Cash App Privacy Policy — Cash App

8 Total

5 High severity

3 Medium severity

0 Low severity

Summary

This is Cash App's privacy policy, which explains exactly what personal information — including your Social Security number, facial scans, bank account numbers, precise location, and transaction history — Cash App collects, shares with partners and data brokers, and uses to build behavioral profiles about you. The most important thing for everyday users is that Cash App explicitly states it uses your personal data to train AI and machine learning models, and purchases additional data about you from third-party data brokers to build advertising profiles, without a clear opt-out mechanism described in the main policy. California residents and users in states with biometric privacy laws should review their rights under the 'Additional Information for Residents of Certain U.S. States' section and consider limiting permissions such as precise location and contact list access in their device settings.

Technical Summary

This Privacy Notice, effective March 11, 2026, governs Block, Inc.'s (Cash App) collection, use, disclosure, and retention of personal information from US users of the Cash App mobile application and website, operating under a consent-based framework whereby continued use of the Services constitutes agreement to the described data practices. The Notice creates significant obligations for Cash App to collect extensive categories of personal data including government-issued identification, Social Security numbers, biometric/facial scan data, precise geolocation, financial account numbers, employment information, and behavioral profiles, while disclosing this data to affiliates, credit bureaus, fraud partners, merchants, advertising partners, and data brokers. Notable provisions include the use of user data to train AI and machine learning models, collection of inferred characteristics from third-party data brokers to build behavioral profiles, and the sharing of biometric information for identity verification — practices that deviate from minimal-collection norms and create heightened risk under state biometric and consumer privacy laws. The document engages the GLBA, FCRA, CCPA/CPRA, state biometric privacy laws (including BIPA), COPPA, and FTC Act Section 5, with primary enforcement exposure from the CFPB (as a financial services provider), FTC, and State Attorneys General; material compliance considerations include the adequacy of consent mechanisms for biometric data collection, the lawfulness of using customer data for AI model training without explicit opt-in, and the breadth of third-party data broker sourcing and advertising profiling.

Institutional Analysis

REGULATORY EXPOSURE: This Notice engages multiple federal and state regulatory frameworks: the Gramm-Leach-Bliley Act (GLBA, 15 U.S.C. §6801 et seq.) and its implementing Safeguards Rule (16 C.F.R. Part 314) govern financial data handling; the Fair Credit Reporting Act (FCRA, 15 U.S.C. §1681) is im…

🔒

Compliance intelligence locked

Regulatory exposure, material risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Evidence Provenance

Captured April 3, 2026 05:22 UTC

Document ID CA-D-000076

Version ID CA-V-000434

Source URL https://cash.app/legal/us/en-us/privacy

Wayback Machine View archived versions →

SHA-256 fbc9bccc041058e8592e596fc08cbd0093868bc569ea1a33c38bc42895554982

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Change Timeline

April 3, 2026 — Document updated low

Cash App made a minor formatting and structural update to the header of their Privacy Notice, consolidating how the effective date and annotation guide language is presented. The document previously had these elements presented separately, but now combines them into a single introductory block. This is a cosmetic reorganization and does not change any substantive privacy rights or data practices.

· 1 removed · 1 modified
View changes → View record →
fbc9bccc…
April 2, 2026 — Document updated medium

Cash App updated its privacy policy on April 2, 2026, by removing a reference to the 'Cash App Terms of Service (accounts created prior to June 24, 2021)' from its navigation or linked documents list. This legacy terms link, which applied to older accounts, no longer appears in the updated document. This matters to users who created their Cash App accounts before June 24, 2021, as the specific terms governing their accounts may now be harder to locate or may no longer be formally referenced.

· 1 modified
View changes → View record →
74ae25fa…
March 25, 2026 — Document updated medium

Cash App updated their privacy policy on March 25, 2026 by removing the 'Your Privacy Choices' link from the footer navigation of the document. Previously, users could find a direct link to privacy preference options within the policy's navigation. This link is no longer present, which may make it harder for users to find and exercise their privacy choices.

· 1 modified
View changes → View record →
071936a6…
March 15, 2026 — Initial capture

First snapshot archived

07e7429a…

Analyzed Changes

3 changes analyzed since monitoring began.

