Cash App states it may use your personal data including transaction history, behavioral data, and profile information to train AI and machine learning models and to draw inferences that build a profile about your credit risk, preferences, and shopping habits.
This analysis describes what Cash App's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The authorization to use personal data for AI training is explicit and broad, and the notice does not describe limits on which data categories may be used for this purpose or how long AI-trained models derived from user data are retained.
Interpretive note: The notice does not specify which data categories are included in or excluded from AI training, and the scope of profiling opt-out rights available to non-California users depends on the applicable state law framework.
The updated policy establishes that children under 13 may use Cash App services if a parent or guardian signs up for or authorizes the account on their behalf. Previously, the policy explicitly prohibited any use by children under 13. The revised language clarifies that data deletion obligations apply when Cash App learns an account belongs to an unauthorized child under 13, but does not specify what happens to data from authorized child accounts or how parental oversight operates. A separate Privacy Notice for Children is referenced but not included in the change summary.
View change record →The revised policy shifts from prohibiting all children under 13 from using Cash App to permitting use when a parent or guardian explicitly authorizes or signs up for the service on the child's behalf. This creates a new lawful use path for families, but also establishes a distinction between authorized and unauthorized child accounts. The policy states that if a child under 13 operates an unauthorized account, Cash App will delete collected data upon discovery. Parents or guardians who authorize services should review the new Privacy Notice for Children for details on how child data is processed.
View change record →The updated terms state that children under 13 can no longer use Cash App, eliminating a path that previously existed for parents to authorize accounts on behalf of younger children. The revised language no longer references a separate Privacy Notice for Children, consolidating all child data handling disclosures into the main policy. If Cash App collects data and later learns it came from a child under 13, the policy requires deletion of that data, though the updated language broadens this obligation by removing the phrase 'for an unauthorized account', potentially extending deletion requirements beyond accounts that were never authorized.
View change record →New explicit disclosure that Cash App trains AI and machine learning models on user data and creates behavioral profiles for service enhancement.
View full change record →The policy states that data including transaction history, behavioral data, and inferred characteristics may be used to train AI models and build profiles reflecting credit risk, preferences, and shopping habits; California residents have a right to opt out of profiling under the CPRA, and users in other states with profiling opt-out rights under applicable state laws may also be entitled to limit this use.
How other platforms handle this
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Cash App has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Improving, personalizing and facilitating your use of our Services, content and applications, including by training artificial intelligence (AI) and other machine learning models; Drawing inferences from any of the information we collect to create a profile about you that may reflect, for example, your credit risk profile, your preferences, characteristics, shopping habits, and other behavior, to enhance our Services to you and maintain a trusted environment;— Excerpt from Cash App's Cash App Privacy Policy
1) REGULATORY LANDSCAPE: The CCPA/CPRA grants California residents the right to opt out of automated decision-making and profiling, enforced by the California Privacy Protection Agency. The FTC Act applies to AI-based profiling that could constitute unfair or deceptive practices. Emerging state AI and automated decision-making laws in Colorado, Connecticut, and other jurisdictions may impose additional disclosure and opt-out obligations. The use of financial transaction data for AI training may also interact with GLBA limitations on secondary use of nonpublic personal information. 2) GOVERNANCE EXPOSURE: High. The authorization to train AI models on personal data without a clear opt-out mechanism described in the notice, combined with the inference-drawing provision to build behavioral and credit risk profiles, creates material exposure under CCPA/CPRA profiling opt-out requirements and emerging state AI transparency regulations. The notice does not specify which data categories are excluded from AI training use. 3) JURISDICTION FLAGS: California residents have the strongest existing opt-out rights for automated profiling under CPRA. Colorado (CPA), Connecticut (CTDPA), and Texas (TDPSA) residents may have profiling opt-out rights depending on the nature of decisions made. Users subject to credit decisions based on AI-inferred profiles may have additional rights under the Fair Credit Reporting Act (FCRA) depending on how inferences are used. 4) CONTRACT AND VENDOR IMPLICATIONS: If AI model training is performed by or in conjunction with third-party vendors, data processing agreements must confirm that personal data used for training is not retained by vendors for their own model development. The notice does not address whether AI models trained on user data are shared with affiliates or third parties, which is a relevant vendor and affiliate contract review consideration. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether the AI training authorization is adequately disclosed for CPRA purposes and whether an opt-out mechanism for profiling and automated decision-making is available and prominently surfaced. A data inventory should confirm which personal data categories flow into AI training pipelines. GLBA secondary use limitations should be reviewed against the scope of AI training described in the notice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The authorization to use personal data for AI training is explicit and broad, and the notice does not describe limits on which data categories may be used for this purpose or how long AI-trained models derived from user data are retained.
The policy states that data including transaction history, behavioral data, and inferred characteristics may be used to train AI models and build profiles reflecting credit risk, preferences, and shopping habits; California residents have a right to opt out of profiling under the CPRA, and users in other states with profiling opt-out rights under applicable state laws may also be entitled …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cash App.