Public keeps your personal data for as long as it needs to for business purposes, legal compliance, and dispute resolution, without specifying exact timeframes for most data categories.
This analysis describes what Public.com's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The absence of specific retention periods for sensitive financial and identity data means Public may retain your SSN, trading history, and financial account information for an indeterminate period after you close your account.
Interpretive note: The policy does not specify retention periods by data category, making it unclear how long specific types of sensitive data are retained after account closure, and whether the retention is driven by regulatory requirements or internal business practices.
Your sensitive personal and financial data may be retained by Public for an extended and unspecified period after you stop using the service, particularly if legal or regulatory requirements apply, which are common in the broker-dealer context.
How other platforms handle this
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
Monitoring
Public.com has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, or for as long as necessary to resolve disputes and enforce our agreements.— Excerpt from Public.com's Public.com Privacy Policy
REGULATORY LANDSCAPE: SEC and FINRA rules impose specific recordkeeping retention periods for broker-dealer customer records, which may require Public to retain certain account and transaction data for six years or longer regardless of user deletion requests. This creates a regulatory tension with CCPA/CPRA deletion rights, which include carve-outs for data retention required by law. The policy's vague retention language is consistent with this regulatory complexity but may not provide users with adequate transparency about what data is retained and for how long. GOVERNANCE EXPOSURE: Medium. Vague retention language creates compliance exposure if users submit deletion requests and are refused on the basis of undefined legal requirements without specific explanation. CPPA has indicated that businesses must be specific about why data is retained when a deletion request is denied. JURISDICTION FLAGS: California CPRA requires businesses to disclose retention periods or the criteria used to determine them for each category of personal information. A generic 'as long as necessary' formulation may not satisfy this disclosure requirement. Virginia, Colorado, and Connecticut privacy laws contain similar disclosure requirements. CONTRACT AND VENDOR IMPLICATIONS: Service providers retaining data on behalf of Public should have contracts specifying retention schedules and deletion obligations consistent with both regulatory requirements and user rights. Without defined retention periods, vendor contract compliance is difficult to audit. COMPLIANCE CONSIDERATIONS: Compliance teams should develop and document category-specific retention schedules that distinguish between data retained for regulatory compliance (and thus exempt from CCPA deletion) and data retained for business purposes (and thus subject to deletion rights). These schedules should be reflected in the privacy policy to satisfy CPRA's disclosure requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The absence of specific retention periods for sensitive financial and identity data means Public may retain your SSN, trading history, and financial account information for an indeterminate period after you close your account.
Your sensitive personal and financial data may be retained by Public for an extended and unspecified period after you stop using the service, particularly if legal or regulatory requirements apply, which are common in the broker-dealer context.
ConductAtlas has identified this type of provision across 136 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Public.com.