Afterpay Privacy Policy

Effective Date: August 24, 2023

We appreciate that you trust us with your personal information. Here we provide an overview of what personal information we collect from you and why, how we handle it, and your rights and choices.

 

This Privacy Policy describes how your Afterpay entity as indicated below and affiliates (“Afterpay,” “we,” “us”, and "our") collects, uses, discloses, transfers, stores, retains and otherwise processes your personal information ("you", “your”, and "customer") when you visit our website, download our app, apply for and use your Afterpay account, or otherwise interact and engage with us in relation to our customer products, features, and services, including as outlined in our Terms of Service ("agreement") (collectively, "Services"). The Afterpay entity you are interacting with will be based on your country of residence. A list of Afterpay entities can be found in 11. How to Contact Us below. 


Partners, retailers, online marketplaces, and suppliers that Afterpay interacts with are independent of Afterpay and responsible for their own privacy policies and practices. This includes, content on their websites or app, and products or services provided. Please refer to their privacy policy or reach out directly to these third parties for further information.

Our Privacy Policy explains:


1. Personal information we collect about you and why

2. When and with whom we share your personal information

3. How we secure your personal information

4. How we use cookies and similar technologies

5. How long we keep your personal information

6. Your rights and choices

7. Rights of California residents

8. International Data Transfers

9. Children's Personal Information

10. Changes to this privacy policy

11. How to contact us

12. US Federal Privacy Notice

1. PERSONAL INFORMATION WE COLLECT ABOUT YOU AND WHY


Personal information reasonably identifies you and is about you, directly or indirectly, as described in applicable privacy laws in countries we operate in. 


We collect and process personal information about you in three ways: 

 

(i) when you provide it to us directly; 

(ii) when we gather personal information while you are using our Services, including through cookies and similar technologies (see 4. How We Use Cookies and Similar Technologies below); and 

(iii) when we collect personal information from other third party sources. 

 

We explain in the table below what types of personal information we collect and process, how and why we do so, and the lawful bases that apply in particular as prescribed under the General Data Protection Regulation and UK General Data Protection Regulation. We will collect and process your personal information with your knowledge and consent, including as set out in this Policy, except where otherwise required or permitted by law. We may collect or process personal information in other ways than as described below. We will let you know at that time, unless otherwise inappropriate or unlawful to do so. 

 

If you fail or refuse to provide us with personal information we request from you directly, or we do not obtain your consent where we rely upon it, including to gather personal information while you are using our Services or from third party sources, we may not be able to proceed with entering into or fulfilling some of our Services. Consequently, we will not be able to provide or continue to provide those Services to you. This includes, but without limitation, setting up your Afterpay account, or responding to a support request or complaint.

Purpose of processing Categories of personal information we collect and how Why we collect and process personal information, and lawful bases where applicable
To create (and assess whether to create) an Afterpay account, including to carry out our identity and account verification process and to enable you to authenticate into your account once created.

From you -

  • Contact information, such as your name, address (and location), phone number, and email
  • Financial information, such as a credit or debit card number to link to your account
  • Identity information, such as your date of birth, and your driver’s license, passport or other required identification information and documents


From other sources -

  • Confirmation of your identity through verification processes from identity verification and fraud prevention providers, and credit reference agencies, who may validate the information you provide us with other information from publicly or commercially available sources. Your personal information may also be screened against relevant sanctions watchlists.
  • Social security number (US only)

  • Legal obligation - to comply with applicable anti-money laundering and counter terrorism financing and sanctions laws
  • To take steps to enter into and for the performance of our agreement with you
  • For our legitimate interests to protect our business, and to confirm your identity, to detect, prevent and investigate suspected or actual money laundering, fraud, or other crimes or illegal activities

To provide (and assess whether to provide) our Afterpay account Services, including to develop our credit risk profile about you that determines your creditworthiness, to process transactions, and for the delivery of third party retailers’ goods or services.


We will also provide transaction support and communications as necessary about our Services, such as payment reminders, authentication requests, and Service updates.

From you -

  • Contact information, such as your phone number and email address
  • Financial information, such as a credit or debit card number to link to your account, and preferred payment method


From your use of our Services -

  • Orders and payments attempted or made and history, including upcoming or overdue payments, and refunds
  • Promotions and discounts applied


From other sources -

  • Transaction information, such as the retailer you attempted or made a transaction with using our Services, the items you have purchased, the amount owed or refunded, promotions or discounts applied, and shipping details.
  • Information about your financial standing, including your credit score (US only)

  • Legal obligation - to comply with applicable anti-money laundering and counter terrorism financing and sanctions laws
  • For the performance of our agreement with you
  • For our legitimate interest to protect our business, detect, investigate and prevent suspected or actual money laundering, fraud, and other crimes or illegal activities, and to determine your credit risk profile

To provide (and assess whether to provide) our Pulse Rewards program, including offering discounts and third party supplier gift cards according to your Pulse Reward tier.

