Effective date January 23, 2013
Welcome to Credit Karma! Credit Karma takes your privacy seriously. This policy covers how Credit Karma treats personal information that Credit Karma collects and receives.
1. What Information Do We Collect?
Information You Provide to Us
In addition to other information Personal Information, we collect when you register, we may collect your driver's license number and social security number as a requirement of the credit bureau to verify your identity. We use this information in order to fulfill your request for a credit score. We may collect Personal Information through various other forms and in various places through the Services, including contact us forms, or when you otherwise interact with us.
Information We Collect As You Access And Use The Services
In addition to any Personal Information or other information that you choose to submit to us, we and our third-party service providers may use a variety of technologies that automatically (or passively) collect certain information whenever you visit or interact with the Services (“Usage Information”). For example, Credit Karma automatically receives and records information that your browser sends whenever you visit the Credit Karma website. These server logs may include information such as your IP address or other unique identifier (“Device Identifier”), browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser from your computer or other device used to access the Services (any, a “Device”). A Device Identifier is a number that is automatically assigned to your Device used to access the Services, and our computers identify your Device by its Device Identifier.
Credit Karma uses aggregate data collected in log files and cookies for general purposes: to enhance or otherwise improve the Services, to customize the advertising and content you see, improve our services, develop new services, conduct research, and provide anonymous reporting for internal and external clients. These cookies and log files do not store your Personal Information, but they are tied to your Personal Information in our system.
Below are examples of methods that we may use to collect Usage Information. In the future, other new technology and methods for collecting Usage Information may develop.
Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Services, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third party service provider, is active only while you are connected to the Services, and is deactivated or deleted thereafter.
Information Third Parties Provide About You
Information You Provide About A Third Party
If you choose to use our referral service to tell a friend about our Services, we will ask you for your friend's name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. Credit Karma stores this information for the sole purpose of sending this one-time email and tracking the success of our Invite-A-Friend referral program. The information you provide (names, e-mail addresses, etc.) is used to facilitate the communication and is not used for any other marketing purpose unless we obtain consent from that person or we explicitly say otherwise. Please be aware that when you use any send-to-a-friend functionality through our Services, your e-mail address may be included in the communication sent to your friend.
Your friend may contact us at email@example.com to request that we remove this information from our database.
Information Collected by Mobile Applications
Certain aspects of the Services may be provided through an application on your mobile, tablet computer, or similar device (“Mobile Application”). You agree that we may collect and use technical data and related information, including but not limited to, technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to you (if any) related to such Mobile Applications.
When you use any of our Mobile Applications, the Mobile Application may automatically collect and store information from your mobile device (“Mobile Device Information”). Here are some examples of the Mobile Device Information that may be collected and stored:
- Your preferred language
- Your phone number or other unique device identifier assigned to your mobile device
- The unique device identifier or IP address of your mobile device
- Your mobile operating system
- The type of mobile Internet browsers you are using
- Information about how you interact with the Mobile Application and any of our web sites to which the Mobile Application links, such as how many times you use a specific part of the mobile application over a given time period, the amount of time you spend using the Mobile Application, how often you use the Mobile Application, actions you take in the Mobile Application and how you engage with the Mobile Application
- Information to allow us to personalize the services and content available through the Mobile Application
We may use information automatically collected by the Mobile Application (including the Mobile Device Information) in the following ways:
- To operate and improve our Mobile Applications, other Services, our company’s services, and tools;
- To create aggregated and anonymized information to determine which Mobile Application features are most popular and useful to users and for other statistical analyses;
- To customize the content or services on the Mobile Application for you, or the communications sent to you through the Mobile Application (if any).
We may associate your unique device identifier or Mobile Application usage information with any personal information you provide, but we will treat the combined information as personal information.
For purposes of your use of any Mobile Application and the services offered through any Mobile Application, the Mobile Application may also collect certain information about you (including Personal Information) that you knowingly supply to the Mobile Application such as the following:
- Your user name and any password required by the Mobile Application
- Mailing or other address
- Zip code
- Telephone number
- Email address
- Photos uploaded by you
2. How and When Do We Disclose Other Information To Third Parties?
Credit Karma does not sell or rent your Personal Information to third parties for any purpose. Credit Karma only shares Personal Information with companies or individuals who are not our agents or services providers when we have your consent, or as otherwise permitted by this policy.
Credit Karma may share with third parties certain pieces of aggregated, non-Personal Information, such as the number of users who clicked on a particular advertisement. Such information does not identify you individually.
