Privacy Policy

Effective date January 23, 2013

TRUSTe Privacy Program

Welcome to Credit Karma! Credit Karma takes your privacy seriously. This policy covers how Credit Karma treats personal information that Credit Karma collects and receives.

Please note however that this policy does not cover how Credit Karma treats credit report information on you that Credit Karma obtains when you register to receive our services. How Credit Karma treats your credit report information is discussed in our Terms of Use. This policy covers all other information about you that we collect and receive.

This privacy policy (“Privacy Policy”) explains our information collection practices for “online” (e.g., web and mobile services, including web and mobile sites, including www.creditkarma.com, and mobile applications, however accessed and/or used, whether via personal computers, mobile devices or otherwise) and “offline” (e.g., collection of data through mailings) activities (“offline” and “online” activities collectively referred to as the “Services”), which are owned, operated or made available by Credit Karma, Inc. (“Credit Karma” or “we,” “our” or “us”). In this Privacy Policy, we describe the types of information we collect from users of the Services and how we may use that information. This Privacy Policy also applies to your use of interactive features or downloads that: (i) we own or control; (ii) are available through the Services; or (iii) interact with the Services and post this Privacy Policy. In addition, please review our Terms of Use, which governs your use of our “online” Services.

Credit Karma has been awarded TRUSTe's Privacy Seal signifying that this privacy policy and practices have been reviewed by TRUSTe for compliance with TRUSTe's program requirements including transparency, accountability and choice regarding the collection and use of your personal information. The TRUSTe program covers only information that is collected through this Web site, www.creditkarma.com.

TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy Trustmark and innovative trust solutions. If you have questions or complaints regarding our privacy policy or practices, please contact us at legal@creditkarma.com. If you are not satisfied with our response you can contact TRUSTe here.

1. What Information Do We Collect?

Information You Provide to Us

When you register with Credit Karma or use our Services, we may ask you to provide us with certain categories of information such as: (1) personal information, which is information that could reasonably be used to identify you personally, such as your name, address, email address, date of birth, Social Security number, driver’s license number or phone number (“Personal Information”). (As explained above, any information from a credit report that we obtain about you is covered in our Terms of Use, and is not included in this Privacy Policy’s definition of Personal Information); and (2) demographic information, such as information about your family (“Demographic Information”).

In addition to other information Personal Information, we collect when you register, we may collect your driver's license number and social security number as a requirement of the credit bureau to verify your identity. We use this information in order to fulfill your request for a credit score. We may collect Personal Information through various other forms and in various places through the Services, including contact us forms, or when you otherwise interact with us.

Information We Collect As You Access And Use The Services

In addition to any Personal Information or other information that you choose to submit to us, we and our third-party service providers may use a variety of technologies that automatically (or passively) collect certain information whenever you visit or interact with the Services (“Usage Information”). For example, Credit Karma automatically receives and records information that your browser sends whenever you visit the Credit Karma website. These server logs may include information such as your IP address or other unique identifier (“Device Identifier”), browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser from your computer or other device used to access the Services (any, a “Device”). A Device Identifier is a number that is automatically assigned to your Device used to access the Services, and our computers identify your Device by its Device Identifier.

Credit Karma uses aggregate data collected in log files and cookies for general purposes: to enhance or otherwise improve the Services, to customize the advertising and content you see, improve our services, develop new services, conduct research, and provide anonymous reporting for internal and external clients. These cookies and log files do not store your Personal Information, but they are tied to your Personal Information in our system.

Below are examples of methods that we may use to collect Usage Information. In the future, other new technology and methods for collecting Usage Information may develop.

Cookies. A cookie is a data file placed on a Device when it is used to access the Services. A Flash cookie is a data file placed on a Device via the Adobe Flash plug-in that may be built-in to or downloaded by you to your Device. Cookies and Flash Cookies may be used for many purposes, including, without limitation, remembering you and your preferences and tracking your visits to our web pages. If you choose to disable cookies or Flash cookies on your Device, some features of the Services may not function properly. Credit Karma uses cookies when you sign in, to identify you and keep track of your personal session. All this information is securely stored, and no Personal Information is stored on your cookie.

