Chime keeps your personal information for as long as it needs to, including for legal and business reasons, even after you request deletion.
This analysis describes what Chime's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
A deletion request may not result in complete removal of your data if Chime determines it has legal or business reasons to retain certain records, which is a standard but important limitation on the right to deletion.
The updated privacy notice now explicitly discloses that Chime shares customer information with other financial companies for joint marketing purposes, whereas the prior 2017 version stated Chime did not engage in this sharing. This represents a material change in the stated data handling practice. Under the updated terms, customers can limit this sharing by logging into their Chime account at chime.com or through the Chime Mobile application and updating their Privacy Settings.
View change record →The updated policy no longer explicitly discloses whether Chime or its banking partner The Bancorp shares personal information for specific purposes such as marketing, joint marketing, or affiliate use. Previously, each sharing scenario included a 'Yes' or 'No' answer and stated whether customers could limit sharing. The revised policy directs users to login to chime.com or the Chime Mobile application and update their Privacy Settings to control sharing. You can adjust sharing preferences through your account settings, but the policy no longer itemizes which sharing practices are subject to customer limits.
View change record →The updated notice states Chime no longer shares your personal information (such as transaction history and creditworthiness) with other financial companies for joint marketing purposes. This is a narrowing of third-party data sharing compared to the prior language. The notice also clarifies that Chime does not share certain affiliate information, which may further limit how your data is used by related companies. These changes reduce the scope of data sharing disclosed in the privacy notice.
View change record →Even if you request deletion of your personal information, Chime may retain certain data for legal compliance, dispute resolution, or business purposes, meaning deletion requests may result in partial rather than complete removal of your records.
How other platforms handle this
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Chime has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We retain your personal information for as long as necessary to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. When you request deletion of your personal information, we will delete or anonymize your information, unless we are required to retain it by law or for legitimate business purposes.— Excerpt from Chime's Chime Privacy Policy
REGULATORY LANDSCAPE: Data retention obligations for financial institutions are governed by multiple federal and state requirements, including GLBA, Bank Secrecy Act recordkeeping requirements, and FinCEN regulations, which require retention of certain financial records for defined periods. The CCPA and CPRA permit retention of personal information where required by law, but also require that retained data not be used for purposes beyond those that justify retention. The CFPB has supervisory interest in data retention practices of financial services providers. GOVERNANCE EXPOSURE: Medium. The carve-outs for legal obligation and legitimate business purposes are standard in financial services privacy policies and are consistent with applicable regulatory requirements. However, the breadth of the legitimate business purposes exception should be defined clearly in internal data governance documentation to ensure it does not expand beyond what applicable law permits. JURISDICTION FLAGS: California residents exercising CCPA deletion rights may receive partial deletions where GLBA or other federal financial recordkeeping requirements mandate retention. Compliance teams should maintain clear documentation of the legal basis for each category of retained data to respond to consumer inquiries and regulatory audits. CONTRACT AND VENDOR IMPLICATIONS: Service provider contracts should address data retention and deletion obligations, including requirements for vendors to delete consumer data upon termination of the service relationship or upon receipt of a valid consumer deletion request, subject to applicable law. COMPLIANCE CONSIDERATIONS: The data retention schedule should be documented and reviewed against all applicable regulatory retention requirements. Consumer-facing communications about deletion request outcomes should clearly explain which data is being deleted and which is being retained, and on what legal basis.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
A deletion request may not result in complete removal of your data if Chime determines it has legal or business reasons to retain certain records, which is a standard but important limitation on the right to deletion.
Even if you request deletion of your personal information, Chime may retain certain data for legal compliance, dispute resolution, or business purposes, meaning deletion requests may result in partial rather than complete removal of your records.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Chime.