TransUnion collects a very wide range of personal information about you, including your Social Security number, credit history, browsing activity, geolocation, employment data, and inferences about your personality and behavior.
This analysis describes what TransUnion's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The scope of data collection extends well beyond what most people associate with a credit bureau, encompassing behavioral, biometric, and psychological inference data that can affect how companies evaluate you.
Your browsing history, geolocation, and inferred behavioral characteristics are collected alongside your SSN and credit data, meaning TransUnion's profile of you extends beyond financial information into personal behavior and lifestyle patterns.
How other platforms handle this
We collect information you provide directly to us, such as when you create an account, contact us for support, sign up for marketing emails, or otherwise communicate with us. The types of information we may collect include your name, email address, postal address, phone number, company name, job tit...
We collect information you provide directly to us, such as when you create an account, use our Services, make a purchase, or contact us for support. The types of information we may collect include your name, email address, password, phone number, credit card and other payment information, and any ot...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
TransUnion has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information in the categories listed below when you visit our websites, interact with our apps, or when we provide our services to our Clients. In some cases, we may also obtain information from third-party sources. The categories include: Identifiers such as your real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers. Characteristics of protected classifications under California or federal law. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Biometric information. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet website, application, or advertisement. Geolocation data. Audio, electronic, visual, thermal, olfactory, or similar information. Professional or employment-related information. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.— Excerpt from TransUnion's TransUnion Privacy Policy
REGULATORY LANDSCAPE: The breadth of collection categories implicates the CCPA and CPRA, which require businesses to disclose categories of personal information collected and their purposes. Collection of Social Security numbers and government-issued ID numbers may trigger additional obligations under state data breach notification laws. Biometric data collection implicates the Illinois Biometric Information Privacy Act (BIPA) and similar state laws where applicable. The FTC Act's prohibition on unfair or deceptive practices applies to the accuracy of these disclosures. GOVERNANCE EXPOSURE: High. The inclusion of psychological inferences, biometric information, and precise geolocation alongside credit identifiers creates a data map with significant sensitivity. If these data categories are used in ways not clearly disclosed, CCPA enforcement by the California Privacy Protection Agency or FTC action under unfair practices authority becomes a heightened risk. JURISDICTION FLAGS: California residents have specific rights to know the categories of personal information collected and their purposes under CPRA. Illinois residents may have rights regarding biometric data under BIPA. States with comprehensive privacy laws, including Virginia, Colorado, Connecticut, Texas, Oregon, and Montana, impose similar but not identical notice requirements. CONTRACT AND VENDOR IMPLICATIONS: Organizations receiving data from TransUnion should confirm in their vendor agreements which data categories are included in any data feed or report, and whether use restrictions apply. FCRA permissible purpose restrictions apply to consumer report data regardless of how the data is labeled contractually. COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a current data inventory mapping each collection category to its stated purpose and legal basis. Any category used for a purpose not disclosed at collection may require updated notice or consent mechanisms. Biometric data collection in particular should be reviewed for state-specific consent requirements before processing.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The scope of data collection extends well beyond what most people associate with a credit bureau, encompassing behavioral, biometric, and psychological inference data that can affect how companies evaluate you.
Your browsing history, geolocation, and inferred behavioral characteristics are collected alongside your SSN and credit data, meaning TransUnion's profile of you extends beyond financial information into personal behavior and lifestyle patterns.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by TransUnion.