Credit Karma uses session ID cookies to make it easier for you to navigate our site. Session ID cookies expire upon 30 minutes of inactivity or when you close your browser whichever is shorter. We also use a persistent cookie that remains on your hard drive for an extended period of time, so that we can recognize you when you return to our web site. You can remove persistent cookies by following directions provided in your Internet browser's "help" file; however, because we use cookies for our sign-in functionality, if you choose to disable cookies you will not be able to log on to the Credit Karma web site.

Some of our business partners (e.g. advertisers or tracking utility company) use cookies on our site. We do not have access or control over these cookies.

Web Beacons. Small graphic images or other web programming code called web beacons (also known as “1x1 GIFs” or “clear GIFs”) may be included in our web and mobile pages and messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web or mobile page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count users of the Services, to monitor how users navigate the Services, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. We do not tie web beacons to Personal Information. We use a third-party tracking service that uses cookies to track non-persofnally identifiable information about visitors to our site in the aggregate – e.g., usage and volume statistics to enhance and improve our Web site.

Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Services, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third party service provider, is active only while you are connected to the Services, and is deactivated or deleted thereafter.

Information Third Parties Provide About You

From time to time, we may supplement the information we collect about you with outside records from third parties in order to enhance our ability to serve you, to tailor our content to you and to offer you opportunities to purchase products or services that we believe may be of interest to you. We may combine the information we receive from those sources with information we collect through the Services. In those cases, we will apply this Privacy Policy to any Personal Information received, unless we have disclosed otherwise.

Information You Provide About A Third Party

If you choose to use our referral service to tell a friend about our Services, we will ask you for your friend's name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. Credit Karma stores this information for the sole purpose of sending this one-time email and tracking the success of our Invite-A-Friend referral program. The information you provide (names, e-mail addresses, etc.) is used to facilitate the communication and is not used for any other marketing purpose unless we obtain consent from that person or we explicitly say otherwise. Please be aware that when you use any send-to-a-friend functionality through our Services, your e-mail address may be included in the communication sent to your friend.

Your friend may contact us at legal@creditkarma.com to request that we remove this information from our database.

Information Collected by Mobile Applications

Certain aspects of the Services may be provided through an application on your mobile, tablet computer, or similar device (“Mobile Application”). You agree that we may collect and use technical data and related information, including but not limited to, technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any) related to such Mobile Applications.

When you use any of our Mobile Applications, the Mobile Application may automatically collect and store information from your mobile device (“Mobile Device Information”). Here are some examples of the Mobile Device Information that may be collected and stored:

  • Your preferred language
  • Your phone number or other unique device identifier assigned to your mobile device
  • The unique device identifier or IP address of your mobile device
  • Your mobile operating system
  • The type of mobile Internet browsers you are using
  • Information about how you interact with the Mobile Application and any of our web sites to which the Mobile Application links, such as how many times you use a specific part of the mobile application over a given time period, the amount of time you spend using the Mobile Application, how often you use the Mobile Application, actions you take in the Mobile Application and how you engage with the Mobile Application
  • Information to allow us to personalize the services and content available through the Mobile Application

We may use information automatically collected by the Mobile Application (including the Mobile Device Information) in the following ways:

  • To operate and improve our Mobile Applications, other Services, our company’s services, and tools;
  • To create aggregated and anonymized information to determine which Mobile Application features are most popular and useful to users and for other statistical analyses;
  • To prevent, discover and investigate violations of this Privacy Policy or any applicable terms of service or terms of use for the Mobile Application;
  • To customize the content or services on the Mobile Application for you, or the communications sent to you through the Mobile Application (if any).

We may associate your unique device identifier or Mobile Application usage information with any personal information you provide, but we will treat the combined information as personal information.

For purposes of your use of any Mobile Application and the services offered through any Mobile Application, the Mobile Application may also collect certain information about you (including Personal Information) that you knowingly supply to the Mobile Application such as the following:

  • Your user name and any password required by the Mobile Application
  • Age
  • Gender
  • Mailing or other address
  • Zip code
  • Telephone number
  • Email address
  • Photos uploaded by you

Registration may be required and Personal Information may also be collected if there is content from the Mobile Application that you specifically and knowingly upload to a third-party’s online community, website or to the public, e.g. uploaded photos, posted reviews. This uploaded content will also be subject to the privacy policy of the platform to which you upload the content.

2. How and When Do We Disclose Other Information To Third Parties?

Credit Karma does not sell or rent your Personal Information to third parties for any purpose. Credit Karma only shares Personal Information with companies or individuals who are not our agents or services providers when we have your consent, or as otherwise permitted by this policy.

