This analysis describes what Affirm's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes the operational framework for data distribution across Affirm's transaction ecosystem. It defines two categories of authorized recipients—transactional merchants and functional service providers—which directly affects the scope of entities with access to user information.
The updated Privacy Policy establishes that Affirm qualifies as a financial institution under the Gramm-Leach-Bliley Act, meaning personal information collected in connection with Affirm services is governed by federal banking law rather than applicable state privacy laws. The policy now explicitly discloses collection of identity and profile information including full name, date of birth, Social Security number, email, mailing address, phone number, and password. The updated terms also disclose new data sharing arrangements with fraud prevention, identity verification, and risk intelligence providers, which were not previously detailed. You can contact Affirm's privacy team using the phone number provided in the updated policy to exercise data privacy rights.
View change record →Users' personal information is subject to sharing with any merchant or retailer accessed through Affirm's platform, and separately with third-party service providers selected by Affirm for specified business functions. The provision does not require user consent per transaction or restrict the categories of service providers based on data sensitivity.
Cross-platform context
See how other platforms handle Sharing with Merchants and Service Providers and similar clauses.
Compare across platforms →Monitoring
Affirm has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with merchants and retailers that you interact with through our platform, as well as with service providers that perform services on our behalf, such as payment processing, data analytics, customer service, and marketing.— Excerpt from Affirm's Affirm Privacy Policy
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes the operational framework for data distribution across Affirm's transaction ecosystem. It defines two categories of authorized recipients—transactional merchants and functional service providers—which directly affects the scope of entities with access to user information.
Users' personal information is subject to sharing with any merchant or retailer accessed through Affirm's platform, and separately with third-party service providers selected by Affirm for specified business functions. The provision does not require user consent per transaction or restrict the categories of service providers based on data sensitivity.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Affirm.