What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages the Fair Credit Reporting Act (FCRA), which governs permissible purposes for consumer report data and constrains how credit data may be shared; the Gramm-Leach-Bliley Act (GLBA), which applies to financial data and limits sharing with nonaffiliated third parties absent opt-out; the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), which grant California residents rights to access, delete, correct, and opt out of sale or shar…

How does Equifax's Equifax Privacy Policy affect users?

Equifax's policy authorizes collection of a wide range of sensitive personal and financial data, including credit history, income, government identifiers, geolocation, and biometric information, and permits sharing this data with affiliates, business partners, and service providers for purposes including marketing and analytics that extend beyond core credit reporting. Because Equifax operates simultaneously as a credit bureau, data broker, and consumer products company, data you provide in one…

How often is Equifax's Equifax Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Equifax updates this document?

Yes. Watcher subscribers ($9.99/month) can add Equifax to their watchlist and receive same-day email alerts whenever this document or any other Equifax document changes.

CA-D-000591

Equifax Privacy Policy

Equifax

Last change detected May 13, 2026 Privacy policy

SHA-256: ad32b60141eabc9487d… 2 versions captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Equifax ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

4 High severity

3 Medium severity

1 Low severity

Summary

This is Equifax's privacy policy explaining what personal data the company collects about you, how it uses that data, and your rights. The most important thing to know is that Equifax collects an exceptionally wide range of information about you, including your credit history, income, government ID numbers, location data, and even inferences it draws about you, and shares this data with affiliates, partners, and other third parties for purposes that extend beyond credit reporting into marketing and product development. California residents have the strongest rights under this policy and can opt out of data sale or sharing, request deletion, and correct inaccurate information by visiting Equifax's privacy rights portal at equifax.com/personal/privacy-policy.

Technical / Legal Breakdown

This document is Equifax's US-facing consumer privacy policy, governing how the company collects, uses, shares, and retains personal information across its websites, mobile applications, and consumer-facing products, with its legal basis rooted in consent, legitimate interest, legal obligation, and contractual necessity depending on jurisdiction. The policy states that Equifax collects a broad range of personal data including identifiers, financial information, credit and income data, government identifiers, geolocation, biometric data, and inferences drawn from this data to create consumer profiles, and authorizes use of this information for core credit reporting functions, marketing, product development, analytics, and sharing with affiliates, business partners, data brokers, and service providers. Notably, as a consumer reporting agency subject to the Fair Credit Reporting Act, Equifax operates under statutory data collection and sharing authorities that may differ from what general consumers expect from a typical website privacy policy, and the policy's broad inference and profiling disclosures, combined with its role as a data broker and credit bureau, create an unusually wide data footprint relative to most consumer-facing privacy policies. The policy engages the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the California Consumer Privacy Act and California Privacy Rights Act, and state biometric privacy frameworks, with heightened compliance exposure for California residents who receive expanded rights including opt-out of sale or sharing and correction rights. Material compliance considerations include the interaction between FCRA permissible purpose requirements and broader marketing data uses, the adequacy of consent mechanisms for sensitive data categories including biometrics and geolocation, and the scope of data sharing with third parties characterized as service providers versus independent data controllers.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

High — 4 provisions

Biometric Data Collection Compare →

Equifax states it may collect biometric data such as fingerprints, voice recordings, and facial geometry to verify your identity when you contact the company online or by phone.

Added May 11, 2026 Standard Seen across 251 platforms
Inference and Profiling From Personal Data

Equifax states it draws inferences from your personal data to build a profile about your preferences, behaviors, attitudes, and other characteristics, which goes beyond what is reported in a standard credit file.

Added May 11, 2026 Rare
Third-Party Data Sharing With Affiliates and Business Partners Compare →

Equifax states it shares your personal information with its affiliated companies and with business partners for marketing purposes, though it notes you have the right to opt out of sharing with business partners.

Added May 11, 2026 Standard Seen across 246 platforms
Sensitive Personal Information Categories

Equifax discloses that it may collect categories of information classified as sensitive under California law, including your Social Security number, financial account credentials, precise location, racial or ethnic origin, and biometric data.

Added May 11, 2026 Rare

Medium — 3 provisions

Geolocation Data Collection Compare →

Equifax states it may collect your precise physical location if you enable location features in its mobile apps, and may also collect your approximate location based on your IP address when you use its services.

Added May 11, 2026 Standard Seen across 251 platforms
California Consumer Rights Under CCPA/CPRA

California residents have specific legal rights under California privacy law, including the right to know what data Equifax holds about you, delete it, correct it, opt out of its sale or sharing, and limit how sensitive personal information is used.

Added May 11, 2026 Rare
Data Retention Practices Compare →

Equifax states it keeps your personal information for as long as it needs to for the purposes described in the policy or as required by law, but does not specify fixed retention periods for most data categories.

Added May 8, 2026 Standard Seen across 223 platforms

Low — 1 provision

Children and Minors Compare →

Equifax states its websites and apps are not directed at children under 13 and that it does not knowingly collect personal information from this age group.

Added May 11, 2026 Standard Seen across 262 platforms

Monitoring

Equifax has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Biometric Data Collection and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 13, 2026 00:55 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000591

Version ID CA-V-002554

Source URL https://www.equifax.com/privacy/

Wayback Machine View external archival references →

SHA-256 ad32b60141eabc9487d99f813204205d0e74d448e9d7dffb82900ffbe84b8236

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Equifax Privacy Policy

Monitor governance changes across the platforms you rely on.