Depending on your location, you may have rights to see, correct, delete, or move your data, and to stop Intuit from selling or sharing it, which you can exercise through the Intuit privacy portal.
This analysis describes what Intuit's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are most robust for California residents under CPRA and EU or UK residents under GDPR, and exercising them can limit how Intuit uses your sensitive financial data for advertising and third-party sharing.
Interpretive note: The practical adequacy of Intuit's rights fulfillment infrastructure, including whether deletion requests propagate to all third-party partners, cannot be assessed from the document text alone.
The updated privacy statement removes detailed disclosures about how Intuit uses cookies, pixels, and tracking technologies to deliver targeted advertising. Previously, the policy explicitly stated that Intuit and advertising partners may disclose information like IP addresses and device identifiers to show more relevant ads, and that users could opt-out through 'Customize Settings'. The revised statement now references only a separate Cookies Policy without reproducing this information inline. Users seeking specifics on cookie consent options and advertising data sharing must consult the linked Cookies Policy document.
View change record →The updated privacy policy removes prior explicit disclosures about third-party advertising cookies and opt-out mechanisms that were previously available to users. Specifically, the policy no longer states that users can decline third-party advertising cookies through a 'Customize Settings' option, nor does it describe how advertising partners may receive limited personal information like IP addresses and device identifiers for ad targeting. The footer now contains only a general reference to cookie management without the prior transparency on advertising partner data sharing. You can review Intuit's full Cookies Policy for current information on how cookies and advertising technologies are used.
View change record →Intuit's updated privacy statement now explicitly discloses that it shares limited personal information, such as IP addresses and device identifiers, with advertising partners to deliver targeted ads both on and off its sites. The company characterizes these practices as potentially constituting 'sharing' or 'targeted advertising' under applicable law, suggesting recognition of privacy regulations like CCPA or GDPR. You can decline the use of third-party advertising cookies by selecting the 'Customize Settings' option in the cookie consent interface.
View change record →Added explicit right to 'limit the use of your sensitive personal information' and replaced specific Privacy Portal URL with generic reference allowing multiple contact methods.
View full change record →California, EU, and UK users have meaningful rights to access and delete their data and to opt out of data sharing for advertising, but the statement conditions these rights on jurisdiction, meaning users in states without comprehensive privacy laws may have more limited recourse.
How other platforms handle this
We may also collect your personal data from other people or companies.
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are a California resident, you have the right to: Know what personal information is being collected about you; Know whether your personal information is sold or disclosed and to whom; Say no to the sale of personal information; Access your personal information; Request deletion of your person...
Monitoring
Intuit has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on where you live, you may have certain rights regarding your personal information, including the right to access, correct, delete, or port your data, the right to opt out of the sale or sharing of your personal information, and the right to limit the use of your sensitive personal information. You can exercise these rights by visiting our privacy portal or contacting us directly.— Excerpt from Intuit's Intuit Privacy Statement
REGULATORY LANDSCAPE: The rights described engage GDPR Articles 15 through 22 for EU users, UK GDPR for UK users, CPRA for California residents, and analogous rights under Virginia CDPA, Colorado CPA, and other state privacy laws. The statement's framing of rights as jurisdiction-dependent is consistent with applicable law but means that users in states without comprehensive privacy statutes may not have enforceable access or deletion rights against Intuit. GOVERNANCE EXPOSURE: Medium. The rights infrastructure described is broadly consistent with regulatory requirements, but the operational adequacy of the privacy portal, including response time compliance, identity verification standards, and the completeness of data covered by deletion requests, requires ongoing audit. JURISDICTION FLAGS: California residents have the most comprehensive rights under CPRA, including the right to limit sensitive personal information use and to opt out of automated decision-making. EU users have rights under GDPR to object to processing based on legitimate interests, including for profiling and advertising. Users in states without comprehensive privacy laws may have limited enforceable rights despite the statement's general rights language. CONTRACT AND VENDOR IMPLICATIONS: Data deletion requests that are fulfilled by Intuit must also propagate to third-party data processors and advertising partners where required by applicable law; vendor contracts should address this obligation. Failure to honor deletion requests within statutory timeframes (45 days under CCPA, one month under GDPR) creates regulatory exposure. COMPLIANCE CONSIDERATIONS: Legal teams should audit response time compliance for data subject requests, verify that deletion requests result in actual data removal from all systems including backups and third-party processors, and confirm that the privacy portal's opt-out mechanisms for advertising and data sharing are functional and complete. Annual review of the rights described against evolving state privacy laws is recommended.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are most robust for California residents under CPRA and EU or UK residents under GDPR, and exercising them can limit how Intuit uses your sensitive financial data for advertising and third-party sharing.
California, EU, and UK users have meaningful rights to access and delete their data and to opt out of data sharing for advertising, but the statement conditions these rights on jurisdiction, meaning users in states without comprehensive privacy laws may have more limited recourse.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Intuit.