Recent Policy Changes

Ledger updated its privacy policy on April 2, 2026, making significant structural changes — removing nearly 200 sentences and reorganizing how the policy is presented. The introduction now highlights a promotional Bitcoin bonus offer, and the policy's scope section was restructured with new headings. While some language was softened (e.g., 'If you keep using' changed to 'If you continue to use'), the core consent-through-continued-use framework remains, meaning users who keep using Ledger services are still considered to have accepted any changes.

Cash App updated its Terms of Service on April 2, 2026, with the most significant change being the announcement that its Remittance Service will shut down on May 1, 2026. If you have any pending international money transfers through Cash App's Remittance Service, they will be processed until May 1, 2026, but any uncompleted cash pickup payments will be automatically canceled after 21 days and refunded. Cash App also clarified that California residents can redeem Gift Card cash value once the balance falls below $15, instead of the standard $10 threshold.

Cash App updated its privacy policy on April 2, 2026, by removing a reference to the 'Cash App Terms of Service (accounts created prior to June 24, 2021)' from its navigation or linked documents list. This legacy terms link, which applied to older accounts, no longer appears in the updated document. This matters to users who created their Cash App accounts before June 24, 2021, as the specific terms governing their accounts may now be harder to locate or may no longer be formally referenced.

Xbox updated its privacy policy on April 1, 2026, changing how it explains why and how long it keeps your personal data. The old policy listed specific criteria like whether you had a control to delete your data or whether a retention period had been announced. The new version uses broader, more general categories like 'the nature and sensitivity of the information' and 'legal obligations,' which gives Xbox more flexibility in deciding how long to hold onto your data.

On April 1, 2026, TikTok's Community Guidelines page was significantly stripped down, removing nearly all explanatory content including the mission statement, the overview of what is and isn't allowed, and guidance for users. The page now appears to show only navigation and footer links rather than substantive policy content. This matters because users can no longer easily find TikTok's stated rules and principles directly from what was the Community Guidelines overview page.

Microsoft updated how it explains data retention in its privacy statement on April 1, 2026. Previously, the policy listed specific criteria — like whether users expected data to persist or whether sensitive data types warranted shorter retention — in a more detailed, consumer-facing format. The updated version simplifies and reorganizes this section, replacing granular examples and criteria with broader categories, which may make it harder for users to understand exactly how long their data is kept.

Headspace updated their Terms & Conditions on March 31, 2026 with significant restructuring, adding new clearly labeled sections and modifying a large portion of the document. The update reorganized content under named headings like 'What You're Signing Up For,' 'Canceling Membership,' and 'Prohibited Use.' While the changes appear largely structural, the volume of modifications (51 added, 25 removed, 85 modified sentences) suggests substantive content shifts that consumers should review.

Figma updated their Privacy Policy on March 31, 2026, making two notable changes. First, the primary contact email for privacy-related requests changed from support@figma.com to privacy@figma.com, and the Data Protection Officer contact for UK and EEA users changed from FigmaDPO@Fieldfisher.com (an external law firm) to privacy@figma.com (an in-house address). Second, some navigation links in the policy were reorganized, including the removal of a Candidate Privacy Notice link and updates to the document version history reflecting the new March 30, 2026 effective date.

TaskRabbit updated their privacy policy on March 31, 2026, with several changes including what appears to be a typo — the company name was changed from 'TaskRabbit, Inc.' to 'TaskTabbit, Inc.' as the listed data controller. The help article navigation section was also reorganized, and helpfulness vote counts were reset to zero. The name error in the data controller section is notable because it misidentifies who is legally responsible for your personal data.

Google Gemini removed language from its privacy policy that explained how users could allow Gemini to personalize experiences using data from Connected Apps (like other Google services). Previously, the policy described an opt-in feature called 'Personal Intelligence' that let eligible users connect Google apps to Gemini for more personalized experiences. That explanation is now gone, leaving it unclear whether the feature still exists or has been discontinued.

Google Gemini updated its privacy policy on March 28, 2026 to clarify that 'imported chats' are now listed as a type of data you can share with Gemini Apps, and that your activity history (which includes those imported chats) can be reviewed and deleted. Previously, imported chats were not explicitly mentioned as collected data. This matters because users should be aware that any chats they import into Gemini are stored and associated with their account activity.

