What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This notice engages the CCPA/CPRA (California Privacy Rights Act), which grants California residents rights to access, delete, correct, and opt out of the sale or sharing of personal information, enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General. The explicit collection of facial scans and biometric data engages the Illinois Biometric Information Privacy Act (BIPA) and similar statutes in Texas (CUBI) and Washington, which i…

How does Cash App's Cash App Privacy Policy affect users?

The policy establishes that Cash App collects biometric data including facial scans, government-issued identification numbers including Social Security numbers, precise geolocation, transaction history, and device identifiers. The document authorizes use of collected data for AI and machine learning model training, behavioral and credit risk profiling, and sharing of personal information with data brokers, advertising platforms, credit bureaus, and merchants. Users may exercise data access, del…

How often is Cash App's Cash App Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Cash App updates this document?

Yes. Watcher subscribers ($9.99/month) can add Cash App to their watchlist and receive same-day email alerts whenever this document or any other Cash App document changes.

CA-D-000076

Cash App Privacy Policy

Cash App

Last change detected April 19, 2026 Privacy policy

SHA-256: 53b51c035e73ef9668f… 7 versions captured 7 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Cash App ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

6 High severity

4 Medium severity

0 Low severity

Summary

This document establishes Cash App's data collection and processing practices for users of the Cash App mobile application and website operated by Block, Inc. The policy authorizes collection of Social Security numbers, facial scans, biometric data, bank account numbers, precise location, transaction history, device identifiers, and browsing activity, with authorization to use this data for AI model training, behavioral profiling, creditworthiness assessment, and information sharing with advertisers, data brokers, and credit bureaus. Users in California and other states with designated privacy rights may submit data access, deletion, or opt-out requests through the Cash App privacy rights portal at https://cash.app/legal/us/en-s/privacy.

Technical / Legal Breakdown

This Privacy Notice, effective March 11, 2026, is published by Block, Inc. on behalf of Cash App and governs the collection, use, disclosure, retention, and processing of personal information from users who visit the Cash App website or use the Cash App mobile application and related services, with consent asserted as the operative legal basis through continued use of the services. The notice states that Cash App collects identification information (including government-issued IDs, Social Security numbers, facial scans, and biometric data), financial information (bank account and payment card numbers), precise geolocation, device identifiers, browsing activity, employment information, and transaction history, and authorizes use of this data for purposes including training artificial intelligence and machine learning models, drawing behavioral inferences to build user profiles, credit risk assessment, marketing, and fraud prevention. The notice authorizes sharing personal information with Block affiliates (including Square), identity verification services, credit bureaus, fraud detection partners, merchants, advertising platforms, data brokers, and third-party marketing partners, and discloses receipt of inferred characteristics and advertising segments from data brokers to supplement user profiles; the breadth of AI training use and data broker enrichment provisions are operationally distinct relative to commonly observed financial services privacy practices, though the agreement's assertion of broad consent-based authorization may be constrained by applicable state privacy laws. The notice engages the California Consumer Privacy Act (CCPA/CPRA), the Gramm-Leach-Bliley Act (GLBA) as reflected in the included U.S. Consumer Privacy Notice section, the Illinois Biometric Information Privacy Act (BIPA) given the explicit collection of facial scans and biometric data, the FTC Act, and state biometric privacy statutes; users in California, Illinois, and other states with comprehensive privacy laws have heightened rights under this notice. Material compliance considerations include the adequacy of consent mechanisms for biometric data collection, the scope of AI training authorizations relative to state opt-out requirements, data broker enrichment disclosures, and the retention framework applicable to financial records under GLBA.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

7 important changes detected

7 versions captured · Last updated: April 2026

April 19, 2026

medium

What changed Cash App updated its children's privacy policy on April 19, 2026 to permit parental authorization of services for children under 13, rather than prohibiting their use entirely. Previously, the policy stated that children under 13 could not use Cash App services and that the platform was not directed at children under 13. The revised policy now allows a parent or guardian to sign up for or authorize services on behalf of a child under 13, and establishes that data deletion applies specifically to unauthorized child accounts. A new reference to a separate Privacy Notice for Children was added.

Why this matters The updated policy establishes that children under 13 may use Cash App services if a parent or guardian signs up for or authorizes the account on their behalf. Previously, the policy explicitly prohibited any use by children under 13. The revised language clarifies that data deletion obligations apply when Cash App learns an account belongs to an unauthorized child under 13, but does not specify what happens to data from authorized child accounts or how parental oversight operates. A separate Privacy Notice for Children is referenced but not included in the change summary.

