Afterpay provides additional privacy rights and disclosures to residents of certain U.S. states, which are described in a separate addendum to the main privacy notice.
This analysis describes what Afterpay's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Depending on which state you live in, you may have additional rights to access, correct, delete, or limit the use and sharing of your personal information that go beyond what the general notice describes.
Interpretive note: The full content of the state-specific addendum was not rendered in the provided document, making it impossible to assess the completeness or adequacy of the state-specific disclosures and rights mechanisms.
If you live in California or another state with a comprehensive privacy law, you likely have specific rights regarding your Afterpay data, including the right to know what is collected, request deletion, and opt out of certain sharing. These rights are only fully detailed in the state-specific addendum, which requires navigating to a separate section.
How other platforms handle this
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
Monitoring
Afterpay has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Additional Information for Residents of Certain U.S. States— Excerpt from Afterpay's Afterpay Privacy Policy
REGULATORY LANDSCAPE: The reference to state-specific disclosures engages the California Consumer Privacy Act as amended by the California Privacy Rights Act, which requires businesses meeting certain thresholds to provide California consumers with rights to access, delete, correct, and opt out of the sale or sharing of personal information. Virginia's CDPA, Colorado's CPA, Connecticut's CTDPA, and other enacted state privacy laws create similar disclosure and rights obligations. The California Privacy Protection Agency and state attorneys general are the primary enforcement authorities for these frameworks. GOVERNANCE EXPOSURE: Medium. The multi-document structure, with a main notice and state-specific addenda, is common practice but creates a risk of inconsistency or omission if the addenda are not maintained in alignment with the main notice and with each other. The CPRA's requirements for disclosure of retention periods, sensitive data handling, and opt-out mechanisms must be verified in the California-specific section. JURISDICTION FLAGS: California creates the highest compliance exposure given the CPRA's detailed requirements and the CPPA's active enforcement posture. Texas, Montana, Iowa, Indiana, Tennessee, and other states with recently enacted privacy laws may also require coverage in the addendum. The notice's reference to 'certain U.S. states' without enumeration makes it difficult to assess completeness without reviewing the full addendum text. CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements with service providers must include CPRA-required contractual provisions for California consumer data. Vendor contracts should be audited to confirm they prohibit service providers from retaining, using, or disclosing personal information outside the scope of the service agreement. COMPLIANCE CONSIDERATIONS: Legal teams should verify that the state-specific addendum is complete and current for all jurisdictions where Afterpay has customers subject to enacted privacy laws. The opt-out mechanisms required under each applicable state law should be tested for functionality. Annual CPRA-required disclosures including retention periods and sensitive data categories should be reviewed for adequacy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Depending on which state you live in, you may have additional rights to access, correct, delete, or limit the use and sharing of your personal information that go beyond what the general notice describes.
If you live in California or another state with a comprehensive privacy law, you likely have specific rights regarding your Afterpay data, including the right to know what is collected, request deletion, and opt out of certain sharing. These rights are only fully detailed in the state-specific addendum, which requires navigating to a separate section.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Afterpay.