SoFi substantially revised the cookie and tracking technology section of its Privacy Notice on April 21, 2026. The prior language stated that SoFi shares tracking information with social media, advertising, and analytics partners, and that non-selection constitutes agreement to these technologies. The updated language introduces a Privacy Preference Center, describes cookie categories (Functional, Performance, Strictly Necessary), explains that blocking cookies may impact site functionality, and provides explicit mechanism to manage consent preferences by category rather than opting into all tracking by default.
The updated Privacy Notice replaces a consent model where non-selection meant acceptance of all tracking technologies with a granular preference system organized by cookie category. Under the revised terms, you can now access a Privacy Preference Center to manage Functional Cookies and Performance Cookies separately, while Strictly Necessary Cookies remain non-optional for site operation. The updated language discloses that blocking certain cookies may impact site functionality and services offered. You can access the Privacy Preference Center to select which cookie categories to enable.
The updated terms establish a granular consent mechanism that moves away from implied consent by silence toward explicit, category-based preference management. This change affects how SoFi collects and uses tracking data by allowing users to disable non-essential cookies while maintaining transparency about the functional consequences of doing so. The shift aligns with regulatory expectations under GDPR and state privacy laws that require affirmative, informed consent for non-essential data processing.
→ Access the Privacy Preference Center when visiting SoFi's website to select which cookie categories (Functional, Performance) you wish to enable
→ Review the disclosure explaining that blocking certain cookies may affect site functionality before disabling preferences
→ If you do not actively manage cookie preferences, the default settings as established by SoFi will apply
→ Depending on which cookies you allow, certain site features or services may not function as expected
Introduces granular, category-based cookie consent management allowing users to enable or disable Functional and Performance Cookies while preserving Strictly Necessary Cookies as mandatory.
Removes prior language stating non-selection constitutes agreement; shifts from implicit to explicit consent model for non-essential tracking.
Adds explicit language that blocking certain cookies may impair site functionality and service delivery, creating transparency around tradeoff between privacy and usability.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
You now have the ability to control different types of cookies separately rather than accepting or rejecting all tracking at once.
The terms now explain that turning off some cookies could mean certain website features may not work properly.
+ 2 more obligation changes. Full breakdown available with Watcher.
Track changes →SoFi revised its cookie consent mechanism from implicit acceptance (silence as consent) to explicit granular preference management through a Privacy Preference Center. The change aligns with transparency expectations under GDPR, CCPA, and state privacy laws by offering category-based opt-out rather than all-or-nothing consent. The removal of the prior 'non-selection constitutes agreement' language and introduction of an explicit management interface may reduce regulatory exposure related to consent validity under EU ePrivacy Directive and comparable US state frameworks. Organizations using SoFi services should assess whether this change affects their own privacy disclosures or vendor governance if they reference or rely on SoFi's consent mechanisms.
GDPR (Articles 4, 7, 13), EU ePrivacy Directive (Directive 2002/58/EC), CCPA (California Civil Code sections 1798.100-1798.199), COPPA (15 U.S.C. 6501-6506), state privacy laws (Virginia, Colorado, Connecticut, Utah, Montana privacy acts)
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001371.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherSoFi revised its cookie and tracking technology disclosure on May 7, 2026. The previous language stated that SoFi uses pixels …
SoFi updated its Privacy Notice on May 6, 2026 to reorganize and clarify how it collects and shares tracking data. …
SoFi updated its Terms of Service on May 5, 2026, making primarily formatting and navigation changes to the document structure. …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.