users about updated terms. Rather than just send an email, leadership saw an opportunity: redesign the Privacy Center to actually build trust. But first, we needed to understand what wasn't working with it, and how to actually build trust.

My role and approach

I joined to lead the research effort. With a one-year global policy rollout timeline, we couldn’t rely on iterative A/B testing after launch, and every decision needed strong evidence upfront. I recommended starting with interviews to understand trust drivers, then validating patterns with a survey.
Some constraints were:

  • Global rollout from the start— no room for post-launch iteration
  • Stakeholder skepticism / preference for surveys — stakeholders needed persuasion and evidence-building

Navigating constraints to determine methodology

Stakeholders wanted surveys for their perceived objectivity. I had to convince them that surveys alone would validate our assumptions, not reveal why users mistrusted the Privacy Center.

I walked them through concrete examples of user tasks and confusion points. That shifted the conversation from 'qual vs quant' to 'what are we actually trying to learn?'

I proposed a two-phase approach: 12 in-depth interviews to uncover why users struggled, then a survey to scale and validate patterns.

Phase 1 surfaced trust drivers and comprehension gaps that wouldn't have shown up in surveys.
Phase 2 quantified impact and gave the SLT leadership confidence for global launch.

Key findings & design changes

  • Unclear data protection messaging → Users were unsure if financial info was shared or sold.
    Change: Added explicit statements like “We never share your full financial information” near sensitive points.

Example of highlighting the protection of financial information

  • Vague terminology → Users didn’t know whether “data” meant personal, financial, or both.
    Change: Defined personal vs. financial data clearly, using concise language and real-world examples.

High clarity examples of what data is shared, when you use PayPal

Clear and upfront definitions of common terms

  • Hidden privacy controls → Users felt settings were concealed, undermining trust.
    Change: Redesigned navigation to make privacy controls visible, adding a “Manage your privacy settings” section.

New section: 'How you can manage your privacy settings'

Outcome & business impact

Post-launch comparison survey measured trust and usability improvements using PayPal's TRUE framework. Trust scores improved ~10%, validating the redesign for global rollout.


<-- Back to my work