What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages with multiple overlapping frameworks. The Gramm-Leach-Bliley Act (GLBA) and SEC Regulation S-P impose mandatory privacy notice and safeguarding obligations on broker-dealers and investment advisers, and Public's registered entities are subject to these rules independently of what the policy text asserts. The California Consumer Privacy Act (CCPA) as amended by CPRA grants California residents rights to access, delete, correct, and opt out of sale or sha…

How does Public.com's Public.com Privacy Policy affect users?

The policy establishes that Public.com collects and retains sensitive personal and financial data as a condition of account operation, with authorization to share this information across service providers and affiliates for service delivery and marketing purposes. Users may opt out of marketing-related data sharing and request data deletion by contacting support@public.com or using the privacy request mechanisms specified in the policy; without such requests, data sharing occurs under the defau…

How often is Public.com's Public.com Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Public.com updates this document?

Yes. Watcher subscribers ($9.99/month) can add Public.com to their watchlist and receive same-day email alerts whenever this document or any other Public.com document changes.

CA-D-000059

Public.com Privacy Policy

Public.com

Last change detected May 6, 2026 Privacy policy

SHA-256: 10c1c87a5f2ac130d62… 3 versions captured 2 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Public.com ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

0 High severity

6 Medium severity

2 Low severity

Summary

This document establishes Public.com's data collection, use, retention, and disclosure practices for personal and financial information collected through its investment platform. The policy authorizes collection of sensitive data including Social Security numbers, bank account details, government identification, and trading history, with provisions permitting disclosure to service providers, affiliates, and third parties for operational and marketing purposes. California residents are granted rights to request data deletion and opt out of personal information sales or sharing through specified contact mechanisms.

Technical / Legal Breakdown

This document is Public.com's privacy policy, governing the collection, use, and sharing of personal information across its investment platform, which offers equities, crypto, options, bonds, IRAs, and related financial services, operating under general U.S. consumer privacy law and financial services regulatory frameworks. The policy states that Public collects identifiable information including name, Social Security number, government ID, financial account details, trading activity, device identifiers, location data, and communications content; the terms authorize use of this data for account management, marketing, analytics, and sharing with third-party service providers, affiliates, and financial industry partners. A notable provision permits sharing of personal information with third parties for marketing purposes, though the policy states users may opt out; the policy also reserves broad rights to use aggregated and de-identified data without restriction, and the scope of 'service providers' is not narrowly defined, which is common in this industry but worth reviewing given the sensitivity of financial data involved. The policy engages with the California Consumer Privacy Act (CCPA) and its amendment under CPRA, granting California residents specific rights including access, deletion, and opt-out of data sale or sharing; it also references Regulation S-P, which governs the privacy of customer financial information for SEC-registered broker-dealers, and the Gramm-Leach-Bliley Act (GLBA), which imposes notice and safeguarding obligations on financial institutions. Compliance teams should note that Public operates as or through registered broker-dealer and investment adviser entities subject to SEC and FINRA oversight, meaning data handling obligations under Regulation S-P may layer on top of general privacy policy assertions in ways that create distinct obligations beyond what the policy text alone conveys.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

2 important changes detected

3 versions captured · Last updated: May 2026

May 6, 2026

low

What changed Public.com made a minor editorial change to its privacy policy on May 6, 2026, removing the text 'Home' from the document header. This appears to be a formatting or navigation adjustment rather than a substantive change to privacy practices or user rights. The policy itself remains unchanged.

Why this matters This change is a minor editorial adjustment to the privacy policy document header and does not materially affect what data Public.com collects, how it uses your information, or your privacy rights. No action is required on your part.

View full change record →

March 8, 2026

low

What changed Public.com's privacy policy was updated on March 8, 2026, but the change detected is purely structural: the word 'Home' was added to the top of the document before the 'Privacy Policy' heading. This is a formatting or navigation update, not a change to the actual privacy terms or how your data is handled. You do not need to review your settings or rights; the policy's substance remains the same.

Why this matters This change has no material impact on your privacy rights, data handling, or the terms you agreed to. The update is a navigation or formatting adjustment to how the privacy policy page is structured, not a change to the actual policy language. No action is required on your part.

View full change record →

Medium — 6 provisions

Collection of Sensitive Financial and Identity Data Compare →

Public collects highly sensitive personal information when you sign up and use its platform, including your Social Security number, government ID, and financial account details.

Added May 7, 2026 Standard Seen across 251 platforms
Third-Party Data Sharing with Service Providers and Affiliates Compare →

Public shares your personal and financial data with a range of outside companies that help run its business, including companies handling marketing, payments, and data analysis, as well as related companies in the Public corporate family.

Added May 10, 2026 Standard Seen across 246 platforms
California Consumer Privacy Rights (CCPA/CPRA) Compare →

If you live in California, you have specific legal rights to see what data Public has collected about you, ask for it to be deleted, and stop Public from selling or sharing your information for advertising purposes.

Added May 10, 2026 Standard Seen across 262 platforms
Aggregated and De-Identified Data Use Compare →

Public can share data that has been stripped of personal identifiers with outside companies for purposes like research and marketing, and this sharing is not subject to the same restrictions as personal data.

Added May 10, 2026 Standard Seen across 189 platforms
Automatic Data Collection via Tracking Technologies Compare →

Public automatically collects technical information about how you use its platform, including your IP address, the pages you visit, how long you stay, and data gathered through cookies and tracking pixels.

Added May 10, 2026 Standard Seen across 251 platforms
Data Retention Compare →

Public keeps your personal data for as long as it needs to for business purposes, legal compliance, and dispute resolution, without specifying exact timeframes for most data categories.

Added May 10, 2026 Standard Seen across 223 platforms

Low — 2 provisions

Marketing Communications and Opt-Out Compare →

Public may send you marketing emails and other promotional messages, including offers from partner companies, but you can unsubscribe by using the opt-out link in those messages or by contacting Public directly.

Added May 10, 2026 Standard Seen across 262 platforms
Law Enforcement and Legal Disclosure Compare →

Public can share your personal financial data with law enforcement or government agencies when it believes a law or legal process requires it, including for national security purposes.

Added May 10, 2026 Standard Seen across 246 platforms