Cash App states it may share your personal information with its parent company Block, Inc. affiliates including Square and other business units within the Block corporate group.
This analysis describes what Cash App's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy identifies internal affiliates including Square as a category of entities with whom personal data collected through Cash App may be shared, which means data provided to Cash App may flow across Block's broader suite of business and financial services products.
Interpretive note: The notice does not specify which data categories are shared with specific affiliates or the purposes for which each affiliate uses the data, creating ambiguity about the full scope of intragroup sharing.
The updated policy establishes that children under 13 may use Cash App services if a parent or guardian signs up for or authorizes the account on their behalf. Previously, the policy explicitly prohibited any use by children under 13. The revised language clarifies that data deletion obligations apply when Cash App learns an account belongs to an unauthorized child under 13, but does not specify what happens to data from authorized child accounts or how parental oversight operates. A separate Privacy Notice for Children is referenced but not included in the change summary.
View change record →The revised policy shifts from prohibiting all children under 13 from using Cash App to permitting use when a parent or guardian explicitly authorizes or signs up for the service on the child's behalf. This creates a new lawful use path for families, but also establishes a distinction between authorized and unauthorized child accounts. The policy states that if a child under 13 operates an unauthorized account, Cash App will delete collected data upon discovery. Parents or guardians who authorize services should review the new Privacy Notice for Children for details on how child data is processed.
View change record →The updated terms state that children under 13 can no longer use Cash App, eliminating a path that previously existed for parents to authorize accounts on behalf of younger children. The revised language no longer references a separate Privacy Notice for Children, consolidating all child data handling disclosures into the main policy. If Cash App collects data and later learns it came from a child under 13, the policy requires deletion of that data, though the updated language broadens this obligation by removing the phrase 'for an unauthorized account', potentially extending deletion requirements beyond accounts that were never authorized.
View change record →New explicit disclosure specifying data sharing with Square and other affiliated business units, clarifying corporate data flows within Block's ecosystem.
View full change record →The policy states that personal information collected through Cash App may be shared with Block, Inc. group companies including Square; users should be aware that data provided in the context of personal payments may be accessible across Cash App's affiliated business services platforms.
How other platforms handle this
We may make educated guesses about your gender or age. We may also use information we collect about you to help determine the likelihood of you continuing to use the Services in the future.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Cash App has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our group companies, including our other business units such as Square, or affiliates— Excerpt from Cash App's Cash App Privacy Policy
1) REGULATORY LANDSCAPE: Intragroup data sharing within a financial services group engages GLBA, which permits sharing of nonpublic personal information with affiliated entities subject to notice and, in some cases, opt-out requirements. The CCPA/CPRA applies to sharing within a common ownership group if the entities operate under separate brand identities, and users retain the right to opt out of sharing that constitutes a 'sale' or 'sharing' under CPRA. FTC oversight applies to deceptive representations about the scope of affiliate data sharing. 2) GOVERNANCE EXPOSURE: Medium. The notice discloses affiliate sharing broadly but does not specify which categories of personal data are shared with specific affiliates, or the purposes for which each affiliate uses the data. This level of generality may be sufficient under GLBA affiliate disclosure requirements but may require more specificity to satisfy CCPA/CPRA 'categories of third parties' disclosure standards. 3) JURISDICTION FLAGS: California residents have CPRA rights to opt out of sharing with affiliates where that sharing constitutes 'cross-context behavioral advertising.' GLBA affiliate sharing opt-out rights apply to all US residents for certain categories of information. The adequacy of the current disclosure for multi-state compliance should be assessed against each applicable state privacy law. 4) CONTRACT AND VENDOR IMPLICATIONS: Intragroup data sharing agreements between Cash App and Square and other Block affiliates should be reviewed to confirm they address data minimization, purpose limitation, and applicable state privacy law compliance. If affiliates use shared data for their own marketing or product development, additional consumer notice or opt-out mechanisms may be required. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a current inventory of Block affiliate entities that receive Cash App user data and the specific data categories and purposes involved. GLBA affiliate sharing notices should be reviewed for accuracy. CCPA/CPRA 'Do Not Sell or Share My Personal Information' mechanisms should be tested to confirm they apply to affiliate sharing that constitutes cross-context behavioral advertising.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy identifies internal affiliates including Square as a category of entities with whom personal data collected through Cash App may be shared, which means data provided to Cash App may flow across Block's broader suite of business and financial services products.
The policy states that personal information collected through Cash App may be shared with Block, Inc. group companies including Square; users should be aware that data provided in the context of personal payments may be accessible across Cash App's affiliated business services platforms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cash App.