Credit Karma may share with third parties certain pieces of aggregated, non-Personal Information, such as the number of users who clicked on a particular advertisement. Such information does not identify you individually.

When You Agree To Receive Information From Third Parties. You may be presented with an opportunity to receive information and/or marketing offers directly from unaffiliated third parties. These offers vary from day to day, but in general if you are interested in a particular offer, you will be taken to a third party site to complete the transaction. Know that the third parties' privacy policy governs the collection and use of your personal information. We are not responsible for the privacy policies and practices of such third parties and, therefore, you should review the privacy policies and practices of such third parties prior to agreeing to receive such information from them. If you later decide that you no longer want to receive communication from a third party, you will need to contact that third party directly.

On our Services, Credit Karma may serve you targeted advertisements based on your Personal Information. Advertisers on our Services may include financial service providers (such as banks, credit card providers, insurance agents, stock brokers and mortgage lenders) and non-financial companies (such as cable providers, airlines, wireless carriers and software companies). Advertisers may assume that people who interact with, view, or click targeted ads meet certain targeting criteria - for example, women ages 18-24 with a certain minimum credit score. However, Credit Karma does not provide advertisers any of your Personal Information when you view or interact with a targeted ad.

When You Request A Credit Report And Score. We use other third parties to provide credit report and score data on our site. When you request a credit report and score on our site, we will share your personal information and sensitive information with the third party to verify your identity and provide that service.

These third parties are prohibited from using your personal information for any other purpose including their own marketing.

Third Parties Providing Services on Our Behalf. We may use third party vendors to perform certain aspects of the Services on our or your behalf, such as hosting the Services, designing and/or operating the Services’ features, tracking the Services analytics, and enabling Credit Karma to send you special offers or performing other administrative services. We may provide these vendors with access to user information, including Personal Information, to carry out the services they are performing for you or for us. While we may use third party analytics service providers to evaluate and provide us with information about the use of the Services and viewing of our content, we do not share Personal Information with these analytics service providers, but they may set and access their own cookies, web beacons and embedded scripts on your Device and they may otherwise collect or have access to information about you, including non-personal information.

Co-Branded Services. Certain aspects of the Services may be provided to you in association with third parties (“Co-Branded Services”) such as our advertisers, business partners, or sponsors, and may require you to disclose Personal Information to them. Such Co-Branded Services will identify the third party. If you elect to register for products and/or services through the Co-Branded Services, you may be providing your information to both us and the third party. Any such information provided to the third party is subject to that third party’s privacy policies. Further, if you sign-in to a Co-Branded Service with a username and password obtained through the Services, your Personal Information may be disclosed to the identified third parties for that Co-Branded Service and will be subject to their posted privacy policies.

Sweepstakes, Contests and Promotions. We may offer sweepstakes, contests, and other promotions (any, a “Promotion”) through the Services that may require registration. By participating in a Promotion, you are agreeing to official rules that govern that Promotion, which may contain specific requirements of you, including, allowing the sponsor of the Promotion to use your name, voice and/or likeness in advertising or marketing associated with the Promotion. If you choose to enter a Promotion, Personal Information may be disclosed to third parties or the public in connection with the administration of such Promotion, including, in connection with winner selection, prize fulfillment, and as required by law or permitted by the Promotion’s official rules, such as on a winners list.

Administrative and Legal Reasons. We may access, use, preserve, transfer and disclose your information (including Personal Information, including disclosure to third parties: (i) to satisfy any applicable law, regulation, subpoenas, governmental requests or legal process if in our good faith opinion such is required or permitted by law; (ii) to protect and/or defend the Terms of Use for any online Services or other policies applicable to any online Services, including investigation of potential violations thereof; (iii) to protect the safety, rights, property or security of the Services or any third party; and/or (iv) to detect, prevent or otherwise address fraud, security or technical issues. Further, we may use IP addresses or other Device Identifiers, to identify users, and may do so in cooperation with third parties such as copyright owners, internet service providers, wireless service providers and/or law enforcement agencies, including disclosing such information to third parties, all in our discretion. Such disclosures may be carried out without notice to you.

Business Transfer. We may share your information, including your Personal Information, and Usage Information with our parent, subsidiaries and affiliates for internal reasons. We also reserve the right to disclose and transfer all such information: (i) to a subsequent owner, co-owner or operator of the Services or applicable database; or (ii) in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our membership interests and/or assets or other corporate change, including, during the course of any due diligence process.

