What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://www.coinbase.com/settings/privacy', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Log into your Coinbase account, navigate to Settings > Privacy, and submit a Data Access Request to receive a copy of all personal data Coinbase holds about you.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'CFPB', 'reason': 'The CFPB has oversight of financial data collection and consumer financial privacy practices by money services businesses and financial institutions.', 'complaint_url': 'https://www.consumerfinance.gov/complaint/'}, {'agency': 'FTC', 'reason': 'The FTC enforces against unfair or deceptive data security practices involving sensitive personal and financial data under FTC Act Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Extensive Personal Data Collection (KYC/AML) clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Extensive Personal Data Collection (KYC/AML) — Coinbase

Share 𝕏 Share in Share 🔒 PDF

Recent governance activity Coinbase recorded 6 documented changes in the last 30 days.

Start monitoring updates

Monitor governance changes for Coinbase Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Coinbase requires you to provide highly sensitive personal information including your full legal name, date of birth, Social Security number, government-issued photo ID, and financial account details as a mandatory condition of using the platform.

ⓘ

This analysis describes what Coinbase's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The collection scope establishes the data foundation necessary for Coinbase to fulfill regulatory compliance obligations under financial services laws. The breadth of data categories—including government-issued identification, financial account numbers, and tax identification—enables the verification procedures required by law for cryptocurrency exchange operations.

Consumer impact (what this means for users)

If Coinbase suffers a data breach, your government ID, SSN, and financial information are at risk; these data categories cannot be changed like a password and can enable identity theft for years.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Log into your Coinbase account, navigate to Settings > Privacy, and submit a Data Access Request to receive a copy of all personal data Coinbase holds about you.

How other platforms handle this

Snapchat Medium

We collect information you provide, information we get when you use our services, and information we get from third parties. Information you provide: your username, password, email address, phone number, name, birthday, and profile information... Information from the phone book on your device if you...

ClickUp Medium

We collect information you provide directly to us, such as when you create an account, use our Services, make a purchase, or contact us for support. The types of information we may collect include your name, email address, password, phone number, credit card and other payment information, and any ot...

Samsung Medium

We collect information about you from a variety of sources, including information you provide directly to us, information collected automatically from your devices and use of our Services, and information from other sources. The types of personal information we collect include: Identifiers such as n...

See all platforms with this clause type →

Monitoring

Coinbase has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
We collect the following personal information and documentation: Basic Customer Information (Name, Address, Date of birth, Nationality, Country of residence, Gender, Phone number, Email Address); Supplemental Identification Information (Utility bills, Photographs and/or videos, Government-issued identity document, Social security or social insurance number, Employment information, Proof of residency); Electronic Identification ('EIDV') Information; Financial Information (Bank account number, Payment card primary account number, Trading and investment experience, Tax identification number).

— Excerpt from Coinbase's Coinbase Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY FRAMEWORK: Collection of government-issued ID, SSN, and financial account data is mandated under Bank Secrecy Act Customer Identification Program rules (31 CFR §1020.220), FinCEN KYC requirements (31 CFR §1010.230), and OFAC sanctions screening obligations (31 CFR Parts 500–598). Processing of this data under GDPR requires a legal basis under Art. 6(1)(c) (legal obligation) and potentially Art. 9 for biometric data, subject to Art. 9(2)(g) exceptions. The FTC has enforcement authority over deceptive data security practices (FTC Act §5).

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

CFPB

The CFPB has oversight of financial data collection and consumer financial privacy practices by money services businesses and financial institutions.
File a complaint →
FTC

The FTC enforces against unfair or deceptive data security practices involving sensitive personal and financial data under FTC Act Section 5.
File a complaint →

Applicable regulations

CCPA/CPRA

California, USA

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

ePrivacy Directive

European Union

FCRA

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

GLBA

United States Federal

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

TCPA

United States Federal

UK GDPR

United Kingdom

Universal Opt-Out Mechanism Expansion 2026

Provision details

Document information

Document

Coinbase Privacy Policy

Entity

Coinbase

Document last updated

May 5, 2026

Tracking information

First tracked

March 6, 2026

Last verified

March 31, 2026

Record ID

CA-P-000414

Document ID

CA-D-00048

Evidence Provenance

Source URL

https://www.coinbase.com/legal/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

1e2506b366d009cb87c4af541db6d3398a97d65eb52a41c7a4136c9e5a2ef1af

Analysis generated

March 6, 2026 20:01 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Coinbase
Document: Coinbase Privacy Policy
Record ID: CA-P-000414
Captured: 2026-03-06 20:01:54 UTC
SHA-256: 1e2506b366d009cb…
URL: https://conductatlas.com/platform/coinbase/coinbase-privacy-policy/extensive-personal-data-collection-kycaml/
Accessed: May 20, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

High

Other risks in this policy

Third-Party Data Sharing (Analytics, Advertising, Blockchain Analytics) high
Law Enforcement and Government Disclosure high
Data Retention Post-Account-Closure medium
Biometric Data Collection high
International Data Transfers medium
User Privacy Rights (Access, Deletion, Correction, Opt-Out) medium

Related Analysis

Netflix Updated Terms Authorize Voice Data Collection: April 2026
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
What Google Actually Knows About You
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Coinbase's Extensive Personal Data Collection (KYC/AML) clause do?

How does this clause affect you?

If Coinbase suffers a data breach, your government ID, SSN, and financial information are at risk; these data categories cannot be changed like a password and can enable identity theft for years.

Is ConductAtlas affiliated with Coinbase?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Coinbase.