Chime collects a wide range of personal and financial data from you directly, including your Social Security number and transaction history, as well as automatically collected technical data like your device ID and location.
This analysis describes what Chime's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The combination of sensitive financial identifiers, government identification, and behavioral tracking data creates a comprehensive profile; understanding what is collected helps you assess your exposure if there were a data breach or unauthorized use.
The updated privacy notice now explicitly discloses that Chime shares customer information with other financial companies for joint marketing purposes, whereas the prior 2017 version stated Chime did not engage in this sharing. This represents a material change in the stated data handling practice. Under the updated terms, customers can limit this sharing by logging into their Chime account at chime.com or through the Chime Mobile application and updating their Privacy Settings.
View change record →The updated policy no longer explicitly discloses whether Chime or its banking partner The Bancorp shares personal information for specific purposes such as marketing, joint marketing, or affiliate use. Previously, each sharing scenario included a 'Yes' or 'No' answer and stated whether customers could limit sharing. The revised policy directs users to login to chime.com or the Chime Mobile application and update their Privacy Settings to control sharing. You can adjust sharing preferences through your account settings, but the policy no longer itemizes which sharing practices are subject to customer limits.
View change record →The updated notice states Chime no longer shares your personal information (such as transaction history and creditworthiness) with other financial companies for joint marketing purposes. This is a narrowing of third-party data sharing compared to the prior language. The notice also clarifies that Chime does not share certain affiliate information, which may further limit how your data is used by related companies. These changes reduce the scope of data sharing disclosed in the privacy notice.
View change record →Chime holds some of the most sensitive categories of personal data, including your Social Security number, government ID, financial account details, and transaction history, alongside behavioral and device-level data, meaning the stakes of any unauthorized access or misuse are significant.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Chime has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information you provide directly to us, such as when you create an account, make a transaction, or contact us for support. This includes your name, address, date of birth, Social Security number, government-issued identification, financial account information, transaction data, and other information you provide. We also collect information automatically when you use our services, including device identifiers, IP address, browser type, operating system, location data, and information about your use of our app and website.— Excerpt from Chime's Chime Privacy Policy
REGULATORY LANDSCAPE: Collection of Social Security numbers and government-issued identification engages federal identity theft protection frameworks and state data breach notification laws. Financial account information and transaction data are subject to GLBA safeguards requirements. The FTC's Safeguards Rule under GLBA requires financial institutions to maintain comprehensive information security programs to protect customer nonpublic personal information. State breach notification laws in all 50 states would be triggered by unauthorized access to this data. GOVERNANCE EXPOSURE: High. The breadth of data collected, spanning highly sensitive financial identifiers, government-issued ID, and behavioral tracking data, creates significant security and compliance obligations. The combination of this data with advertising technology integrations heightens the risk profile. JURISDICTION FLAGS: All US states have data breach notification laws that would apply to unauthorized access to the categories of data described. California's CCPA and CPRA impose heightened obligations around sensitive personal information, which includes Social Security numbers, government IDs, and financial account data. Illinois and New York impose additional data security requirements relevant to financial services providers. CONTRACT AND VENDOR IMPLICATIONS: All third-party service providers receiving access to this data must have contracts in place that satisfy GLBA Safeguards Rule requirements, including appropriate security controls and limitations on use. Vendor risk assessments should account for the sensitivity of the data categories involved. COMPLIANCE CONSIDERATIONS: The data inventory and mapping documentation should reflect all categories of data collected, including automatically collected behavioral and technical data. Data minimization practices should be reviewed to confirm that collection of sensitive identifiers is limited to what is necessary for the stated purposes. The information security program should be reviewed against the FTC Safeguards Rule requirements applicable to financial institutions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The combination of sensitive financial identifiers, government identification, and behavioral tracking data creates a comprehensive profile; understanding what is collected helps you assess your exposure if there were a data breach or unauthorized use.
Chime holds some of the most sensitive categories of personal data, including your Social Security number, government ID, financial account details, and transaction history, alongside behavioral and device-level data, meaning the stakes of any unauthorized access or misuse are significant.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Chime.