Cash App states it uses data collected about you to develop a credit risk profile assessing your creditworthiness and to draw inferences about your preferences, characteristics, and shopping habits.
This analysis describes what Cash App's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that credit risk profiles are developed from collected data; if these profiles are used in credit eligibility determinations, they may interact with Fair Credit Reporting Act (FCRA) obligations regarding adverse action notices and consumer dispute rights.
Interpretive note: Whether the credit risk profiles described constitute consumer reports under FCRA depends on how they are used in eligibility determinations, which is not fully specified in the notice.
The updated policy establishes that children under 13 may use Cash App services if a parent or guardian signs up for or authorizes the account on their behalf. Previously, the policy explicitly prohibited any use by children under 13. The revised language clarifies that data deletion obligations apply when Cash App learns an account belongs to an unauthorized child under 13, but does not specify what happens to data from authorized child accounts or how parental oversight operates. A separate Privacy Notice for Children is referenced but not included in the change summary.
View change record →The revised policy shifts from prohibiting all children under 13 from using Cash App to permitting use when a parent or guardian explicitly authorizes or signs up for the service on the child's behalf. This creates a new lawful use path for families, but also establishes a distinction between authorized and unauthorized child accounts. The policy states that if a child under 13 operates an unauthorized account, Cash App will delete collected data upon discovery. Parents or guardians who authorize services should review the new Privacy Notice for Children for details on how child data is processed.
View change record →The updated terms state that children under 13 can no longer use Cash App, eliminating a path that previously existed for parents to authorize accounts on behalf of younger children. The revised language no longer references a separate Privacy Notice for Children, consolidating all child data handling disclosures into the main policy. If Cash App collects data and later learns it came from a child under 13, the policy requires deletion of that data, though the updated language broadens this obligation by removing the phrase 'for an unauthorized account', potentially extending deletion requirements beyond accounts that were never authorized.
View change record →New explicit disclosure that Cash App creates credit risk profiles and behavioral inferences about users to assess creditworthiness and maintain profiles of personal characteristics.
View full change record →The policy states that Cash App develops credit risk profiles and draws behavioral inferences from collected data; users who are denied or restricted from certain financial products or services based on these profiles may have rights under the FCRA to receive adverse action notices and dispute inaccurate information depending on how these profiles are used.
How other platforms handle this
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
We process the information you share with us when you create your profile or send messages. This includes photos, videos, messages, and other content you share on the platform. We may use this content to improve our services, ensure safety, and comply with legal obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Cash App has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Developing a credit risk profile about you to assess your creditworthiness; Drawing inferences from any of the information we collect to create a profile about you that may reflect, for example, your credit risk profile, your preferences, characteristics, shopping habits, and other behavior, to enhance our Services to you and maintain a trusted environment;— Excerpt from Cash App's Cash App Privacy Policy
1) REGULATORY LANDSCAPE: The development of credit risk profiles from collected data engages the Fair Credit Reporting Act (FCRA) if such profiles constitute consumer reports used in credit eligibility determinations, enforced by the CFPB and FTC. The Equal Credit Opportunity Act (ECOA) applies to credit decisions based on inferred characteristics and prohibits discrimination based on protected classes. The CCPA/CPRA classifies credit information as sensitive personal information with associated consumer rights. 2) GOVERNANCE EXPOSURE: High. The combination of credit risk profiling drawn from behavioral inferences, transaction history, and data broker enrichment data creates material FCRA exposure if the resulting profiles influence credit, deposit account, or related eligibility determinations. The notice does not describe whether these profiles constitute consumer reports under FCRA or whether adverse action procedures apply. 3) JURISDICTION FLAGS: FCRA applies federally to all US users where credit risk profiles are used in credit eligibility determinations. California residents have CPRA rights over credit information as sensitive personal information. Users subject to adverse financial decisions based on inferred profiles may have rights across all US jurisdictions under FCRA and ECOA. 4) CONTRACT AND VENDOR IMPLICATIONS: If credit risk profiles derived from behavioral inferences are shared with or used by affiliate or third-party lenders, credit underwriting agreements must address FCRA consumer report handling requirements. The notice's reference to credit bureaus as both sources and recipients of data creates a bilateral credit data relationship that requires FCRA compliance review. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether credit risk profiles developed from behavioral inferences constitute consumer reports under FCRA and whether adverse action notice procedures are required. The use of data broker-enriched inferred data in credit risk profiling should be assessed for ECOA compliance. CFPB supervisory expectations for fintech credit risk modeling should be reviewed against the scope of inference drawing described in the notice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that credit risk profiles are developed from collected data; if these profiles are used in credit eligibility determinations, they may interact with Fair Credit Reporting Act (FCRA) obligations regarding adverse action notices and consumer dispute rights.
The policy states that Cash App develops credit risk profiles and draws behavioral inferences from collected data; users who are denied or restricted from certain financial products or services based on these profiles may have rights under the FCRA to receive adverse action notices and dispute inaccurate information depending on how these profiles are used.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cash App.