On our Services, Credit Karma may serve you targeted advertisements based on your Personal Information. Advertisers on our Services may include financial service providers (such as banks, credit card providers, insurance agents, stock brokers and mortgage lenders) and non-financial companies (such as cable providers, airlines, wireless carriers and software companies). Advertisers may assume that people who interact with, view, or click targeted ads meet certain targeting criteria - for example, women ages 18-24 with a certain minimum credit score. However, Credit Karma does not provide advertisers any of your Personal Information when you view or interact with a targeted ad.
When You Request A Credit Report And Score. We use other third parties to provide credit report and score data on our site. When you request a credit report and score on our site, we will share your personal information and sensitive information with the third party to verify your identity and provide that service.
These third parties are prohibited from using your personal information for any other purpose including their own marketing.
Third Parties Providing Services on Our Behalf. We may use third party vendors to perform certain aspects of the Services on our or your behalf, such as hosting the Services, designing and/or operating the Services’ features, tracking the Services analytics, and enabling Credit Karma to send you special offers or performing other administrative services. We may provide these vendors with access to user information, including Personal Information, to carry out the services they are performing for you or for us. While we may use third party analytics service providers to evaluate and provide us with information about the use of the Services and viewing of our content, we do not share Personal Information with these analytics service providers, but they may set and access their own cookies, web beacons and embedded scripts on your Device and they may otherwise collect or have access to information about you, including non-personal information.
Co-Branded Services. Certain aspects of the Services may be provided to you in association with third parties (“Co-Branded Services”) such as our advertisers, business partners, or sponsors, and may require you to disclose Personal Information to them. Such Co-Branded Services will identify the third party. If you elect to register for products and/or services through the Co-Branded Services, you may be providing your information to both us and the third party. Any such information provided to the third party is subject to that third party’s privacy policies. Further, if you sign-in to a Co-Branded Service with a username and password obtained through the Services, your Personal Information may be disclosed to the identified third parties for that Co-Branded Service and will be subject to their posted privacy policies.
Sweepstakes, Contests and Promotions. We may offer sweepstakes, contests, and other promotions (any, a “Promotion”) through the Services that may require registration. By participating in a Promotion, you are agreeing to official rules that govern that Promotion, which may contain specific requirements of you, including, allowing the sponsor of the Promotion to use your name, voice and/or likeness in advertising or marketing associated with the Promotion. If you choose to enter a Promotion, Personal Information may be disclosed to third parties or the public in connection with the administration of such Promotion, including, in connection with winner selection, prize fulfillment, and as required by law or permitted by the Promotion’s official rules, such as on a winners list.
Business Transfer. We may share your information, including your Personal Information, and Usage Information with our parent, subsidiaries and affiliates for internal reasons. We also reserve the right to disclose and transfer all such information: (i) to a subsequent owner, co-owner or operator of the Services or applicable database; or (ii) in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our membership interests and/or assets or other corporate change, including, during the course of any due diligence process.
Information Collected by Mobile Applications. For any Mobile Applications, the information the Mobile Application collects may be stored locally on your device and may be transmitted to our (or our agents’) servers in the United States (collectively, the “Servers”). We will have access to your information or your information will be transferred to the Servers in any of the following circumstances:
- The Mobile Application may require you and each of your authorized users to register for a personal account accessible through a confidential password and user name that you select. We will collect and store this registration data on the Servers.
- Device Identifier or device information generated by the Mobile Application are transferred to and stored on the Servers.
- We may also access certain data from the Mobile Application, including without limitation information you supply and device information, for statistical analysis. All such data has been anonymized prior to our collection and storage on the Servers.
3. How Do We Use The Information Collected?
Special Offers and Updates:
We will occasionally send you information on products, services, special deals, or promotions. Out of respect for your privacy, we present the option not to receive these types of communications by logging into your account and visiting the "My Profile" page and by following the unsubscribe instructions included in each promotional email.
We will send you strictly service-related announcements when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
Based upon the personal information you provide us, we will send you a welcoming email to verify your username and password. We will also communicate with you via email in response to your inquiries, to provide the services you request, and to manage your account.
Please note that information submitted through the Services via a “contact us” or other similar function may not receive a response.
4. What About Information I Disclose Publicly?
The Services may permit you to submit ideas, questions, comments, suggestions or other content, including Personal Information (collectively, “User Content”), that is publicly viewable (such as on public portions of your user profile). We or others may reproduce, publish, distribute or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed). Others may have access to this User Content and may have the ability to share it with third parties across the Internet. Please think carefully before deciding what information you share, including Personal Information, in connection with your User Content.
