Chime collects a wide range of personal and financial data from you directly, including your Social Security number and transaction history, as well as automatically collected technical data like your device ID and location.
This analysis describes what Chime's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The combination of sensitive financial identifiers, government identification, and behavioral tracking data creates a comprehensive profile; understanding what is collected helps you assess your exposure if there were a data breach or unauthorized use.
The updated notice states Chime no longer shares your personal information (such as transaction history and creditworthiness) with other financial companies for joint marketing purposes. This is a na…
Chime holds some of the most sensitive categories of personal data, including your Social Security number, government ID, financial account details, and transaction history, alongside behavioral and device-level data, meaning the stakes of any unauthorized access or misuse are significant.
Cross-platform context
See how other platforms handle Broad Personal Information Collection Scope and similar clauses.
Compare across platforms →Monitoring
Chime has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information you provide directly to us, such as when you create an account, make a transaction, or contact us for support. This includes your name, address, date of birth, Social Security number, government-issued identification, financial account information, transaction data, and other information you provide. We also collect information automatically when you use our services, including device identifiers, IP address, browser type, operating system, location data, and information about your use of our app and website.— Excerpt from Chime's Chime Privacy Policy
REGULATORY LANDSCAPE: Collection of Social Security numbers and government-issued identification engages federal identity theft protection frameworks and state data breach notification laws. Financial account information and transaction data are subject to GLBA safeguards requirements. The FTC's Safeguards Rule under GLBA requires financial institutions to maintain comprehensive information security programs to protect customer nonpublic personal information. State breach notification laws in all 50 states would be triggered by unauthorized access to this data. GOVERNANCE EXPOSURE: High. The breadth of data collected, spanning highly sensitive financial identifiers, government-issued ID, and behavioral tracking data, creates significant security and compliance obligations. The combination of this data with advertising technology integrations heightens the risk profile. JURISDICTION FLAGS: All US states have data breach notification laws that would apply to unauthorized access to the categories of data described. California's CCPA and CPRA impose heightened obligations around sensitive personal information, which includes Social Security numbers, government IDs, and financial account data. Illinois and New York impose additional data security requirements relevant to financial services providers. CONTRACT AND VENDOR IMPLICATIONS: All third-party service providers receiving access to this data must have contracts in place that satisfy GLBA Safeguards Rule requirements, including appropriate security controls and limitations on use. Vendor risk assessments should account for the sensitivity of the data categories involved. COMPLIANCE CONSIDERATIONS: The data inventory and mapping documentation should reflect all categories of data collected, including automatically collected behavioral and technical data. Data minimization practices should be reviewed to confirm that collection of sensitive identifiers is limited to what is necessary for the stated purposes. The information security program should be reviewed against the FTC Safeguards Rule requirements applicable to financial institutions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The combination of sensitive financial identifiers, government identification, and behavioral tracking data creates a comprehensive profile; understanding what is collected helps you assess your exposure if there were a data breach or unauthorized use.
Chime holds some of the most sensitive categories of personal data, including your Social Security number, government ID, financial account details, and transaction history, alongside behavioral and device-level data, meaning the stakes of any unauthorized access or misuse are significant.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Chime.