PayPal may collect your precise GPS location with your consent while you are logged into your account, and states it collects precise geolocation data from users while they are logged into their financial account to enhance security and personalize services.
This analysis describes what PayPal's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The statement asserts that precise geolocation data is collected while users are logged into their financial account, meaning location tracking occurs during active financial account sessions even if not explicitly initiated by the user for a specific transaction.
Under this provision, PayPal collects GPS-based precise location data during active financial account sessions for security and personalization purposes; California residents and EU/UK users have rights to restrict or opt out of precise geolocation tracking, which can be managed through mobile application settings and account privacy preferences.
How other platforms handle this
Geolocation Information
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
PayPal has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Geolocation data: Such as Global Positioning System ("GPS"), which we may collect with your consent if you have an account for financial Services, and IP-based geolocation data during your user experience or based on your mobile application settings. [...] If you agree to let us track your precise geolocation, we can customize our Services by personalizing language and content such as providing location-based options, functionality or offers, ads and search results. Even if you don't allow us to track your precise location, we may still use your address to send you location-based options recommended by businesses that are near your address. In addition, we will use precise geolocation to enhance the security of the Sites and Services. We collect precise geolocation data from Users while they are logged into their financial account.— Excerpt from PayPal's PayPal Privacy Statement
REGULATORY LANDSCAPE: This provision engages CCPA/CPRA, which treats precise geolocation as sensitive personal information subject to opt-out rights, and GDPR, which requires a lawful basis for processing location data. The California Privacy Protection Agency and EU/UK national supervisory authorities are the relevant enforcement authorities. Washington's My Health MY Data Act also covers precise geolocation data collected in connection with consumer health-related inferences, which may be relevant if location data informs health-related advertising. GOVERNANCE EXPOSURE: Medium. The statement that precise geolocation is collected from users while logged into their financial account, combined with its use for advertising personalization and security, requires that the consent obtained for geolocation is sufficiently specific and revocable. The dual use of geolocation for both security (which may be characterized as a legitimate interest or contractual necessity) and advertising (which requires consent or opt-out under CCPA) should be addressed in separate consent mechanisms. JURISDICTION FLAGS: California (CCPA/CPRA sensitive personal information opt-out), Washington (My Health MY Data Act), and EU/EEA and UK (GDPR lawful basis for location data) create heightened exposure. Illinois BIPA is not directly implicated but the combination of biometric and precise geolocation data creates an aggregated sensitivity profile. CONTRACT AND VENDOR IMPLICATIONS: If precise geolocation data is passed to advertising partners or Partners and Merchants for location-based targeting, vendor agreements should specify the scope of location data shared and confirm that downstream use is consistent with the consent obtained from users. COMPLIANCE CONSIDERATIONS: Compliance teams should (1) confirm that consent flows for precise geolocation collection are specific to financial account security use cases and separately address advertising personalization; (2) audit mobile application settings to ensure geolocation collection can be revoked independently by users; (3) assess whether CCPA sensitive personal information opt-out notices for precise geolocation are implemented; and (4) review whether geolocation data passed to advertising partners is covered by applicable data processing agreements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The statement asserts that precise geolocation data is collected while users are logged into their financial account, meaning location tracking occurs during active financial account sessions even if not explicitly initiated by the user for a specific transaction.
Under this provision, PayPal collects GPS-based precise location data during active financial account sessions for security and personalization purposes; California residents and EU/UK users have rights to restrict or opt out of precise geolocation tracking, which can be managed through mobile application settings and account privacy preferences.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by PayPal.