For certain Cash App services related to staff management, the policy states that Cash App may collect your employee ID, job title, salary, paystubs, work schedule, timecard data, and benefits enrollment information.
This analysis describes what Cash App's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The collection of salary information, paystubs, benefits enrollment data, and timecard records represents a category of sensitive financial and employment data that extends beyond standard payment app data collection and may interact with payroll data privacy requirements and GLBA depending on use.
Interpretive note: The applicability of HIPAA to benefits enrollment data and the scope of state employment privacy law requirements for this collection depend on the specific services and jurisdictions involved.
The updated policy establishes that children under 13 may use Cash App services if a parent or guardian signs up for or authorizes the account on their behalf. Previously, the policy explicitly prohibited any use by children under 13. The revised language clarifies that data deletion obligations apply when Cash App learns an account belongs to an unauthorized child under 13, but does not specify what happens to data from authorized child accounts or how parental oversight operates. A separate Privacy Notice for Children is referenced but not included in the change summary.
View change record →The revised policy shifts from prohibiting all children under 13 from using Cash App to permitting use when a parent or guardian explicitly authorizes or signs up for the service on the child's behalf. This creates a new lawful use path for families, but also establishes a distinction between authorized and unauthorized child accounts. The policy states that if a child under 13 operates an unauthorized account, Cash App will delete collected data upon discovery. Parents or guardians who authorize services should review the new Privacy Notice for Children for details on how child data is processed.
View change record →The updated terms state that children under 13 can no longer use Cash App, eliminating a path that previously existed for parents to authorize accounts on behalf of younger children. The revised language no longer references a separate Privacy Notice for Children, consolidating all child data handling disclosures into the main policy. If Cash App collects data and later learns it came from a child under 13, the policy requires deletion of that data, though the updated language broadens this obligation by removing the phrase 'for an unauthorized account', potentially extending deletion requirements beyond accounts that were never authorized.
View change record →New comprehensive disclosure of employment data collection through staff management features, including sensitive payroll and scheduling information.
View full change record →The policy states that employment information including salary, paystubs, benefits enrollment, and timecard data may be collected for staff management features; users who are employees whose data is processed through Cash App's employer-facing tools should be aware this data is collected and retained subject to the terms of this notice.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Cash App has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Employment information. In order to provide you with certain Services, such as staff management features, we may also need to collect your employee identification number, job title, salary information, hire date, paystub, work schedule, timecard information, and benefits enrollment information.— Excerpt from Cash App's Cash App Privacy Policy
1) REGULATORY LANDSCAPE: Collection and processing of salary, benefits, and payroll data engages state payroll data privacy statutes and may interact with GLBA where this data is used in financial product eligibility determinations. Benefits enrollment information may interact with HIPAA if health benefit elections are included. The CCPA/CPRA classifies employment-related data separately and grants California employees specific rights regarding employer data processing. 2) GOVERNANCE EXPOSURE: Medium. The collection of salary, paystub, and benefits enrollment data for staff management features creates exposure under state employment data privacy laws, particularly in California (CPRA employee data provisions), New York, and Illinois. The breadth of employment data collected (including timecard, schedule, and benefits information) extends beyond basic payment processing and may require separate employee privacy notices in certain jurisdictions. 3) JURISDICTION FLAGS: California employees have specific rights under the CPRA regarding employer processing of their personal information, including access and deletion rights. Illinois employees may have additional rights under BIPA if biometric timekeeping data is involved (though the notice does not explicitly address this). New York SHIELD Act requirements may apply to the storage and security of payroll data. 4) CONTRACT AND VENDOR IMPLICATIONS: Employers using Cash App's staff management features should review their own employee privacy notice obligations and assess whether Cash App's processing of employee data satisfies their obligations as a data controller or employer. Data processing agreements between Cash App (as processor) and employer customers (as controllers) should address employee data rights and breach notification obligations. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the employment data collection described is covered by the same consent mechanism (continued use of services) as other data, or whether separate employee consent or notice is required under applicable employment privacy laws. HIPAA applicability should be evaluated if health benefits enrollment data is collected. California employer privacy notice obligations should be reviewed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The collection of salary information, paystubs, benefits enrollment data, and timecard records represents a category of sensitive financial and employment data that extends beyond standard payment app data collection and may interact with payroll data privacy requirements and GLBA depending on use.
The policy states that employment information including salary, paystubs, benefits enrollment, and timecard data may be collected for staff management features; users who are employees whose data is processed through Cash App's employer-facing tools should be aware this data is collected and retained subject to the terms of this notice.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cash App.