📄 Policy Information

cash.app/legal/us/en-us/privacy
January 15, 2025
Block, Inc. (formerly Square)
dataprotection@cash.app

⚠️ Data Sensitivity: Tier 2 (Highly Sensitive)

Payment apps process financial data, transaction history, bank account information, and government IDs. This data requires heightened privacy protections under our methodology.

Privacy Score Breakdown

Data Collection Scope 18/100

Collects PII, financial info, device data; "not limited to product requirements"

Third-Party Sharing 15/100

Shares with service providers, partners; third parties collect data for their own purposes

Data Retention 18/100

No data retention policy specified per Common Sense

User Control 22/100

Users cannot opt out of personalized advertising; no privacy settings documented

Security Practices 20/100

CFPB found "weak security protocols"; data breach settlement in 2023

⚖️ Regulatory Enforcement History

CFPB Consent Order - $175 Million (January 2025)

The Consumer Financial Protection Bureau ordered Block to pay $175 million for Cash App security and fraud failures:

"Block employed weak security protocols for Cash App and put its users at risk. While Block is required by law to investigate and resolve disputes about unauthorized transactions, the company's investigations were woefully incomplete."

Key findings:

  • $120 million refunds to consumers
  • $55 million civil penalty
  • Directed users to banks to reverse transactions, then denied them
  • Deployed tactics to suppress users from seeking help
Source: CFPB Official Announcement

Multistate Settlement - $80 Million (AML Violations)

State regulators ordered Block to pay $80 million for Bank Secrecy Act and anti-money laundering law violations.

Source: Connecticut Settlement Announcement

Data Breach Settlement - $15 Million (2023)

Cash App agreed to a $15 million settlement after a data breach exposed user information, prompting claims of weak cybersecurity practices.

Source: News reports on Cash App data breach class action

Federal Criminal Investigation (2024)

Federal prosecutors are investigating long-term compliance lapses:

"Two whistleblowers filed complaints with the Treasury Department's Financial Crimes Enforcement Network, claiming Block had 'no effective procedure' to identify Cash App customers."
Source: ABA Banking Journal - Federal Investigation

📊 Data Collection Scope (Cited)

Personal and Financial Information

Cash App collects comprehensive personal data upon signup:

"Cash App collects personal information, such as name, address, phone number, email, and financial information, when users sign up for their services or use the app."
Source: PrivacyHawk - Cash App Privacy Analysis

Tracking Technologies

Beyond direct collection, Cash App tracks user behavior:

"They also employ cookies, web beacons, and other tracking technologies to track user behavior."
Source: PrivacyHawk - Cash App Privacy Analysis

Collection Exceeds Product Requirements

Common Sense Privacy's evaluation found:

"Collection or use of data is not limited to product requirements."
Source: Common Sense Privacy Report - Cash App (Rating: 44% - Warning)

👥 Third-Party Sharing (Cited)

Business Partner Data Sharing

Cash App shares data broadly with various third parties:

"Cash App shares personal data with third-party service providers, business partners, and other parties as necessary for business purposes."
Source: PrivacyHawk - Cash App Privacy Analysis

Third Parties Collect Data for Own Purposes

Common Sense Privacy identified a concerning practice:

"Third parties collect data for their own purposes."
Source: Common Sense Privacy Report - Cash App

Marketing Data Use

Data is used for marketing with limited opt-out:

"They may also utilize information for marketing and promotional purposes, but individuals have the right to opt out."
Source: PrivacyHawk - Cash App Privacy Analysis

🎯 Advertising & User Control (Cited)

Personalized Advertising with No Opt-Out

Common Sense Privacy found major concerns about advertising:

"Personalized advertising is displayed. Users cannot opt out of personalized advertising."
Source: Common Sense Privacy Report - Cash App

No Privacy Settings Documented

Users have limited control over their data:

"No privacy settings documented. No opt-out mechanisms for data sharing."
Source: Common Sense Privacy Report - Cash App

No Data Retention Policy

Unclear how long your data is kept:

"No data retention policy specified."
Source: Common Sense Privacy Report - Cash App

🔒 Security Concerns (Cited)

CFPB: "Weak Security Protocols"

The federal regulator's findings on Cash App security:

"Block employed weak security protocols for Cash App and put its users at risk."
Source: CFPB Official Announcement

Encryption Status Unclear

Common Sense Privacy could not verify encryption practices:

"Data transmission encryption status unclear. Storage encryption status unclear."
Source: Common Sense Privacy Report - Cash App

No Customer Identification Procedure

Whistleblower allegations about user verification:

"Two whistleblowers filed complaints... claiming Block had 'no effective procedure' to identify Cash App customers."
Source: ABA Banking Journal

Compare With Other Fintech Banking

Venmo
22
Zelle
18
Chime
28