Affirm keeps your personal data for as long as it needs to run its services and meet legal requirements, with no specific deletion timeline stated for most data categories.
This analysis describes what Affirm's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
An open-ended retention standard without specific timelines means your financial and behavioral data may be retained indefinitely unless you affirmatively request deletion.
Interpretive note: The policy does not provide category-specific retention timelines; it is unclear whether Affirm's operational retention schedules satisfy CPRA's disclosure specificity requirement.
Affirm does not commit to specific retention periods for most personal data categories, meaning your loan history, behavioral inferences, and other profile data may be held for an extended or indeterminate period unless you exercise deletion rights.
How other platforms handle this
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements, to resolve disputes, and to enforce our agreements. The criteria used to determine our retention periods include: the length of ...
We may retain de-identified or aggregated information that can no longer be used to identify you for any period of time, including indefinitely.
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, or as otherwise permitted or required by applicable law.
Monitoring
Affirm has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We retain your personal information for as long as necessary to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. The retention period for specific types of personal information may vary based on the nature of the information and our legal requirements.— Excerpt from Affirm's Affirm Privacy Policy
REGULATORY LANDSCAPE: GLBA safeguards rules require data disposal procedures for customer financial information. CCPA and CPRA require that retention periods be disclosed in the privacy policy for each category of personal information; a policy that states only a general necessity standard without category-specific periods may not satisfy CPRA's disclosure specificity requirement. FTC Act Section 5 unfair practices standards apply to retention practices that create unnecessary consumer risk. GOVERNANCE EXPOSURE: Medium. CPRA regulations require that privacy policies disclose the retention period or criteria used to determine retention for each category of personal information. A generalized necessity standard without category-level disclosure may not satisfy this requirement, creating California regulatory exposure. JURISDICTION FLAGS: California CPRA retention disclosure requirements apply to all covered businesses. GLBA data disposal requirements apply nationally. If Affirm processes data subject to FCRA, consumer report retention rules impose specific time limits for certain record types. CONTRACT AND VENDOR IMPLICATIONS: Service provider and data processor agreements should include data retention and deletion schedules consistent with Affirm's stated retention policies and GLBA disposal requirements. Downstream deletion obligations should be contractually required upon termination of processing relationships. COMPLIANCE CONSIDERATIONS: Compliance teams should audit data retention schedules by category, assess whether CPRA's category-specific disclosure requirement is satisfied, document the legal basis for each retention period, and confirm that deletion requests under CCPA result in timely deletion from both Affirm systems and downstream processors.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
An open-ended retention standard without specific timelines means your financial and behavioral data may be retained indefinitely unless you affirmatively request deletion.
Affirm does not commit to specific retention periods for most personal data categories, meaning your loan history, behavioral inferences, and other profile data may be held for an extended or indeterminate period unless you exercise deletion rights.
ConductAtlas has identified this type of provision across 115 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Affirm.