From you -

  • Name, email address and phone number of a gift card recipient


From your use of our Services-

  • Inferences about you, such as your age and inferred gender
  • Orders and payments attempted or made and history, including upcoming or overdue payments, and refunds
  • Pulse Rewards loyalty information, such as your status and available points and offers. For further information refer to our Pulse Rewards Program Terms and Conditions.

  • For the performance of our agreement with you
  • For our legitimate interests, to tailor our Pulse Rewards program to you

To find stores that accept Afterpay in your vicinity, and to send marketing in-app about stores nearby

From your use of our Services -

  • Your geolocation, including precise geolocation

  • With your consent

To provide you support, resolve disputes, recover debt and fees owed to us, and troubleshoot problems

From you -

  • Contact information, such as your name, address, phone number, and email
  • Identity verification information requested to discuss your account with you
  • Information about the subject of your support request or complaint
  • Call recording of a conversation with you


From your use of our Services -

  • Orders and payments attempted or made and history, including upcoming or overdue payments, and refunds


From other sources -

  • Identity verification information requested from an agent you have authorized to discuss your account on your behalf
  • Information relevant to the subject of the support request or complaint from retailers or other relevant and appropriate sources

  • For the performance of our agreement with you
  • For our legitimate interests, such as to protect our business, investigate or respond to a support request or complaint, ensuring the accuracy and completeness of the information provided, to enforce and recover a debt owed to us, and for quality assurance and training purposes

To detect, investigate and prevent suspected or actual money laundering, fraud, or other crimes or illegal activities on an ongoing basis, including in relation to credit card rules, and to protect Afterpay’s legal rights and claims.

From your use of our Services -

  • Information about your use of our Services


From other sources -

  • Information from third parties, including from our affiliates, about you, such as identity and transaction information, where permitted and consistent with applicable law

  • Legal obligation - to comply with applicable anti-money laundering and counter terrorism financing and sanctions laws
  • For our legitimate interests to protect our business by determining any risks in providing services to you and to detect, investigate and prevent suspected or actual money laundering, fraud, and other crimes or illegal activities

To learn more about your level of satisfaction, your expectations of us and our Partners, and how we can meet them. For example, in relation to our Services, and the goods and services offered by retailers, and to customize, measure, and improve our Services, including the content, layout and operations.


We may send you survey requests to do so.


We may use this information to produce statistics and reports about our Services and operations.


We may use this information to produce statistics and reports about our Services and operations. We will typically use this information to create aggregated or anonymised information and only use personal information where necessary.

From you -

  • Feedback you provide us about our Services and interactions with us and our partners


From your use of our Services -

  • Information from you, your use of our Services, and other sources, as detailed in this section of our Privacy Policy.

  • Our legitimate interests to understand our customers and other relationships so that we can provide a better experience for you and everyone, and to maintain and improve our Services

To send you direct marketing or other promotional communications you might like from us and our retailers, partners or affiliates. Refer also to 6. Your Rights and Choices below for more information.


When you receive direct marketing, we may also process your personal information to determine, measure, and provide personalized marketing messages that may be of interest or relevance to you

From you -

  • Your contact details, such as your email address
  • Other information that may be requested from you to enter into a competition or promotion we operate (directly or through our marketing agents or partners)


From your use of our Services -

  • Refer to “Marketing profiling” below

  • With your consent or where otherwise permitted by applicable law
  • Our legitimate interests, to provide targeted and more personalized direct marketing communications.

To make our site work as you’d expect it to, such as to prevent and respond to suspected or actual malicious software or activity, for secure identity verification and login, fraud prevention, and remembering your cookies choices.


