Stash · Stash Privacy Policy · View original document ↗

Geolocation and Device Data Collection

Medium severity Low confidence Inferredfromcontext Rare · 3 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Stash Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Stash collects geolocation data and device identifiers from users of its mobile application and website, which may include precise location information depending on device permissions granted.

This analysis describes what Stash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Geolocation data collected through a financial app can reveal sensitive patterns about your daily life, routine, and physical location, and its sharing with third-party analytics vendors may extend beyond what users expect when using an investment platform.

Interpretive note: The policy document as provided does not contain the full geolocation-specific disclosure text; the characterization of geolocation collection is inferred from standard mobile app privacy policy practices and partial document text, and the exact scope of location data collection requires review of the complete policy.

Clause Stability Stable

0
Changes
3
Months Monitored
May 9, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

If you grant location permissions to the Stash app, precise geolocation data may be collected and used for analytics purposes; you can limit this by reviewing and adjusting location permissions in your device settings.

How other platforms handle this

Bumble Medium

Geolocation Information

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Strava Medium

If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.

See all platforms with this clause type →

Monitoring

Stash has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
We may collect information derived or resulting from voluntary surveys.

— Excerpt from Stash's Stash Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Several US states have enacted or proposed specific protections for geolocation data, recognizing it as a sensitive category. California's CPRA designates precise geolocation data as sensitive personal information, which is subject to additional disclosure requirements and a separate opt-out right for its collection and use. The FTC has issued guidance on the sensitivity of location data and its potential for revealing intimate details about consumers' lives. The FTC Act Section 5 applies to material misrepresentations about location data practices. GOVERNANCE EXPOSURE: Medium. If precise geolocation data is shared with third-party analytics or marketing partners, CPRA's sensitive personal information framework requires that consumers be informed and given the right to limit the use of this data. The policy's general disclosure of analytics and marketing sharing may not be specific enough to satisfy CPRA's heightened requirements for sensitive data categories. JURISDICTION FLAGS: California (CPRA sensitive personal information opt-out), Colorado (Colorado Privacy Act sensitive data provisions), Virginia (Consumer Data Protection Act sensitive data provisions), and other states with comprehensive privacy laws treat geolocation data as a sensitive category requiring specific handling. The breadth of state-level geolocation protections is increasing. CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics vendors receiving geolocation data must be subject to appropriate data processing agreements that limit use to disclosed purposes and prohibit secondary use or onward sharing. Given regulatory scrutiny of location data brokers, vendor due diligence for geolocation data recipients is particularly important. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm whether precise geolocation data is classified as sensitive personal information under CPRA and whether the required disclosure and opt-out mechanism are in place. Data minimization practices for location data should be reviewed to ensure collection is limited to what is necessary for disclosed purposes. The policy should be evaluated to confirm that geolocation data sharing with third parties is explicitly disclosed.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has enforcement authority and has issued guidance specifically addressing the collection and sharing of precise geolocation data as a potentially unfair or deceptive practice.
    File a complaint →
  • State AG
    California's Privacy Protection Agency and other state attorneys general have authority over sensitive personal information handling, including precise geolocation data under CPRA and analogous state privacy laws.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FCRA
United States Federal
FTC Act Section 5
United States Federal
GLBA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Stash Privacy Policy
Entity
Stash
Document last updated
March 14, 2026
Tracking information
First tracked
March 15, 2026
Last verified
May 9, 2026
Record ID
CA-P-007864
Document ID
CA-D-00061
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
c314a917a32611f62e28ff71b79a50309bf3c87dea6cc7bd197833b0719565f8
Analysis generated
March 15, 2026 10:51 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Stash
Document: Stash Privacy Policy
Record ID: CA-P-007864
Captured: 2026-03-15 10:51:58 UTC
SHA-256: c314a917a32611f6…
URL: https://conductatlas.com/platform/stash/stash-privacy-policy/geolocation-and-device-data-collection/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Stash's Geolocation and Device Data Collection clause do?

Geolocation data collected through a financial app can reveal sensitive patterns about your daily life, routine, and physical location, and its sharing with third-party analytics vendors may extend beyond what users expect when using an investment platform.

How does this clause affect you?

If you grant location permissions to the Stash app, precise geolocation data may be collected and used for analytics purposes; you can limit this by reviewing and adjusting location permissions in your device settings.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.

Is ConductAtlas affiliated with Stash?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stash.