The policy states that Acorns automatically collects device identifiers, operating system and browser data, in-app and web usage activity, IP address-based location, and precise geolocation when permitted, along with data gathered through cookies, web beacons, and similar tracking technologies.
This analysis describes what Acorns's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes automated collection of behavioral, device, and location data through tracking technologies in addition to user-provided financial data, creating a dataset that may be used for advertising and analytics purposes as described elsewhere in the policy.
Interpretive note: The document excerpt reviewed does not fully detail the mechanism for obtaining or revoking consent for precise geolocation collection, and the operational scope of tracking technology use for advertising versus functional purposes is not fully specified.
The updated policy removes explicit language describing how data flows when users sign in via Apple or Google, including what information those services share with Acorns and how it is used. Previously, the policy stated that Acorns receives information such as name and email address through third-party sign-in services solely to manage accounts and provide services. The revised language also shifts the AI chatbot from an optional feature users 'may access' to a stated service Acorns 'uses' to direct users to internal articles. Users no longer have a published explanation of third-party sign-in data practices in the privacy notice, though the terms suggest data shared through third-party services remains subject to those providers' terms.
View change record →Changed from 'may collect' to 'automatically collect,' added explicit tracking technology methods (cookies, web beacons), and clarified conditional consent for precise geolocation.
View full change record →Under this provision, Acorns automatically collects device identifiers, browsing and app activity, IP-based location, and precise geolocation through cookies and similar tracking technologies without requiring affirmative user action beyond visiting or using the platform. The policy states that precise geolocation collection is conditioned on user permission, though the scope and revocability of that permission are not fully detailed in the excerpt reviewed.
How other platforms handle this
Geolocation Information
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Acorns has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We automatically collect certain information when you use our Services, including: device information (such as device type, operating system, and browser type); usage information (such as pages visited, links clicked, and features used); location information (such as IP address and, if you permit, precise geolocation); and information collected through cookies, web beacons, and similar tracking technologies.— Excerpt from Acorns's Acorns Privacy Policy
1) REGULATORY LANDSCAPE: Automated collection of device identifiers, behavioral data, and geolocation through tracking technologies engages CCPA's definitions of personal information and sale or sharing, including cross-context behavioral advertising restrictions under CPRA. The FTC Act's unfair or deceptive practices standards apply to disclosures about tracking technology use. State wiretapping and electronic communications laws in certain jurisdictions may be implicated by cookie-based interception of communications. 2) GOVERNANCE EXPOSURE: Medium. The use of cookies, web beacons, and similar technologies for behavioral tracking on a financial services platform creates exposure under CCPA's opt-out-of-sharing requirements and may require a Global Privacy Control (GPC) signal honoring mechanism under California regulations. 3) JURISDICTION FLAGS: California residents have a right under CPRA to opt out of sharing of personal information collected through tracking technologies for cross-context behavioral advertising. The EU/EEA would require GDPR-compliant consent for non-essential cookies, though the policy does not appear to assert EU applicability. Illinois and other states with emerging comprehensive privacy laws may impose consent or opt-out obligations for geolocation collection. 4) CONTRACT AND VENDOR IMPLICATIONS: Advertising and analytics partners receiving behavioral and device data through tracking technologies must be assessed as to whether they qualify as service providers or third parties under CCPA, as this classification determines whether an opt-out-of-sale mechanism is required. Vendor data processing agreements should address restrictions on the use of behavioral data shared through tracking technologies. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether the platform's cookie consent mechanisms satisfy CCPA's opt-out-of-sharing requirements and whether a GPC signal is honored as required under California regulations. Geolocation data collection practices, including the mechanism for obtaining and revoking user permission for precise location, should be documented and reviewed against applicable state privacy law requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes automated collection of behavioral, device, and location data through tracking technologies in addition to user-provided financial data, creating a dataset that may be used for advertising and analytics purposes as described elsewhere in the policy.
Under this provision, Acorns automatically collects device identifiers, browsing and app activity, IP-based location, and precise geolocation through cookies and similar tracking technologies without requiring affirmative user action beyond visiting or using the platform. The policy states that precise geolocation collection is conditioned on user permission, though the scope and revocability of that permission are not fully detailed in the …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Acorns.