Affirm substantially expanded its Privacy Policy on June 3, 2026, adding over 200 sentences of new disclosure and structural content. The updated policy explicitly identifies Affirm as a financial institution under the Gramm-Leach-Bliley Act, clarifies that certain personal information is governed by federal banking law rather than state privacy laws, and adds detailed sections explaining how Affirm collects, uses, and discloses information, including new disclosures about sharing with fraud prevention and identity verification providers. The previous version lacked this regulatory framing and level of operational detail.
The updated Privacy Policy establishes that Affirm qualifies as a financial institution under the Gramm-Leach-Bliley Act, meaning personal information collected in connection with Affirm services is governed by federal banking law rather than applicable state privacy laws. The policy now explicitly discloses collection of identity and profile information including full name, date of birth, Social Security number, email, mailing address, phone number, and password. The updated terms also disclose new data sharing arrangements with fraud prevention, identity verification, and risk intelligence providers, which were not previously detailed. You can contact Affirm's privacy team using the phone number provided in the updated policy to exercise data privacy rights.
The updated policy establishes that Affirm qualifies as a financial institution under federal banking law, which may limit the applicability of state privacy laws to Affirm's core lending operations. The policy also newly discloses sharing of personal information with fraud prevention and identity verification providers, expanding transparency about third parties that receive consumer data.
→ Review the updated Privacy Policy, particularly Section 9 ('Affirm's Privacy Notice for Consumer Financial Information') which describes your data rights under federal banking law
→ Contact Affirm's privacy team using the phone number provided in the updated policy if you wish to exercise data subject rights or request information about how your data is shared
→ Your personal information will continue to be collected and shared with fraud prevention and identity verification providers as disclosed in the updated policy
→ Data handling will be governed by federal banking law rather than applicable state privacy statutes, which may limit available remedies or rights under state law
Policy now explicitly asserts Affirm is a financial institution under GLBA, with certain data governed exclusively by federal law, not state privacy statutes.
Policy now discloses sharing of personal information with fraud prevention, identity verification, and risk intelligence providers.
Policy now explicitly lists identity and profile information collected, including Social Security numbers, dates of birth, and contact information.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Affirm now explicitly lists new third parties it shares data with, which were not previously detailed in the policy.
Affirm has added a contact method for privacy requests and clarified that federal law governs certain personal information.
+ 1 more obligation changes. Full breakdown available with Monitor.
Track changes →Affirm's Privacy Policy update on June 3, 2026 substantially expands disclosure of data practices, regulatory status, and data sharing arrangements. The policy explicitly asserts that Affirm qualifies as a financial institution under the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.), meaning certain collected information is classified as nonpublic personal information governed exclusively by federal law rather than state privacy statutes. This regulatory positioning may reduce applicability of state-level privacy laws (such as CCPA) to Affirm's core lending operations. Organizations that integrate Affirm financing into their platforms should review whether the updated policy aligns with their own privacy representations and vendor management frameworks, and whether their data processing agreements with Affirm require updating to reflect the newly disclosed data sharing practices with fraud prevention and identity verification providers.
GLBA (Gramm-Leach-Bliley Act); CCPA and related state privacy laws (applicability may be limited by GLBA preemption assertion); FTC Act Section 5 (unfair or deceptive practices); state consumer protection statutes
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002632.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorWe read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and lia…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.