Information Collected by Mobile Applications. For any Mobile Applications, the information the Mobile Application collects may be stored locally on your device and may be transmitted to our (or our agents’) servers in the United States (collectively, the “Servers”). We will have access to your information or your information will be transferred to the Servers in any of the following circumstances:

  • The Mobile Application may require you and each of your authorized users to register for a personal account accessible through a confidential password and user name that you select. We will collect and store this registration data on the Servers.
  • Your other user information will be transferred to the Servers in order to accomplish other functions as permitted by this Privacy Policy.
  • Device Identifier or device information generated by the Mobile Application are transferred to and stored on the Servers.
  • We may also access certain data from the Mobile Application, including without limitation information you supply and device information, for statistical analysis. All such data has been anonymized prior to our collection and storage on the Servers.

3. How Do We Use The Information Collected?

Special Offers and Updates:

We will occasionally send you information on products, services, special deals, or promotions. Out of respect for your privacy, we present the option not to receive these types of communications by logging into your account and visiting the "My Profile" page and by following the unsubscribe instructions included in each promotional email.

Service-related Announcements:

We will send you strictly service-related announcements when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.

Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.

Customer Service:

Based upon the personal information you provide us, we will send you a welcoming email to verify your username and password. We will also communicate with you via email in response to your inquiries, to provide the services you request, and to manage your account.

Please note that information submitted through the Services via a “contact us” or other similar function may not receive a response.

4. What About Information I Disclose Publicly?

The Services may permit you to submit ideas, questions, comments, suggestions or other content, including Personal Information (collectively, “User Content”), that is publicly viewable (such as on public portions of your user profile). We or others may reproduce, publish, distribute or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed). Others may have access to this User Content and may have the ability to share it with third parties across the Internet. Please think carefully before deciding what information you share, including Personal Information, in connection with your User Content.

Note that Credit Karma does not control who will have access to the information that you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. This Privacy Policy does not apply to any information that you disclose publicly or share with others, whether through the Services or otherwise. We are not responsible for the accuracy, use or misuse of any content or information that you disclose or receive through the Services.

5. What is Online Behavioral Advertising and How Can I Opt-Out?

We contract with third-party advertising networks, publishers and other entities to advertise our products and services on websites not affiliated with us.  Some of these ads are online behavioral advertising – which serve advertisements that are more likely to be of interest to you using non-personal behavioral information.  Such ads may contain cookies that allow monitoring of websites (including our own websites that part of our own Services) and your response to our advertisements. Cookies placed by these companies do not collect Personal Information. We limit companies that place our ads from using information for any purpose other than to assist us in our advertising efforts. If you prefer to not receive targeted advertising, you can opt-out of network advertising programs that use your information. To do so, please visit: the Network Advertising Initiative industry’s opt-out page.

Please note that if you opt out, you may still receive online advertising from us. Opting out from a specific advertising provider means that the ads you do receive will not be based on your preferences or behavior.

In order for behavioral advertising opt-outs to work on your device, your browser must be set to accept cookies. If you delete cookies, buy a new Device, access our Services from a different device, login under a different screen name, or change web browsers, you will need to opt-out again. If your browser has scripting disabled, you do not need to opt out, as online behavioral advertising technology does not work when scripting is disabled. Please check your browser's security settings to validate whether scripting is active or disabled.

Please note that even if you choose to remove your information (opt-out), you will still see advertisements while you're browsing online. However, the advertisements you see may be less relevant to you and your interests. Additionally, many network advertising programs allow you to view and manage the interest categories they have compiled from your online browsing activities. These interest categories help determine the types of targeted advertisements you may receive. The NAI Opt-Out Page provides a tool that identifies its member companies that have cookies on your browser and provides links to those companies.

6. How Do I Change or Inquire About My Information And Communications Preferences?

You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of registration. You can access and make changes to the Personal Information you submit, including your marketing preferences, at any time by using the username and password you selected at the time of registration and making the change on our "My Profile" page. If you no longer desire our service, you may delete or deactivate it by following the instructions detailed in the Terms of Use.

New categories of marketing communications might be added to the Marketing Preferences page from time to time, but we will require your consent and notice before marketing to you in this new way. We give you the opportunity to "opt-out" of having Personal Information used. For example, you can elect not to receive newsletters or alert emails. You can do this by logging into your account and visiting the "My Profile" page and you may also follow the unsubscribe instructions included in each email.

