What is the severity of this clause?

ConductAtlas classifies this Data Security Practices clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Data Security Practices clauses across approximately 2 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Data Security Practices — Chase

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Chase Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

ⓘ

This analysis describes what Chase's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

While standard security language is typical for financial institutions, this provision does not specify encryption standards, breach notification timelines, or penetration testing frequency, leaving consumers without concrete assurances about the technical rigor of data protection.

Consumer impact (what this means for users)

Chase's privacy policy authorizes the collection of a wide range of personal data including financial account details, device identifiers, location data, and browsing behavior, and permits sharing this data with JPMorgan Chase affiliates and third-party service providers for marketing, analytics, and fraud prevention purposes. For most users, the most immediate practical impact is that their digital activity on Chase platforms may be used to deliver targeted advertising and that their information may flow across the broader JPMorgan Chase enterprise. You can review and adjust your privacy preferences and, if you are a California resident, submit a data deletion or opt-out request through Chase's privacy settings at chase.com or by calling the number provided in the policy.

How other platforms handle this

Mercury Medium

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolu...

Khan Academy Medium

We use appropriate technical, administrative, and physical security measures to protect the personal information we collect and maintain. However, no security measure is perfect, and we cannot guarantee the security of your information.

Equifax High

We use reasonable physical, technical, and administrative measures to protect information about you from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. While we take steps to protect your information, no system is completely secure. We cannot guarantee the securit...

See all platforms with this clause type →

Monitoring

Chase has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
We use physical, electronic, and procedural safeguards to help protect your personal information. We restrict access to personal information to those employees and service providers who need to know that information to process it for us, and who are subject to contractual confidentiality obligations.

— Excerpt from Chase's Chase Privacy Notice

Applicable regulations

GLBA

United States Federal

Provision details

Document information

Document

Chase Privacy Notice

Entity

Chase

Document last updated

May 5, 2026

Tracking information

First tracked

May 7, 2026

Last verified

May 10, 2026

Record ID

CA-P-005691

Document ID

CA-D-00042

Evidence Provenance

Source URL

https://www.chase.com/digital/resources/privacy-security/privacy/online-privacy-policy

Wayback Machine

View archived versions →

Content hash (SHA-256)

c19040bf6cb58212fc1479a9b4816fc1a1f374f3ba310974841b769c987b0bee

Analysis generated

May 7, 2026 23:18 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Chase
Document: Chase Privacy Notice
Record ID: CA-P-005691
Captured: 2026-05-07 23:18:42 UTC
SHA-256: c19040bf6cb58212…
URL: https://conductatlas.com/platform/chase/chase-privacy-notice/data-security-practices/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Affiliate and Third-Party Data Sharing medium
Cookie and Behavioral Tracking medium
Location Data Collection medium
California Consumer Privacy Rights medium
Data Collection from Third Parties medium
Marketing Communications and Opt-Out low

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Chase's Data Security Practices clause do?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.

Is ConductAtlas affiliated with Chase?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Chase.