Stash collects geolocation data and device identifiers from users of its mobile application and website, which may include precise location information depending on device permissions granted.
This analysis describes what Stash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Geolocation data collected through a financial app can reveal sensitive patterns about your daily life, routine, and physical location, and its sharing with third-party analytics vendors may extend beyond what users expect when using an investment platform.
Interpretive note: The policy document as provided does not contain the full geolocation-specific disclosure text; the characterization of geolocation collection is inferred from standard mobile app privacy policy practices and partial document text, and the exact scope of location data collection requires review of the complete policy.
If you grant location permissions to the Stash app, precise geolocation data may be collected and used for analytics purposes; you can limit this by reviewing and adjusting location permissions in your device settings.
How other platforms handle this
Geolocation Information
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Stash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect information derived or resulting from voluntary surveys.— Excerpt from Stash's Stash Privacy Policy
REGULATORY LANDSCAPE: Several US states have enacted or proposed specific protections for geolocation data, recognizing it as a sensitive category. California's CPRA designates precise geolocation data as sensitive personal information, which is subject to additional disclosure requirements and a separate opt-out right for its collection and use. The FTC has issued guidance on the sensitivity of location data and its potential for revealing intimate details about consumers' lives. The FTC Act Section 5 applies to material misrepresentations about location data practices. GOVERNANCE EXPOSURE: Medium. If precise geolocation data is shared with third-party analytics or marketing partners, CPRA's sensitive personal information framework requires that consumers be informed and given the right to limit the use of this data. The policy's general disclosure of analytics and marketing sharing may not be specific enough to satisfy CPRA's heightened requirements for sensitive data categories. JURISDICTION FLAGS: California (CPRA sensitive personal information opt-out), Colorado (Colorado Privacy Act sensitive data provisions), Virginia (Consumer Data Protection Act sensitive data provisions), and other states with comprehensive privacy laws treat geolocation data as a sensitive category requiring specific handling. The breadth of state-level geolocation protections is increasing. CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics vendors receiving geolocation data must be subject to appropriate data processing agreements that limit use to disclosed purposes and prohibit secondary use or onward sharing. Given regulatory scrutiny of location data brokers, vendor due diligence for geolocation data recipients is particularly important. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm whether precise geolocation data is classified as sensitive personal information under CPRA and whether the required disclosure and opt-out mechanism are in place. Data minimization practices for location data should be reviewed to ensure collection is limited to what is necessary for disclosed purposes. The policy should be evaluated to confirm that geolocation data sharing with third parties is explicitly disclosed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Geolocation data collected through a financial app can reveal sensitive patterns about your daily life, routine, and physical location, and its sharing with third-party analytics vendors may extend beyond what users expect when using an investment platform.
If you grant location permissions to the Stash app, precise geolocation data may be collected and used for analytics purposes; you can limit this by reviewing and adjusting location permissions in your device settings.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stash.