This new provision establishes data retention and deletion standards, providing transparency on how long Acorns keeps personal information.

This clarifies permissible uses of personal information for marketing and communications, creating more transparent disclosure about promotional activities.

Removal of explicit third-party data broker sourcing language may indicate stricter controls on data aggregation or represents a de-emphasis of this practice in the updated policy.

Removal of explicit M&A data transfer language may indicate this provision was incorporated elsewhere or deprioritized, reducing transparency about business transaction disclosures.

Removal of specific data aggregator disclosure for account linking reduces transparency about third-party tools used to access external financial institutions.

Severity increased from medium to high, and collection scope narrowed to exclude investment preferences, employment data, and address/date of birth, while adding transaction history detail.

Changed from 'may collect' to 'automatically collect,' added explicit tracking technology methods (cookies, web beacons), and clarified conditional consent for precise geolocation.

Removed language explicitly allowing sharing 'for their own marketing purposes,' added clarification that partners assist in providing services/advertisements, and introduced 'service providers' and 'business partners' categories.

Removed explicit mention of CCPA and CPRA statutes, dropped the right to correct inaccurate information, removed right to limit use, and added right to non-discrimination.

Added commitment to delete minor's data if accidentally collected, replaced 'may collect' language with more neutral description of Acorns Early as accounts 'established by adults for the benefit of minor beneficiaries.'