Affirm obtains information about you not just from your direct interactions with its app or website, but also from credit bureaus, data brokers, and its retail merchant partners.
This analysis describes what Affirm's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This means your profile at Affirm is built from sources you may not be aware of or have directly consented to, which can affect credit decisions and how you are targeted for marketing.
Interpretive note: The exact categories of data obtained from data brokers and the specific purposes for which they are used are not fully enumerated, creating some uncertainty about the scope of this collection.
The updated Privacy Policy establishes that Affirm qualifies as a financial institution under the Gramm-Leach-Bliley Act, meaning personal information collected in connection with Affirm services is governed by federal banking law rather than applicable state privacy laws. The policy now explicitly discloses collection of identity and profile information including full name, date of birth, Social Security number, email, mailing address, phone number, and password. The updated terms also disclose new data sharing arrangements with fraud prevention, identity verification, and risk intelligence providers, which were not previously detailed. You can contact Affirm's privacy team using the phone number provided in the updated policy to exercise data privacy rights.
View change record →Your data profile at Affirm may include information from data brokers and credit bureaus combined with merchant transaction data, creating a more comprehensive record than you may expect from a loan provider.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Affirm has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect information about you from third parties, such as credit bureaus, identity verification services, data brokers, and our merchant and business partners. This information may include your credit history, identity verification information, and other information about you.— Excerpt from Affirm's Affirm Privacy Policy
REGULATORY LANDSCAPE: Collection of credit bureau data triggers Fair Credit Reporting Act permissible purpose requirements enforced by the CFPB and FTC; any use of consumer report data for eligibility, marketing, or profiling purposes must satisfy FCRA Section 604 permissible purposes. Data broker sourcing engages CCPA definitions of third-party data and may implicate CPRA's requirement to disclose categories of sources. FTC Act Section 5 unfair or deceptive practices standards apply to the adequacy of disclosure about third-party sourcing. GOVERNANCE EXPOSURE: Medium. The combination of credit bureau data, data broker information, and merchant transaction data to build consumer profiles creates FCRA compliance exposure if any such data is used in credit or eligibility decisions without proper adverse action procedures, and CCPA disclosure exposure if the categories of sources are not adequately enumerated in the policy. JURISDICTION FLAGS: California residents have CCPA rights to know the categories of sources from which data is collected; compliance requires that data broker sourcing be explicitly listed. FCRA requirements apply nationally. Illinois and New York may have additional data broker or financial privacy requirements worth evaluating. CONTRACT AND VENDOR IMPLICATIONS: Data broker agreements should be reviewed to ensure they include representations about the lawfulness of data collection and permissible downstream uses. Merchant partner data sharing agreements should address what data flows back to Affirm and under what terms, including whether those flows are consistent with GLBA and CCPA. COMPLIANCE CONSIDERATIONS: Compliance teams should map all third-party data sources and document the legal basis for each, verify that FCRA permissible purpose is established for any credit bureau data use, and confirm that the policy's disclosure of data source categories satisfies CCPA Section 1798.100 requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This means your profile at Affirm is built from sources you may not be aware of or have directly consented to, which can affect credit decisions and how you are targeted for marketing.
Your data profile at Affirm may include information from data brokers and credit bureaus combined with merchant transaction data, creating a more comprehensive record than you may expect from a loan provider.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Affirm.