Biometric data is uniquely sensitive because it cannot be changed if compromised, and multiple US state laws impose strict requirements on how companies collect, store, and delete it.
Coinbase collects highly sensitive personal data including government-issued ID, financial account information, transaction history, biometric identifiers, and behavioral data, and shares this information with a broad ecosystem of third parties including advertising networks, blockchain analytics companies, and law enforcement agencies. Users have limited ability to restrict data collection as most categories are deemed necessary to provide services or comply with legal obligations, meaning opting out effectively requires closing the account. You can submit requests to access, delete, or export your personal data through Coinbase's privacy rights portal at privacy.coinbase.com.