Cash App states it may exchange your account and credit-related information with credit reporting agencies, credit bureaus, past and present employers, financial institutions, and personal reporting agencies for credit, fraud, and compliance purposes, and may screen your information against sanctions watchlists.
This analysis describes what Cash App's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy states that Cash App may exchange information with credit bureaus, past and present employers, and personal reporting agencies, which creates a bilateral data relationship where information may both be received from and reported to these entities, with potential consequences for credit reports and financial access.
The updated policy establishes that children under 13 may use Cash App services if a parent or guardian signs up for or authorizes the account on their behalf. Previously, the policy explicitly prohibited any use by children under 13. The revised language clarifies that data deletion obligations apply when Cash App learns an account belongs to an unauthorized child under 13, but does not specify what happens to data from authorized child accounts or how parental oversight operates. A separate Privacy Notice for Children is referenced but not included in the change summary.
View change record →The revised policy shifts from prohibiting all children under 13 from using Cash App to permitting use when a parent or guardian explicitly authorizes or signs up for the service on the child's behalf. This creates a new lawful use path for families, but also establishes a distinction between authorized and unauthorized child accounts. The policy states that if a child under 13 operates an unauthorized account, Cash App will delete collected data upon discovery. Parents or guardians who authorize services should review the new Privacy Notice for Children for details on how child data is processed.
View change record →The updated terms state that children under 13 can no longer use Cash App, eliminating a path that previously existed for parents to authorize accounts on behalf of younger children. The revised language no longer references a separate Privacy Notice for Children, consolidating all child data handling disclosures into the main policy. If Cash App collects data and later learns it came from a child under 13, the policy requires deletion of that data, though the updated language broadens this obligation by removing the phrase 'for an unauthorized account', potentially extending deletion requirements beyond accounts that were never authorized.
View change record →New detailed disclosure of credit reporting agency data sharing and receipt of third-party credit information, expanding financial institution disclosures beyond previous versions.
View full change record →The policy states that your account and credit information may be exchanged with credit bureaus, employers, and financial institutions; if inaccurate information is reported to a credit bureau as a result of this exchange, you may have rights under the FCRA to dispute that information.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Cash App has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Credit, Compliance, and Fraud Partners. Information about you from third parties for any credit investigation, credit eligibility, fraud detection process, or collection procedure, or as may otherwise be required by applicable law. This includes, without limitation, the receipt and exchange of account or credit-related information with any credit reporting agency or credit bureau, where lawful, and any person or corporation with whom you have had, currently have, or may have a financial relationship, including without limitation past, present, and future places of employment, financial institutions, and personal reporting agencies. Your personal information may also be screened against relevant sanctions watchlists.— Excerpt from Cash App's Cash App Privacy Policy
1) REGULATORY LANDSCAPE: The receipt and exchange of account or credit-related information with credit reporting agencies engages the FCRA, enforced by the CFPB and FTC. The FCRA requires that information furnished to consumer reporting agencies be accurate, that consumers receive adverse action notices when credit is denied based on consumer report information, and that consumers have the right to dispute inaccurate information. The mention of sanctions watchlist screening engages OFAC compliance requirements administered by the U.S. Department of the Treasury. 2) GOVERNANCE EXPOSURE: High. The provision authorizes broad bilateral exchange of credit-related information with credit bureaus and personal reporting agencies, as well as screening against sanctions watchlists. If Cash App furnishes information to consumer reporting agencies, it becomes subject to FCRA furnisher obligations including accuracy, investigation of disputes, and correction requirements. The broad scope of the financial relationship category (including past and future employers) is operationally broad. 3) JURISDICTION FLAGS: FCRA applies federally to all US users. OFAC sanctions compliance applies federally. State credit reporting laws in California and New York may impose additional requirements on credit information exchange. Users who are denied financial products or services based on credit information exchanged under this provision have FCRA adverse action rights regardless of state. 4) CONTRACT AND VENDOR IMPLICATIONS: Agreements with credit bureaus and personal reporting agencies should be reviewed to confirm FCRA furnisher obligation compliance. Sanctions screening vendor contracts should address data accuracy, update frequency, and false positive remediation procedures. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that FCRA furnisher procedures are in place for any information reported to consumer reporting agencies, including accuracy verification, dispute investigation, and adverse action notice processes. OFAC sanctions screening procedures should be reviewed for completeness and update frequency. The broad scope of the financial relationship category in this provision should be reviewed for alignment with FCRA permissible purpose requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy states that Cash App may exchange information with credit bureaus, past and present employers, and personal reporting agencies, which creates a bilateral data relationship where information may both be received from and reported to these entities, with potential consequences for credit reports and financial access.
The policy states that your account and credit information may be exchanged with credit bureaus, employers, and financial institutions; if inaccurate information is reported to a credit bureau as a result of this exchange, you may have rights under the FCRA to dispute that information.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cash App.