The policy states that continuing to use Cash App constitutes consent to all data practices described in the notice, rather than requiring explicit opt-in consent for each practice.
This analysis describes what Cash App's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision clarifies that the Privacy Notice applies to users through continued use rather than requiring separate written consent. It establishes the operational basis for the data practices described throughout the policy to apply to the user relationship.
Interpretive note: The legal adequacy of continued-use consent for specific data practices such as biometric data collection and AI training varies by jurisdiction and applicable statute, and is not resolved by the notice alone.
The updated policy establishes that children under 13 may use Cash App services if a parent or guardian signs up for or authorizes the account on their behalf. Previously, the policy explicitly prohibited any use by children under 13. The revised language clarifies that data deletion obligations apply when Cash App learns an account belongs to an unauthorized child under 13, but does not specify what happens to data from authorized child accounts or how parental oversight operates. A separate Privacy Notice for Children is referenced but not included in the change summary.
View change record →The revised policy shifts from prohibiting all children under 13 from using Cash App to permitting use when a parent or guardian explicitly authorizes or signs up for the service on the child's behalf. This creates a new lawful use path for families, but also establishes a distinction between authorized and unauthorized child accounts. The policy states that if a child under 13 operates an unauthorized account, Cash App will delete collected data upon discovery. Parents or guardians who authorize services should review the new Privacy Notice for Children for details on how child data is processed.
View change record →The updated terms state that children under 13 can no longer use Cash App, eliminating a path that previously existed for parents to authorize accounts on behalf of younger children. The revised language no longer references a separate Privacy Notice for Children, consolidating all child data handling disclosures into the main policy. If Cash App collects data and later learns it came from a child under 13, the policy requires deletion of that data, though the updated language broadens this obligation by removing the phrase 'for an unauthorized account', potentially extending deletion requirements beyond accounts that were never authorized.
View change record →The policy states that simply continuing to use Cash App constitutes consent to all data practices described in the notice; users who object to specific practices such as biometric data collection or AI training should review the opt-out and rights mechanisms in the 'Your Rights and Choices' section rather than relying solely on the consent framing.
How other platforms handle this
By using or accessing the Services, you agree to be bound by this Agreement and acknowledge and agree to the collection, use, and disclosure of your personal information in accordance with DoorDash's Privacy Policy, which is incorporated in this Agreement by reference. You also agree to abide by any...
The Services are not directed to children under 13. If you learn that your child under 13 has created an account on Duolingo, please contact us at privacy@duolingo.com. We do not knowingly collect personally identifiable information from children under the age of 13. Parents or guardians can create ...
By creating a Microsoft account or using the Services, you accept and agree to be bound by these Terms and represent that you have either reached the age of "majority" where you live or your parent or legal guardian agrees to be bound by these Terms on your behalf. If you are the parent or legal gua...
Monitoring
Cash App has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"By continuing to interact with our Services, you are consenting to the practices described in this Privacy Notice.— Excerpt from Cash App's Cash App Privacy Policy
1) REGULATORY LANDSCAPE: The 'consent by continued use' mechanism engages multiple frameworks that impose requirements for more specific forms of consent. BIPA requires separate, written informed consent prior to biometric data collection and does not accept implied consent through service use. The CCPA/CPRA requires opt-in consent for use of sensitive personal information for certain purposes. GDPR consent requirements (applicable to EU users if any) require freely given, specific, informed, and unambiguous consent that cannot be satisfied by a continued-use mechanism alone. 2) GOVERNANCE EXPOSURE: High. Asserting that continued use constitutes valid consent for all practices described in the notice, including biometric data collection, AI training, and data broker enrichment, creates material legal exposure where applicable law requires a higher standard of consent. Courts and regulators have increasingly scrutinized implied or browse-wrap consent mechanisms in the context of sensitive data practices. 3) JURISDICTION FLAGS: Illinois BIPA does not permit implied consent and requires written consent prior to biometric data collection; this provision's assertion of consent by continued use is directly in tension with BIPA's requirements for Illinois users. California's CPRA requires opt-in consent for sensitive personal information uses beyond disclosed purposes. The adequacy of this consent mechanism varies significantly by jurisdiction and data category. 4) CONTRACT AND VENDOR IMPLICATIONS: Vendors and partners receiving data from Cash App should assess whether the consent mechanism described in the notice supports the lawful basis for processing required under their own applicable legal frameworks, particularly for EU, UK, or other jurisdictions where processing requires a more specific consent basis. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether the continued-use consent mechanism is sufficient for each specific data practice described in the notice, with particular attention to biometric data, AI training, and data broker enrichment. Jurisdiction-specific consent audits should identify where explicit opt-in mechanisms are legally required. The notice should be evaluated against the standards of each state privacy law applicable to Cash App's user base.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision clarifies that the Privacy Notice applies to users through continued use rather than requiring separate written consent. It establishes the operational basis for the data practices described throughout the policy to apply to the user relationship.
The policy states that simply continuing to use Cash App constitutes consent to all data practices described in the notice; users who object to specific practices such as biometric data collection or AI training should review the opt-out and rights mechanisms in the 'Your Rights and Choices' section rather than relying solely on the consent framing.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cash App.