Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This policy establishes Affirm's data collection, use, and disclosure practices for users of its buy-now-pay-later lending platform. Affirm collects and processes personal, financial, and behavioral data including loan information, device identifiers, geolocation, browsing activity, and data from external sources such as credit bureaus and data brokers. The policy authorizes use of this data for Affirm's operational and marketing purposes, and permits disclosure to merchant partners, advertising partners, and other third parties specified in the policy.
This document is Affirm's consumer privacy policy governing the collection, use, and sharing of personal information in connection with its buy-now-pay-later lending products and related financial services, operating under applicable U.S. consumer financial privacy law including the Gramm-Leach-Bliley Act (GLBA) and state privacy statutes such as the California Consumer Privacy Act (CCPA). The policy states that Affirm collects a broad range of data categories including identifiers, financial account information, transaction history, credit-related information, device and usage data, geolocation, and inferences drawn from these data points to build consumer profiles; the terms authorize sharing this information with affiliated companies, merchant partners, service providers, and third-party marketing partners, with opt-out rights available only for certain non-essential sharing categories. A notable operational feature is Affirm's stated collection of data from third-party sources including credit bureaus, data brokers, and merchant partners, combined with device-level tracking and behavioral inference, which creates a layered data profile that extends beyond transactional lending data; the policy also reserves the right to use consumer data for marketing and targeted advertising, though CCPA and related state laws may constrain some of these uses for California residents and similar frameworks may apply in other jurisdictions. The policy engages GLBA financial privacy requirements, CCPA and its amendments under CPRA, the Fair Credit Reporting Act (FCRA) with respect to credit-related data use, and FTC Act unfair or deceptive practices standards; CFPB oversight is directly relevant given Affirm's status as a nonbank financial services provider subject to supervisory authority. Material compliance considerations include the breadth of third-party data sharing for marketing purposes, the adequacy of opt-out mechanisms relative to CCPA requirements, and whether data retention and deletion practices align with GLBA and CCPA obligations.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Affirm has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Collection of Sensitive Financial and Identity Data and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.