Coinbase Privacy Policy — Coinbase

10 Total

6 High severity

3 Medium severity

1 Low severity

Summary

This is Coinbase's privacy policy explaining what personal information they collect when you use their crypto trading platform, including your government ID, financial account details, transaction records, device data, and in some cases biometric data. The most important thing to know is that Coinbase shares your personal and financial data with a wide range of third parties — including advertising partners, blockchain analytics firms, and law enforcement — and may do so without notifying you. You can exercise rights to access, correct, delete, or export your data by submitting a request through Coinbase's Privacy Rights portal at privacy.coinbase.com.

Technical Summary

This document is Coinbase's Global Privacy Policy governing the collection, use, storage, and sharing of personal data across Coinbase's cryptocurrency exchange platform and affiliated services, with legal bases including contractual necessity, legal obligation, and legitimate interests under applicable frameworks including GDPR and CCPA. The policy obligates Coinbase to collect extensive categories of personal data including government-issued identity documents, financial account information, transaction history, device and behavioral data, and biometric data for identity verification, while requiring users to provide accurate information as a condition of service access. A notably expansive provision permits sharing personal data with a broad range of third parties including affiliates, financial institution partners, data analytics providers, advertising networks, and blockchain analytics companies, and Coinbase explicitly states it may share data with law enforcement without user notification where legally permissible, which represents a broader disclosure scope than many comparable fintech privacy policies. The policy engages GDPR (Arts. 6, 9, 17, 20, 46), CCPA/CPRA (§§1798.100–1798.199), COPPA, Bank Secrecy Act/AML obligations, and FinCEN requirements, with enforcement exposure from the FTC, CFPB, state attorneys general, and EU/EEA data protection authorities. Material compliance considerations include the adequacy of cross-border data transfer mechanisms for EU personal data, the sufficiency of consent mechanisms for sensitive data categories including biometrics, and the alignment of data retention practices with both AML record-keeping obligations and data minimization principles under GDPR Art. 5(1)(e).

Institutional Analysis

REGULATORY EXPOSURE: This policy implicates GDPR Arts. 5, 6, 9, 13, 17, 20, and 46 (EU/EEA users; enforced by relevant EU DPAs including Ireland's DPC as Coinbase's EU lead supervisory authority), CCPA/CPRA §§1798.100–1798.199 (California AG and California Privacy Protection Agency), COPPA (FTC enf…

🔒

Compliance intelligence locked

Regulatory exposure, material risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Evidence Provenance

Captured April 3, 2026 06:04 UTC

Document ID CA-D-000048

Version ID CA-V-000450

Source URL https://www.coinbase.com/legal/privacy

Wayback Machine View archived versions →

SHA-256 6015765e221423e39ba9cee17692f328371d01df6659f1c2e76a3ba878183062

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Change Timeline

April 2, 2026 — Document updated low

Coinbase removed a sentence from their privacy policy on April 2, 2026 that provided a link to the previous version of the policy. Before this change, users could easily access the prior privacy policy through a direct link. Now that link is gone, making it harder for users to compare the current policy against what it used to say.

· 1 removed
View changes → View record →
22493053…
March 25, 2026 — Document updated low

Coinbase made a minor structural change to their Privacy Policy on March 25, 2026. The update appears to be a reorganization or formatting adjustment rather than a substantive change to how your data is collected, used, or shared. This type of change typically has little direct impact on consumers, though it's always worth reviewing a privacy policy periodically to stay informed.

View changes → View record →
aad50cfa…
March 6, 2026 — Initial capture

First snapshot archived

3611cfa8…

Analyzed Changes

2 changes analyzed since monitoring began.

Updated April 2, 2026

low

What changed Coinbase updated their Coinbase Privacy Policy on April 02, 2026. Change detected: 1 sentence(s) removed. Document contained 229 sentences after update.

Consumer impact Coinbase removed the link that allowed users to view the previous version of their privacy policy, making it harder to track what has changed over time. This reduces transparency about how data practices may have evolved. If you want to review past versions, you may be able to find archived copies using the Wayback Machine at web.archive.org.

Why it matters Removing the link to the prior privacy policy makes it harder for users to track how Coinbase's data practices have changed over time, reducing a basic transparency mechanism. This is a small but meaningful reduction in user-accessible policy history.

Updated March 25, 2026

low

What changed Coinbase updated their Coinbase Privacy Policy on March 25, 2026. Change detected: minor structural change detected. Document contained 230 sentences after update.

Consumer impact Coinbase made a minor structural update to their Privacy Policy on March 25, 2026, which does not appear to introduce new data collection practices or remove existing consumer rights. The change is likely a reorganization of content rather than a substantive policy shift. No immediate action is required, but users can review the updated policy on Coinbase's website to confirm nothing material affects their preferences.

Why it matters Privacy policy changes at financial platforms like Coinbase can affect how your personal and financial data is handled, even when changes appear minor. Staying informed about updates ensures you know your rights and can act if substantive changes are introduced.

High Severity — 6 provisions

Biometric Data Collection
Coinbase collects your facial geometry data when you verify your identity, which is some of the most sensitive personal data that exists.

Added April 3, 2026
Law Enforcement Disclosure Without User Notification
Coinbase can hand your personal and financial data to law enforcement or government agencies without telling you, based on its own judgment about what counts as suspected illegal activity.

Added April 3, 2026
Broad Third-Party Data Sharing Including Advertising and Analytics
Coinbase shares your personal and financial data with advertising companies and analytics firms to target you with ads, in addition to sharing with operational service providers.

Added April 3, 2026
Cross-Border Data Transfers
Coinbase transfers your personal data to the United States for processing, even if you are based in the EU or another country with stronger privacy protections than the US.

Added April 3, 2026
Extensive KYC/Identity Data Collection
Coinbase collects your government ID, passport, tax ID number, date of birth, and bank account details as part of its mandatory identity verification process — you cannot use most Coinbase services without providing this information.

Added April 3, 2026
Blockchain Analytics Data Sharing
Coinbase shares your personal data with companies that analyze blockchain transaction records, which can link your Coinbase identity to your cryptocurrency wallet addresses and on-chain activity.

Added April 3, 2026

Medium Severity — 3 provisions

California Consumer Privacy Rights
If you live in California, you have specific legal rights to see, delete, correct, and limit the use of your personal information, and Coinbase is required to honor these rights without penalizing you.

Added April 3, 2026
Data Retention Tied to Legal Obligations
Coinbase keeps your personal data — including your identity documents, transaction records, and financial information — for years after you close your account, because financial regulations require it.

Added April 3, 2026
Device and Behavioral Data Collection
Coinbase automatically tracks your device, browser, IP address, and how you navigate and interact with the platform every time you use it.

Added April 3, 2026

Low Severity — 1 provision

Children's Data and COPPA Compliance
Coinbase does not allow users under 18 and will delete any personal data collected from minors if discovered.

Added April 3, 2026