5. What is Online Behavioral Advertising and How Can I Opt-Out?
We contract with third-party advertising networks, publishers and other entities to advertise our products and services on websites not affiliated with us. Some of these ads are online behavioral advertising – which serve advertisements that are more likely to be of interest to you using non-personal behavioral information. Such ads may contain cookies that allow monitoring of websites (including our own websites that part of our own Services) and your response to our advertisements. Cookies placed by these companies do not collect Personal Information. We limit companies that place our ads from using information for any purpose other than to assist us in our advertising efforts. If you prefer to not receive targeted advertising, you can opt-out of network advertising programs that use your information. To do so, please visit: the Network Advertising Initiative industry’s opt-out page.
Please note that if you opt out, you may still receive online advertising from us. Opting out from a specific advertising provider means that the ads you do receive will not be based on your preferences or behavior.
In order for behavioral advertising opt-outs to work on your device, your browser must be set to accept cookies. If you delete cookies, buy a new Device, access our Services from a different device, login under a different screen name, or change web browsers, you will need to opt-out again. If your browser has scripting disabled, you do not need to opt out, as online behavioral advertising technology does not work when scripting is disabled. Please check your browser's security settings to validate whether scripting is active or disabled.
Please note that even if you choose to remove your information (opt-out), you will still see advertisements while you're browsing online. However, the advertisements you see may be less relevant to you and your interests. Additionally, many network advertising programs allow you to view and manage the interest categories they have compiled from your online browsing activities. These interest categories help determine the types of targeted advertisements you may receive. The NAI Opt-Out Page provides a tool that identifies its member companies that have cookies on your browser and provides links to those companies.
6. How Do I Change or Inquire About My Information And Communications Preferences?
New categories of marketing communications might be added to the Marketing Preferences page from time to time, but we will require your consent and notice before marketing to you in this new way. We give you the opportunity to "opt-out" of having Personal Information used. For example, you can elect not to receive newsletters or alert emails. You can do this by logging into your account and visiting the "My Profile" page and you may also follow the unsubscribe instructions included in each email.
7. Do Third Party Content And Links To Third Party Services Appear on the Services?
8. What About Consent To Transfer Information To The United States?
The Services are operated in the United States and intended for users located in the United States. If you are located anywhere outside of the United States, please be aware that information we collect, including, Personal Information, will be transferred to, processed and stored in the United States. The data protection laws in the United States may differ from those of the country in which you are located, and your Personal Information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Services or providing us with any information, you consent to this transfer, processing and storage of your information in the United States.
9. What Should Parents Know About Children?
Credit Karma services are not intended for anyone under the age of 18. Thus, we do not knowingly collect any Personal Information from children younger than the age of thirteen (13). We will delete any Personal Information collected that we later determine to be from a user younger than the age of thirteen (13). If you are a parent or guardian of a child under the age of thirteen (13) and believe he or she has disclosed Personal Information to us, please contact us at firstname.lastname@example.org via email or write to us at: Credit Karma, Inc. Attention: Privacy Department, P.O. Box 520, San Francisco, CA 94104-0520.
10. What Happens If I Terminate My Account?
11. What About Security?
Credit Karma maintains physical, electronic, and procedural safeguards that comply with federal regulations to protect Personal Information that we collect about you.
We enable our servers with Secure Socket Layer (SSL) technology to establish a secure connection between your computer and our servers, creating a private session.
We employ firewalls and other security technologies to protect our servers from external attack and securely store your Personal Information. We control access to this information via secure web pages, and limit access to only those employees or third parties on a need to know basis.
Credit Karma tests our systems regularly to insure that our security mechanisms are up to date.
We incorporate commercially reasonable safeguards to help protect and secure your Personal Information and Credit Report Information. However, no data transmission over the Internet, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us, and you use our Services and provide us with your information at your own risk.
If you have any questions about security on our Web site, you can send an email to us at email@example.com.
If there are any material changes in the way we treat Personal Information and/or Credit Report Information, Credit Karma will notify you by sending a notice to the primary email address specified in your marketing preferences or by placing a prominent notice on our site prior to the change becoming effective.
13. Your California Privacy Rights
California’s “Shine the Light” law, California Civil Code § 1798.83, requires certain businesses to respond to requests from California customers (those who have an established business relationship with us) asking about the business’ practices related to disclosing Personal Information to third parties for the third parties’ direct marketing purposes. We do not share customer information with third parties for their direct marketing purposes, and California’s Shine the Light law therefore does not apply to Credit Karma.
14. What about Social Media Widgets features?
15. How Do I Find Out More?
For additional information, or if you have questions regarding this policy or privacy practices at Credit Karma, please submit your questions or comments directly to firstname.lastname@example.org via email or write to us at: Credit Karma, Inc. Attention: Privacy Department, P.O. Box 520, San Francisco, CA 94104-0520.