LiveRamp Identity Resolution Integration

What it is

Chime uses LiveRamp, an identity resolution service, to link your activity across different devices and platforms for marketing purposes.

Why it matters (compliance & governance perspective)

Identity resolution services like LiveRamp can connect your Chime activity to your broader online identity across websites, apps, and devices, potentially creating a richer advertising profile than traditional tracking alone.

This document changed recently

Consumer impact (what this means for users)

Your Chime app or website activity may be linked to your broader cross-device digital identity through LiveRamp's identity graph, meaning your financial app behavior could inform advertising targeting you receive on entirely unrelated platforms and websites.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: LiveRamp's identity resolution services involve the matching of first-party identifiers to cross-site identity graphs, which may constitute sharing of personal information with a third party under CCPA and CPRA. The FTC has signaled scrutiny of data brokers and identity resolution services that aggregate consumer data without adequate notice or consent. For a financial services provider subject to GLBA, the use of identity resolution services with consumer financial data warrants careful evaluation of whether such sharing is permissible under GLBA's limits on sharing with nonaffiliated third parties. GOVERNANCE EXPOSURE: High. The use of an identity resolution service by a GLBA-covered financial technology company creates a novel compliance question regarding whether cross-device matching of consumer financial data constitutes sharing of nonpublic personal information with a nonaffiliated third party for marketing purposes, which would trigger GLBA opt-out requirements. JURISDICTION FLAGS: California residents have specific opt-out rights under CCPA and CPRA with respect to sharing personal information with advertising and identity resolution partners for cross-context behavioral advertising. The FTC has increasing interest in identity resolution practices as part of its broader commercial surveillance enforcement agenda. CONTRACT AND VENDOR IMPLICATIONS: The data processing agreement with LiveRamp should be reviewed to confirm it satisfies CCPA service provider or contractor requirements and GLBA restrictions on data use. The agreement should specify that LiveRamp is prohibited from using Chime consumer data for purposes beyond those contracted for, and that onward transfer to LiveRamp's broader identity graph is appropriately limited. COMPLIANCE CONSIDERATIONS: Compliance teams should evaluate whether the LiveRamp integration is disclosed with sufficient specificity in the GLBA privacy notice and the CCPA disclosures to satisfy notice requirements. The opt-out of sale or sharing mechanism should be tested to confirm it suppresses data transmission to LiveRamp. Given the FTC's commercial surveillance agenda, this integration warrants proactive review.

Applicable agencies

Provision details

Other risks in this policy

• Third-Party Advertising and Tracking Technologies medium
• GLBA Nonpublic Personal Information Sharing with Bank Partners medium
• CCPA Rights for California Residents medium
• Broad Personal Information Collection Scope medium
• Data Retention and Deletion Rights low
• Children's Privacy and Age Restriction low