This includes personal information collected and processed by the use of cookies and similar technologies. Refer to 4. How We Use Cookies and Similar Technologies below

From your use of our Services -

  • Technical information, such as date and time you visited a site or took an action, IP address, login details, your location, device or browser settings
  • Your cookies preferences

  • To enter into and for the performance of our agreement with you
  • Our legitimate interests, to provide a secure and functioning delivery of our Services

To provide by the use of cookies and similar technologies on our website better functionality, to assess our performance, for advertising by us and our partners, and to provide a personalized experience. Refer also to 4. How We Use Cookies and Similar Technologies below

From your use of our Services -

  • Technical information, such as date and time you visited a site or took an action, IP address, contact details such as your email address, your geolocation, device or browser settings

  • With your consent or where otherwise consistent with applicable law

For other purposes you have specifically consented to

From you, from the use of our Services, or other sources -

  • Information you share with us through social media sites (e.g., Facebook or Twitter). By associating an account managed by a third party with your Afterpay account and authorizing Afterpay to have access to this information, you agree that Afterpay may collect, store and use this information in accordance with this Privacy Policy. Social media sites may also process personal information in accordance with their privacy policies.
  • We may collect and process personal information categorized as “sensitive” or “special” under applicable laws, such as your health information, to deliver our Services. We will only collect this information where it is reasonably necessary and we have your consent, or where required or permitted by applicable laws
  • Other information from you, from the use of our Services, or other sources as explained to you at the time we seek your consent.

  • With your consent

As required or permitted by applicable laws and regulations, including to satisfy our bookkeeping, taxation, auditing, and accounting requirements, and to carry out business, operational, and legal functions.

Unspecified information from you, from the use of our Services, or other sources.

  • As required or permitted by applicable laws and regulations
  • For our legitimate interests to uphold our right, protect our business, and carry out business, operational and legal functions

2. WHEN AND WITH WHOM WE SHARE YOUR PERSONAL INFORMATION


 We share personal information described in 1. Personal Information We Collect and Why above with the following categories of service providers and other third parties.

Categories of third parties When and why we may share your personal information

Affiliates within our group of companies


Such as, Cash App, Square, or other subsidiaries of Block Inc.

We may share your personal information for the following purposes for our legitimate interests or as otherwise required or consistent with applicable law.


  • To provide (or assess to provide), maintain or improve our Services
  • To understand how you engage with our Services to help make them better for you and for everyone
  • To help us manage our relationship with you across our group of companies and for customer support issues and to enforce our agreement with you, including in cases of debt recovery
  • For us and our affiliates to detect, investigate and prevent money laundering, fraud and other crimes or illegal activities
  • For marketing purposes where legally permitted
  • As instructed by you and choices available to you
  • As required or permitted by applicable law

Service providers and subcontractors

We share your personal information with the following service providers for our legitimate interests to provide, maintain and improve our Services.


  • Technology and IT infrastructure providers to store information and to provide software or programs that help us provide our Services
  • Marketing or event providers that help us run our advertising campaigns, contests, special offers, or other events or activities
  • Identity verification and fraud prevention providers and credit reference agencies to help us confirm your identity and prevent fraud, to assist us in meeting our obligations under anti-money laundering / counter terrorism financing and sanctions laws, and other compliance requirements. These companies process your personal information in accordance with their own privacy policies
  • Credit reference agencies, as applicable, who provide credit reference services by sharing your credit score, which will contribute to your credit risk profile with us
  • Collection agencies if you fail to make payment when due and in connection with recovery of monies due under your agreement with us, to help us manage our relationship with you
  • Financial partners, like financial institutions, payment networks, payment card associations, and credit bureaus that help us provide our joint Services
  • Outbound phone and text messaging service providers. Our service providers may need to access and intercept messages between us and you from time to time or disclose your personal information to a government body or telecommunications network provider to comply with applicable telecommunications laws, or a court or tribunal order
  • Customer service agencies, to support manage our relationship with you
  • Analytics providers, to understand how you engage with our Services to help make them better for you and for everyone. For example, we partner with third-party analytics providers, like Google, to help us understand how you use our services. Refer to 4. How We Use Cookies and Similar Technologies for more information

Retailers and third party suppliers

We share your personal information for the following purposes to fulfill our agreement with you and for our legitimate interests.


  • To provide (or assess to provide) our Services
  • For retailers to provide their goods and services to you (or the recipient of the third party goods or services)
  • To manage an order, including dealing with any refunds, disputes or claims
  • To respond to an inquiry or complaint made by you
  • To help them improve the quality and standard of the services that they provide to you
  • Other permitted purposes outlined in our agreement with you

Financial institutions that we may partner with to jointly create and offer a product, including banking partners as may be required by credit card association rules for inclusion on their list of terminated merchants

We share your personal information for the following purposes with your consent, to fulfill our agreement with you, or for our legitimate interests.