Updated April 3, 2026

low

What changed Cash App updated their Cash App Privacy Policy on April 03, 2026. Change detected: 1 sentence(s) removed, 1 sentence(s) modified. Document contained 192 sentences after update.

Consumer impact Cash App reorganized the opening header of their Privacy Notice, merging the effective date and annotation guide note into a single introductory section. This change does not affect how your personal data is collected, used, or shared. No action is needed from consumers as a result of this update.

Why it matters This change is purely cosmetic and does not affect how Cash App handles user data or what rights users have. It is included for completeness in policy change tracking.

Updated April 2, 2026

medium

What changed Cash App updated their Cash App Privacy Policy on April 02, 2026. Change detected: 1 sentence(s) modified. Document contained 193 sentences after update.

Consumer impact Cash App removed the reference to the 'Cash App Terms of Service (accounts created prior to June 24, 2021)' from its policy document, meaning users who created accounts before that date may no longer easily find the specific terms that govern their accounts. This could reduce transparency for older account holders who relied on that document link to understand their rights and obligations. You can contact Cash App support directly to request the applicable terms for your account if it was created before June 24, 2021.

Why it matters Users who opened Cash App accounts before June 24, 2021, may no longer easily find the specific terms that govern their accounts, reducing transparency. If those legacy terms contained different rights or protections, their removal from the policy could disadvantage older account holders.

Updated March 25, 2026

medium

What changed Cash App updated their Cash App Privacy Policy on March 25, 2026. Change detected: 1 sentence(s) modified. Document contained 193 sentences after update.

Consumer impact Cash App removed the 'Your Privacy Choices' link from the navigation section of its Privacy Policy, making it less straightforward for users to locate and exercise their data privacy preferences. This is particularly relevant for California residents who have statutory rights to opt out of data selling or sharing under CCPA. You can still search Cash App's website or settings menu directly for privacy preference controls, though the direct policy navigation shortcut is no longer available.

Why it matters Removing the 'Your Privacy Choices' link makes it harder for consumers — especially California residents with CCPA rights — to find and exercise control over how their data is used. This could signal reduced transparency around privacy preference management.

High Severity — 5 provisions

Biometric and Facial Scan Data Collection
Cash App collects facial scans and biometric information extracted from photographs you submit for identity verification purposes. This data is categorized as 'Additional Identification Information' alongside your Social Security number and government-issued ID.

Added April 1, 2026
AI and Machine Learning Model Training Using Customer Data
Cash App explicitly states that your personal data is used to train artificial intelligence and machine learning models as part of 'improving, personalizing and facilitating your use of our Services.' There is no opt-out mechanism specifically described for this use in the main policy.

Added April 1, 2026
Third-Party Data Broker Sourcing for Behavioral Profiling
Cash App purchases data about you from third-party advertisers, data brokers, and advertising platforms to build or enhance behavioral profiles, including your inferred interests, preferences, advertising segments, and characteristics — even if you never provided this information directly to Cash App.

Added April 1, 2026
Credit Risk Profiling and Inference Drawing
Cash App explicitly states it uses your personal information to develop a 'credit risk profile' about you and to draw inferences to create a behavioral profile reflecting your credit risk, preferences, shopping habits, and other characteristics. This profiling is used to enhance services and maintain a 'trusted environment.'

Added April 1, 2026
Consent-by-Use-of-Service Mechanism
Cash App's policy states that 'by continuing to interact with our Services, you are consenting to the practices described in this Privacy Notice' — meaning simply using the app is treated as consent to all data collection and use practices described, including biometric collection and AI training.

Added April 1, 2026

Medium Severity — 3 provisions

Broad Affiliate and Third-Party Data Sharing
Cash App shares your personal data with a wide range of parties including Block, Inc. affiliates (such as Square), credit bureaus, fraud detection partners, merchants you transact with, advertising partners, and third-party service providers. Transaction data and payment history may be shared with merchants.

Added April 1, 2026
Precise Geolocation Data Collection
Cash App collects precise geolocation information from your mobile device, including your IP address and network provider location. This is in addition to general location information and may be collected through automated tracking technologies.

Added April 1, 2026
Children's Personal Information
Cash App's Privacy Notice includes a dedicated section on children's personal information, indicating the company has policies addressing minors. The Services are subject to age restrictions, and the policy addresses how children's data is handled.

Added April 1, 2026