Afterpay shares your personal information with third parties in certain circumstances, which the policy describes in a dedicated section covering the types of recipients and the conditions for sharing.
This analysis describes what Afterpay's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
For a buy-now-pay-later provider handling financial and purchase data, the scope of third-party sharing determines how broadly your financial behavior and personal details may flow to retail partners, data analytics providers, and other entities.
Interpretive note: The specific content of the third-party sharing section was not rendered in the provided document; analysis is based on the section heading reference and the known operational model of Afterpay as a BNPL provider.
Your financial transaction data, purchase history, and personal information may be shared with Afterpay's retail partners, affiliates, service providers, and potentially other third parties depending on the terms of the sharing section. The specific categories of recipients and the conditions under which sharing occurs are disclosed in the policy but were not fully readable in the provided document.
How other platforms handle this
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
We process personal data you provide to Oura to enable third party integrations, services, features, and offerings. For example, with your permission, our Services may integrate with third-party services like Google Health Connect and Apple HealthKit, or those of our partners. Oura takes measures to...
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
Monitoring
Afterpay has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When and With Whom We Share Your Information— Excerpt from Afterpay's Afterpay Privacy Policy
REGULATORY LANDSCAPE: Third-party data sharing by a financial services provider is regulated under GLBA, which requires annual privacy notices and opt-out rights for sharing with non-affiliated third parties for marketing purposes. The FTC enforces GLBA privacy rule compliance for non-bank financial institutions. State privacy laws including CPRA grant California consumers the right to opt out of the sale or sharing of personal information and require disclosure of sharing categories and recipients. The CFPB has also issued guidance on data sharing practices among BNPL providers and their retail partners. GOVERNANCE EXPOSURE: High. Data sharing in the BNPL context involves financial transaction data, purchase history, and behavioral profiles that are commercially valuable and subject to multiple overlapping regulatory frameworks. Sharing with retail partners, which is a core operational feature of the Afterpay model, must be disclosed with sufficient specificity under CPRA and GLBA. Any sharing that constitutes a 'sale' under California law triggers opt-out rights regardless of whether monetary consideration is exchanged. JURISDICTION FLAGS: California residents have the right to opt out of the sale or sharing of personal information under CPRA. Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws provide analogous opt-out rights for certain sharing activities. GLBA opt-out rights apply to sharing with non-affiliated third parties for marketing. The intersection of these frameworks requires careful mapping of each sharing relationship to the applicable legal basis. CONTRACT AND VENDOR IMPLICATIONS: Each third-party sharing relationship should be governed by a data processing agreement or comparable contract that specifies permitted uses, security requirements, and deletion obligations. Retail partners receiving Afterpay customer data should be assessed as data processors or joint controllers depending on the nature of the sharing arrangement. COMPLIANCE CONSIDERATIONS: Compliance teams should audit all active third-party data sharing relationships against the categories disclosed in the notice and verify that opt-out mechanisms are operational and effective. GLBA-compliant opt-out notices should be assessed for adequacy. Any sharing classified as a 'sale' under state law requires a functioning opt-out link or mechanism.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
For a buy-now-pay-later provider handling financial and purchase data, the scope of third-party sharing determines how broadly your financial behavior and personal details may flow to retail partners, data analytics providers, and other entities.
Your financial transaction data, purchase history, and personal information may be shared with Afterpay's retail partners, affiliates, service providers, and potentially other third parties depending on the terms of the sharing section. The specific categories of recipients and the conditions under which sharing occurs are disclosed in the policy but were not fully readable in the provided document.
ConductAtlas has identified this type of provision across 24 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Afterpay.