Public shares your personal and financial data with a range of outside companies that help run its business, including companies handling marketing, payments, and data analysis, as well as related companies in the Public corporate family.
This analysis describes what Public.com's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of permitted sharing, which includes marketing assistance providers and unspecified affiliates, means your sensitive financial data may reach organizations beyond Public's direct control, and the policy does not exhaustively name all recipients.
Interpretive note: Whether marketing-related data sharing constitutes a CCPA 'sale' or 'sharing for cross-context behavioral advertising' depends on the specific nature of the data flows, which the policy does not detail with sufficient specificity to resolve.
Your financial data, including trading history and account information, may be shared with third-party marketing vendors and affiliates. The policy does not list specific recipients, making it difficult to assess the full scope of who may receive your information.
How other platforms handle this
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
Google có thể cần cung cấp thông tin cá nhân của bạn, chẳng hạn như tên và địa chỉ email của bạn, cho Nhà cung cấp để xử lý giao dịch của bạn hoặc cung cấp Nội dung cho bạn. Các Nhà cung cấp đồng ý sử dụng thông tin này theo chính sách bảo mật của họ.
Monitoring
Public.com has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share information with our affiliates for business and operational purposes.— Excerpt from Public.com's Public.com Privacy Policy
REGULATORY LANDSCAPE: Sharing of customer financial information by a registered broker-dealer with third parties is governed by SEC Regulation S-P and GLBA, both of which require appropriate safeguards and, in some cases, contractual commitments from recipients. The updated GLBA Safeguards Rule (effective 2023 for most non-bank financial institutions) requires written contracts with service providers specifying required security practices. CCPA/CPRA requires disclosure of categories of third parties receiving personal information and, depending on whether data sharing constitutes a 'sale' or 'sharing for cross-context behavioral advertising,' may require an opt-out mechanism. The FTC and SEC are primary enforcement authorities. GOVERNANCE EXPOSURE: Medium. The inclusion of 'marketing assistance' among permitted sharing purposes is notable in the context of sensitive financial data. Whether this sharing constitutes CCPA 'sharing' for cross-context behavioral advertising purposes requires a legal determination based on the specific nature of the data flows, which is not resolved by the policy text alone. JURISDICTION FLAGS: California residents have specific rights to opt out of sale and sharing of personal information under CCPA/CPRA, and the policy should clearly identify whether marketing-related data transfers qualify as 'sharing' under that statute. Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have similar opt-out rights that may apply. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should confirm that all service providers receiving personal financial data are bound by written data processing agreements that meet Regulation S-P and GLBA standards. The reference to 'affiliates' requires a clear corporate map to determine whether affiliate data transfers require separate notice or consent under applicable law. COMPLIANCE CONSIDERATIONS: A data flow mapping exercise is recommended to identify all third-party recipients by category and confirm that the policy's disclosures are accurate and complete. If any marketing-related data transfers involve the use of personal information for cross-context behavioral advertising, opt-out mechanisms must be implemented and disclosed consistent with CCPA/CPRA.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of permitted sharing, which includes marketing assistance providers and unspecified affiliates, means your sensitive financial data may reach organizations beyond Public's direct control, and the policy does not exhaustively name all recipients.
Your financial data, including trading history and account information, may be shared with third-party marketing vendors and affiliates. The policy does not list specific recipients, making it difficult to assess the full scope of who may receive your information.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Public.com.