CA-C-003770
Intuit — Intuit Privacy Statement
Entity
Date detected
July 17, 2026
Effective date
July 17, 2026
Severity
Direction
Positive
Affected users
EU users UK users Swiss users all users
Taxonomy
Cross border transfer change
Changes
+12 sentences added · 6 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Get same-day alerts when Intuit changes We email you the diff and what it means, the day it happens.
Get same-day alerts →

Get the weekly digest

Every policy change across 844 tracked documents, once a week. No account needed.

Event Summary

Intuit's privacy policy was updated on July 17, 2026 to substantially expand its Data Privacy Framework (DPF) compliance disclosures and procedures. The updated language provides detailed operational procedures for DPF Principles-related complaints, dispute resolution mechanisms, and onward transfer liability. Notably, the policy adds explicit language requiring opt-out or opt-in consent before using personal data for materially new purposes or sharing with external parties not covered as processors.

MEDIUM

Consumer Impact

The updated terms establish new procedures for handling personal data complaints related to international data transfers under the EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Frameworks. Users from these jurisdictions now have access to defined complaint and dispute resolution mechanisms, including referral to TRUSTe as an alternative dispute provider at no cost, and binding arbitration under certain conditions. Additionally, the policy now requires that before personal data is used for a materially new purpose or shared with external parties not covered as processors, Mailchimp will offer users the opportunity to opt out through appropriate means or collect opt-in consent.

Governance Analysis

The updated policy establishes new procedural protections and operational requirements for international personal data transfers under the Data Privacy Frameworks. For EU, UK, and Swiss users, the change creates formal complaint and dispute resolution mechanisms, including TRUSTe referral and binding arbitration options. For all users, the updated terms introduce a new requirement that Mailchimp must offer opt-out or obtain opt-in consent before using personal data for materially new purposes or sharing with external parties outside its normal processor relationships.

Available Actions

EU, UK, and Swiss users can file DPF Principles-related complaints by contacting Mailchimp using the 'How to contact us' section; unresolved complaints can be escalated to TRUSTe at https://feedback-form.trustarc.com/watchdog/request at no cost.

Review Mailchimp's updated privacy policy and DPF certification at https://www.dataprivacyframework.gov to understand your specific data transfer protections.

When Mailchimp notifies you of materially new uses of your personal data or sharing with external parties not covered as processors, exercise the opt-out option if provided or decline to provide opt-in consent if you prefer not to participate.

If No Action Is Taken

If you do not review the updated DPF complaint procedures, you may be unaware of your right to file a complaint with TRUSTe or pursue binding arbitration under certain conditions.

If Mailchimp introduces a materially new use of your personal data or sharing arrangement and you do not act on the opt-out or consent request provided, the updated terms will apply as written.

Historical Context

ConductAtlas has recorded 4 material changes to this document over 81 days of monitoring (since April 2026). An additional minor or cosmetic changes were excluded.

2 of Intuit's significant changes have been classified as negative for consumers.

Key Clauses Affected

DPF Complaint and Dispute Resolution

Added defined procedures for DPF Principles-related complaints, referral to TRUSTe at no cost, and binding arbitration option for unresolved disputes.

Consent Requirement for New Uses and External Sharing

Added affirmative obligation to offer opt-out or collect opt-in consent before using personal data for materially new purposes or sharing with external parties not covered as processors.

Onward Transfer Liability

Clarified that Mailchimp remains liable under DPF Principles for agents' processing of personal data transferred under the DPF frameworks.

Full clause-by-clause analysis available with Analyst.
These clauses may change again. Get alerted when they do. Get same-day alerts →

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
5104160a107b437c0db347584f6e8f7f5ef9a06b435be31b4951bfaaba305331
July 8, 2026 00:46 UTC
✓ Verified
Current Version
7d459a6ef42be3985b353cf82297ecca2f5c80d6bc2a6ef93692553db8d7b997
July 17, 2026 00:53 UTC
✓ Verified
Change Detected
July 17, 2026 00:53 UTC
Analysis Methodology
✓ Verified
Source Document
https://www.intuit.com/privacy/statement/
Citation Record
Entity: Intuit
Document: Intuit Privacy Statement
Record ID: CA-C-003770
Captured: 2026-07-17 00:53:48 UTC
URL: https://conductatlas.com/change/2026-07-17-intuit-intuit-privacy-statement-3770/
Accessed: July 18, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Impact Summary

3
New obligations
1
Expanded
Consumers Added

Before using your data in a new way or sharing it with a third party outside their normal processor relationships, Mailchimp must give you a choice to opt out or must ask for your permission first.

Consumers Added

If you have a complaint about how your data is handled under the Data Privacy Framework, Mailchimp will handle it first, then refer unresolved issues to TRUSTe, a free dispute service.

Data controllers Expanded

Mailchimp is legally responsible for ensuring that companies it uses to process data on its behalf comply with Data Privacy Framework rules.

Consumers Added

If disputes about Data Privacy Framework compliance cannot be resolved through normal procedures or TRUSTe, you may have the option to pursue binding arbitration.

For legal and compliance teams

Institutional Analysis

Assessment

Intuit substantially expanded its DPF compliance disclosures in an update detected on July 17, 2026. The change adds operational procedures for DPF Principles-related complaints, establishes referral to TRUSTe for dispute resolution, clarifies liability for onward transfers, and adds a new procedural requirement for opt-out or opt-in consent before materially new personal data uses or external third-party sharing. This change likely reflects updated Data Privacy Framework certification requirements or internal policy refinement following regulatory guidance. Organizations relying on Intuit or Mailchimp services for EU, UK, or Swiss data processing should confirm their own vendor agreements address these dispute resolution and consent mechanisms.

Full compliance analysis

Regulatory exposure, obligation analysis, escalation trigger, board language, and recommended action.

Analyst $49/mo

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003770.

Full Changes

View complete diff →

Document Context

Version history → Policy drift analysis → Document page →
Document
Intuit Privacy Statement
Entity
Intuit
Captured
July 17, 2026
Source URL
https://www.intuit.com/privacy/statement/
Other changes to Intuit Privacy Statement
Previous change Jul 8, 2026
Intuit updated its Privacy Statement on July 8, 2026 to replace references to its 'short code program' with 'text messaging …
Low Neutral
View full version history →
More from Intuit
Jul 8, 2026 Low
Intuit Privacy Statement

Intuit updated its Privacy Statement on July 8, 2026 to replace references to its 'short code program' with 'text messaging …

May 24, 2026 Medium
Intuit Privacy Statement

Intuit removed detailed information about cookies, tracking technologies, and advertising practices from its privacy statement. The updated policy no longer …

May 22, 2026 Low
Intuit Privacy Statement

Intuit updated its privacy policy on May 22, 2026 to add explicit cookie and tracking technology disclosures and consent controls. …

Track Intuit policy changes

Get alerted when this policy changes again — including what changed and why it matters.