Afterpay collects and processes your personal information across every touchpoint of its service, including visiting the website, downloading the app, applying for an account, and making purchases.
This analysis describes what Afterpay's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of collection across all service interactions means Afterpay can gather identity, financial, behavioral, and device data from the moment you visit its site, not just when you make a purchase or open an account.
Interpretive note: The specific categories of personal information collected are referenced by section heading but the full content of the collection disclosure section was not rendered in the provided document, limiting verification of completeness.
Your personal information, including financial account details and behavioral data, may be collected and processed across every interaction with Afterpay's platforms. This includes passive interactions like browsing the website, which may result in device and tracking data collection even before an account is created.
Cross-platform context
See how other platforms handle Scope of Personal Information Collection and similar clauses.
Compare across platforms →Monitoring
Afterpay has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"This Privacy Notice describes how Afterpay US, Inc. and affiliates ("Afterpay," "we," "us", and "our") collect, use, disclose, transfer, store, retain and otherwise process your personal information ("you", "your", and "customer") when you visit our website, download our app, apply for and use your Afterpay account, or otherwise interact and engage with us in relation to our customer products, features, and services, including as outlined in our Terms of Service ("agreement") (collectively, "Services").— Excerpt from Afterpay's Afterpay Privacy Policy
REGULATORY LANDSCAPE: The broad scope of collection across website visits, app use, account applications, and transactions engages GLBA's financial privacy requirements for data collected in connection with a financial product, the FTC Act for general consumer data practices, and state privacy laws including CPRA which requires businesses to disclose the specific categories of personal information collected. The CFPB has supervisory authority over Afterpay as a provider of consumer financial products. GOVERNANCE EXPOSURE: Medium. The collection scope is consistent with industry practice for BNPL providers but requires a complete and accurate data inventory to satisfy state law disclosure obligations. If the specific categories of data collected are not fully disclosed in the body of the notice (noting that the section content was not rendered in the provided document), this creates a potential disclosure adequacy gap under CPRA and similar statutes. JURISDICTION FLAGS: California residents are entitled under CPRA to a comprehensive list of personal information categories collected, the purposes for collection, and the retention periods. The notice's accordion-style structure may present usability concerns if required disclosures are not prominently accessible. Illinois BIPA exposure is relevant if any biometric identifiers are collected during account verification processes. CONTRACT AND VENDOR IMPLICATIONS: Retail partners and merchants integrating with Afterpay should assess what data Afterpay collects from shared customers at the point of sale and whether that collection is disclosed in their own privacy notices. Joint data controller or data processor arrangements may require contractual documentation. COMPLIANCE CONSIDERATIONS: A data mapping exercise should confirm that all personal information categories collected across web, app, and transaction channels are fully enumerated in the disclosure and that stated purposes are specific and lawful. Retention schedules should be reviewed against legal minimization requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of collection across all service interactions means Afterpay can gather identity, financial, behavioral, and device data from the moment you visit its site, not just when you make a purchase or open an account.
Your personal information, including financial account details and behavioral data, may be collected and processed across every interaction with Afterpay's platforms. This includes passive interactions like browsing the website, which may result in device and tracking data collection even before an account is created.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Afterpay.