  • To provide Afterpay and partner products and services
  • To maintain funding lines so that our business remains commercially viable and to provide (or assess to provide) our Services to you
  • If you elect to use the Plaid Technologies, Inc. (“Plaid”) feature in the US, Plaid may collect your information from financial institutions. By using the Plaid service, you acknowledge and agree that Plaid will collect and use your personal information in accordance with Plaid’s privacy policy, which is available at https://plaid.com/legal

Online trackers, advertising partners, and external affiliate networks

We share your personal information for the following purposes with your consent or for our legitimate interests.


  • Consistent with applicable law and choices that may be available to you, we share your personal information with advertising partners for interest-based advertising or “targeted” advertising campaigns, and with advertising partners that help analyze our site, run contests, special offers, or other events or activities, and track metrics on our behalf or in connection with our Services. Refer to 4. How We Use Cookies and Similar Technologies for more information
  • We share the information that you have clicked on a sponsored Retailer link from our website or app with our external affiliate network partner. We use a unique Afterpay URL or “hyperlink,” and will not share any personal identifiers or information in doing so. Our external affiliate network partner may track you through that Retailer’s website, including connecting our hyperlink with you in order to calculate a potential commission to Afterpay in line with their own privacy policies and practices

Companies that we plan to merge with or be acquired by or who may invest in us

We share your personal information for the following purposes for our legitimate interests.


  • For business transfers and corporate changes to enable the assessment or completion of the relevant merger, restructuring, financing, acquisition, divestiture, dissolution or other corporate change. If we do or try to do a corporate merger, consolidation, or restructuring (including during due diligence and negotiation of these); the sale of substantially all of our stock and/or assets; the financing, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change
  • To ensure that we or our business remains commercially viable
  • To a subsequent owner, co-owner, or operator of one or more of the Services to enable them to continue to run the Services after the change of owner or operator

Law enforcement agencies, government agencies, officials, or other authorities or third parties pursuant to a subpoena, court order, or other legal process, requirement, or legitimate interest

We share personal information for the following purposes for our legitimate interests, to protect our business and enforce our agreement with you, or where required or authorized by law.


  • To detect, investigate and prevent suspected or actual fraud, money laundering, or other crimes or illegal activities, including credit card rules
  • To comply with any applicable law, regulation, legal process or governmental request (e.g., from creditors, tax authorities, law enforcement agencies, in response to a garnishment, levy, or lien notice, etc.)
  • To establish, exercise or defend our legal rights, including to enforce our agreement with you
  • To protect ours or our customers' rights or property, including from harm, fraud, or potentially prohibited or illegal activities, and for the security or integrity of our Services

With your consent

  • Other third parties with your consent or direction to do so, such as to provide (or assess to provide) our Services, or to discuss your account with an authorized agent

Other third parties where required by law, or our legitimate interests as permitted by law

  • To comply with any applicable law, regulation, legal process or governmental request (e.g., from creditors, tax authorities, law enforcement agencies, in response to a garnishment, levy, or lien notice, etc.)
  • Other purposes as permitted by applicable laws

3. HOW WE SECURE YOUR PERSONAL INFORMATION


We take appropriate measures, including administrative, technical, and physical safeguards, to protect your personal information from loss, theft, and misuse, and unauthorized access, disclosure, alteration, and destruction. The internet is not a 100% secure environment, so we cannot guarantee absolute security of the transmission or storage of your information.  We are an ISO 27001 compliant company, and require our third parties to meet appropriate privacy and security standards when handling data on our behalf. Your personal information will be accessible by our employees, contractors and service providers who require access for the purposes described in this Privacy Policy.

 

For more information about our security practices, please visit https://www.afterpay.com/en-AU/security or refer to 11. How to Contact Us below.

4. HOW WE USE COOKIES AND SIMILAR TECHNOLOGIES


Cookies are small data files stored on your browser or device. They may be sent by the operator of the site or app you are visiting, in this case Afterpay (“first-party cookies”), or by third parties, such as our service providers and digital partners (“third-party cookies”). Other similar technologies may be used, such as tracking pixels or browser local storage (together “cookies”). For example, we partner with third-party analytics providers, like Google, to help us understand how you use our services so that we can improve your experience with us. The analytics providers that administer these services use cookies to help us analyze how you use our online services. We may disclose your site-use information (including IP address) to these analytics providers, and other service providers who use the information to help us figure out how you and others use our online services. To learn more about Google Analytics and how to opt out, please visit https://marketingplatform.google.com/about/ or https://support.google.com/analytics/answer/181881?hl=e.

 

When you visit our website or app, we use cookies as necessary to make our Services work, to improve our performance and functionality, or to personalize your online experience.

