What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This notice engages the CCPA/CPRA (California Privacy Rights Act), which grants California residents rights to access, delete, correct, and opt out of the sale or sharing of personal information, enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General. The explicit collection of facial scans and biometric data engages the Illinois Biometric Information Privacy Act (BIPA) and similar statutes in Texas (CUBI) and Washington, which i…

How does Cash App's Cash App Privacy Policy affect users?

The policy establishes that Cash App collects biometric data including facial scans, government-issued identification numbers including Social Security numbers, precise geolocation, transaction history, and device identifiers. The document authorizes use of collected data for AI and machine learning model training, behavioral and credit risk profiling, and sharing of personal information with data brokers, advertising platforms, credit bureaus, and merchants. Users may exercise data access, del…

How often is Cash App's Cash App Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Cash App updates this document?

Yes. Monitor subscribers ($19/month) can add Cash App to their watchlist and receive same-day email alerts whenever this document or any other Cash App document changes.

CA-D-000076

Cash App Privacy Policy

Cash App

Last change detected June 5, 2026 Privacy policy

SHA-256: 6e7ecd5458e53935f02… 8 versions captured 8 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Cash App ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

6 High severity

4 Medium severity

0 Low severity

Summary

This document establishes Cash App's data collection and processing practices for users of the Cash App mobile application and website operated by Block, Inc. The policy authorizes collection of Social Security numbers, facial scans, biometric data, bank account numbers, precise location, transaction history, device identifiers, and browsing activity, with authorization to use this data for AI model training, behavioral profiling, creditworthiness assessment, and information sharing with advertisers, data brokers, and credit bureaus. Users in California and other states with designated privacy rights may submit data access, deletion, or opt-out requests through the Cash App privacy rights portal at https://cash.app/legal/us/en-s/privacy.

Technical / Legal Breakdown

This Privacy Notice, effective March 11, 2026, is published by Block, Inc. on behalf of Cash App and governs the collection, use, disclosure, retention, and processing of personal information from users who visit the Cash App website or use the Cash App mobile application and related services, with consent asserted as the operative legal basis through continued use of the services. The notice states that Cash App collects identification information (including government-issued IDs, Social Security numbers, facial scans, and biometric data), financial information (bank account and payment card numbers), precise geolocation, device identifiers, browsing activity, employment information, and transaction history, and authorizes use of this data for purposes including training artificial intelligence and machine learning models, drawing behavioral inferences to build user profiles, credit risk assessment, marketing, and fraud prevention. The notice authorizes sharing personal information with Block affiliates (including Square), identity verification services, credit bureaus, fraud detection partners, merchants, advertising platforms, data brokers, and third-party marketing partners, and discloses receipt of inferred characteristics and advertising segments from data brokers to supplement user profiles; the breadth of AI training use and data broker enrichment provisions are operationally distinct relative to commonly observed financial services privacy practices, though the agreement's assertion of broad consent-based authorization may be constrained by applicable state privacy laws. The notice engages the California Consumer Privacy Act (CCPA/CPRA), the Gramm-Leach-Bliley Act (GLBA) as reflected in the included U.S. Consumer Privacy Notice section, the Illinois Biometric Information Privacy Act (BIPA) given the explicit collection of facial scans and biometric data, the FTC Act, and state biometric privacy statutes; users in California, Illinois, and other states with comprehensive privacy laws have heightened rights under this notice. Material compliance considerations include the adequacy of consent mechanisms for biometric data collection, the scope of AI training authorizations relative to state opt-out requirements, data broker enrichment disclosures, and the retention framework applicable to financial records under GLBA.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

8 important changes detected

8 versions captured · Last updated: June 2026

June 5, 2026

low

What changed Cash App updated its Privacy Policy on June 5, 2026 to add a reference to the 'Cash App Tag Limited Warranty and Return Policy' in the list of related legal documents. This change adds a hyperlink to a new or newly referenced warranty and return policy document that was not previously listed in the policy's footer navigation. The practical effect is that users now have direct access to information about product warranties and return procedures through the privacy policy's documentation hub.

