Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Wealthfront's data collection, use, and retention practices across its investment, cash account, and lending products. The policy distinguishes between Users of planning tools and Clients under a Client Agreement: Clients' personal data is retained indefinitely due to regulatory recordkeeping obligations and generally cannot be deleted upon request, whereas Users may request deletion of their data. The policy permits data sharing with service providers, affiliates, and business partners for operational purposes, and establishes opt-out mechanisms for marketing communications and location tracking through account settings or support contact.
This Privacy Policy, effective December 19, 2025, is jointly issued by five Wealthfront entities (Wealthfront Corporation, Wealthfront Advisers LLC, Wealthfront Brokerage LLC, Wealthfront Home Lending LLC, and Wealthfront Software LLC) and governs the collection, use, retention, and disclosure of Personal Information for Users of free financial planning tools and Clients who enter into formal service agreements, with Financial Privacy-Covered Data additionally governed by the Gramm-Leach-Bliley Act and Wealthfront's separate Financial Privacy Notice. The policy states that Wealthfront will 'never rent, sell, or trade your Personal Information to anyone,' while the terms authorize sharing with affiliated entities, service providers performing business functions, business partners offering joint products, and third parties in connection with mergers or asset transfers; the terms also authorize periodic re-access of linked third-party financial account credentials for as long as an ACH link remains active, and disclose that biometric data (selfie photographs for identity verification) is collected from Clients with destruction required within 90 days by vendor contract. The policy asserts a distinction between Users (who may request data deletion) and Clients (whose data generally cannot be deleted due to regulatory recordkeeping obligations), which is operationally significant and narrows deletion rights considerably for most active account holders; the policy also states that cross-device tracking and browsing activity matching across devices is conducted, and that the site does not respond to Do Not Track signals. The policy engages the Gramm-Leach-Bliley Act (GLBA) and its implementing Regulation S-P, CCPA for California residents, biometric privacy laws in applicable jurisdictions (including Illinois BIPA), and FCRA in connection with home lending credit information; the policy's assertion that federal privacy laws may render state privacy laws inapplicable in certain situations is a legally contested area requiring evaluation under applicable state law, and the adequacy of international transfer protections is described only generally without specifying mechanisms such as Standard Contractual Clauses.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial1 important change detected
3 versions captured · Last updated: June 2026
This addition explicitly documents ongoing re-authorization for continuous account access beyond initial aggregation, which is a material expansion of credential access permissions.
This new provision clarifies Wealthfront's non-compliance with DNT signals and provides conditional reassurance about third-party tracking authorization, which is important for privacy-conscious users.
This provision was replaced with a more emphatic version titled 'No Selling or Trading of Personal Information' with strengthened language ('Ever'), suggesting the prior version lacked sufficient emphasis.
This provision was consolidated and replaced with the more detailed 'Ongoing Third-Party Account Credential Re-Access Authorization' provision, reducing the high-severity rating by narrowing focus to credential handling rather than service provider names.
This provision was entirely removed from the current version, suggesting Wealthfront either consolidated it elsewhere or deprioritized explicit marketing opt-out disclosures.
Removal of this provision eliminates explicit contractual language protecting children's data, which may reflect either consolidation into general terms or a deliberate de-emphasis of child protection commitments.
Removal of state-specific CCPA rights language suggests Wealthfront may have relocated these rights to a separate California-specific privacy notice or consolidated them into general privacy disclosures.
Severity downgraded from high to medium, and specific regulatory justification language was added explaining the rationale for deletion restrictions.
Provision expanded with specific details about vendor destruction requirements and conditional consent mechanisms for biometric data.
Renamed from 'Data Transfer in Merger or Acquisition' to include 'Asset Sale,' and expanded to include additional scenarios like financing due diligence, bankruptcy, and transition of service.
Provision renamed and significantly expanded with concrete examples and specific technical methods (geo-location, device identifiers, browsing pattern analysis) used for cross-device matching.
Severity downgraded from high to medium, and provision expanded to explicitly include onward transfer rights by third-party service providers with enumerated data types (SSN, financial and credit information).
1 provision unchanged.
View full change record →Monitoring
Wealthfront has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Bank Login Credential Sharing with Yodlee and Plaid and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.