Xoom Privacy Policy

Item: Xoom
Rating: 28
Author: Privacy.Law Editorial Team

Last updated: January 2026 | Reviewed: February 2026

Inherits PayPal's extensive data collection and sharing practices. Cross-platform profiling, long retention periods, and broad third-party data sharing make this the worst privacy option in the category.

Grade D

Privacy Summary: Xoom is a PayPal subsidiary, and using Xoom means your data becomes part of PayPal's vast data ecosystem. PayPal collects extensive data across all their products, builds detailed user profiles, shares data with numerous third parties, and retains information far beyond regulatory requirements. Xoom users get the worst of both worlds: mandatory KYC data collection plus PayPal's aggressive commercial data practices.

Category Scores

Data Collection 22/100

Data Sharing 25/100

Data Retention 28/100

Security Measures 45/100

User Controls 32/100

Key Findings

🔎 PayPal Cross-Platform Data Sharing

Your Xoom data is shared across the entire PayPal family of companies, including Venmo, Braintree, and others. This creates a comprehensive financial profile far beyond your remittance activity.

"We share information within the PayPal corporate family for purposes including risk management, product development, and to provide you with personalized services across our platforms."

🔎 Extensive Third-Party Sharing

PayPal shares data with hundreds of third parties including advertising networks, data brokers, analytics companies, and business partners. Your remittance data feeds into a much larger surveillance advertising ecosystem.

"We may share information with third-party service providers, advertising partners, analytics providers, and business partners to provide services, deliver targeted advertising, and improve our products."

🔎 Detailed User Profiling

PayPal builds extensive profiles including your spending patterns, financial behavior, social connections (who you send money to), location history, and device fingerprints. This profiling goes far beyond what's necessary for remittance services.

"We collect and analyze information about your transactions, browsing behavior, device information, and relationships to provide personalized experiences and detect fraud."

🔎 Extended Data Retention

PayPal retains data for up to 10 years or longer, well beyond regulatory requirements. Even after account closure, your data remains in their systems for extended periods for legal, fraud prevention, and business purposes.

"We retain personal information for as long as necessary for the purposes described in this policy, which may be significantly longer than the minimum required by law."

🔎 Limited Control Over Data

While PayPal offers some data controls, they're limited and don't cover all data categories. Opting out of marketing doesn't stop data collection or internal sharing. GDPR and CCPA rights have significant exceptions.

"You may opt out of marketing communications, but we may still send service-related messages. Some data processing is necessary for our legitimate business interests and cannot be opted out."

Data Collection Summary

Data Type	Collected	Risk Level
Identity Documents	Yes (legally required)	High
Complete Transaction History	Yes (shared with PayPal)	Critical
Cross-Platform Profile	Yes (entire PayPal ecosystem)	Critical
Advertising Data	Extensive	High
Social Graph	Yes (payment recipients)	High
Location & Device	Extensive tracking	High

Recommendation

Worst in Category: Xoom/PayPal offers the worst privacy practices of any major remittance provider. The combination of extensive data collection, broad sharing, detailed profiling, and long retention creates a privacy nightmare for users.

For Privacy-Conscious Users: Avoid Xoom entirely if privacy is a concern. Use Wise or standalone providers that don't bundle remittance with broader financial surveillance. If you must use Xoom, use it as a standalone service rather than linking it to your main PayPal account to limit cross-platform profiling.