Federal law requires Stash to provide a separate Privacy Notice about how it collects and shares your nonpublic personal financial information; this notice is linked in the policy and covers additional rights and limitations not fully described in the main privacy policy.
This analysis describes what Stash's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The GLBA Privacy Notice contains legally required disclosures about financial data sharing with nonaffiliated third parties and your right to opt out of certain sharing arrangements that are separate from and additional to the rights described in the main privacy policy.
You should read Stash's separate GLBA Privacy Notice (linked in the policy) in addition to this privacy policy, as it contains federally required disclosures about financial data sharing and may include opt-out rights for sharing your financial information with unaffiliated companies.
How other platforms handle this
enableGpcSdk: true, gpcSetting: { privacyPolicyLink: '/Privacy-Security-Policy-a-282.html' }
We process Global Privacy Control signals as opt-out requests for the sale or sharing of personal information.
The Service is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your cons...
Monitoring
Stash has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"In addition to the information provided in this Privacy Policy, Stash is required by federal law to provide consumers with information regarding our collection and sharing of nonpublic personal information. Please see our Privacy Notice for more information.— Excerpt from Stash's Stash Privacy Policy
REGULATORY LANDSCAPE: The Gramm-Leach-Bliley Act requires financial institutions to provide annual privacy notices to customers describing their information sharing practices and to provide an opt-out right for sharing nonpublic personal information with nonaffiliated third parties in certain circumstances. The FTC and federal banking regulators (including the SEC for registered investment advisers and FINRA for broker-dealers) have authority over GLBA Privacy Notice compliance. The notice must be provided at account opening and annually thereafter. GOVERNANCE EXPOSURE: Medium. The existence of a separate GLBA Privacy Notice means that Stash's complete data sharing disclosure framework spans two documents, which increases the risk that consumers will not read both and may not understand the full scope of sharing. Compliance teams must ensure the GLBA Notice is current, accurately reflects actual sharing practices, and is delivered to customers at the required intervals. JURISDICTION FLAGS: GLBA applies to all US-based financial institutions and is a federal requirement with no state-level variation in its core obligations, though state law may impose additional or stricter requirements on top of GLBA minimums. Stash's multi-affiliate structure (investment adviser, broker-dealer, banking, insurance) means GLBA obligations may apply across multiple regulated entities and must be coordinated. CONTRACT AND VENDOR IMPLICATIONS: Sharing arrangements with nonaffiliated third parties that are described in the GLBA Privacy Notice must be consistent with the opt-out rights provided to consumers. If consumers have exercised opt-out rights under the GLBA Notice, those elections must be honored in vendor data sharing arrangements. Coordination between the privacy policy and the GLBA Notice is necessary to avoid inconsistent disclosures. COMPLIANCE CONSIDERATIONS: Legal teams should verify that the GLBA Privacy Notice linked in the policy is current and that annual delivery to existing customers is operationally implemented. The Notice should be reviewed alongside the privacy policy to identify any inconsistencies in disclosed sharing practices. Opt-out mechanisms described in the GLBA Notice should be tested for operational completeness.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The GLBA Privacy Notice contains legally required disclosures about financial data sharing with nonaffiliated third parties and your right to opt out of certain sharing arrangements that are separate from and additional to the rights described in the main privacy policy.
You should read Stash's separate GLBA Privacy Notice (linked in the policy) in addition to this privacy policy, as it contains federally required disclosures about financial data sharing and may include opt-out rights for sharing your financial information with unaffiliated companies.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stash.