Cash App states it receives inferred characteristics, advertising segments, and interest data about you from data brokers and advertising platforms, and uses this information to supplement the profiles it maintains about you.
This analysis describes what Cash App's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that profiles maintained about Cash App users may be enriched with externally sourced inferred characteristics and advertising segments from data brokers, which goes beyond transactional data collection and engages CCPA/CPRA rights to know about third-party data sources and opt out of their use.
The updated policy establishes that children under 13 may use Cash App services if a parent or guardian signs up for or authorizes the account on their behalf. Previously, the policy explicitly prohibited any use by children under 13. The revised language clarifies that data deletion obligations apply when Cash App learns an account belongs to an unauthorized child under 13, but does not specify what happens to data from authorized child accounts or how parental oversight operates. A separate Privacy Notice for Children is referenced but not included in the change summary.
View change record →The revised policy shifts from prohibiting all children under 13 from using Cash App to permitting use when a parent or guardian explicitly authorizes or signs up for the service on the child's behalf. This creates a new lawful use path for families, but also establishes a distinction between authorized and unauthorized child accounts. The policy states that if a child under 13 operates an unauthorized account, Cash App will delete collected data upon discovery. Parents or guardians who authorize services should review the new Privacy Notice for Children for details on how child data is processed.
View change record →The updated terms state that children under 13 can no longer use Cash App, eliminating a path that previously existed for parents to authorize accounts on behalf of younger children. The revised language no longer references a separate Privacy Notice for Children, consolidating all child data handling disclosures into the main policy. If Cash App collects data and later learns it came from a child under 13, the policy requires deletion of that data, though the updated language broadens this obligation by removing the phrase 'for an unauthorized account', potentially extending deletion requirements beyond accounts that were never authorized.
View change record →New disclosure revealing that Cash App obtains third-party data from data brokers and advertising platforms to supplement customer profiles, going beyond previous advertiser sharing provisions.
View full change record →Cash App states it receives inferred characteristics, advertising segments, and interest and preference data from data brokers and advertising platforms to supplement user profiles; California residents have the right to know about these third-party data sources and the right to opt out of the sale or sharing of personal information under the CCPA/CPRA.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Cash App has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Third-Party Marketing and Advertising partners. Information about you may be collected from third party partners such as advertisers, data brokers, or advertising platforms. The information we receive from these sources may include inferred characteristics, advertising segments, interests, preferences, or other data used to enhance or supplement the profiles we maintain about our customers.— Excerpt from Cash App's Cash App Privacy Policy
1) REGULATORY LANDSCAPE: The CCPA/CPRA requires disclosure of categories of third-party sources from which personal information is collected, including data brokers, and grants California residents the right to opt out of the sale or sharing of personal information. The FTC Act applies to data broker practices and may apply to the use of third-party inferred data in ways that are materially inconsistent with user expectations in a financial services context. Several states including Texas, Montana, and others have enacted or proposed data broker registration and consumer opt-out requirements. 2) GOVERNANCE EXPOSURE: High. The explicit disclosure that data broker-sourced inferred characteristics and advertising segments are used to supplement user profiles in a financial services context creates CCPA/CPRA exposure regarding the adequacy of opt-out mechanisms and the completeness of the list of third-party sources disclosed. The combination of financial transaction data with data broker enrichment also raises potential questions under GLBA regarding secondary use of nonpublic personal information. 3) JURISDICTION FLAGS: California residents have existing CPRA rights to opt out of data broker-sourced sharing and to request disclosure of specific third-party sources. Colorado, Connecticut, and Virginia residents may have similar rights under applicable state comprehensive privacy laws. Data broker registration laws in California and Vermont may require that entities receiving data broker information meet specific compliance requirements. 4) CONTRACT AND VENDOR IMPLICATIONS: Data broker and advertising platform vendor contracts should be reviewed to confirm that inferred data received is covered by appropriate data processing agreements and that data broker sources are sufficiently identified to meet CCPA/CPRA 'categories of sources' disclosure requirements. The notice identifies the category of sources broadly but does not name specific data broker vendors, which may require supplemental disclosure upon consumer rights requests. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a registry of data broker and advertising platform sources from which user profile enrichment data is received. The opt-out mechanism for sale or sharing of personal information should be tested to confirm it applies to data broker-sourced enrichment data as well as Cash App-originated data. GLBA analysis should assess whether data broker enrichment falls within or outside permitted secondary use of nonpublic personal information.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that profiles maintained about Cash App users may be enriched with externally sourced inferred characteristics and advertising segments from data brokers, which goes beyond transactional data collection and engages CCPA/CPRA rights to know about third-party data sources and opt out of their use.
Cash App states it receives inferred characteristics, advertising segments, and interest and preference data from data brokers and advertising platforms to supplement user profiles; California residents have the right to know about these third-party data sources and the right to opt out of the sale or sharing of personal information under the CCPA/CPRA.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cash App.