BNPLs Like Afterpay, Klarna, and Four Share Sensitive Personal Data, Ranging from Browsing Histories to Locations and Credit Scores
LOS ANGELES – Incogni, a leading personal data removal service and data privacy company, today released a new study exposing significant data privacy risks in the Buy Now, Pay Later (BNPL) industry. The analysis of the eight most popular dedicated BNPL apps on the U.S. Google Play Store shows that Afterpay, Klarna and others share sensitive user data with third parties, putting tens of millions of users at risk. The study also highlighted recent large-scale security breaches affecting millions, emphasizing the urgent need for stronger privacy safeguards as the BNPL market rapidly expands.
BNPL apps have risen in popularity, as they offer consumers an easy way to obtain credit. Yet BNPL can pose risks. Incogni’s findings reveal that these kinds of apps collect and share a wide range of personal information, including credit scores, precise locations, browsing histories, and in-app messages, often for advertising purposes with limited transparency or user control.
Key findings include:
- Afterpay collects the most data about its users, collecting or sharing 20 different data types. It’s followed by Klarna and Uplift, each collecting or sharing 19 data types.
- Sezzle and Zip collect web-browsing histories, while Klarna collects in-app messages.
- Afterpay shares 17 different types of user data, including credit scores.
- Nine data types, such as names, emails, physical addresses, and purchase histories, were both collected and shared for advertising, primarily by Afterpay and Four.
- Afterpay and Klarna disclose collecting and sharing users’ app interactions for advertising, potentially affecting up to 52 million users.
- Precise location data is shared by Affirm, Afterpay, and Zip, potentially impacting approximately 53 million users.
- Some apps, like Uplift, indicate that users cannot request deletion of their data, raising privacy and legal concerns.
The study also highlights several significant data breaches that underscore the risks associated with BNPL apps. Klarna experienced a major security breach in 2021 that exposed user accounts, and Block, an American fintech company and financial services provider, experienced a data breach affecting 8.2 million customers before acquiring Afterpay. Additionally, Affirm customers were affected by a security breach at its partner, Evolve Bank, highlighting how user data can be vulnerable even when the primary BNPL app itself is not breached.
“Access to affordable credit is vital for many consumers, especially in difficult economic times,” said Darius Belejevas, Head of Incogni. “However, this convenience comes with significant trade-offs. Our research shows that millions of users’ data is shared widely, often without their knowledge. The growing use of BNPL apps must be balanced with strong privacy protections to ensure users’ financial and personal data are not exposed or exploited.”
Incogni’s researchers looked at applications categorized by AppTweak as being payments and pay by installments apps, specifically looking at the most popular applications by downloads for the past six months in the U.S. To narrow the sample to strictly buy now, pay later apps, they examined the 50 most downloaded applications and removed those that did not directly mention “buy now, pay later” or an alternative phrase that could reasonably be interpreted to describe the same functionality. They then excluded apps with fewer than 10,000 total downloads and that were unusable in the US.
For more details, the full study is available at https://blog.incogni.com/bnpl-apps-data-privacy/.
About Incogni
Incogni helps people take control of their data by removing their personal information from various sources, such as data brokers or people search sites. Incogni provides a simple, user-friendly solution that prevents data from being sold and reduces the likelihood of cybercrime and spam.
