What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This notice engages the Fair Credit Reporting Act (FCRA), which governs TransUnion's activities as a consumer reporting agency and imposes permissible purpose requirements on credit data access and sharing. The notice also engages the California Consumer Privacy Act as amended by the CPRA, with TransUnion providing California-specific rights disclosures including opt-out rights for data sale and sharing, correction rights, and deletion rights subject to FCRA carve-outs. Ad…

How does TransUnion's TransUnion Privacy Policy affect users?

Under this policy, TransUnion collects and processes an extensive range of personal data and discloses it to third parties for business purposes, analytics, marketing, and data licensing. For data uses not covered by FCRA protections, TransUnion operates under state-specific consent and opt-out requirements rather than automatic restrictions. Consumers in applicable states may exercise opt-out rights through the designated mechanism on TransUnion's website; data subject to FCRA regulation remai…

How often is TransUnion's TransUnion Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when TransUnion updates this document?

Yes. Monitor subscribers ($19/month) can add TransUnion to their watchlist and receive same-day email alerts whenever this document or any other TransUnion document changes.

CA-D-000593

TransUnion Privacy Policy

TransUnion

Last change detected May 5, 2026 Privacy policy

SHA-256: 0a4b327af1048532170… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at TransUnion ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

3 High severity

5 Medium severity

2 Low severity

Summary

This document establishes TransUnion's practices for collecting, using, and disclosing personal information including credit history, Social Security numbers, financial data, geolocation, internet activity, and derived inferences. The policy authorizes TransUnion to share personal information with business clients, marketing partners, affiliates, and service providers. The policy specifies that certain credit-reporting data subject to the Fair Credit Reporting Act cannot be deleted, while consumers in California and other states may opt out of data sales or sharing for targeted advertising through the 'Do Not Sell or Share My Personal Information' link.

Technical / Legal Breakdown

This document is TransUnion LLC's Privacy Notice, governing the collection, use, and sharing of personal information by TransUnion and its affiliates across consumer-facing websites, mobile applications, and credit-related services, with its legal basis rooted in applicable US consumer protection and credit reporting law. The notice states that TransUnion collects a broad range of data categories including identifiers, financial information, credit history, employment data, government-issued ID numbers, geolocation data, internet activity, audio and visual information, and inferences drawn from these categories, and the terms authorize sharing this information with affiliates, business clients, service providers, and third parties for marketing and analytics purposes. Notably, the notice discloses that TransUnion operates as both a consumer reporting agency subject to the Fair Credit Reporting Act and a data broker outside that regulatory context, creating a bifurcated data governance structure where FCRA protections apply only to certain uses, while broader personal data sharing may proceed under more permissive standards for non-FCRA purposes. The notice engages the Fair Credit Reporting Act, the California Consumer Privacy Act as amended by CPRA, the Gramm-Leach-Bliley Act, and state-level privacy laws including those in Virginia, Colorado, Connecticut, Texas, Oregon, and Montana, with California residents receiving the most granular rights disclosures; compliance obligations vary materially by jurisdiction and by whether the processing falls within or outside FCRA-regulated activities.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

High — 3 provisions

Broad Personal Data Collection Compare →

TransUnion collects a very wide range of personal information about you, including your Social Security number, credit history, browsing activity, geolocation, employment data, and inferences about your personality and behavior.

Added May 10, 2026 Standard Seen across 284 platforms
Third-Party Data Sharing with Business Clients Compare →

TransUnion shares your personal information with a wide range of companies across financial services, insurance, healthcare, retail, and other industries for purposes including credit decisions, marketing, fraud prevention, and analytics.

Added May 10, 2026 Standard Seen across 252 platforms
Sensitive Personal Information Collection Compare →

TransUnion may collect highly sensitive categories of personal information including your Social Security number, precise location, biometric identifiers, racial or ethnic origin, health information, and financial account credentials.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 5 provisions

FCRA Carve-Out Limiting Consumer Deletion Rights Compare →

Because TransUnion is a credit bureau regulated by federal law, certain personal information in your credit file cannot be deleted even if you request it, because the law requires TransUnion to keep it.

Added May 10, 2026 Standard Seen across 284 platforms
Sale and Sharing Opt-Out Rights Compare →

You can tell TransUnion to stop selling or sharing your personal data for targeted advertising purposes by clicking a link on their website or by using a browser tool that sends a privacy signal automatically.

Added May 10, 2026 Standard Seen across 284 platforms
Consumer Rights Under State Privacy Laws Compare →

Depending on your state of residence, you have the right to know what data TransUnion holds about you, request corrections or deletion, opt out of data sharing for advertising, and not be penalized for exercising these rights.

Added May 10, 2026 Standard Seen across 284 platforms
Data Retention Policy Compare →

TransUnion keeps your personal information for as long as it needs to, based on legal requirements and business purposes, and may convert your data into anonymized form and retain it indefinitely.

Added May 10, 2026 Standard Seen across 284 platforms
Cookies, Tracking, and Behavioral Advertising Compare →

TransUnion uses tracking technologies including cookies and pixel tags on its websites to monitor your browsing behavior, and shares that behavioral data with advertising networks, analytics companies, and social media platforms.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 2 provisions

Children's Privacy Compare →

TransUnion's services are not intended for children under 13, and the company states it does not knowingly collect personal data from them.

Added May 10, 2026 Standard Seen across 284 platforms
Security Freeze Rights Compare →

You can place a free security freeze on your TransUnion credit report, which blocks lenders from accessing your credit file and helps prevent identity theft and fraudulent credit applications.

Added May 8, 2026 Standard Seen across 284 platforms