Which regulatory agencies enforce this type of clause?

{'agency': 'CFPB', 'reason': "The CFPB has supervisory authority over The Bancorp Bank's compliance with GLBA data security requirements as they affect consumers.", 'complaint_url': 'https://www.consumerfinance.gov/complaint/'}, {'agency': 'FTC', 'reason': 'The FTC enforces the updated GLBA Safeguards Rule (2023) requiring specific technical security measures including encryption and breach notification for financial institutions.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Data Security and Protection Obligations clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Data Security and Protection Obligations — Chime

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Chime Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

The Bancorp Bank states it uses federally required security measures to protect your personal financial information, including computer safeguards and secured physical facilities.

ⓘ

This analysis describes what Chime's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This is a high-level security commitment with minimal specifics — consumers cannot assess the actual strength of protections applied to their sensitive financial data from this description alone.

Recent Activity

This document changed recently

Medium Apr 20, 2026

The updated notice states Chime no longer shares your personal information (such as transaction history and creditworthiness) with other financial companies for joint marketing purposes. This is a na…

Consumer impact (what this means for users)

The bank commits to using security measures compliant with federal law, but provides no specifics about encryption standards, access controls, or incident response timelines — making it difficult for consumers to evaluate the actual protection applied to their Social Security numbers, account data, and credit information.

How other platforms handle this

Equifax High

We use reasonable physical, technical, and administrative measures to protect information about you from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. While we take steps to protect your information, no system is completely secure. We cannot guarantee the securit...

T-Mobile High

We implement technical, administrative, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. However, no security measures are perfect or impenetrable, and we cannot guarantee that personal information will not be accesse...

Mercury Medium

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolu...

See all platforms with this clause type →

Monitoring

Chime has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

— Excerpt from Chime's Chime Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY FRAMEWORK: Data security obligations for financial institutions are governed by the GLBA Safeguards Rule (16 C.F.R. Part 314, as amended 2023), which requires a comprehensive written information security program (WISP), risk assessments, access controls, encryption, and incident response plans. The OCC's Guidelines Establishing Information Security Standards (12 C.F.R. Part 30, App. B) impose additional requirements on national banks. The CFPB and FTC share enforcement authority for consumer-facing compliance. 2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

CFPB

The CFPB has supervisory authority over The Bancorp Bank's compliance with GLBA data security requirements as they affect consumers.
File a complaint →
FTC

The FTC enforces the updated GLBA Safeguards Rule (2023) requiring specific technical security measures including encryption and breach notification for financial institutions.
File a complaint →

Applicable regulations

GLBA

United States Federal

Provision details

Document information

Document

Chime Privacy Policy

Entity

Chime

Document last updated

May 5, 2026

Tracking information

First tracked

May 8, 2026

Last verified

May 8, 2026

Record ID

CA-P-006626

Document ID

CA-D-00078

Evidence Provenance

Source URL

https://www.chime.com/privacy-policy/

Wayback Machine

View archived versions →

Content hash (SHA-256)

2abe49718004a1f397ca825b6b38f54ec9b89102654fa3ae82ef2e8ffea944af

Analysis generated

May 8, 2026 12:08 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Chime
Document: Chime Privacy Policy
Record ID: CA-P-006626
Captured: 2026-05-08 12:08:44 UTC
SHA-256: 2abe49718004a1f3…
URL: https://conductatlas.com/platform/chime/chime-privacy-policy/data-security-and-protection-obligations/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Sharing for Everyday Business Purposes — No Opt-Out medium
Joint Marketing Partner Data Sharing medium
Limited Opt-Out for Non-Affiliated Third Party Sharing medium
Types of Personal Information Collected high
Sharing with Affiliates medium
Annual Privacy Notice Delivery medium

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Chime's Data Security and Protection Obligations clause do?

This is a high-level security commitment with minimal specifics — consumers cannot assess the actual strength of protections applied to their sensitive financial data from this description alone.

How does this clause affect you?

Is ConductAtlas affiliated with Chime?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Chime.