Stash collects geolocation data and device identifiers from users of its mobile application and website, which may include precise location information depending on device permissions granted.
This analysis describes what Stash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Geolocation data collected through a financial app can reveal sensitive patterns about your daily life, routine, and physical location, and its sharing with third-party analytics vendors may extend beyond what users expect when using an investment platform.
Interpretive note: The policy document as provided does not contain the full geolocation-specific disclosure text; the characterization of geolocation collection is inferred from standard mobile app privacy policy practices and partial document text, and the exact scope of location data collection requires review of the complete policy.
If you grant location permissions to the Stash app, precise geolocation data may be collected and used for analytics purposes; you can limit this by reviewing and adjusting location permissions in your device settings.
How other platforms handle this
Geolocation data, such as device location. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer's interaction with an internet website, application, or advertisement. Device identifiers, such as IP address, unique d...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
We collect precise geolocation data when you use our mobile application or enable location services on your device. We use this information to provide location-based services, improve our services, and for marketing purposes.
Monitoring
Stash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect information derived or resulting from voluntary surveys.— Excerpt from Stash's Stash Privacy Policy
REGULATORY LANDSCAPE: Several US states have enacted or proposed specific protections for geolocation data, recognizing it as a sensitive category. California's CPRA designates precise geolocation data as sensitive personal information, which is subject to additional disclosure requirements and a separate opt-out right for its collection and use. The FTC has issued guidance on the sensitivity of location data and its potential for revealing intimate details about consumers' lives. The FTC Act Section 5 applies to material misrepresentations about location data practices. GOVERNANCE EXPOSURE: Medium. If precise geolocation data is shared with third-party analytics or marketing partners, CPRA's sensitive personal information framework requires that consumers be informed and given the right to limit the use of this data. The policy's general disclosure of analytics and marketing sharing may not be specific enough to satisfy CPRA's heightened requirements for sensitive data categories. JURISDICTION FLAGS: California (CPRA sensitive personal information opt-out), Colorado (Colorado Privacy Act sensitive data provisions), Virginia (Consumer Data Protection Act sensitive data provisions), and other states with comprehensive privacy laws treat geolocation data as a sensitive category requiring specific handling. The breadth of state-level geolocation protections is increasing. CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics vendors receiving geolocation data must be subject to appropriate data processing agreements that limit use to disclosed purposes and prohibit secondary use or onward sharing. Given regulatory scrutiny of location data brokers, vendor due diligence for geolocation data recipients is particularly important. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm whether precise geolocation data is classified as sensitive personal information under CPRA and whether the required disclosure and opt-out mechanism are in place. Data minimization practices for location data should be reviewed to ensure collection is limited to what is necessary for disclosed purposes. The policy should be evaluated to confirm that geolocation data sharing with third parties is explicitly disclosed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Geolocation data collected through a financial app can reveal sensitive patterns about your daily life, routine, and physical location, and its sharing with third-party analytics vendors may extend beyond what users expect when using an investment platform.
If you grant location permissions to the Stash app, precise geolocation data may be collected and used for analytics purposes; you can limit this by reviewing and adjusting location permissions in your device settings.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stash.