 

You may see certain “interest-based advertising” or “targeted advertising” on other websites or online services based on information relating to your access to and use of our Services and other websites. This is because we may work with interest-based advertisers to promote our Services to the extent permitted by applicable law. We may provide third party services with personal information to deliver Afterpay advertisements on third party websites that may be tailored to your individual interests. These interest-based advertisers may also use personal information about you that they have independently collected and in accordance with their privacy policy and practices, including through the use of cookies. 

 

Your browser or device may offer settings to control cookies. Selecting “Limit Ad Tracking” (for iOS devices), or “Opt out of Interest-Based Ads” (for Android devices), will allow you to limit our use of information collected from or about your mobile device (such as precise location data) for the purposes of serving interest-based advertising to you. You may also opt-out of receiving ads from us or our partners by using our partners’ settings or by heading to Your Online Choices (EU/UK) or Your Ad Choices (other countries) for more information. As a heads up, blocking or opting-out of some types of cookies may impact your experience and the Services we are able to offer.

 

Certain web browsers allow you to instruct your browser to respond to Do Not Track ("DNT") signals to websites you visit, informing those sites that you do not want your online activities to be tracked. At this time, our websites are not designed to respond to DNT signals or similar mechanisms from browsers.

 

If you are based in the EU or UK, head to "Cookies" on our website for further information and to manage cookies on our website or app.

5. HOW LONG WE KEEP YOUR PERSONAL INFORMATION


The retention periods for personal information we collect and process about you are determined on a case-by-case basis that depends on the following factors below. 


● The nature of the personal information, and why it is collected and processed, as described in this Privacy Policy. This includes to provide our Services, to comply with legal obligations, to enforce and prevent violations of our agreement with you, and to protect us against fraudulent activity.

To manage and enforce our agreement with you. Your use of our Services is subject to the agreement between us. So if, for example, you close your Afterpay account, we retain personal information about you for a period of time so as to collect any debt or fees owed, resolve disputes, troubleshoot problems, assist with any investigations or complaints, and to prevent fraud or risk.

To establish, exercise, or defend our legal claims or rights. For example, we preserve your personal information related to a legal claim or complaint, such as where we are subject to a regulatory investigation, or we need to defend ourselves in legal proceedings involving your personal information, or respond to a government authority or body in relation to a legal or regulatory complaint made by you or someone else.

As required or otherwise permitted by applicable law. For example, retention periods may be imposed under law or regulation for a prescribed period of time (for example, in certain jurisdictions, up to 10 years under applicable anti-money laundering laws), and for instance, to protect our or other’s legitimate interests, such as to prevent fraud.

6. YOUR RIGHTS AND CHOICES


You can see or change personal information you gave us, ask us to close your account, control your device location tracking settings, or tell us to stop direct marketing to you at any time. Head to our Help Centre at any time by clicking "Help" on our website or app for detailed instructions. We also respect other privacy rights and choices you make consistent with applicable law. These rights and choices available to you are based on your country of residence and which Afterpay entity you are dealing with, and are subject to limitations as required or permitted by applicable law. 

 

We may ask you to verify your identity in accordance with our standard procedures, including any authorized agent who would like to act on your behalf, or clarify your request, before taking further action on your privacy right or choice request. We endeavor to respond and address all privacy rights and choices requests within the applicable statutory time frame. We will let you know if we need more time, and why. We may not always be able to fulfill your request if we have a legitimate basis to refuse it. We will tell you why. For example, if you seek to erase your personal data in a way that would mean we are not able to comply with our obligations under law. 

 

We will not discriminate against you, deny, charge different prices or rates for, or provide a different level or quality of goods or services if you choose to request these rights and choices.

 

If you would like to make a privacy right or choice request, please refer to 11. How To Contact Us below.

 

See or change personal information you gave us 

You can see your profile and payment details any time by logging into your Afterpay account on our website or app. You can change your address, delivery address, email address, phone number, and payment method at any time. You can see other relevant information about you in your Afterpay account, including orders made and upcoming payments. 

 

Ask us to close your account

You can ask us to close your account at any time by clicking "Close my account" under the "Profile details" tab on the app. 

 

Control your device location tracking settings

In order to provide certain Services, we may request or require access to your location information, including precise geolocation information collected from your device. You can stop our collection of geolocation information at any time by changing the preferences on your mobile device. If you do, some of our Services may no longer function. You also may stop our collection of geolocation information via our app by following the standard uninstall process to remove the Afterpay app from your device. For more information, refer to 4. How We Use Cookies and Similar Technologies above. 

