Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': "California's Privacy Protection Agency and state attorneys general in states with GPC-honoring requirements have enforcement authority over compliance with universal opt-out signal obligations.", 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Do Not Track Non-Response clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Do Not Track Non-Response clauses across approximately 5 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Do Not Track Non-Response — Stash

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Stash Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Stash's website and platform will not honor the Do Not Track signal sent by your web browser, meaning tracking technologies will continue to operate regardless of this browser setting.

ⓘ

This analysis describes what Stash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Several US states have enacted or are implementing universal opt-out signal requirements that go beyond the legacy Do Not Track standard; Stash's policy of not responding to browser-level signals may require re-evaluation as these requirements expand.

⚠

Interpretive note: The policy addresses legacy Do Not Track signals but does not explicitly address whether Stash honors Global Privacy Control signals, which are legally distinct and required under CPRA and other state privacy laws; the compliance posture for GPC is ambiguous based on the policy text alone.

Consumer impact (what this means for users)

Even if your browser is set to send a Do Not Track signal, Stash will continue to use tracking technologies including cookies, pixels, and similar tools to collect behavioral and usage data from your sessions on the Stash platform.

Cross-platform context

See how other platforms handle Do Not Track Non-Response and similar clauses.

Compare across platforms →

Monitoring

Stash has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Stash does not respond to general web browser "Do Not Track" settings and/or signals.

— Excerpt from Stash's Stash Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: The California Consumer Privacy Act as amended by the CPRA requires businesses to treat a user-enabled global privacy control (GPC) as a valid opt-out of sale or sharing of personal information; this obligation is distinct from and broader than the legacy Do Not Track standard. The Colorado Privacy Act and Connecticut's privacy law have similar GPC-honoring requirements. Stash's stated policy of not responding to Do Not Track signals may require evaluation against CPRA GPC requirements, as the two mechanisms are related but legally distinct. The California Privacy Protection Agency enforces GPC compliance. GOVERNANCE EXPOSURE: Medium. If Stash's non-response posture extends to GPC signals and not just legacy Do Not Track, this may create CPRA compliance exposure. The policy's language refers specifically to Do Not Track and does not address GPC separately, creating ambiguity about Stash's GPC posture. JURISDICTION FLAGS: California (CPRA GPC requirement), Colorado (Colorado Privacy Act), and Connecticut (Connecticut Data Privacy Act) have the most clearly established GPC-honoring obligations. Other states may follow as comprehensive privacy laws take effect. CONTRACT AND VENDOR IMPLICATIONS: If analytics or advertising vendors place tracking technologies on the Stash platform, those vendors' tracking activities may also need to be suppressed in response to valid GPC signals. Vendor agreements should address GPC compliance obligations and the allocation of responsibility for technical implementation. COMPLIANCE CONSIDERATIONS: Legal teams should confirm whether Stash's technical infrastructure honors GPC signals (as distinct from Do Not Track) for California and other applicable state residents, and update the policy to clarify Stash's GPC posture. If GPC signals are not currently honored, a technical and policy remediation plan may be required to achieve CPRA compliance.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

State AG

California's Privacy Protection Agency and state attorneys general in states with GPC-honoring requirements have enforcement authority over compliance with universal opt-out signal obligations.
File a complaint →

Provision details

Document information

Document

Stash Privacy Policy

Entity

Stash

Document last updated

March 14, 2026

Tracking information

First tracked

March 15, 2026

Last verified

May 9, 2026

Record ID

CA-P-007862

Document ID

CA-D-00061

Evidence Provenance

Source URL

https://www.stash.com/theprivacypolicy

Wayback Machine

View archived versions →

Content hash (SHA-256)

c314a917a32611f62e28ff71b79a50309bf3c87dea6cc7bd197833b0719565f8

Analysis generated

March 15, 2026 10:51 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Stash
Document: Stash Privacy Policy
Record ID: CA-P-007862
Captured: 2026-03-15 10:51:58 UTC
SHA-256: c314a917a32611f6…
URL: https://conductatlas.com/platform/stash/stash-privacy-policy/do-not-track-non-response/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Anonymized Data Carve-Out medium
Selfie and Government ID Collection for Identity Verification medium
Third-Party Data Sharing for Marketing and Analytics medium
Bank Account Credential Collection high
California Residents Privacy Rights (CCPA/CPRA) medium
Customer Service Call Recording low

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Stash's Do Not Track Non-Response clause do?

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 5 platforms. See the full comparison.

Is ConductAtlas affiliated with Stash?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stash.