7. Do Third Party Content And Links To Third Party Services Appear on the Services?

Credit Karma may post links to third party web sites that are not subject to this privacy policy. We do not exercise control over the external sites. These sites may place their own cookies or other files on your Device, collect data, web site usage information and your Device Identifier when web pages from the Services are served to your browser, or solicit Personal Information from you. We are not responsible for the privacy practices employed by any of these third parties. For example, if you “click” on a banner advertisement, the “click” may take you away from the Services onto a different web site. These other web sites may send their own cookies to you, independently collect data or solicit Personal Information and may or may not have their own published privacy policies. We encourage you to note when you leave our Services and to read the privacy statements of all third party web sites or applications before submitting any Personal Information to third parties.

8. What About Consent To Transfer Information To The United States?

The Services are operated in the United States and intended for users located in the United States. If you are located anywhere outside of the United States, please be aware that information we collect, including, Personal Information, will be transferred to, processed and stored in the United States. The data protection laws in the United States may differ from those of the country in which you are located, and your Personal Information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Services or providing us with any information, you consent to this transfer, processing and storage of your information in the United States.

9. What Should Parents Know About Children?

Credit Karma services are not intended for anyone under the age of 18. Thus, we do not knowingly collect any Personal Information from children younger than the age of thirteen (13). We will delete any Personal Information collected that we later determine to be from a user younger than the age of thirteen (13). If you are a parent or guardian of a child under the age of thirteen (13) and believe he or she has disclosed Personal Information to us, please contact us at privacy@creditkarma.com via email or write to us at: Credit Karma, Inc. Attention: Privacy Department, P.O. Box 520, San Francisco, CA 94104-0520.

10. What Happens If I Terminate My Account?

Because Credit Karma is a financial services company, there are certain legal reporting and information retention requirements with which we must comply. Therefore, we cannot delete your account information outright. However, we will encrypt your information and disable your account, which will be inactive and not accessible to anyone other than Credit Karma authorized personnel. After a period of time, your data may be anonymized and aggregated, and then may be held by us definitely. Moreover, once your account is terminated, you will not receive any further communications from Credit Karma. To terminate your account, please follow the instructions detailed in the Terms of Use.

11. What About Security?

Credit Karma maintains physical, electronic, and procedural safeguards that comply with federal regulations to protect Personal Information that we collect about you.

We enable our servers with Secure Socket Layer (SSL) technology to establish a secure connection between your computer and our servers, creating a private session.

We employ firewalls and other security technologies to protect our servers from external attack and securely store your Personal Information. We control access to this information via secure web pages, and limit access to only those employees or third parties on a need to know basis.

Credit Karma tests our systems regularly to insure that our security mechanisms are up to date.

We incorporate commercially reasonable safeguards to help protect and secure your Personal Information and Credit Report Information. However, no data transmission over the Internet, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us, and you use our Services and provide us with your information at your own risk.

If you have any questions about security on our Web site, you can send an email to us at legal@creditkarma.com.

12. What About Changes to the Credit Karma Privacy Policy?

We reserve the right to change this Privacy Policy at any time without notice to you. Credit Karma will promptly post any policy changes to this page. Any changes will be effective immediately upon the posting of the revised Privacy Policy.

If there are any material changes in the way we treat Personal Information and/or Credit Report Information, Credit Karma will notify you by sending a notice to the primary email address specified in your marketing preferences or by placing a prominent notice on our site prior to the change becoming effective.

13. Your California Privacy Rights

California’s “Shine the Light” law, California Civil Code § 1798.83, requires certain businesses to respond to requests from California customers (those who have an established business relationship with us) asking about the business’ practices related to disclosing Personal Information to third parties for the third parties’ direct marketing purposes. We do not share customer information with third parties for their direct marketing purposes, and California’s Shine the Light law therefore does not apply to Credit Karma.

14. What about Social Media Widgets features?

Our Web site includes Social Media Features, such as the Facebook Like button and Widgets, the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

15. How Do I Find Out More?

For additional information, or if you have questions regarding this policy or privacy practices at Credit Karma, please submit your questions or comments directly to privacy@creditkarma.com via email or write to us at: Credit Karma, Inc. Attention: Privacy Department, P.O. Box 520, San Francisco, CA 94104-0520.