Afterpay treats your continued use of its app or website as agreement to all the data practices in this policy, meaning you do not have to click an explicit 'I agree' button for the policy to apply to you.
This analysis describes what Afterpay's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This consent mechanism means that if Afterpay updates its privacy practices, continuing to use the service after notice of the change may be treated as acceptance of the new terms, without any additional affirmative action required from you.
Interpretive note: The enforceability and adequacy of continuing-use consent varies significantly by jurisdiction and by the category of personal data involved, particularly under CPRA and GDPR frameworks.
Consumers who are not aware of a policy update may find their personal and financial data handled under new terms without having explicitly agreed to them. This is particularly relevant for sensitive data categories where some state laws require more than passive consent.
How other platforms handle this
If you consent to receive calls and SMS text messages from Redfin, that consent is exclusive to Redfin and its partners and affiliates, and is collected solely for the purpose of obtaining your permission to call or text you as part of providing you with the Services or to send you marketing message...
By creating an Affirm account or using the Services, you consent to receive electronically all communications, agreements, documents, notices and disclosures (collectively, 'Communications') that Affirm provides in connection with your Affirm account and use of the Services. Communications include, ...
<!-- OneTrust Cookies Consent Notice start for arlo.com --> <script async data-cfasync="false" type="text/javascript" src="https://cdn.cookielaw.org/consent/dabf8452-cb28-42ac-b994-02f10392b33c/OtAutoBlock.js"></script> <script async data-cfasync="false" src="https://cdn.cookielaw.org/scripttemplate...
Monitoring
Afterpay has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"By continuing to interact with our Services, you are consenting to the practices described in this Privacy Notice.— Excerpt from Afterpay's Afterpay Privacy Policy
REGULATORY LANDSCAPE: Continuing-use consent as a mechanism for privacy policy agreement engages the FTC Act's prohibition on unfair or deceptive practices, and may interact with state privacy law requirements under the CPRA and similar statutes that distinguish between opt-in and opt-out consent for sensitive personal information categories. The FTC has historically scrutinized retroactive or passive consent mechanisms in the context of material policy changes. GOVERNANCE EXPOSURE: Medium. The clause is a commonly observed industry practice but carries heightened risk in the BNPL and financial services context because the data collected includes financial account information and transaction history, categories that may require more robust consent mechanisms under GLBA, CPRA, or GDPR for affiliated entities outside the U.S. The risk increases if the policy is updated materially without prominent individual notice to existing account holders. JURISDICTION FLAGS: California's CPRA requires affirmative opt-in consent for the collection or use of sensitive personal information in certain contexts, which may not be satisfied by a continuing-use mechanism. GDPR, if applicable to affiliated EU entities, requires a freely given, specific, informed, and unambiguous indication of agreement that passive use may not satisfy. Virginia, Colorado, and Connecticut privacy laws similarly require specific consent for processing sensitive data. CONTRACT AND VENDOR IMPLICATIONS: Procurement and compliance teams integrating Afterpay as a payment partner should evaluate whether the continuing-use consent mechanism is consistent with their own obligations to end customers under applicable data protection agreements. The clause does not assert liability shifts or indemnification terms in its current form. COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the notice and consent mechanism satisfies GLBA's annual notice and opt-out requirements, and whether state law obligations require affirmative re-consent upon material policy changes. A consent mechanism audit should assess whether the current approach is defensible for all data categories collected, particularly sensitive financial and behavioral data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This consent mechanism means that if Afterpay updates its privacy practices, continuing to use the service after notice of the change may be treated as acceptance of the new terms, without any additional affirmative action required from you.
Consumers who are not aware of a policy update may find their personal and financial data handled under new terms without having explicitly agreed to them. This is particularly relevant for sensitive data categories where some state laws require more than passive consent.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Afterpay.