Zelle replaced their main homepage content with a formal Website Privacy Notice on March 28, 2026. The old page described how to use Zelle to send money; the new document is a dedicated privacy policy explaining what personal information is collected, how it is used, and what choices users have. This matters because the updated notice includes explicit consent language, meaning that simply visiting the website is now treated as agreement to Zelle's data practices.

Google Gemini updated its privacy policy on March 27, 2026 to explain how it uses data from connected Google apps to personalize your experience, and what happens when you import memories or chats from other AI platforms. Previously, these scenarios were not addressed in the policy. Now, Gemini makes clear that imported AI data and connected app data can be used to train its AI models, which matters because users may not realize their data from other platforms is being fed into Google's systems.

Target removed a large portion of their Terms and Conditions on March 27, 2026, including detailed definitions and rules for the Target Circle loyalty program, such as explanations of Target Circle Deals, Rewards, Bonuses, and the Target Circle Card. Before this update, the document contained explicit descriptions of how these programs worked and what members agreed to. With so much detail removed, consumers may have less clarity about the rules governing their loyalty program participation.

Poshmark updated their Privacy Policy on March 25, 2026, moving from version 8.1 to 8.2. The new version adds detailed explanations of what personal data is collected — including names, addresses, payment information, and activity on the platform — and how it is used and shared. This matters because users now have a clearer picture of exactly what data Poshmark collects, which can help them make more informed decisions about what they share.

Poshmark updated its Privacy Policy on March 25, 2026, moving from version 8.1 to 8.2. The update significantly expands the policy by adding detailed sections explaining exactly what personal data is collected — including names, addresses, payment information, photos, videos, and user behavior — how it is used, and what rights users have. This matters because consumers now have a more comprehensive explanation of the extent of data collection, including sensitive financial and behavioral data.

Cash App removed the 'Your Privacy Choices' link from the navigation footer of their Terms of Service page on March 25, 2026. Before the change, users could easily access a privacy preference center directly from the terms page; that link is no longer present. This matters because consumers may find it harder to locate and exercise their privacy opt-out options.

Cash App updated their privacy policy on March 25, 2026 by removing the 'Your Privacy Choices' link from the footer navigation of the document. Previously, users could find a direct link to privacy preference options within the policy's navigation. This link is no longer present, which may make it harder for users to find and exercise their privacy choices.

Google Gemini removed several sentences from its privacy policy on March 23, 2026 that described a feature allowing eligible users to connect Google apps to Gemini for personalized experiences based on their data. Previously, the policy explained how users could opt in to 'personalization with Connected Apps' and how Google would use data from those apps to tailor the Gemini experience. Now that language is gone, leaving it unclear whether this feature still exists, has been discontinued, or is simply no longer disclosed.

Waze updated its privacy policy on March 23, 2026 to expand what personal data it collects, notably adding new sections about connecting social network accounts, a 'find friends' feature that periodically collects phone numbers from your contacts book, and your own phone number for account verification. Previously, the policy did not explicitly mention collecting contact list phone numbers or social network data in this way. This matters because Waze may now collect more data about you and your contacts — including people who have never used Waze — than before.

On March 23, 2026, Waze removed a large portion of its Terms of Use, including key introductory language that explained the legal agreement, identified Waze's corporate entity and location, and referenced the Privacy Policy and Copyright Policy. Before this update, users were clearly told who they were contracting with, where the company is located, and that by using the service they were agreeing to multiple linked policies. Now, much of that foundational context and transparency has been stripped out, leaving users with less clarity about their legal relationship with Waze.

Target updated its Mobile Terms and Conditions on March 23, 2026, making several changes to how it handles SMS text message services. Key updates include a new explicit statement that Target does not sell text message data to third parties for marketing, clarification that unsubscribing from one text list won't remove you from others, and the removal of a lengthy list of supported mobile carriers in favor of a simpler statement that carriers aren't liable for undelivered messages. Target also added language indicating it may share your information with service providers, not just use it internally.

On March 23, 2026, 23andMe updated their privacy policy with several small but notable changes. The company removed a sentence about a separate Medical Record Privacy Notice for Telehealth Services, changed references from '23andMe Research Institute' to simply '23andMe' in the policy's scope statement, and made a minor formatting adjustment to the mailing address. The removal of the Telehealth notice reference is the most significant change, as users who previously relied on that separate notice for their medical information protections may no longer be clearly directed to those protections.

