Afterpay treats your continued use of its app or website as agreement to all the data practices in this policy, meaning you do not have to click an explicit 'I agree' button for the policy to apply to you.
This analysis describes what Afterpay's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This consent mechanism means that if Afterpay updates its privacy practices, continuing to use the service after notice of the change may be treated as acceptance of the new terms, without any additional affirmative action required from you.
Interpretive note: The enforceability and adequacy of continuing-use consent varies significantly by jurisdiction and by the category of personal data involved, particularly under CPRA and GDPR frameworks.
Consumers who are not aware of a policy update may find their personal and financial data handled under new terms without having explicitly agreed to them. This is particularly relevant for sensitive data categories where some state laws require more than passive consent.
How other platforms handle this
YOU MUST BE AND HEREBY AFFIRM THAT YOU ARE AN ADULT OF THE LEGAL AGE OF MAJORITY IN YOUR COUNTRY OR STATE OF RESIDENCE. If you are under the legal age of majority, your parent or legal guardian must consent to this agreement.
We rely upon you to obtain any consents from your friends and contacts that may be required by law to allow us to access, upload, and use their personal information for this purpose. You or your friends or contacts may reach us at privacy@draftkings.com to request the removal of this information fro...
The Service is not directed to children under the age of 16. If you are under the age of 16, you may only use the Service with the involvement and consent of a parent or guardian. If you are a parent or guardian and you are aware that your child has provided us with personal information without your...
Monitoring
Afterpay has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"By continuing to interact with our Services, you are consenting to the practices described in this Privacy Notice.— Excerpt from Afterpay's Afterpay Privacy Policy
REGULATORY LANDSCAPE: Continuing-use consent as a mechanism for privacy policy agreement engages the FTC Act's prohibition on unfair or deceptive practices, and may interact with state privacy law requirements under the CPRA and similar statutes that distinguish between opt-in and opt-out consent for sensitive personal information categories. The FTC has historically scrutinized retroactive or passive consent mechanisms in the context of material policy changes. GOVERNANCE EXPOSURE: Medium. The clause is a commonly observed industry practice but carries heightened risk in the BNPL and financial services context because the data collected includes financial account information and transaction history, categories that may require more robust consent mechanisms under GLBA, CPRA, or GDPR for affiliated entities outside the U.S. The risk increases if the policy is updated materially without prominent individual notice to existing account holders. JURISDICTION FLAGS: California's CPRA requires affirmative opt-in consent for the collection or use of sensitive personal information in certain contexts, which may not be satisfied by a continuing-use mechanism. GDPR, if applicable to affiliated EU entities, requires a freely given, specific, informed, and unambiguous indication of agreement that passive use may not satisfy. Virginia, Colorado, and Connecticut privacy laws similarly require specific consent for processing sensitive data. CONTRACT AND VENDOR IMPLICATIONS: Procurement and compliance teams integrating Afterpay as a payment partner should evaluate whether the continuing-use consent mechanism is consistent with their own obligations to end customers under applicable data protection agreements. The clause does not assert liability shifts or indemnification terms in its current form. COMPLIANCE CONSIDERATIONS: Legal teams should evaluate whether the notice and consent mechanism satisfies GLBA's annual notice and opt-out requirements, and whether state law obligations require affirmative re-consent upon material policy changes. A consent mechanism audit should assess whether the current approach is defensible for all data categories collected, particularly sensitive financial and behavioral data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This consent mechanism means that if Afterpay updates its privacy practices, continuing to use the service after notice of the change may be treated as acceptance of the new terms, without any additional affirmative action required from you.
Consumers who are not aware of a policy update may find their personal and financial data handled under new terms without having explicitly agreed to them. This is particularly relevant for sensitive data categories where some state laws require more than passive consent.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Afterpay.