SoFi policy change — SoFi Privacy Notice

CA-C-000596

SoFi — SoFi Privacy Notice

Entity

SoFi

Document

SoFi Privacy Notice

Date detected

April 21, 2026

Effective date

April 21, 2026

Severity

Medium

Direction

Positive

Affected users

all users us users

Taxonomy

Consent expansion

Changes

+3 sentences added · −3 sentences removed · 12 sentences modified

Share 𝕏 Share in Share 🔒 PDF

🔔 Get alerted when SoFi changes their policies.

Watcher — $9.99/mo Professional →

What Changed

SoFi updated its Privacy Notice on April 21, 2026 to replace a simplified tracking-technologies disclosure with a more detailed 'Privacy Preference Center' interface that describes cookies by category and gives users controls to manage their preferences. Previously, the notice stated that users agreed to tracking technologies if they made no selection; now it explains different cookie types and emphasizes users' ability to choose. This matters because the new language provides clearer granular consent controls rather than implying passive agreement to all tracking.

Consumer Impact (what this means for users)

SoFi replaced a passive consent model — where doing nothing meant agreeing to all tracking — with a Privacy Preference Center that categorizes cookies (Functional, Performance, etc.) and lets you opt out of specific types. This gives you more meaningful control over how your browsing data is collected and used on SoFi's platform. You can visit SoFi's Privacy Preference Center to review cookie categories and adjust your settings to reflect your actual preferences.

Obligation Changes (what shifted)

New obligations

Protection removed

Consumers Added

You now have a real choice about which types of cookies SoFi uses on your device, instead of automatically agreeing to everything by not clicking anything.

Data controllers Removed

SoFi can no longer treat your silence as permission to track you — they must now present you with actual choices.

Applicable regulations

CCPA/CPRA

California, USA

CFAA

United States Federal

CAN-SPAM

United States Federal

FCRA

United States Federal

GLBA

United States Federal

TCPA

United States Federal

Why It Matters (compliance & risk perspective)

The shift from implied passive consent to an active Privacy Preference Center gives SoFi users genuine control over which cookies track their behavior, rather than being automatically opted in by inaction. This is a meaningful improvement in transparency and user rights, particularly for consumers concerned about their data being shared with advertising partners.

Key Clauses Affected

Passive Consent Removal

The clause stating that inaction constitutes agreement to tracking technologies was removed, ending implied default consent.

Privacy Preference Center Introduction

A new cookie preference center was added, giving users granular controls to accept or decline specific cookie categories.

Functional Cookies Disclosure

Functional cookies are now disclosed as a distinct category that may be set by third-party providers and may affect site services if blocked.

Full clause-by-clause analysis available with Watcher.

Evidence Verification

✓ Verified

Previous Version

7e3b86d9a9d25a42d6adc3c47649049e92242e4b30059cee9e850144c87e3f45

April 19, 2026 06:08 UTC

✓ Verified

Current Version

3dfa2aeb56d30d09c89593ed147e0be052f4572888a8c1afe658dcc7bb6c40b1

April 21, 2026 11:16 UTC

✓ Verified

Change Detected

April 21, 2026 11:16 UTC

✓ Verified

Source Document

https://www.sofi.com/privacy-policy/

How to Cite

ConductAtlas Policy Archive
Entity: SoFi | Document: SoFi Privacy Notice | Record: CA-C-000596
Captured: 2026-04-21 11:16:46 UTC
URL: https://conductatlas.com/change/2026-04-21-sofi-sofi-privacy-notice-596/
Accessed: May 2, 2026

Unlock the full analysis

Institutional analysis Clause breakdown Document redline Citation export

Watcher — $9.99/mo Professional — $149/mo

14-day free trial available.

Institutional Analysis (Compliance & legal intelligence)

Assessment

SoFi replaced a single-paragraph, implied-consent tracking disclosure with a structured Privacy Preference Center offering category-level cookie controls (Functional, Performance, and implicitly others). This touches consent mechanisms under CCPA/CPRA (Cal. Civ. Code §1798.135), FTC Act Section 5, and GDPR Art. 6/7 if EU users are served. The shift away from implied passive consent toward granular opt-out controls reduces regulatory exposure but requires verification that the implemented consent tool actually matches the disclosed categories. Compliance teams should confirm the live consent management platform reflects the updated policy language and that records of consent are captured appropriately.

Regulatory Exposure

1. CCPA/CPRA — Cal. Civ. Code §1798.100, §1798.120, §1798.135: The new preference center must honor opt-out of sale/sharing for targeted advertising cookies; verify that the Performance and Functional cookie categories do not constitute 'sale' or 'sharing' without a valid opt-out mechanism.

🔒

Compliance intelligence locked

Obligation analysis, escalation trigger, board language, and recommended action.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations + obligations. Professional: full compliance memo.

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000596.

Full Changes

See the full side-by-side comparison of every sentence added, removed, and modified.

🔒 Unlock full diff — Watcher $9.99/mo

Document Context

Document: SoFi Privacy Notice
Entity: SoFi
Captured: April 21, 2026
Source URL: https://www.sofi.com/privacy-policy/

Stay ahead of policy changes

We monitor 200+ platforms and archive every change — verified and timestamped.