If you live in California, you have legal rights to see, delete, correct, and opt out of the sale or sharing of your personal information held by Chime.
This analysis describes what Chime's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
California residents have stronger privacy protections than most other US users, including the right to stop Chime from sharing your data with advertising partners, which is directly relevant given the breadth of advertising technology integrations the company uses.
The updated privacy notice now explicitly discloses that Chime shares customer information with other financial companies for joint marketing purposes, whereas the prior 2017 version stated Chime did not engage in this sharing. This represents a material change in the stated data handling practice. Under the updated terms, customers can limit this sharing by logging into their Chime account at chime.com or through the Chime Mobile application and updating their Privacy Settings.
View change record →The updated policy no longer explicitly discloses whether Chime or its banking partner The Bancorp shares personal information for specific purposes such as marketing, joint marketing, or affiliate use. Previously, each sharing scenario included a 'Yes' or 'No' answer and stated whether customers could limit sharing. The revised policy directs users to login to chime.com or the Chime Mobile application and update their Privacy Settings to control sharing. You can adjust sharing preferences through your account settings, but the policy no longer itemizes which sharing practices are subject to customer limits.
View change record →The updated notice states Chime no longer shares your personal information (such as transaction history and creditworthiness) with other financial companies for joint marketing purposes. This is a narrowing of third-party data sharing compared to the prior language. The notice also clarifies that Chime does not share certain affiliate information, which may further limit how your data is used by related companies. These changes reduce the scope of data sharing disclosed in the privacy notice.
View change record →California residents can submit requests to access or delete their personal information, correct inaccurate data, and opt out of having their information sold or shared with advertising platforms, which may limit Chime's ability to use your data for targeted advertising purposes.
How other platforms handle this
If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate person...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or port your data. EU and UK users may also have the right to object to or restrict certain processing. California residents may have the right to know, delete, corre...
Monitoring
Chime has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, use, disclose, and sell or share; the right to delete your personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; and the right not to be discriminated against for exercising your privacy rights.— Excerpt from Chime's Chime Privacy Policy
REGULATORY LANDSCAPE: The CCPA as amended by the CPRA is enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General. The CPRA expanded consumer rights beyond the original CCPA to include correction rights and broader restrictions on sharing for cross-context behavioral advertising. For financial institutions, the CCPA provides a partial carve-out for data subject to GLBA, but data held by Chime in its capacity as a technology company rather than a financial institution may not qualify for this exemption, creating dual compliance obligations. GOVERNANCE EXPOSURE: High for California users. The policy explicitly acknowledges CCPA and CPRA rights, which creates an affirmative obligation to operationalize each right including access, deletion, correction, and opt-out of sale or sharing. The extent of advertising technology integrations creates heightened exposure for the opt-out of sharing right, as each third-party pixel integration may constitute sharing under CCPA. JURISDICTION FLAGS: These rights apply specifically to California residents. Other state privacy laws in Virginia, Colorado, Texas, and Connecticut create similar but not identical rights and may require separate compliance analysis. The GLBA carve-out in CCPA must be carefully applied to distinguish which data Chime holds as a GLBA-covered entity versus which data it holds purely as a technology company. CONTRACT AND VENDOR IMPLICATIONS: Vendor agreements with advertising technology partners must include CCPA-required contractual terms, including restrictions on the selling or sharing of personal information received from Chime. Service provider agreements must distinguish service providers from third parties under CCPA to determine whether data transfers constitute selling or sharing. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the opt-out of sale or sharing mechanism to confirm it is technically effective across all advertising technology integrations, including those using server-side data transmission. The data subject rights fulfillment process should be tested to confirm timely and complete responses within CCPA-mandated timeframes. The application of the GLBA exemption should be documented and reviewed with legal counsel.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
California residents have stronger privacy protections than most other US users, including the right to stop Chime from sharing your data with advertising partners, which is directly relevant given the breadth of advertising technology integrations the company uses.
California residents can submit requests to access or delete their personal information, correct inaccurate data, and opt out of having their information sold or shared with advertising platforms, which may limit Chime's ability to use your data for targeted advertising purposes.
ConductAtlas has identified this type of provision across 10 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Chime.