Depending on your location, you may have rights to see, correct, delete, or move your data, and to stop Intuit from selling or sharing it, which you can exercise through the Intuit privacy portal.
This analysis describes what Intuit's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are most robust for California residents under CPRA and EU or UK residents under GDPR, and exercising them can limit how Intuit uses your sensitive financial data for advertising and third-party sharing.
Interpretive note: The practical adequacy of Intuit's rights fulfillment infrastructure, including whether deletion requests propagate to all third-party partners, cannot be assessed from the document text alone.
Intuit's updated privacy statement now explicitly discloses that it shares limited personal information, such as IP addresses and device identifiers, with advertising partners to deliver targeted ads…
California, EU, and UK users have meaningful rights to access and delete their data and to opt out of data sharing for advertising, but the statement conditions these rights on jurisdiction, meaning users in states without comprehensive privacy laws may have more limited recourse.
How other platforms handle this
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...
California law gives residents the right to know what personal information we collect, use, share or sell; to delete personal information under certain circumstances; to opt-out of the sale or sharing of their personal information; to correct inaccurate personal information; to limit the use and dis...
Monitoring
Intuit has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on where you live, you may have certain rights regarding your personal information, including the right to access, correct, delete, or port your data, the right to opt out of the sale or sharing of your personal information, and the right to limit the use of your sensitive personal information. You can exercise these rights by visiting our privacy portal or contacting us directly.— Excerpt from Intuit's Intuit Privacy Statement
REGULATORY LANDSCAPE: The rights described engage GDPR Articles 15 through 22 for EU users, UK GDPR for UK users, CPRA for California residents, and analogous rights under Virginia CDPA, Colorado CPA, and other state privacy laws. The statement's framing of rights as jurisdiction-dependent is consistent with applicable law but means that users in states without comprehensive privacy statutes may not have enforceable access or deletion rights against Intuit. GOVERNANCE EXPOSURE: Medium. The rights infrastructure described is broadly consistent with regulatory requirements, but the operational adequacy of the privacy portal, including response time compliance, identity verification standards, and the completeness of data covered by deletion requests, requires ongoing audit. JURISDICTION FLAGS: California residents have the most comprehensive rights under CPRA, including the right to limit sensitive personal information use and to opt out of automated decision-making. EU users have rights under GDPR to object to processing based on legitimate interests, including for profiling and advertising. Users in states without comprehensive privacy laws may have limited enforceable rights despite the statement's general rights language. CONTRACT AND VENDOR IMPLICATIONS: Data deletion requests that are fulfilled by Intuit must also propagate to third-party data processors and advertising partners where required by applicable law; vendor contracts should address this obligation. Failure to honor deletion requests within statutory timeframes (45 days under CCPA, one month under GDPR) creates regulatory exposure. COMPLIANCE CONSIDERATIONS: Legal teams should audit response time compliance for data subject requests, verify that deletion requests result in actual data removal from all systems including backups and third-party processors, and confirm that the privacy portal's opt-out mechanisms for advertising and data sharing are functional and complete. Annual review of the rights described against evolving state privacy laws is recommended.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are most robust for California residents under CPRA and EU or UK residents under GDPR, and exercising them can limit how Intuit uses your sensitive financial data for advertising and third-party sharing.
California, EU, and UK users have meaningful rights to access and delete their data and to opt out of data sharing for advertising, but the statement conditions these rights on jurisdiction, meaning users in states without comprehensive privacy laws may have more limited recourse.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Intuit.