 

Tell us to stop direct marketing to you

You can control your direct marketing preferences through the "Communication Settings" tab on our website or app. If you receive direct marketing emails from us, you can also opt out any time by clicking the unsubscribe link at the bottom of the message. If you decide to opt out of direct marketing, we'll still send you non-marketing communications such as notifications about your account, orders, and important updates to our Services. 

 

For detailed instructions on direct marketing and the choices you can make, head to our Help Centre at any time by clicking "Help" on our website or app and search for "Marketing - Your Choices". 

 

Marketing profiling

We create a profile about you and make predictions and inferences on what direct marketing communications we think you’d like to see from us when you are opted-in to receive such communications.


The personal information we use in such circumstances include:

● your demographics, such as, your age, inferred gender, and location (and geolocation), and aggregated performance criteria;

● purchase and spending habits, such as, your preferred Retailers and products, and the recency and frequency of engagement with us;

● how you interact with us, such as by clicking one of our marketing messages and then purchasing something from a retailer;

● and your classification, such as being a Pulse Rewards loyalty member. For further information about our Pulse Rewards program, refer to its Terms and Conditions.

 

We use this personal information to send you personalized news, promotions, and offers from us and our retailers. If you would prefer not to receive personalized marketing, you have the right to object and opt out at any time.

 

Other rights and choices that may be available to you, based on your country of residence

Right to Description
Withdraw your consent

You have the right to withdraw your consent where we have relied on it to process your personal information. If you withdraw your consent, we may not be able to provide you with certain Services. It will not affect our lawful basis for processing based on consent before your withdrawal.

Access

You have the right to request a copy of your personal information held by us.

Further information

You have the right to enquire further about the personal information we hold about you and our privacy practices, including how we transfer personal information internationally and onward disclosures of personal information

Correction

You have the right to ask us to correct your personal information held by us, including where you believe it is not accurate, complete, up to date, or relevant.

Erasure

You have the right to ask us to erase your personal information, and where personal information is made public, to inform other controllers of your personal information to erase your personal information where you have a lawful erasure right.

Restrict Processing

You have the right to ask us to restrict processing of your personal information.

Object to processing

You have the right to object to us processing your personal information where we process it based on our legitimate interests, including for direct marketing purposes and other profiling activities. You can also opt out of direct marketing at any time as described above.

Data Portability

You have the right to ask us to access or transfer on your behalf personal information we hold about you to a third party in a structured, commonly used and machine-readable format.

Make an enquiry or complaint

You have the right to make an enquiry or complaint, including to lodge a complaint with your local privacy authority.

Object to automated decision making

You have the right to object to solely automated decisions that we may have made about you that produce a legal or similarly significant effect, and ask for more information about the decision and have a person review it, unless we are prohibited or exempt from doing so under law.


More information


We use systems to make decisions about you through automated means, including behavioral profiling, without our staff being involved. We complete the following decision making by automated means, with legal or similarly significant effects on you, to enter into and perform our Services you request from us, or to comply with laws that apply to us:


  • Verify your identity to assess your application to provide you our Services. This decision helps us make sure we’re lending responsibly, protecting you and your money from financial crime, and ensures our decisions are fair and consistent. It also helps us prevent fraud, money laundering, terrorism financing, and allows us to check against sanction lists in relevant cases.
  • Approve or decline orders when providing you our Services. Our fraud risk and money laundering assessments are necessary to make sure we’re lending responsibly, protecting you and your money from financial crime, and ensuring our decisions are fair and consistent. It also helps us prevent fraud, money laundering, and terrorism financing.
  • Determine your available account spending limit when providing you our Services. Our internal credit risk assessments are based on a customer’s interactions and experiences with us. This decision is necessary to ensure our decisions are fair and consistent and reward positive customer behaviors. It also reduces the risk of customers failing to meet payments by offering customers limits that they can afford to repay.


These decisions rely on personal information we collect or hold about you from your applications and your interactions and experiences with us, such as transactions you have attempted to make or made with us. We may also use information about you we collect from third party credit reference and fraud prevention agencies for bullet points 1 and 2 above.


Automated decisions can affect the products, services or features we may offer you. As a result of the above decisions, you may be declined access or have limited access to our Services. We perform regular checks of our automated decision models to ensure they are operating correctly.

7. RIGHTS OF CALIFORNIA RESIDENTS


If you live in California, the following additional rights apply to you.

Right to Description
Know

You may have the right to request, up to twice in a 12-month period, to see the following information about the personal information we have collected about you:


  • The categories and specific pieces of personal information we have collected about you;
  • The categories of sources from which we collected the personal information;
  • The business or commercial purpose for which we collected the personal information;
  • The categories of third parties with whom we shared the personal information; and
  • The categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.


