PayPal may collect your precise GPS location with your consent while you are logged into your account, and states it collects precise geolocation data from users while they are logged into their financial account to enhance security and personalize services.
This analysis describes what PayPal's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The statement asserts that precise geolocation data is collected while users are logged into their financial account, meaning location tracking occurs during active financial account sessions even if not explicitly initiated by the user for a specific transaction.
Under this provision, PayPal collects GPS-based precise location data during active financial account sessions for security and personalization purposes; California residents and EU/UK users have rights to restrict or opt out of precise geolocation tracking, which can be managed through mobile application settings and account privacy preferences.
How other platforms handle this
Geolocation Information, if you have consented by enabling location access, we may receive and store your precise location information, including when our apps are running in the foreground (our app is open and on screen) or background (our app is open, not on screen) of your device. You may use our...
We may collect the precise geographic location of your device when you use our services. We collect this information with your consent where required by law. You can withdraw your consent at any time by adjusting your device settings to disable location sharing.
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
PayPal has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Geolocation data: Such as Global Positioning System ("GPS"), which we may collect with your consent if you have an account for financial Services, and IP-based geolocation data during your user experience or based on your mobile application settings. [...] If you agree to let us track your precise geolocation, we can customize our Services by personalizing language and content such as providing location-based options, functionality or offers, ads and search results. Even if you don't allow us to track your precise location, we may still use your address to send you location-based options recommended by businesses that are near your address. In addition, we will use precise geolocation to enhance the security of the Sites and Services. We collect precise geolocation data from Users while they are logged into their financial account.— Excerpt from PayPal's PayPal Privacy Statement
REGULATORY LANDSCAPE: This provision engages CCPA/CPRA, which treats precise geolocation as sensitive personal information subject to opt-out rights, and GDPR, which requires a lawful basis for processing location data. The California Privacy Protection Agency and EU/UK national supervisory authorities are the relevant enforcement authorities. Washington's My Health MY Data Act also covers precise geolocation data collected in connection with consumer health-related inferences, which may be relevant if location data informs health-related advertising. GOVERNANCE EXPOSURE: Medium. The statement that precise geolocation is collected from users while logged into their financial account, combined with its use for advertising personalization and security, requires that the consent obtained for geolocation is sufficiently specific and revocable. The dual use of geolocation for both security (which may be characterized as a legitimate interest or contractual necessity) and advertising (which requires consent or opt-out under CCPA) should be addressed in separate consent mechanisms. JURISDICTION FLAGS: California (CCPA/CPRA sensitive personal information opt-out), Washington (My Health MY Data Act), and EU/EEA and UK (GDPR lawful basis for location data) create heightened exposure. Illinois BIPA is not directly implicated but the combination of biometric and precise geolocation data creates an aggregated sensitivity profile. CONTRACT AND VENDOR IMPLICATIONS: If precise geolocation data is passed to advertising partners or Partners and Merchants for location-based targeting, vendor agreements should specify the scope of location data shared and confirm that downstream use is consistent with the consent obtained from users. COMPLIANCE CONSIDERATIONS: Compliance teams should (1) confirm that consent flows for precise geolocation collection are specific to financial account security use cases and separately address advertising personalization; (2) audit mobile application settings to ensure geolocation collection can be revoked independently by users; (3) assess whether CCPA sensitive personal information opt-out notices for precise geolocation are implemented; and (4) review whether geolocation data passed to advertising partners is covered by applicable data processing agreements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The statement asserts that precise geolocation data is collected while users are logged into their financial account, meaning location tracking occurs during active financial account sessions even if not explicitly initiated by the user for a specific transaction.
Under this provision, PayPal collects GPS-based precise location data during active financial account sessions for security and personalization purposes; California residents and EU/UK users have rights to restrict or opt out of precise geolocation tracking, which can be managed through mobile application settings and account privacy preferences.
ConductAtlas has identified this type of provision across 6 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by PayPal.