Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This privacy policy establishes Afterpay's data collection, use, and disclosure practices for users of its buy-now-pay-later platform, covering personal, financial, device, and behavioral information. The policy treats continued use of the service as affirmative consent to the data practices described, including disclosure of user information to retailers, affiliates, and third-party partners. The policy incorporates state-specific privacy rights provisions for California and other jurisdictions that permit users to submit requests to access, delete, or restrict sharing of personal information.
This Privacy Notice, issued by Afterpay US, Inc. with an effective date of March 16, 2026, governs the collection, use, disclosure, transfer, storage, and retention of personal information from customers who visit Afterpay's website, use its app, apply for or use an Afterpay account, or otherwise interact with its consumer-facing services. The document structures consent on a continuing-use basis, stating that 'by continuing to interact with our Services, you are consenting to the practices described in this Privacy Notice,' and outlines data flows spanning identity information, financial data, device and behavioral data, and information obtained from third-party sources including retailers and data brokers. A notable structural limitation of the provided document is that the accordion-style HTML rendering did not fully expose the substantive policy text within each section, meaning the specific data categories collected, third-party sharing partners, retention periods, and state-specific rights disclosures are referenced by section heading but their full content is not readable in the transmitted source; analysis is therefore grounded in the document's framework, stated scope, and visible structural elements. The notice references additional disclosures for residents of certain U.S. states and a separate U.S. Consumer Privacy Notice, indicating engagement with state privacy frameworks including the California Consumer Privacy Act and potentially other state statutes such as Virginia's CDPA, Colorado's CPA, and similar laws; as a buy-now-pay-later payment services provider, Afterpay's data practices also engage the Consumer Financial Protection Bureau's jurisdiction under the Gramm-Leach-Bliley Act and the FTC Act. The document's reliance on continuing-use consent as the primary mechanism for agreement, combined with the breadth of its stated collection and processing scope across a BNPL financial services context, creates material compliance considerations under both state privacy law and federal financial privacy regulation, particularly regarding the adequacy of notice and the scope of permissible data sharing.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trialMonitoring
Afterpay has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Implied Consent by Continued Use and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.