Acorns collects technical data about your device and your precise or approximate location when you use the app, in addition to tracking how you interact with its features.
This analysis describes what Acorns's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Geolocation data is classified as sensitive personal information under the CPRA, giving California residents specific rights to limit its use, and precise location data can reveal sensitive personal patterns when combined with financial activity data.
The updated policy removes explicit language describing how data flows when users sign in via Apple or Google, including what information those services share with Acorns and how it is used. Previously, the policy stated that Acorns receives information such as name and email address through third-party sign-in services solely to manage accounts and provide services. The revised language also shifts the AI chatbot from an optional feature users 'may access' to a stated service Acorns 'uses' to direct users to internal articles. Users no longer have a published explanation of third-party sign-in data practices in the privacy notice, though the terms suggest data shared through third-party services remains subject to those providers' terms.
View change record →Acorns collects your device identifiers and geolocation data alongside your financial activity, creating a combined profile of where you are and what you do financially, which California residents can request to limit under CPRA.
How other platforms handle this
Geolocation Information
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Acorns has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect information about your device and how you use our services, including IP address, browser type, operating system, device identifiers, geolocation data, and information about your interactions with our services.— Excerpt from Acorns's Acorns Privacy Policy
REGULATORY LANDSCAPE: Precise geolocation data is classified as sensitive personal information under the CPRA, requiring specific disclosure and opt-out or limit-use mechanisms for California residents. The FTC has issued guidance on the sensitivity of location data and its combination with other personal information, flagging this as a heightened privacy risk area. Several state attorneys general have also taken enforcement actions against companies sharing precise geolocation data without adequate disclosure. GOVERNANCE EXPOSURE: Medium. The collection of geolocation data by a financial services app is not unusual, but the combination of location tracking with financial transaction data creates a detailed behavioral profile. The CPRA's sensitive personal information framework imposes specific disclosure and rights-fulfillment obligations for this data category. JURISDICTION FLAGS: California's CPRA specifically categorizes precise geolocation as sensitive personal information. Several other states with comprehensive privacy laws (Virginia, Colorado, Connecticut) also treat geolocation as a sensitive category. Compliance teams should confirm that opt-out or limit-use mechanisms for geolocation data are operational in all applicable jurisdictions. CONTRACT AND VENDOR IMPLICATIONS: If geolocation data is shared with analytics or advertising vendors, those contracts should restrict secondary use and require deletion upon contract termination. The FTC has indicated particular concern about location data shared with data brokers who may further sell or aggregate it. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether geolocation collection is necessary for all product features or whether data minimization could reduce collection scope. Device-level permission controls for location access should be reviewed to confirm they function correctly across iOS and Android. California-specific limit-use requests for geolocation data must be honored within statutory timeframes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Geolocation data is classified as sensitive personal information under the CPRA, giving California residents specific rights to limit its use, and precise location data can reveal sensitive personal patterns when combined with financial activity data.
Acorns collects your device identifiers and geolocation data alongside your financial activity, creating a combined profile of where you are and what you do financially, which California residents can request to limit under CPRA.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Acorns.