California law also gives you the right to ask if we share your personal information to third parties for their direct marketing purposes (we do not disclose your personal information for unaffiliated third parties’ direct marketing purposes).

Erasure

You have the right to ask us to delete the personal information we have collected from you (subject to exceptions the law provides). Please note that you may no longer be able to use our Services if you delete your personal information.

Correction

You have the right to correct the personal information we have collected about you (subject to exceptions the law provides).

Non-Discrimination

You have the right to not be discriminated against if you exercise these privacy rights. We will not discriminate against you, deny, charge different prices for, or provide a different quality of goods or services if you choose to exercise these rights.

Opt-Out

You have the right to opt-out of the sharing of your personal information for purposes of certain targeted advertising known as cross-context behavioral advertising. If we share your personal information to third parties for such purposes, we will provide you the right to opt out of such sharing (subject to exceptions the law provides). Although some of the information we collect and process about you may be considered sensitive personal information, we only process such information for purposes authorized by law, such as to provide services you request from us or to verify your information.

Although we disclose your personal information to third parties as described above, we do not sell your personal information.

How to Exercise Your Rights
You may submit an access, deletion, or correction request here or by emailing [email protected].  To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal information or complying with your request. You may also designate an authorized agent to make a request on your behalf as permitted under law, though before we process that request, we will require that you provide the authorized agent written permission to do so and verify your identity directly with us.
 
To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
 
Exceptions to These Rights
California law provides for certain exceptions to the rights described above. We reserve the right to avail ourselves of these exceptions where applicable. For example, these rights do not apply to personal information collected, processed, shared, or disclosed pursuant to the Gramm-Leach-Bliley Act.

8. INTERNATIONAL DATA TRANSFERS


Personal information we collect and handle about you may be transferred to or stored in a jurisdiction outside your country of residence and where the Afterpay entity you are dealing with operates. We may do so, for example without limitation, when sharing personal information with our affiliates and service providers to help us provide (or assess to provide) our Services or other third parties that we partner with. Your personal information may be transferred to or stored in Australia, New Zealand, the United States, Canada, United Kingdom, the European Union, China, and Singapore. We may transfer your personal information to other countries, but we will always take steps to ensure your personal information is afforded equivalent levels of protection and rights as are required under your country of residence and where the Afterpay entity you are dealing with operates. For more information please reach out using the details in 11. How to Contact Us below. 


Where we transfer your personal information outside the United Kingdom or European Union to countries that are not covered by an adequacy decision of the UK government or the European Commission (as applicable), we use appropriate safeguards that include Standard Contractual Clauses approved by the UK's Information Commissioner's Office or European Commission as appropriate, or other applicable measures, including transfers to a third party that has implemented Binding Corporate Rules, or specific situations outlined under Article 49 of the UK GDPR / GDPR. You can access a copy of the Standard Contractual Clauses approved by the UK Information Commissioner's Office here, and the Standard Contractual Clauses approved by the European Commission here. Afterpay entities are bound by an Intercompany Personal Data Transfer Agreement that contains Standard Contractual Clauses.


For further information about our policies and practices with respect to international data transfers, please refer to 11. How To Contact Us below.

9. CHILDREN'S PERSONAL INFORMATION


Our Services are not directed at children under the age of 18. We do not knowingly collect, sell or share for cross-context behavioral advertising any information from children under the age of 18. If we learn that any personal information we collect has been provided by a child under the age of 18, we will promptly close the relevant account and delete that personal information as consistent with applicable law.

10. CHANGES TO THIS PRIVACY POLICY


We reserve the right to change this Privacy Policy from time to time, as may be required. We will provide you with reasonable prior notice of any material changes in how we use your personal information, including by email if you have provided one. If you disagree with these changes, you may cancel your Afterpay account at any time. Any amendments will be published by posting a revised version of the Privacy Policy and updating the “Effective Date” above. The revised version will be effective on the “Effective Date” listed.

11. HOW TO CONTACT US


If you have any questions or concerns regarding this Privacy Policy, or would like to exercise your rights and choices, you can get in touch with us by contacting your country specific Afterpay entity below. If you are dissatisfied with our response, you have a right to make a complaint to your local privacy authority, with a link to their contact page below.