23andMe updated their Terms of Service on March 23, 2026, changing which users these terms apply to. The previous version applied to US users, while the new version applies to users outside the US, Canada, EU/EEA, UK, and Switzerland — making this an international version of the terms. Additionally, the conflict resolution clause was reversed: previously 23andMe's core Terms would override any additional terms, but now additional service-specific terms will take precedence over the main Terms.

Bumble quietly removed the UK from the list of server locations in their Privacy Policy on March 21, 2026. The policy previously stated that their network includes servers in the US, UK, and the EU; it now only mentions the US and the EU. This matters because UK users may have different data protection expectations, and the removal of UK servers could affect where their personal data is physically stored and processed.

WhatsApp updated its Privacy Policy on March 20, 2026, changing how it communicates its intentions around ads. Previously, the policy said WhatsApp had no intention to introduce certain ad types but that users might see other types in Status and Channels. Now it says if they ever do introduce such ads, they will update the Privacy Policy first. Additionally, a section providing links to United States Regional Privacy Notice for US consumer privacy rights was removed from the document.

Coinbase updated its User Agreement on March 20, 2026 to add a new section of required disclosures specifically for Connecticut residents about the risks of virtual currency. These disclosures warn that virtual currency transactions are irreversible, not government-backed or insured, highly volatile, and frequently used in fraud schemes. The update also adds information on how Connecticut customers can file complaints with Coinbase or escalate unresolved issues.

Stripe updated their Privacy Policy on March 16, 2026, rolling back the 'last updated' date from February 23, 2026 to January 16, 2025, suggesting this may be a reversion to an earlier version of the policy. The changes include narrower definitions of 'Financial Partners' (removing references to payment intermediaries, aggregators, and processors), removal of 'processing' from how Stripe describes its data handling responsibilities, and a narrower definition of 'Visitor' that no longer includes people who visit Stripe offices. These modifications reduce the specificity and breadth of disclosed data practices, which may leave consumers with less clarity about who handles their data and how.

Robinhood renamed and expanded its privacy policy on March 13, 2026, updating it from the 'Robinhood Financial Entities US Online Privacy Statement' to the 'Robinhood US User Privacy Statement.' The updated policy now covers a new social media product (Robinhood Social via Robinhood Tape, LLC) and adds new entities like Robinhood Ventures DE, LLC and Robinhood Ventures Fund I to the list of companies covered. This matters because more of your data — including activity on Robinhood's social product — is now governed under a single, expanded privacy framework.

Microsoft updated its Privacy Statement on March 13, 2026 to disclose that if you provide a phone number and consent to marketing communications, they may contact you using an auto-dialer or artificial/prerecorded voice — including AI-generated voice. Previously, this level of detail about automated and AI-generated calling was not included in the policy. This matters because it means Microsoft is now explicitly reserving the right to use AI-generated robocalls for marketing, which consumers should factor in before giving their phone number.

Microsoft updated its Privacy Statement on March 13, 2026, adding new language that allows the company to contact users at phone numbers they provide for marketing purposes using auto-dialers and AI-generated or prerecorded voice messages. At the same time, they removed a sentence that had granted additional rights to users in the European Economic Area under the updated policy. The update also reflects a date change from February 2026 to March 2026, and removes a reference to a data retention policy update tied to new regulatory requirements.

Binance.US updated its privacy policy on March 12, 2026, adding new provisions that allow them to share your personal information with law enforcement, government agencies, and financial institutions to detect and prevent fraud and financial crimes. They also clarified that your email address or other identifiers may be used for targeted advertising on other websites and social media. Additionally, they expanded the list of U.S. state privacy laws they recognize and added a new online webform as a way for users to submit privacy rights requests.

Coinbase updated their User Agreement on March 10, 2026 to add a new Direct Deposit feature, allowing eligible users to have their paychecks or government benefit payments deposited directly into their Coinbase account using a virtual account and routing number. Before this update, no Direct Deposit feature or related terms existed in the agreement. This matters because the virtual account and routing number provided are not a traditional bank account, which could affect how users think about the safety and nature of funds held there.

Microsoft updated its Privacy Statement on March 5, 2026, to reflect new data retention rules tied to recent regulatory requirements. The update also specifically grants users in the European Economic Area (EEA) additional rights under the revised policy. This matters because it may change how long Microsoft keeps your data and expands certain legal protections for EEA residents.