Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Webull's data collection, use, and sharing practices for users of its trading platform. Webull collects personal information including name, government-issued identification, bank details, trading history, device identifiers, and in-app browsing behavior. The policy authorizes Webull to share collected data with affiliates, business partners, and third-party service providers for purposes including marketing, analytics, and account operations, and establishes procedures for users in California and other jurisdictions with privacy laws to request access to, deletion of, or limitation on use of their personal data.
This document is Webull Technologies Limited's privacy policy, governing the collection, use, storage, and sharing of personal data for users of the Webull trading platform, with its stated legal basis appearing to rest on user consent and legitimate business operations across multiple jurisdictions. The policy states that Webull collects a broad range of personal information including identity data, financial data, device identifiers, location information, trading activity, and behavioral data derived from platform use, and the terms authorize sharing this information with affiliates, service providers, financial institutions, regulators, and third-party business partners. Notably, the policy asserts the right to share personal data with a wide range of third parties for purposes including marketing and analytics, and the document's scope of data collection across device-level identifiers, behavioral tracking, and financial activity is extensive for a retail investment platform, though applicable law in relevant jurisdictions may constrain certain asserted sharing practices. The policy engages CCPA and other U.S. state privacy frameworks given its explicit California resident rights section, and as a financial services platform it operates within a regulatory environment that includes FINRA, SEC, and CFPB oversight; the policy's treatment of data sharing with affiliates and third parties may require evaluation under Regulation S-P and applicable state financial privacy statutes. Compliance teams should note that the document's cross-border data transfer provisions and the broad affiliate-sharing structure create material obligations under any jurisdiction requiring data transfer safeguards or financial data confidentiality protections.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial3 important changes detected
4 versions captured · Last updated: June 2026
Webull updated a navigation element in their privacy policy header on April 18, 2026, adding the word 'WEBTRADE' to the trading platform menu. This is a product branding or menu …
View change record →This new provision explicitly enumerates sensitive identifiers including SSN and government-issued IDs, making clear the scope of financial and identity data collection to users.
This new provision separately details automatic tracking and behavioral collection practices, replacing the previous 'Targeted Advertising and Behavioral Tracking' provision with more specific technical details.
This simplified security provision replaces the previous high-severity 'Security Measures and Breach Notification' with only general protective measures and removes any mention of breach notification obligations.
This high-severity provision was replaced with a medium-severity 'Collection of Sensitive Financial and Identity Data' provision, effectively downgrading the severity classification of data collection practices.
This provision was replaced with the more neutral 'Behavioral and Device-Level Data Collection' provision that describes practices more technically but without explicitly calling out targeted advertising.
Complete removal of this high-severity biometric data collection provision suggests either that the practice was discontinued or that disclosure of biometric data collection is no longer included in the policy.
Removal of this low-severity provision eliminates explicit mention of data portability rights, which may have been implied under CCPA but is no longer separately stated.
Replacement of this high-severity provision with a generic 'Security Measures Disclosure' removes any commitment to breach notification, significantly reducing security transparency obligations.
Previous version had no excerpt provided; current version now includes detailed disclosure of specific types of third parties and purposes of data sharing.
Previous version had no excerpt; current version now explicitly details that data transfers occur to the United States where privacy protections may be weaker.
Previous version had no excerpt provided; current version now includes specific criteria for retention duration.
Previous version (CCPA Rights) had no excerpt; current version now provides detailed explanation of specific CCPA rights including deletion, disclosure, and opt-out rights, and severity decreased from medium to low.
Previous version (Policy Changes Without Prior Notice) had no excerpt; current version now includes specific notification methods (date revision, website statements, email notifications) suggesting improved transparency.
1 provision unchanged.
View full change record →Monitoring
Webull has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Affiliate and Third-Party Data Sharing and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.