Chime · Chime Privacy Policy · View original document ↗

Broad Personal Information Collection Scope

Medium severity High confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Chime Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Chime collects a wide range of personal and financial data from you directly, including your Social Security number and transaction history, as well as automatically collected technical data like your device ID and location.

This analysis describes what Chime's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The combination of sensitive financial identifiers, government identification, and behavioral tracking data creates a comprehensive profile; understanding what is collected helps you assess your exposure if there were a data breach or unauthorized use.

Recent Activity

This document changed recently

Medium Jun 21, 2026

The updated privacy notice now explicitly discloses that Chime shares customer information with other financial companies for joint marketing purposes, whereas the prior 2017 version stated Chime did not engage in this sharing. This represents a material change in the stated data handling practice. Under the updated terms, customers can limit this sharing by logging into their Chime account at chime.com or through the Chime Mobile application and updating their Privacy Settings.

View change record →
Medium May 11, 2026

The updated policy no longer explicitly discloses whether Chime or its banking partner The Bancorp shares personal information for specific purposes such as marketing, joint marketing, or affiliate use. Previously, each sharing scenario included a 'Yes' or 'No' answer and stated whether customers could limit sharing. The revised policy directs users to login to chime.com or the Chime Mobile application and update their Privacy Settings to control sharing. You can adjust sharing preferences through your account settings, but the policy no longer itemizes which sharing practices are subject to customer limits.

View change record →
Medium Apr 20, 2026

The updated notice states Chime no longer shares your personal information (such as transaction history and creditworthiness) with other financial companies for joint marketing purposes. This is a narrowing of third-party data sharing compared to the prior language. The notice also clarifies that Chime does not share certain affiliate information, which may further limit how your data is used by related companies. These changes reduce the scope of data sharing disclosed in the privacy notice.

View change record →

Consumer impact (what this means for users)

Chime holds some of the most sensitive categories of personal data, including your Social Security number, government ID, financial account details, and transaction history, alongside behavioral and device-level data, meaning the stakes of any unauthorized access or misuse are significant.

How other platforms handle this

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Strava Medium

We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...

eBay Medium

We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.

See all platforms with this clause type →

Monitoring

Chime has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We collect information you provide directly to us, such as when you create an account, make a transaction, or contact us for support. This includes your name, address, date of birth, Social Security number, government-issued identification, financial account information, transaction data, and other information you provide. We also collect information automatically when you use our services, including device identifiers, IP address, browser type, operating system, location data, and information about your use of our app and website.

— Excerpt from Chime's Chime Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Collection of Social Security numbers and government-issued identification engages federal identity theft protection frameworks and state data breach notification laws. Financial account information and transaction data are subject to GLBA safeguards requirements. The FTC's Safeguards Rule under GLBA requires financial institutions to maintain comprehensive information security programs to protect customer nonpublic personal information. State breach notification laws in all 50 states would be triggered by unauthorized access to this data. GOVERNANCE EXPOSURE: High. The breadth of data collected, spanning highly sensitive financial identifiers, government-issued ID, and behavioral tracking data, creates significant security and compliance obligations. The combination of this data with advertising technology integrations heightens the risk profile. JURISDICTION FLAGS: All US states have data breach notification laws that would apply to unauthorized access to the categories of data described. California's CCPA and CPRA impose heightened obligations around sensitive personal information, which includes Social Security numbers, government IDs, and financial account data. Illinois and New York impose additional data security requirements relevant to financial services providers. CONTRACT AND VENDOR IMPLICATIONS: All third-party service providers receiving access to this data must have contracts in place that satisfy GLBA Safeguards Rule requirements, including appropriate security controls and limitations on use. Vendor risk assessments should account for the sensitivity of the data categories involved. COMPLIANCE CONSIDERATIONS: The data inventory and mapping documentation should reflect all categories of data collected, including automatically collected behavioral and technical data. Data minimization practices should be reviewed to confirm that collection of sensitive identifiers is limited to what is necessary for the stated purposes. The information security program should be reviewed against the FTC Safeguards Rule requirements applicable to financial institutions.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • CFPB
    The CFPB has supervisory authority over Chime's collection and handling of consumer financial data, including enforcement of GLBA privacy and safeguards requirements.
    File a complaint →
  • FTC
    The FTC enforces the GLBA Safeguards Rule requiring financial institutions to protect nonpublic personal information, including the sensitive categories collected by Chime.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FCRA
United States Federal
FTC Act Section 5
United States Federal
GLBA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
TCPA
United States Federal
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Chime Privacy Policy
Entity
Chime
Document last updated
May 5, 2026
Tracking information
First tracked
May 11, 2026
Last verified
May 11, 2026
Record ID
CA-P-009949
Document ID
CA-D-00078
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
01703c8246601fd3710daa09a8fe8af486645b02df7ec3ba5c967854102d66e8
Analysis generated
May 11, 2026 00:29 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Chime
Document: Chime Privacy Policy
Record ID: CA-P-009949
Captured: 2026-05-11 00:29:54 UTC
SHA-256: 01703c8246601fd3…
URL: https://conductatlas.com/platform/chime/chime-privacy-policy/broad-personal-information-collection-scope/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Chime's Broad Personal Information Collection Scope clause do?

The combination of sensitive financial identifiers, government identification, and behavioral tracking data creates a comprehensive profile; understanding what is collected helps you assess your exposure if there were a data breach or unauthorized use.

How does this clause affect you?

Chime holds some of the most sensitive categories of personal data, including your Social Security number, government ID, financial account details, and transaction history, alongside behavioral and device-level data, meaning the stakes of any unauthorized access or misuse are significant.

Is ConductAtlas affiliated with Chime?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Chime.