Why this matters The updated privacy policy now includes a reference to the 'Cash App Tag Limited Warranty and Return Policy' in its list of related legal documents. This addition provides users with direct navigation to warranty and return information, but does not change the substantive privacy rights or data handling practices described in the policy itself.

View full change record →

April 19, 2026

medium

What changed Cash App updated its children's privacy policy on April 19, 2026 to permit parental authorization of services for children under 13, rather than prohibiting their use entirely. Previously, the policy stated that children under 13 could not use Cash App services and that the platform was not directed at children under 13. The revised policy now allows a parent or guardian to sign up for or authorize services on behalf of a child under 13, and establishes that data deletion applies specifically to unauthorized child accounts. A new reference to a separate Privacy Notice for Children was added.

Why this matters The updated policy establishes that children under 13 may use Cash App services if a parent or guardian signs up for or authorizes the account on their behalf. Previously, the policy explicitly prohibited any use by children under 13. The revised language clarifies that data deletion obligations apply when Cash App learns an account belongs to an unauthorized child under 13, but does not specify what happens to data from authorized child accounts or how parental oversight operates. A separate Privacy Notice for Children is referenced but not included in the change summary.

View full change record →

April 18, 2026 low

Cash App's privacy policy now includes a new link labeled 'Your Privacy Choices' in its footer navigation. This addition provides users direct access to privacy control options. The change is …

View change record →

April 10, 2026 medium

Cash App updated its children's privacy terms on April 10, 2026 to permit parental account authorization instead of a blanket prohibition. Previously, the policy stated children under 13 could not …

View change record →

April 3, 2026 low

Cash App's privacy policy was updated on April 3, 2026, with 1 sentence removed and 5 sentences modified. The specific operational changes cannot be determined from the change summary provided, …

View change record →

April 2, 2026 low

Cash App removed a reference to 'Cash App Terms of Service (accounts created prior to June 24, 2021)' from its privacy policy's linked documents section on April 2, 2026. This …

View change record →

March 25, 2026 low

Cash App removed the 'Your Privacy Choices' link from its Privacy Policy navigation on March 25, 2026. This link previously directed users to privacy control options or settings. The removal …

View change record →

March 15, 2026 medium

Cash App updated its policy on children under 13 on March 15, 2026. Previously, the policy permitted parental authorization for children under 13 to use the service; the updated terms …

View change record →

Recent Provision Changes Jun 5, 2026

Added (6)

AI and Machine Learning Training Using Personal Data High

New explicit disclosure that Cash App trains AI and machine learning models on user data and creates behavioral profiles for service enhancement.

Data Broker and Third-Party Marketing Partner Enrichment High

New disclosure revealing that Cash App obtains third-party data from data brokers and advertising platforms to supplement customer profiles, going beyond previous advertiser sharing provisions.

Credit Risk and Behavioral Profile Inference High

New explicit disclosure that Cash App creates credit risk profiles and behavioral inferences about users to assess creditworthiness and maintain profiles of personal characteristics.

Sharing with Affiliates Including Square Medium

New explicit disclosure specifying data sharing with Square and other affiliated business units, clarifying corporate data flows within Block's ecosystem.

Employment Information Collection Medium

New comprehensive disclosure of employment data collection through staff management features, including sensitive payroll and scheduling information.

Removed (6)

Third-Party Advertiser Data Sharing

Removal of this provision may indicate consolidation into more specific provisions like 'Data Broker and Third-Party Marketing Partner Enrichment,' though the empty excerpt makes its original scope unclear.

Law Enforcement and Government Disclosure

Removal of explicit law enforcement disclosure provision (though such disclosures typically remain required by law), and the empty excerpt obscures what safeguards were previously stated.

Collection of Financial Account and Payment Card Data

Removal of explicit financial account and payment card data collection disclosure; this core Cash App functionality disclosure loss is significant despite the empty excerpt.

