Buy Now, Pay Later services have exploded in popularity, offering interest-free installment plans at checkout from companies like Klarna, Afterpay, Affirm, Sezzle, Zip, and Four. What many consumers do not realize is that these apps collect far more personal data than a traditional credit card — and share it much more aggressively. Before you split your next purchase into four easy payments, you should understand what you are actually paying with: your privacy.
How Much Data Do BNPL Apps Actually Collect?
A study by Incogni found that the average BNPL app collects 14 distinct data types and shares 5 of those with third parties. That alone is concerning, but some providers are far worse than the average.
Afterpay leads the pack in data collection, gathering up to 20 data types — including credit scores — and sharing a staggering 17 of those data types with third parties. Sezzle shares 9 data types externally, while Klarna, Four, and Affirm each share 4. These apps collectively list an average of 42 stated purposes for their data collection, which works out to roughly 2.5 purposes per data type collected.
Warning: Your Location Is Being Tracked
Affirm, Afterpay, and Zip all share precise location data with third parties — a practice that affects approximately 53 million users. Precise location data can reveal where you live, work, seek medical care, worship, and spend your leisure time. This is one of the most sensitive categories of personal information, and BNPL apps are handing it to advertisers and data brokers.
What Specific Data Are They Collecting?
The data collected by BNPL services goes well beyond what is needed to process a payment. Here is what major providers are gathering:
- Purchase history and transaction details: Every item you buy, where you buy it, and how much you spend
- Precise GPS location: Shared by Affirm, Afterpay, and Zip with third parties
- App interaction data: Afterpay and Klarna share how you use their apps with advertisers, affecting roughly 52 million users
- Web browsing history: Sezzle and Zip collect your browsing behavior beyond their own platforms
- In-app messages: Klarna collects the content of messages sent within its app
- Credit scores and financial information: Afterpay collects and shares credit-related data
- Contact information, device identifiers, and demographic data: Standard across nearly all BNPL providers
Where Does Your BNPL Data End Up?
BNPL providers share your information with a range of third parties, including advertisers, marketing platforms, analytics companies, and data brokers. Once your data reaches a broker, it is combined with information from dozens of other sources to build a detailed consumer profile that can be resold indefinitely.
The advertising angle is particularly aggressive. Afterpay and Klarna both share app interaction data specifically for advertising purposes. This means your shopping habits — what you looked at, what you bought, what you considered but did not purchase — are being used to target you with ads across the internet.
The Credit Reporting Gap
Adding another layer of concern, Klarna and Afterpay have opted not to report BNPL transaction data to traditional credit bureaus. While this might sound like a benefit, it means that BNPL debt does not appear on your credit report — hiding potentially significant financial obligations from lenders who check your creditworthiness. Your data flows freely to advertisers and brokers, but the one place it might actually help you build a responsible credit history is deliberately excluded.
Security Breaches Make It Worse
The massive data collection practices of BNPL companies become even more dangerous when those companies experience security breaches — and they have.
- Klarna suffered a major security breach in 2021 that exposed user accounts, allowing customers to see other users' personal and financial information after logging in.
- Block, the parent company of Cash App, experienced a data breach affecting 8.2 million customers before it completed its acquisition of Afterpay — raising serious questions about data security across the combined platform.
When companies collect 14 to 20 data types from tens of millions of users, a single breach can expose an enormous amount of sensitive personal information in one event.
The Data Broker Connection
Much of the data shared by BNPL apps eventually ends up on data broker and people-search sites, where it is combined with public records, social media profiles, and purchase histories to create comprehensive dossiers. PrivacyOn removes your personal information from 100+ data broker sites starting at $8.33/mo, helping limit the downstream spread of data that BNPL services share with third parties. Even if you continue using BNPL apps, reducing your data broker footprint limits how much of your profile advertisers and other buyers can access.
How to Protect Your Privacy When Using BNPL Services
If you use or are considering using Buy Now, Pay Later services, these steps will help reduce your privacy exposure:
1. Read the Privacy Policy Before Signing Up
Check which data types the provider collects, who they share with, and whether you can opt out. Pay particular attention to location tracking, browsing history collection, and advertising data sharing.
2. Limit Your BNPL Usage
Every BNPL transaction generates data. The fewer transactions you run through these services, the smaller the profile they can build on you. Reserve BNPL for situations where it provides genuine financial benefit rather than using it as a default payment method.
3. Use Virtual Credit Cards Instead
Virtual card services like Privacy.com let you create single-use or merchant-locked card numbers. These provide a buffer between your real financial information and the merchant — and unlike BNPL apps, they do not require access to your location, browsing history, or app interactions.
4. Opt Out of Data Sharing
Most BNPL apps bury data-sharing opt-out options deep in their settings. Look for sections labeled "Privacy," "Data Sharing," "Personalization," or "Marketing Preferences" and disable everything you can. Some providers also honor "Do Not Sell My Personal Information" requests required under state privacy laws like the CCPA.
5. Deny Location Permissions
There is no legitimate reason a payment installment app needs your precise GPS location. Deny location permissions entirely or set them to "Never" in your phone's app settings. If the app will not function without location access, that tells you something about its real business model.
6. Delete Unused BNPL Accounts
If you have signed up for BNPL services you no longer use, delete those accounts rather than leaving them dormant. A dormant account still holds your data and remains subject to the provider's data-sharing agreements. Request account deletion and data removal — do not simply uninstall the app.
7. Monitor Your Data Broker Exposure
Because BNPL apps share data with brokers and advertisers, your information spreads far beyond the original provider. Regularly check people-search sites to see what personal data is publicly available about you, and use a data removal service to clean up what has already been shared.
The Bottom Line
Buy Now, Pay Later services offer a convenient way to split purchases into installments, but the privacy cost is steep. These apps collect far more data than necessary, share it aggressively with advertisers and data brokers, and have a track record of security failures that put that data at risk. The average BNPL app has 42 stated purposes for the data it collects — a number that reflects a business model built on monetizing user information, not just processing payments.
If you do use BNPL services, take active steps to limit data sharing, deny unnecessary permissions, and clean up accounts you no longer need. And because much of this data inevitably reaches data broker networks, consider pairing your efforts with a service like PrivacyOn that continuously monitors and removes your information from the broker sites where BNPL-shared data ends up.