What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This notice engages the California Consumer Privacy Act as amended by the CPRA, enforced by the California Privacy Protection Agency and the California Attorney General. It also engages comprehensive state privacy statutes in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other enacted state frameworks. Biometric data collection practices implicate the Illinois Biometric Information Privacy Act (BIPA) and similar statutes in Texas (CUBI) and W…

How does Walmart's Walmart Privacy Policy affect users?

The policy establishes that Walmart collects and retains purchase history, location data, browsing activity, financial information, and inferences about consumer preferences, and authorizes transmission of this data to advertising partners through Walmart Connect and other recipients. Under California law and comparable state privacy statutes, consumers in those jurisdictions may submit requests through https://www.walmart.com/account/privacy or 1-800-925-6278 to opt out of data sales or sharin…

How often is Walmart's Walmart Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Walmart updates this document?

Yes. Monitor subscribers ($19/month) can add Walmart to their watchlist and receive same-day email alerts whenever this document or any other Walmart document changes.

CA-D-000617

Walmart Privacy Policy

Walmart

Last change detected May 5, 2026 Privacy policy

SHA-256: 05593129da1e8d58bdf… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Walmart ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

3 High severity

4 Medium severity

0 Low severity

Summary

Walmart's privacy policy establishes the categories of personal information collected from customers across store and online channels, including purchase history, location data, browsing activity, financial information, and biometric identifiers, and authorizes disclosure of this information to advertising, analytics, and financial partners through Walmart Connect and other third parties. The policy permits data sharing that may constitute a sale or sharing of personal information under California law and comparable state privacy statutes. Residents of California and states with comprehensive privacy laws are authorized to submit requests to limit data sharing, opt out of data sales, access collected data, or request deletion through Walmart's privacy rights portal at https://www.walmart.com/account/privacy or by telephone at 1-800-925-6278.

Technical / Legal Breakdown

This document is Walmart's Customer Privacy Notice (Online and In-Store), published August 1, 2025, governing the collection, use, sharing, and retention of personal information from customers who interact with Walmart's retail stores, websites, mobile applications, and related services across the United States. The notice states that Walmart collects identifiers (name, address, email, phone number, government ID numbers), financial information (payment card data, bank account details), commercial information (purchase history, product returns), geolocation data, internet and network activity (browsing history on Walmart platforms, search queries, interactions with advertisements), inferences drawn from consumer profiles, biometric identifiers in certain contexts, and audio/visual information from in-store cameras. The notice authorizes sharing of personal information with service providers, advertising and analytics partners, data brokers operating within Walmart's Connect advertising platform (Walmart Connect), and third-party financial partners, and states that certain data sharing with advertising partners may constitute a 'sale' or 'sharing' of personal information under California law, requiring opt-out mechanisms. The notice engages the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), with the California Privacy Protection Agency (CPPA) as enforcement authority, and also references state privacy laws in Virginia, Colorado, Connecticut, Texas, and other states that have enacted comprehensive consumer privacy legislation, with consumer rights varying by jurisdiction. Compliance teams should evaluate the scope of Walmart Connect's advertising data practices, the adequacy of opt-out mechanisms for data sale and sharing, and data retention schedules disclosed in the notice, particularly for biometric data subject to Illinois BIPA and similar state biometric privacy statutes.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 3 provisions

Data Sale and Sharing via Walmart Connect Compare →

Walmart shares customer data including browsing activity, purchase history, and inferences with advertising partners through Walmart Connect, and acknowledges this may count as selling your data under California law, giving California residents the right to opt out.

Added May 12, 2026 Standard Seen across 252 platforms
Biometric Identifier Collection Compare →

Walmart states it collects biometric identifiers such as facial geometry through in-store camera systems in certain locations, and retains this data for a limited period before destroying it in compliance with applicable state laws.

Added May 12, 2026 Standard Seen across 284 platforms
Sensitive Personal Information Handling Compare →

Walmart collects sensitive categories of personal information including government ID numbers, health and pharmacy data, precise location, and financial account details, and states it limits the use of this data to purposes disclosed in the notice and permitted by law.

Added May 12, 2026 Standard Seen across 284 platforms

Medium — 4 provisions

Consumer Privacy Rights (State-Specific) Compare →

The policy states that depending on your state of residence, you may have rights to access, delete, correct, and obtain a copy of your personal data, opt out of data sales and targeted advertising, and appeal Walmart's decisions on your privacy requests.

Added May 12, 2026 Standard Seen across 284 platforms
Data Retention Compare →

Walmart states it retains personal information as long as needed for business purposes, legal compliance, dispute resolution, and contract enforcement, using factors like data sensitivity and legal requirements to set retention periods without specifying fixed timelines in this section.

Added May 12, 2026 Standard Seen across 284 platforms
Children's Privacy (Minors Under 16) Compare →

Walmart states it does not knowingly collect data from children under 13, and requires affirmative opt-in consent before selling or sharing data of California residents aged 13 to 15.

Added May 12, 2026 Standard Seen across 284 platforms
Third-Party Financial Partner Data Sharing Compare →

Walmart states it shares customer personal information with co-branded credit card issuers and other financial partners for joint financial products, and those partners' own privacy notices govern how they use the shared data.

Added May 12, 2026 Standard Seen across 252 platforms