If you live in California, you have legal rights to see, delete, correct, and opt out of the sale or sharing of your personal information held by Acorns.
This analysis describes what Acorns's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are legally enforceable under California law and give California residents meaningful control over how a financial app with highly sensitive data uses and shares their information.
Interpretive note: The scope of the GLBA exemption from CCPA for financial institution data is data-specific and may limit the practical reach of certain CPRA rights for data collected in connection with regulated financial transactions.
The updated policy removes explicit language describing how data flows when users sign in via Apple or Google, including what information those services share with Acorns and how it is used. Previously, the policy stated that Acorns receives information such as name and email address through third-party sign-in services solely to manage accounts and provide services. The revised language also shifts the AI chatbot from an optional feature users 'may access' to a stated service Acorns 'uses' to direct users to internal articles. Users no longer have a published explanation of third-party sign-in data practices in the privacy notice, though the terms suggest data shared through third-party services remains subject to those providers' terms.
View change record →Removed explicit mention of CCPA and CPRA statutes, dropped the right to correct inaccurate information, removed right to limit use, and added right to non-discrimination.
View full change record →California residents can request a copy of all personal data Acorns holds about them, ask for it to be corrected or deleted, and opt out of their data being shared with advertising or analytics partners, all without facing any penalty for exercising these rights.
How other platforms handle this
We may also collect your personal data from other people or companies.
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate person...
Monitoring
Acorns has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include the right to know about the personal information we collect, use, disclose, and sell or share; the right to delete personal information we have collected from you; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; the right to limit the use and disclosure of sensitive personal information; and the right not to be discriminated against for exercising your rights.— Excerpt from Acorns's Acorns Privacy Policy
REGULATORY LANDSCAPE: The CCPA as amended by the CPRA, enforced by the California Privacy Protection Agency and the California Attorney General, grants the rights enumerated in this provision. The CPRA's sensitive personal information category is particularly relevant given Acorns' collection of Social Security numbers, financial account data, and precise geolocation, all of which qualify as sensitive personal information subject to use limitation rights. Financial institutions subject to GLBA have a partial exemption from CCPA for data collected in the course of financial transactions, but the scope of that exemption is data-specific and does not cover all information Acorns collects. GOVERNANCE EXPOSURE: High. The GLBA-CCPA exemption creates a complex data classification exercise for financial services companies. Data that falls within the exemption need not honor CCPA deletion or access requests; data outside the exemption must. Misclassifying data as exempt creates enforcement risk with the California Privacy Protection Agency. JURISDICTION FLAGS: These rights apply specifically to California residents. Users in Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy laws have analogous but not identical rights under their respective state frameworks. Compliance teams should map Acorns' user base against applicable state privacy laws and confirm that rights fulfillment infrastructure covers all required jurisdictions. CONTRACT AND VENDOR IMPLICATIONS: Service providers receiving California resident data must be bound by contracts restricting their use of that data to the specified service purpose, consistent with CPRA service provider requirements. Advertising networks receiving data for marketing purposes may be classified as third parties rather than service providers, triggering different contractual and opt-out obligations. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the CPRA rights request intake process is functional and can be completed within the statutory 45-day response window, that the opt-out of sharing mechanism for cross-context behavioral advertising is prominently displayed and operational, and that the GLBA exemption analysis is current and documented. Annual CPRA compliance reviews should include testing of consumer rights fulfillment workflows.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are legally enforceable under California law and give California residents meaningful control over how a financial app with highly sensitive data uses and shares their information.
California residents can request a copy of all personal data Acorns holds about them, ask for it to be corrected or deleted, and opt out of their data being shared with advertising or analytics partners, all without facing any penalty for exercising these rights.
ConductAtlas has identified this type of provision across 16 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Acorns.