Acorns collects technical data about your device and your precise or approximate location when you use the app, in addition to tracking how you interact with its features.
This analysis describes what Acorns's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Geolocation data is classified as sensitive personal information under the CPRA, giving California residents specific rights to limit its use, and precise location data can reveal sensitive personal patterns when combined with financial activity data.
Acorns collects your device identifiers and geolocation data alongside your financial activity, creating a combined profile of where you are and what you do financially, which California residents can request to limit under CPRA.
How other platforms handle this
Geolocation data, such as device location. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer's interaction with an internet website, application, or advertisement. Device identifiers, such as IP address, unique d...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
We collect precise geolocation data when you use our mobile application or enable location services on your device. We use this information to provide location-based services, improve our services, and for marketing purposes.
Monitoring
Acorns has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect information about your device and how you use our services, including IP address, browser type, operating system, device identifiers, geolocation data, and information about your interactions with our services.— Excerpt from Acorns's Acorns Privacy Policy
REGULATORY LANDSCAPE: Precise geolocation data is classified as sensitive personal information under the CPRA, requiring specific disclosure and opt-out or limit-use mechanisms for California residents. The FTC has issued guidance on the sensitivity of location data and its combination with other personal information, flagging this as a heightened privacy risk area. Several state attorneys general have also taken enforcement actions against companies sharing precise geolocation data without adequate disclosure. GOVERNANCE EXPOSURE: Medium. The collection of geolocation data by a financial services app is not unusual, but the combination of location tracking with financial transaction data creates a detailed behavioral profile. The CPRA's sensitive personal information framework imposes specific disclosure and rights-fulfillment obligations for this data category. JURISDICTION FLAGS: California's CPRA specifically categorizes precise geolocation as sensitive personal information. Several other states with comprehensive privacy laws (Virginia, Colorado, Connecticut) also treat geolocation as a sensitive category. Compliance teams should confirm that opt-out or limit-use mechanisms for geolocation data are operational in all applicable jurisdictions. CONTRACT AND VENDOR IMPLICATIONS: If geolocation data is shared with analytics or advertising vendors, those contracts should restrict secondary use and require deletion upon contract termination. The FTC has indicated particular concern about location data shared with data brokers who may further sell or aggregate it. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether geolocation collection is necessary for all product features or whether data minimization could reduce collection scope. Device-level permission controls for location access should be reviewed to confirm they function correctly across iOS and Android. California-specific limit-use requests for geolocation data must be honored within statutory timeframes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Geolocation data is classified as sensitive personal information under the CPRA, giving California residents specific rights to limit its use, and precise location data can reveal sensitive personal patterns when combined with financial activity data.
Acorns collects your device identifiers and geolocation data alongside your financial activity, creating a combined profile of where you are and what you do financially, which California residents can request to limit under CPRA.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Acorns.