Our Security Practices

Commitment to Security: At Credit Karma, we take security seriously. So seriously that we’re committed to securing your data as if it were our own. Here’s a breakdown of our security measures:

checkmark

Privacy Practices

We do not sell your personal information to or share it with unaffiliated third parties for their own advertising or marketing purposes. Check out our Privacy Policy for more information.

checkmark

Security Practices

Credit Karma goes the extra mile when it comes to the safe-keeping of our members’ personal information. We use 128-bit or higher encryption to protect during the transmission of data to our site and encrypt data at rest. If we suspect any suspicious activity on your account then we’ll alert you as soon as possible. Plus, for additional protection, you can turn on SMS two factor authentication for our website.

checkmark

Incident Response

We have a dedicated security team that investigates and responds to issues as quickly as possible.

checkmark

External Security Assessments

We work with independent third-parties who regularly assess our site for vulnerabilities. Plus, our external bug bounty program rewards independent security researchers if they report detected security issues.

checkmark

External Security Auditing

Credit Karma, Inc. reviews its security program for compliance with ISO27001, SOC Type I and II on a consistent basis.

We hope that this has helped you better understand Credit Karma’s efforts to protect your data. If you have any additional questions or just want to say hello, feel free to email us at security@creditkarma.com.