9 Total
4 High severity
5 Medium severity
0 Low severity
Summary

This is Equifax's privacy policy, covering how the company collects, uses, and shares personal information including credit history, Social Security numbers, financial records, device identifiers, and browsing behavior across its websites, apps, and data products. The policy authorizes sharing personal information with affiliates, service providers, marketing partners, and third-party data recipients, and discloses that Equifax sells or shares certain personal data for cross-context behavioral advertising, with opt-out rights available for California residents and other qualifying state residents. The policy also discloses that Equifax retains personal information for as long as necessary to fulfill business, legal, and regulatory purposes, without specifying fixed retention periods for most data categories.

Technical / Legal Breakdown

This document is Equifax's consumer-facing privacy policy, governing the collection, use, sharing, and retention of personal information across Equifax's websites, mobile applications, and data services, with stated legal bases including consent, legitimate interest, and legal obligation depending on jurisdiction. The policy states that Equifax collects identifiers, financial data, credit history, Social Security numbers, device information, browsing activity, geolocation data, and inferences derived from consumer profiles, and authorizes sharing this information with affiliates, service providers, business partners, data brokers, marketing partners, and government or law enforcement entities. Notably, as a consumer reporting agency, Equifax occupies a dual role: it is both a data collector subject to general privacy law and a regulated furnisher and user of consumer report data under the Fair Credit Reporting Act, creating a layered compliance structure that the policy acknowledges but does not fully delineate in terms of which rights apply under which framework. The policy references compliance with CCPA and CPRA for California residents, GDPR for EU and UK data subjects, and state-specific frameworks including Virginia, Colorado, Connecticut, and Texas; enforcement and applicability of stated rights depend on the jurisdiction of the consumer and the specific Equifax entity involved.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

2 versions captured · Last updated: May 2026

What changed Equifax updated the navigation structure of its privacy policy on May 13, 2026 by adding a new link to the 'Identity & Fraud Services Privacy Statement' in the opening section. The previous version displayed only a general 'Read the Notice' link. The substantive privacy principles and data practices remain unchanged; this appears to be a reorganization of how users navigate to service-specific privacy disclosures.
Why this matters The updated privacy policy adds a direct navigation link to Equifax's Identity & Fraud Services Privacy Statement within the main policy header. This change improves discoverability of service-specific privacy information but does not modify substantive data practices, rights, or obligations. Users can now access service-specific disclosures more readily from the main privacy page.
View full change record →
High — 4 provisions
Medium — 5 provisions

Monitoring

Equifax has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Biometric Data Collection and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CCPA/CPRA
California, USA
View official text ↗
Connecticut Data Privacy Act Amendments
US-CT
View official text ↗
FCRA
United States Federal
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
GDPR
European Union
View official text ↗
GLBA
United States Federal
View official text ↗
Indiana Consumer Data Protection Act
US-IN
View official text ↗
Kentucky Consumer Data Protection Act
US-KY
View official text ↗
Universal Opt-Out Mechanism Expansion 2026
US
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured May 13, 2026 00:55 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000591
Version ID CA-V-002554
SHA-256 ad32b60141eabc9487d99f813204205d0e74d448e9d7dffb82900ffbe84b8236
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans