Affirm collects technical information about your device and, where you permit it, your precise physical location when you use its app or website.
This analysis describes what Affirm's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Device identifiers and geolocation data can be used for behavioral tracking and advertising targeting purposes beyond the basic function of processing a loan.
Interpretive note: The policy states geolocation is collected 'with your permission' but does not specify whether this is an in-app consent or device-level permission, and the downstream uses of location data beyond fraud prevention are not fully enumerated.
Affirm may collect your device identifiers and precise location data, which can contribute to behavioral profiling and advertising targeting in addition to fraud prevention and service delivery.
How other platforms handle this
Geolocation Information, if you have consented by enabling location access, we may receive and store your precise location information, including when our apps are running in the foreground (our app is open and on screen) or background (our app is open, not on screen) of your device. You may use our...
Geolocation data, such as device location. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer's interaction with an internet website, application, or advertisement. Device identifiers, such as IP address, unique d...
We use cookies and similar tracking technologies to track the activity on our websites and services and store certain information. Tracking technologies used include beacons, tags, and scripts to collect and track information and to improve and analyze our services. You can instruct your browser to ...
Monitoring
Affirm has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect information about the device you use to access our services, including your device type, operating system, browser type, IP address, and device identifiers. We may also collect precise geolocation information with your permission.— Excerpt from Affirm's Affirm Privacy Policy
REGULATORY LANDSCAPE: Collection of precise geolocation data engages CCPA's sensitive personal information category under CPRA, which grants California residents the right to limit the use and disclosure of sensitive data. FTC Act Section 5 applies to the adequacy of consent mechanisms for location collection. State-level mobile privacy statutes in some jurisdictions may impose additional notice or consent requirements for location tracking. GOVERNANCE EXPOSURE: Medium. Precise geolocation is classified as sensitive personal information under CPRA, requiring a specific 'limit use' opt-out mechanism separate from general CCPA opt-outs. If the policy does not provide a clearly accessible sensitive data limitation right, CPRA compliance exposure exists. JURISDICTION FLAGS: California CPRA sensitive personal information provisions require a 'Limit the Use of My Sensitive Personal Information' link or equivalent. Illinois and other states with specific location privacy protections may impose additional requirements. If location data is shared with marketing partners, CCPA sharing opt-out requirements apply. CONTRACT AND VENDOR IMPLICATIONS: Analytics and advertising SDK vendors embedded in the Affirm mobile application should be assessed to determine whether they independently collect device or location data, which could trigger separate disclosure and consent obligations. Third-party advertising partners receiving device identifiers should operate under data processing agreements. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that the app-level permission request for location is accompanied by adequate disclosure of how location data is used, that CPRA's sensitive data limitation right is implemented, and that device identifier data shared with advertising networks is addressed in the policy's disclosure of data sharing categories.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Device identifiers and geolocation data can be used for behavioral tracking and advertising targeting purposes beyond the basic function of processing a loan.
Affirm may collect your device identifiers and precise location data, which can contribute to behavioral profiling and advertising targeting in addition to fraud prevention and service delivery.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Affirm.