What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://www.coinbase.com/settings/privacy-rights', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Visit coinbase.com/settings/privacy-rights and submit a data access request to receive a copy of all personal information Coinbase holds about you, including financial data. This allows you to verify what sensitive data is on file and identify any inaccuracies.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'CFPB', 'reason': 'CFPB has supervisory authority over money services businesses and the protection of consumer financial information including bank account data and payment information collected by Coinbase.', 'complaint_url': 'https://www.consumerfinance.gov/complaint/'}, {'agency': 'FTC', 'reason': 'FTC enforces the GLBA Safeguards Rule and Section 5 of the FTC Act with respect to the security of sensitive financial information including SSNs and bank account data held by non-bank financial institutions.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Sensitive Financial Data Collection (SSN, Bank Accounts, Tax Information) clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Sensitive Financial Data Collection (SSN, Bank Accounts, Tax Information) — Coinbase

Share 𝕏 Share in Share 🔒 PDF

What it is

Coinbase collects your Social Security Number, bank account details, credit card numbers, and tax information to verify your identity and process transactions on its cryptocurrency platform.

Change history

added Apr 29, 2026

This new provision explicitly itemizes collection of highly sensitive financial data (SSN, bank routing numbers, tax info) with fewer stated limitations, significantly elevating data sensitivity exposure.

View full change record →

Consumer impact (what this means for users)

Coinbase holds your SSN, bank account and routing numbers, and tax identification information, meaning a security breach could expose you to identity theft and financial fraud — consumers should use strong unique passwords and enable two-factor authentication on their Coinbase account.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Visit coinbase.com/settings/privacy-rights and submit a data access request to receive a copy of all personal information Coinbase holds about you, including financial data. This allows you to verify what sensitive data is on file and identify any inaccuracies.

Cross-platform context

See how other platforms handle Sensitive Financial Data Collection (SSN, Bank Accounts, Tax Information) and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This is among the most sensitive financial data a company can collect — a breach or misuse of your SSN, bank account numbers, and tax information could enable identity theft, financial fraud, and unauthorized access to your bank accounts.

View original clause language

We collect personal financial information from you in connection with providing our Services, including: your Social Security number or taxpayer identification number, bank account and routing numbers, credit or debit card information, financial statements, tax identification information, and information about your source of funds. This information is used to verify your identity, process transactions, comply with legal obligations, and to provide and improve our Services.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GLBA (Gramm-Leach-Bliley Act) 15 U.S.C. §6801 et seq. and the FTC's Safeguards Rule (16 CFR Part 314) require financial institutions to protect customer financial information with comprehensive security programs; as a money services business, Coinbase's compliance with GLBA Safeguards Rule is a material obligation. CCPA/CPRA classifies SSNs, financial account numbers, and tax information as sensitive personal information under §1798.140(ae), triggering heightened disclosure and opt-out rights. GDPR Arts. 5(1)(f) and 32 require appropriate technical and organizational security measures. IRS regulations govern collection and storage of taxpayer identification information. FinCEN's CDD Rule 31 CFR §1010.230 mandates collection of beneficial ownership and identity information. Enforcement authorities include FTC, FinCEN, IRS, state financial regulators, and EU/EEA DPAs.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

CFPB

CFPB has supervisory authority over money services businesses and the protection of consumer financial information including bank account data and payment information collected by Coinbase.
File a complaint →
FTC

FTC enforces the GLBA Safeguards Rule and Section 5 of the FTC Act with respect to the security of sensitive financial information including SSNs and bank account data held by non-bank financial institutions.
File a complaint →

Provision details

Document information

Document

Coinbase Privacy Policy

Entity

Coinbase

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003941

Document ID

CA-D-00048

Evidence Provenance

Source URL

https://www.coinbase.com/legal/privacy

Wayback Machine

View archived versions →

SHA-256

0df5ab0df20db0a78e8b5a6a0df5e76babd3c3ab052afbbf8fc888f9ea388099

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Coinbase | Document: Coinbase Privacy Policy | Record: CA-P-003941
Captured: 2026-04-28 09:19:28 UTC | SHA-256: 0df5ab0df20db0a7…
URL: https://conductatlas.com/platform/coinbase/coinbase-privacy-policy/sensitive-financial-data-collection-ssn-bank-accounts-tax-information/
Accessed: May 2, 2026

Classification

Severity

High

Sensitive Financial Data Collection (SSN, Bank Accounts, Tax Information)