Affirm collects technical information about your device and, where you permit it, your precise physical location when you use its app or website.
This analysis describes what Affirm's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Device identifiers and geolocation data can be used for behavioral tracking and advertising targeting purposes beyond the basic function of processing a loan.
Interpretive note: The policy states geolocation is collected 'with your permission' but does not specify whether this is an in-app consent or device-level permission, and the downstream uses of location data beyond fraud prevention are not fully enumerated.
The updated Privacy Policy establishes that Affirm qualifies as a financial institution under the Gramm-Leach-Bliley Act, meaning personal information collected in connection with Affirm services is governed by federal banking law rather than applicable state privacy laws. The policy now explicitly discloses collection of identity and profile information including full name, date of birth, Social Security number, email, mailing address, phone number, and password. The updated terms also disclose new data sharing arrangements with fraud prevention, identity verification, and risk intelligence providers, which were not previously detailed. You can contact Affirm's privacy team using the phone number provided in the updated policy to exercise data privacy rights.
View change record →Affirm may collect your device identifiers and precise location data, which can contribute to behavioral profiling and advertising targeting in addition to fraud prevention and service delivery.
How other platforms handle this
Geolocation Information
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Affirm has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect information about the device you use to access our services, including your device type, operating system, browser type, IP address, and device identifiers. We may also collect precise geolocation information with your permission.— Excerpt from Affirm's Affirm Privacy Policy
REGULATORY LANDSCAPE: Collection of precise geolocation data engages CCPA's sensitive personal information category under CPRA, which grants California residents the right to limit the use and disclosure of sensitive data. FTC Act Section 5 applies to the adequacy of consent mechanisms for location collection. State-level mobile privacy statutes in some jurisdictions may impose additional notice or consent requirements for location tracking. GOVERNANCE EXPOSURE: Medium. Precise geolocation is classified as sensitive personal information under CPRA, requiring a specific 'limit use' opt-out mechanism separate from general CCPA opt-outs. If the policy does not provide a clearly accessible sensitive data limitation right, CPRA compliance exposure exists. JURISDICTION FLAGS: California CPRA sensitive personal information provisions require a 'Limit the Use of My Sensitive Personal Information' link or equivalent. Illinois and other states with specific location privacy protections may impose additional requirements. If location data is shared with marketing partners, CCPA sharing opt-out requirements apply. CONTRACT AND VENDOR IMPLICATIONS: Analytics and advertising SDK vendors embedded in the Affirm mobile application should be assessed to determine whether they independently collect device or location data, which could trigger separate disclosure and consent obligations. Third-party advertising partners receiving device identifiers should operate under data processing agreements. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that the app-level permission request for location is accompanied by adequate disclosure of how location data is used, that CPRA's sensitive data limitation right is implemented, and that device identifier data shared with advertising networks is addressed in the policy's disclosure of data sharing categories.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Device identifiers and geolocation data can be used for behavioral tracking and advertising targeting purposes beyond the basic function of processing a loan.
Affirm may collect your device identifiers and precise location data, which can contribute to behavioral profiling and advertising targeting in addition to fraud prevention and service delivery.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Affirm.