View full change record →

April 18, 2026

low

What changed Cash App's privacy policy now includes a new link labeled 'Your Privacy Choices' in its footer navigation. This addition provides users direct access to privacy control options. The change is a structural addition to the policy document that creates a new entry point for users to manage their privacy preferences.

Why this matters The updated policy now includes a 'Your Privacy Choices' link in the footer navigation, creating a more direct pathway for users to access and manage privacy settings. This change is primarily structural, adding a navigation element rather than modifying substantive privacy rights or data handling practices. The link presumably directs users to controls or disclosures related to their privacy options.

View full change record →

April 10, 2026 medium

Cash App updated its children's privacy terms on April 10, 2026 to permit parental account authorization instead of a blanket prohibition. Previously, the policy stated children under 13 could not …

View change record →

April 3, 2026 low

Cash App's privacy policy was updated on April 3, 2026, with 1 sentence removed and 5 sentences modified. The specific operational changes cannot be determined from the change summary provided, …

View change record →

April 2, 2026 low

Cash App removed a reference to 'Cash App Terms of Service (accounts created prior to June 24, 2021)' from its privacy policy's linked documents section on April 2, 2026. This …

View change record →

March 25, 2026 low

Cash App removed the 'Your Privacy Choices' link from its Privacy Policy navigation on March 25, 2026. This link previously directed users to privacy control options or settings. The removal …

View change record →

March 15, 2026 medium

Cash App updated its policy on children under 13 on March 15, 2026. Previously, the policy permitted parental authorization for children under 13 to use the service; the updated terms …

View change record →

High — 6 provisions

Biometric Data Collection Compare →

Cash App collects your facial scans and extracts biometric information from photographs you submit as part of identity verification. This biometric data is stored and processed alongside your Social Security number and government ID.

Added May 12, 2026 Standard Seen across 251 platforms
AI and Machine Learning Training Using Personal Data Compare →

Cash App states it may use your personal data including transaction history, behavioral data, and profile information to train AI and machine learning models and to draw inferences that build a profile about your credit risk, preferences, and shopping habits.

Added May 12, 2026 Common Seen across 104 platforms
Data Broker and Third-Party Marketing Partner Enrichment

Cash App states it receives inferred characteristics, advertising segments, and interest data about you from data brokers and advertising platforms, and uses this information to supplement the profiles it maintains about you.

Added May 12, 2026 Rare
Credit Risk and Behavioral Profile Inference

Cash App states it uses data collected about you to develop a credit risk profile assessing your creditworthiness and to draw inferences about your preferences, characteristics, and shopping habits.

Added May 12, 2026 Rare
Consent via Continued Use of Services Compare →

The policy states that continuing to use Cash App constitutes consent to all data practices described in the notice, rather than requiring explicit opt-in consent for each practice.

Added May 12, 2026 Standard Seen across 262 platforms
Sharing with Credit Reporting Agencies and Financial Institutions

Cash App states it may exchange your account and credit-related information with credit reporting agencies, credit bureaus, past and present employers, financial institutions, and personal reporting agencies for credit, fraud, and compliance purposes, and may screen your information against sanctions watchlists.

Added May 12, 2026 Rare

Medium — 4 provisions

Precise Geolocation Collection Compare →

Cash App states it may collect the precise location of your device, including through your IP address and mobile device location data, with an option to disable precise geolocation collection in your device settings.

Added May 7, 2026 Standard Seen across 251 platforms
Sharing with Affiliates Including Square

Cash App states it may share your personal information with its parent company Block, Inc. affiliates including Square and other business units within the Block corporate group.

Added May 12, 2026 Rare
Employment Information Collection

For certain Cash App services related to staff management, the policy states that Cash App may collect your employee ID, job title, salary, paystubs, work schedule, timecard data, and benefits enrollment information.

Added May 12, 2026 Rare
Children's Personal Information Compare →

The notice includes a section addressing children's personal information, which is standard for consumer-facing services in the United States subject to COPPA.

Added April 3, 2026 Standard Seen across 251 platforms

Monitoring

Cash App has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle AI and Machine Learning Model Training Using Customer Data and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured April 19, 2026 06:04 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000076

Version ID CA-V-000665

Source URL https://cash.app/legal/us/en-us/privacy

Wayback Machine View external archival references →

SHA-256 53b51c035e73ef9668f8d4fe32e8ba0b4cbd69d7b90f42ca9d06a090aba911d8

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Cash App Privacy Policy

April 19, 2026

April 18, 2026

Monitor governance changes across the platforms you rely on.