8 Total
0 High severity
5 Medium severity
3 Low severity
Summary

This document establishes Chime's data collection, use, and sharing practices for users of its banking application and website. Chime collects transaction history, location data, device activity, and behavioral information, and discloses that such data is shared with bank partners, service providers, and advertising platforms including Facebook, TikTok, and Google. The policy authorizes California residents to submit opt-out requests regarding the sale or sharing of personal information through Chime's privacy portal or by contacting privacy@chime.com.

Technical / Legal Breakdown

This document is Chime's consumer-facing privacy policy governing the collection, use, and sharing of personal information in connection with its financial technology products and services, operating under a stated framework that includes the federal Gramm-Leach-Bliley Act (GLBA) and applicable state privacy laws. The policy states that Chime collects a broad range of personal data including financial account information, government-issued identification, transaction history, device identifiers, location data, and behavioral data derived from app and website usage; the terms authorize sharing this information with service providers, bank partners (The Bancorp Bank and Stride Bank), marketing partners, and in certain cases third-party advertisers. Notably, the policy discloses use of an extensive array of third-party tracking technologies on its website (including Facebook Pixel, TikTok Pixel, Google Tag Manager, Taboola, Reddit Ads, and LiveRamp identity resolution), which represents a materially broad advertising data ecosystem for a financial services provider; the intersection of financial data and behavioral advertising tracking may warrant evaluation under GLBA's limits on information sharing and FTC Act standards for unfair or deceptive practices. The policy references California Consumer Privacy Act (CCPA) rights for California residents, including the right to know, delete, and opt out of the sale or sharing of personal information; the GLBA's notice and opt-out framework applies to nonpublic personal information shared with nonaffiliated third parties, and the breadth of third-party integrations observed in the page source creates compliance surface area requiring careful mapping of data flows against these frameworks. Material compliance considerations include whether behavioral and device-level data collected through advertising pixels constitutes nonpublic personal information subject to GLBA opt-out requirements, and whether the extent of cross-context behavioral advertising disclosures satisfies CCPA's opt-out of sale or sharing obligations.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

4 important changes detected

4 versions captured · Last updated: June 2026

June 21, 2026

medium
What changed Chime updated its privacy notice on June 21, 2026, with a version change from 08/2017 to 06/2026. The updated notice includes reorganized sharing tables that now separately detail reasons Chime shares customer information, explicit clarification that Chime shares information for joint marketing with other financial companies (previously listed as 'No We don't share'), and reformatted disclosure sections. The most material operational change is the shift in how joint marketing sharing is disclosed: the prior version stated Chime does not share for joint marketing, while the updated version indicates Chime does authorize this sharing, though customers retain the ability to limit it.
Why this matters The updated privacy notice now explicitly discloses that Chime shares customer information with other financial companies for joint marketing purposes, whereas the prior 2017 version stated Chime did not engage in this sharing. This represents a material change in the stated data handling practice. Under the updated terms, customers can limit this sharing by logging into their Chime account at chime.com or through the Chime Mobile application and updating their Privacy Settings.
View full change record →

May 11, 2026

medium
What changed Chime removed detailed sharing disclosures and opt-out question-and-answer format from their privacy policy, replacing it with a single line directing users to update Privacy Settings via their account or mobile app. Previously, the policy explicitly stated whether The Bancorp shared personal information for various purposes and whether customers could limit sharing; the updated version consolidates this into a single instruction to login and adjust settings.
Why this matters The updated policy no longer explicitly discloses whether Chime or its banking partner The Bancorp shares personal information for specific purposes such as marketing, joint marketing, or affiliate use. Previously, each sharing scenario included a 'Yes' or 'No' answer and stated whether customers could limit sharing. The revised policy directs users to login to chime.com or the Chime Mobile application and update their Privacy Settings to control sharing. You can adjust sharing preferences through your account settings, but the policy no longer itemizes which sharing practices are subject to customer limits.
View full change record →

April 20, 2026 medium

Chime updated its privacy notice with mostly minor edits, but made one material change: it now states it does NOT share information with other financial companies for joint marketing purposes, …

View change record →
April 19, 2026 medium

Chime's updated Consumer Privacy Notice (revised February 2025) contains several substantive changes to data sharing disclosures. Most significantly, the policy now states that Chime shares customer information for joint marketing …

View change record →

Recent Provision Changes Jun 21, 2026

8 provisions unchanged.

View full change record →
Medium — 5 provisions
Low — 3 provisions

Monitoring

Chime has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Types of Personal Information Collected and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CCPA/CPRA
California, USA
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured June 21, 2026 17:13 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000078
Version ID CA-V-004065
SHA-256 c45717178e680077feadd8151fb55a525a139fc0dc61e48b0e3a3928374e183e
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans