10 Total
6 High severity
4 Medium severity
0 Low severity
Summary

This document establishes Cash App's data collection and processing practices for users of the Cash App mobile application and website operated by Block, Inc. The policy authorizes collection of Social Security numbers, facial scans, biometric data, bank account numbers, precise location, transaction history, device identifiers, and browsing activity, with authorization to use this data for AI model training, behavioral profiling, creditworthiness assessment, and information sharing with advertisers, data brokers, and credit bureaus. Users in California and other states with designated privacy rights may submit data access, deletion, or opt-out requests through the Cash App privacy rights portal at https://cash.app/legal/us/en-s/privacy.

Technical / Legal Breakdown

This Privacy Notice, effective March 11, 2026, is published by Block, Inc. on behalf of Cash App and governs the collection, use, disclosure, retention, and processing of personal information from users who visit the Cash App website or use the Cash App mobile application and related services, with consent asserted as the operative legal basis through continued use of the services. The notice states that Cash App collects identification information (including government-issued IDs, Social Security numbers, facial scans, and biometric data), financial information (bank account and payment card numbers), precise geolocation, device identifiers, browsing activity, employment information, and transaction history, and authorizes use of this data for purposes including training artificial intelligence and machine learning models, drawing behavioral inferences to build user profiles, credit risk assessment, marketing, and fraud prevention. The notice authorizes sharing personal information with Block affiliates (including Square), identity verification services, credit bureaus, fraud detection partners, merchants, advertising platforms, data brokers, and third-party marketing partners, and discloses receipt of inferred characteristics and advertising segments from data brokers to supplement user profiles; the breadth of AI training use and data broker enrichment provisions are operationally distinct relative to commonly observed financial services privacy practices, though the agreement's assertion of broad consent-based authorization may be constrained by applicable state privacy laws. The notice engages the California Consumer Privacy Act (CCPA/CPRA), the Gramm-Leach-Bliley Act (GLBA) as reflected in the included U.S. Consumer Privacy Notice section, the Illinois Biometric Information Privacy Act (BIPA) given the explicit collection of facial scans and biometric data, the FTC Act, and state biometric privacy statutes; users in California, Illinois, and other states with comprehensive privacy laws have heightened rights under this notice. Material compliance considerations include the adequacy of consent mechanisms for biometric data collection, the scope of AI training authorizations relative to state opt-out requirements, data broker enrichment disclosures, and the retention framework applicable to financial records under GLBA.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

9 important changes detected

9 versions captured · Last updated: June 2026

What changed Cash App updated its privacy policy on June 9, 2026 to disclose a new mobile phone plan service offered through partner Gigs Wireless. The updated policy now states that Cash App collects name, email, billing address, phone and device information, subscription details, and usage data for customers who sign up for Cash App Mobile. The policy clarifies that neither Cash App nor Gigs Wireless access the content of phone calls, messages, or internet data. Additionally, the policy expanded language describing data shared by transaction partners to include 'data relating to Service provisioning or usage', and added a reference to Cash App Mobile Terms of Service.
Why this matters The updated policy discloses a new Cash App Mobile phone plan service and describes the types of data Cash App collects from customers who sign up for this service, including name, email, billing address, phone and device information, subscription details, billing data, and usage data. The policy explicitly states that neither Cash App nor Gigs Wireless accesses the content of phone calls, messages, or internet data. This represents disclosure of a new service offering and the data practices associated with it, rather than a material change to existing consumer rights or obligations.
View full change record →
What changed Cash App updated its Privacy Policy on June 5, 2026 to add a reference to the 'Cash App Tag Limited Warranty and Return Policy' in the list of related legal documents. This change adds a hyperlink to a new or newly referenced warranty and return policy document that was not previously listed in the policy's footer navigation. The practical effect is that users now have direct access to information about product warranties and return procedures through the privacy policy's documentation hub.
Why this matters The updated privacy policy now includes a reference to the 'Cash App Tag Limited Warranty and Return Policy' in its list of related legal documents. This addition provides users with direct navigation to warranty and return information, but does not change the substantive privacy rights or data handling practices described in the policy itself.
View full change record →

April 19, 2026 medium

Cash App updated its children's privacy policy on April 19, 2026 to permit parental authorization of services for children under 13, rather than prohibiting their use entirely. Previously, the policy …

View change record →
April 18, 2026 low

Cash App's privacy policy now includes a new link labeled 'Your Privacy Choices' in its footer navigation. This addition provides users direct access to privacy control options. The change is …

View change record →
April 10, 2026 medium

Cash App updated its children's privacy terms on April 10, 2026 to permit parental account authorization instead of a blanket prohibition. Previously, the policy stated children under 13 could not …

View change record →
April 3, 2026 low

Cash App's privacy policy was updated on April 3, 2026, with 1 sentence removed and 5 sentences modified. The specific operational changes cannot be determined from the change summary provided, …

View change record →
April 2, 2026 low

Cash App removed a reference to 'Cash App Terms of Service (accounts created prior to June 24, 2021)' from its privacy policy's linked documents section on April 2, 2026. This …

View change record →
March 25, 2026 low

Cash App removed the 'Your Privacy Choices' link from its Privacy Policy navigation on March 25, 2026. This link previously directed users to privacy control options or settings. The removal …

View change record →
March 15, 2026 medium

Cash App updated its policy on children under 13 on March 15, 2026. Previously, the policy permitted parental authorization for children under 13 to use the service; the updated terms …

View change record →

Recent Provision Changes Jun 9, 2026

10 provisions unchanged.

View full change record →
High — 6 provisions
Medium — 4 provisions

Monitoring

Cash App has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI and Machine Learning Model Training Using Customer Data and similar clauses.

Compare across platforms →
Archival ProvenanceSource & Archival Record
Last Captured June 9, 2026 00:10 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000076
Version ID CA-V-003547
SHA-256 16f34f7be92baffb02d5cad06440c9dee9898682b9e48fac6fd49147f356c3c5
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans