Afterpay provides additional privacy rights and disclosures to residents of certain U.S. states, which are described in a separate addendum to the main privacy notice.
This analysis describes what Afterpay's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Depending on which state you live in, you may have additional rights to access, correct, delete, or limit the use and sharing of your personal information that go beyond what the general notice describes.
Interpretive note: The full content of the state-specific addendum was not rendered in the provided document, making it impossible to assess the completeness or adequacy of the state-specific disclosures and rights mechanisms.
If you live in California or another state with a comprehensive privacy law, you likely have specific rights regarding your Afterpay data, including the right to know what is collected, request deletion, and opt out of certain sharing. These rights are only fully detailed in the state-specific addendum, which requires navigating to a separate section.
How other platforms handle this
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...
If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also ...
Monitoring
Afterpay has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Additional Information for Residents of Certain U.S. States— Excerpt from Afterpay's Afterpay Privacy Policy
REGULATORY LANDSCAPE: The reference to state-specific disclosures engages the California Consumer Privacy Act as amended by the California Privacy Rights Act, which requires businesses meeting certain thresholds to provide California consumers with rights to access, delete, correct, and opt out of the sale or sharing of personal information. Virginia's CDPA, Colorado's CPA, Connecticut's CTDPA, and other enacted state privacy laws create similar disclosure and rights obligations. The California Privacy Protection Agency and state attorneys general are the primary enforcement authorities for these frameworks. GOVERNANCE EXPOSURE: Medium. The multi-document structure, with a main notice and state-specific addenda, is common practice but creates a risk of inconsistency or omission if the addenda are not maintained in alignment with the main notice and with each other. The CPRA's requirements for disclosure of retention periods, sensitive data handling, and opt-out mechanisms must be verified in the California-specific section. JURISDICTION FLAGS: California creates the highest compliance exposure given the CPRA's detailed requirements and the CPPA's active enforcement posture. Texas, Montana, Iowa, Indiana, Tennessee, and other states with recently enacted privacy laws may also require coverage in the addendum. The notice's reference to 'certain U.S. states' without enumeration makes it difficult to assess completeness without reviewing the full addendum text. CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements with service providers must include CPRA-required contractual provisions for California consumer data. Vendor contracts should be audited to confirm they prohibit service providers from retaining, using, or disclosing personal information outside the scope of the service agreement. COMPLIANCE CONSIDERATIONS: Legal teams should verify that the state-specific addendum is complete and current for all jurisdictions where Afterpay has customers subject to enacted privacy laws. The opt-out mechanisms required under each applicable state law should be tested for functionality. Annual CPRA-required disclosures including retention periods and sensitive data categories should be reviewed for adequacy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Depending on which state you live in, you may have additional rights to access, correct, delete, or limit the use and sharing of your personal information that go beyond what the general notice describes.
If you live in California or another state with a comprehensive privacy law, you likely have specific rights regarding your Afterpay data, including the right to know what is collected, request deletion, and opt out of certain sharing. These rights are only fully detailed in the state-specific addendum, which requires navigating to a separate section.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Afterpay.