Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC enforces the GLBA Safeguards Rule requiring financial platforms to maintain adequate security programs protecting consumer financial data.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Security of Personal Information clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Security of Personal Information clauses across approximately 2 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Security of Personal Information — Acorns

Share 𝕏 Share in Share 🔒 PDF

What it is

Acorns uses security measures to protect your data but explicitly states it cannot guarantee your data will never be breached.

Consumer impact (what this means for users)

Despite holding your most sensitive financial identifiers, Acorns explicitly disclaims absolute security, meaning in a breach scenario consumers bear residual risk and Acorns' liability may be limited by this disclaimer.

Cross-platform context

See how other platforms handle Security of Personal Information and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This standard disclaimer limits Acorns' liability in the event of a data breach — particularly significant given that Acorns holds Social Security numbers, bank credentials, and investment account data.

View original clause language

We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GLBA Safeguards Rule (16 CFR Part 314, amended 2023) requires a documented information security program with specific technical and administrative safeguards; non-compliance carries FTC enforcement authority. Regulation S-P requires investment advisers to adopt written policies to protect customer records. State data breach notification laws (California Civil Code §1798.82; New York SHIELD Act; Illinois Personal Information Protection Act) require consumer notification within specified timeframes following a breach of financial data.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC enforces the GLBA Safeguards Rule requiring financial platforms to maintain adequate security programs protecting consumer financial data.
File a complaint →

Provision details

Document information

Document

Acorns Privacy Policy

Entity

Acorns

Document last updated

April 29, 2026

Tracking information

First tracked

April 18, 2026

Last verified

April 18, 2026

Record ID

CA-P-002897

Document ID

CA-D-00172

Evidence Provenance

Source URL

https://www.acorns.com/privacy/

Wayback Machine

View archived versions →

SHA-256

8f942504d66331c35a17fda03088196d39a24f21469df43439f551c11b3f4c7d

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Acorns | Document: Acorns Privacy Policy | Record: CA-P-002897
Captured: 2026-04-18 10:35:59 UTC | SHA-256: 8f942504d66331c3…
URL: https://conductatlas.com/platform/acorns/acorns-privacy-policy/security-of-personal-information/
Accessed: May 2, 2026

Classification

Severity

Medium

Security of Personal Information