Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC enforces the GLBA Safeguards Rule requiring financial platforms to maintain adequate security programs protecting consumer financial data.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Security of Personal Information clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Security of Personal Information clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Security of Personal Information — Acorns

Share 𝕏 Share in Share 🔒 PDF

Recent governance activity Acorns recorded 2 documented changes in the last 30 days.

Start monitoring updates

Monitor governance changes for Acorns Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Acorns uses security measures to protect your data but explicitly states it cannot guarantee your data will never be breached.

ⓘ

This analysis describes what Acorns's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision establishes Acorns' security practices and contemporaneously limits the scope of security assurances provided, allocating risk exposure related to inherent limitations of internet and electronic storage technologies.

Recent Activity

This document changed recently

Medium Apr 18, 2026

The updated policy removes explicit language describing how data flows when users sign in via Apple or Google, including what information those services share with Acorns and how it is used. Previously, the policy stated that Acorns receives information such as name and email address through third-party sign-in services solely to manage accounts and provide services. The revised language also shifts the AI chatbot from an optional feature users 'may access' to a stated service Acorns 'uses' to direct users to internal articles. Users no longer have a published explanation of third-party sign-in data practices in the privacy notice, though the terms suggest data shared through third-party services remains subject to those providers' terms.

View change record →

Consumer impact (what this means for users)

Despite holding your most sensitive financial identifiers, Acorns explicitly disclaims absolute security, meaning in a breach scenario consumers bear residual risk and Acorns' liability may be limited by this disclaimer.

How other platforms handle this

Webull Medium

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. However, no security system is impenetrable, and we cannot guarantee the security of our sy...

Equifax High

We use reasonable physical, technical, and administrative measures to protect information about you from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. While we take steps to protect your information, no system is completely secure. We cannot guarantee the securit...

Wise High

You are responsible for maintaining the confidentiality of your Account password and for all activity that occurs under your Account. You agree to notify us immediately if you become aware of any unauthorized use of your password or Account or any other breach of security. We will not be liable for ...

See all platforms with this clause type →

Monitoring

Acorns has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

— Excerpt from Acorns's Acorns Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY FRAMEWORK: GLBA Safeguards Rule (16 CFR Part 314, amended 2023) requires a documented information security program with specific technical and administrative safeguards; non-compliance carries FTC enforcement authority. Regulation S-P requires investment advisers to adopt written policies to protect customer records. State data breach notification laws (California Civil Code §1798.82; New York SHIELD Act; Illinois Personal Information Protection Act) require consumer notification within specified timeframes following a breach of financial data.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC enforces the GLBA Safeguards Rule requiring financial platforms to maintain adequate security programs protecting consumer financial data.
File a complaint →

Applicable regulations

GLBA

United States Federal

Provision details

Document information

Document

Acorns Privacy Policy

Entity

Acorns

Document last updated

May 5, 2026

Tracking information

First tracked

April 18, 2026

Last verified

April 18, 2026

Record ID

CA-P-002897

Document ID

CA-D-00172

Evidence Provenance

Source URL

https://www.acorns.com/privacy/

Wayback Machine

View archived versions →

Content hash (SHA-256)

8f942504d66331c35a17fda03088196d39a24f21469df43439f551c11b3f4c7d

Analysis generated

April 18, 2026 10:35 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Acorns
Document: Acorns Privacy Policy
Record ID: CA-P-002897
Captured: 2026-04-18 10:35:59 UTC
SHA-256: 8f942504d66331c3…
URL: https://conductatlas.com/platform/acorns/acorns-privacy-policy/security-of-personal-information/
Accessed: June 24, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Third-Party Data Sharing for Marketing high
Behavioral Analytics and Tracking Technologies medium
Collection of Sensitive Financial Information high
California Consumer Privacy Rights medium
Children's Data — Acorns Early high
Data Retention and Deletion Rights medium

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Acorns's Security of Personal Information clause do?

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.

Is ConductAtlas affiliated with Acorns?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Acorns.