Affirm obtains information about you not just from your direct interactions with its app or website, but also from credit bureaus, data brokers, and its retail merchant partners.
This analysis describes what Affirm's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This means your profile at Affirm is built from sources you may not be aware of or have directly consented to, which can affect credit decisions and how you are targeted for marketing.
Interpretive note: The exact categories of data obtained from data brokers and the specific purposes for which they are used are not fully enumerated, creating some uncertainty about the scope of this collection.
Your data profile at Affirm may include information from data brokers and credit bureaus combined with merchant transaction data, creating a more comprehensive record than you may expect from a loan provider.
Cross-platform context
See how other platforms handle Collection of Data from Third-Party Sources and similar clauses.
Compare across platforms →Monitoring
Affirm has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect information about you from third parties, such as credit bureaus, identity verification services, data brokers, and our merchant and business partners. This information may include your credit history, identity verification information, and other information about you.— Excerpt from Affirm's Affirm Privacy Policy
REGULATORY LANDSCAPE: Collection of credit bureau data triggers Fair Credit Reporting Act permissible purpose requirements enforced by the CFPB and FTC; any use of consumer report data for eligibility, marketing, or profiling purposes must satisfy FCRA Section 604 permissible purposes. Data broker sourcing engages CCPA definitions of third-party data and may implicate CPRA's requirement to disclose categories of sources. FTC Act Section 5 unfair or deceptive practices standards apply to the adequacy of disclosure about third-party sourcing. GOVERNANCE EXPOSURE: Medium. The combination of credit bureau data, data broker information, and merchant transaction data to build consumer profiles creates FCRA compliance exposure if any such data is used in credit or eligibility decisions without proper adverse action procedures, and CCPA disclosure exposure if the categories of sources are not adequately enumerated in the policy. JURISDICTION FLAGS: California residents have CCPA rights to know the categories of sources from which data is collected; compliance requires that data broker sourcing be explicitly listed. FCRA requirements apply nationally. Illinois and New York may have additional data broker or financial privacy requirements worth evaluating. CONTRACT AND VENDOR IMPLICATIONS: Data broker agreements should be reviewed to ensure they include representations about the lawfulness of data collection and permissible downstream uses. Merchant partner data sharing agreements should address what data flows back to Affirm and under what terms, including whether those flows are consistent with GLBA and CCPA. COMPLIANCE CONSIDERATIONS: Compliance teams should map all third-party data sources and document the legal basis for each, verify that FCRA permissible purpose is established for any credit bureau data use, and confirm that the policy's disclosure of data source categories satisfies CCPA Section 1798.100 requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This means your profile at Affirm is built from sources you may not be aware of or have directly consented to, which can affect credit decisions and how you are targeted for marketing.
Your data profile at Affirm may include information from data brokers and credit bureaus combined with merchant transaction data, creating a more comprehensive record than you may expect from a loan provider.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Affirm.