Country Contact Details Local Authority
Australia

Submit a request here


[email protected]


Afterpay Australia Pty Ltd
GPO Box 2269, Melbourne, VIC 3001, Australia

Office of the Australian Information Commissioner
Canada

Submit a request here


[email protected]


Afterpay Canada Limited
760 Market St., 2nd Floor, San Francisco, California, United States of America 94102


If you would like to speak to the Afterpay Privacy Lead, please address your communication accordingly.

Office of the Privacy Commissioner of Canada

European Union

Submit a request here


[email protected]


Clearpay S.A.U
Paseo de la Castellana, 95, 28046 Madrid, Madrid, España


If you would like to speak to the EU Data Protection Officer, please address your communication for the attention of the Data Protection Officer.


Clearpay S.A.U Limited is the Data Controller for the purposes of the General Data Protection Regulation (GDPR).

Agencia Española de Protección de Datos

New Zealand

Submit a request here


[email protected]


Afterpay NZ Limited
TMF Group, Level 11, 41 Shortland Street, Auckland 1010

New Zealand Privacy Commissioner

United Kingdom

Submit a request here


[email protected]


Clearpay Finance Limited
101 New Cavendish Street, London, W1W 6XH


If you would like to speak to the UK Data Protection Officer, please address your communication for the attention of the Data Protection Officer.


Clearpay Finance Limited is the Data Controller for the purposes of the General Data Protection Regulation (GDPR) and U.K. GDPR / Data Protection Act 2018.

Information Commissioner’s Office

United States

Submit a request here


[email protected]


Afterpay US, Inc.
760 Market St. Floor 2 Unit 2.03, San Francisco, CA 94102

12. US FEDERAL PRIVACY NOTICE


This Notice applies to non-public information collected under the and in accordance with the Gramm-Leach Bliley Act.

(Rev. January/2023)

FACTS What does Afterpay do with your personal information?
Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:


  • Account balances
  • Payment, transaction, and credit history
  • Personal identifying information including name, address and identification numbers

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Afterpay chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information Does Afterpay share? Can you limit this sharing
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus

Yes

No

For our marketing purposes - to offer our products and services to you

Yes

No

For joint marketing with other financial companies

No

We don't share

For our affiliate's everyday business purposes - information about your transactions and experiences

Yes

No

For our affilitate's everyday business purposes - information about your creditworthiness

No

We don't share

For our affiliates to market to you - information about your creditworthiness

No

We don't share

For nonaffiliates to market to you

No

We don't share

Questions Go to https://www.afterpay.com and head to our Help Centre at any time by clicking "Help" on our website or app. You can also email [email protected]
Who we are
Who is providing this notice?   

Afterpay US, Inc. and Afterpay US Services, LLC                                                                                                                                                                                                                        

What we do
How does Afterpay US protect my personal information?

We use security measures that comply with federal law to protect your personal information from unauthorized access. These measures include computer safeguards and secured files and buildings.

How does Afterpay US collect my personal information?

We collect personal information, for example, when you:


  • Open an account
  • Provide account information
  • Give us your contact information
  • Request to use the installment feature
  • Make payments or account changes


We also collect information from your use of our Services, and other sources, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?

Federal law gives you the right to limit only:


  • sharing for affiliates’ everyday business purpose - information about your creditworthiness
  • affiliates from using your information to market to you
  • sharing for nonaffiliates to market to you


State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.

Definitions                                                                                                                                                                                                                                                                                                                                                       
Affiliates

Companies related by common ownership or control. They can be financial and nonfinancial companies.


  • Our affiliates include companies listed in 11. How to Contact Us above, as well as Block Inc, our Group entity
  • Nonaffiliates

    Companies not related by common ownership or control. They can be financial and nonfinancial companies.


  • Nonaffiliated companies we share with include merchant partners and service providers.
  • Joint marketing                            

    A formal agreement between nonaffiliated financial companies that together market financial products or services to you.


  • Afterpay US doesn't jointly market.
  • Other Important Information

    Conflicts: To the extent there are any conflicts between this notice and Afterpay US’s privacy policy, this notice will control for U.S. customers.


    Telephone Communications: Afterpay US and its authorized agents, service providers and partners may monitor and/or record all telephone communications in accordance with applicable law.


    Nevada Residents: The Nevada Revised Statutes Chapter 603A permits consumers who are Nevada residents to ask businesses covered under the act not to sell covered information collected. These provisions do not apply to personal information collected, processed, shared, or disclosed by financial institutions pursuant to the Gramm-Leach-Bliley Act. We will not share personal information that we collect about you with nonaffiliated third parties without your authorization, except as permitted by law.


    Vermont Residents: We will not share information we collect about you with nonaffiliates, except as permitted by law, including with your consent or to service your account. We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.