State-Specific Consumer Privacy Rights

Removal of state-specific privacy rights provision; users lose explicit reference to CCPA, VCCPA, and other state law consumer rights previously disclosed.

Data Retention Policy

Removal of data retention policy provision means users are no longer informed of how long Cash App retains their personal data.

Modified (4)

Biometric Data Collection

Previous version had empty excerpt; current version now specifies detailed collection of facial scans, biometric data, and government IDs for verification purposes.

Consent via Continued Use of Services

Previous version had empty excerpt; current version now explicitly states that continued service use constitutes consent to all privacy practices.

Precise Geolocation Collection

Previous version had empty excerpt; current version now provides detailed description of precise geolocation collection and mentions opt-out mechanisms.

Children's Personal Information

Previous provision was 'Children's Data Collection (Ages 13 and Up)' with empty excerpt; current version uses simplified heading without age specification detail.

View full change record →

High — 6 provisions

Biometric Data Collection Compare →

Cash App collects your facial scans and extracts biometric information from photographs you submit as part of identity verification. This biometric data is stored and processed alongside your Social Security number and government ID.

Added May 12, 2026 Standard Seen across 284 platforms
AI and Machine Learning Training Using Personal Data Compare →

Cash App states it may use your personal data including transaction history, behavioral data, and profile information to train AI and machine learning models and to draw inferences that build a profile about your credit risk, preferences, and shopping habits.

Added May 12, 2026 Standard Seen across 284 platforms
Data Broker and Third-Party Marketing Partner Enrichment Compare →

Cash App states it receives inferred characteristics, advertising segments, and interest data about you from data brokers and advertising platforms, and uses this information to supplement the profiles it maintains about you.

Added May 12, 2026 Standard Seen across 284 platforms
Credit Risk and Behavioral Profile Inference Compare →

Cash App states it uses data collected about you to develop a credit risk profile assessing your creditworthiness and to draw inferences about your preferences, characteristics, and shopping habits.

Added May 12, 2026 Standard Seen across 284 platforms
Consent via Continued Use of Services Compare →

The policy states that continuing to use Cash App constitutes consent to all data practices described in the notice, rather than requiring explicit opt-in consent for each practice.

Added May 12, 2026 Standard Seen across 262 platforms
Sharing with Credit Reporting Agencies and Financial Institutions Compare →

Cash App states it may exchange your account and credit-related information with credit reporting agencies, credit bureaus, past and present employers, financial institutions, and personal reporting agencies for credit, fraud, and compliance purposes, and may screen your information against sanctions watchlists.

Added May 12, 2026 Standard Seen across 284 platforms

Medium — 4 provisions

Precise Geolocation Collection Compare →

Cash App states it may collect the precise location of your device, including through your IP address and mobile device location data, with an option to disable precise geolocation collection in your device settings.

Added May 7, 2026 Standard Seen across 284 platforms
Sharing with Affiliates Including Square Compare →

Cash App states it may share your personal information with its parent company Block, Inc. affiliates including Square and other business units within the Block corporate group.

Added May 12, 2026 Standard Seen across 284 platforms
Employment Information Collection Compare →

For certain Cash App services related to staff management, the policy states that Cash App may collect your employee ID, job title, salary, paystubs, work schedule, timecard data, and benefits enrollment information.

Added May 12, 2026 Standard Seen across 284 platforms
Children's Personal Information Compare →

The notice includes a section addressing children's personal information, which is standard for consumer-facing services in the United States subject to COPPA.

Added April 3, 2026 Standard Seen across 284 platforms

Monitoring

Cash App has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI and Machine Learning Model Training Using Customer Data and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured June 5, 2026 00:12 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000076

Version ID CA-V-003433

Source URL https://cash.app/legal/us/en-us/privacy

Wayback Machine View external archival references →

SHA-256 6e7ecd5458e53935f02980202a1ffeb67abf0aeb9f166cdac0a76fc17ac7a311

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Cash App Privacy Policy

June 5, 2026

April 19, 2026

Recent Provision Changes Jun 5, 2026

Monitor governance changes across the platforms you rely on.