TransUnion collects a very wide range of personal information about you, including your Social Security number, credit history, browsing activity, geolocation, employment data, and inferences about your personality and behavior.
This analysis describes what TransUnion's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The scope of data collection extends well beyond what most people associate with a credit bureau, encompassing behavioral, biometric, and psychological inference data that can affect how companies evaluate you.
Your browsing history, geolocation, and inferred behavioral characteristics are collected alongside your SSN and credit data, meaning TransUnion's profile of you extends beyond financial information into personal behavior and lifestyle patterns.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
TransUnion has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information in the categories listed below when you visit our websites, interact with our apps, or when we provide our services to our Clients. In some cases, we may also obtain information from third-party sources. The categories include: Identifiers such as your real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers. Characteristics of protected classifications under California or federal law. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Biometric information. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet website, application, or advertisement. Geolocation data. Audio, electronic, visual, thermal, olfactory, or similar information. Professional or employment-related information. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.— Excerpt from TransUnion's TransUnion Privacy Policy
REGULATORY LANDSCAPE: The breadth of collection categories implicates the CCPA and CPRA, which require businesses to disclose categories of personal information collected and their purposes. Collection of Social Security numbers and government-issued ID numbers may trigger additional obligations under state data breach notification laws. Biometric data collection implicates the Illinois Biometric Information Privacy Act (BIPA) and similar state laws where applicable. The FTC Act's prohibition on unfair or deceptive practices applies to the accuracy of these disclosures. GOVERNANCE EXPOSURE: High. The inclusion of psychological inferences, biometric information, and precise geolocation alongside credit identifiers creates a data map with significant sensitivity. If these data categories are used in ways not clearly disclosed, CCPA enforcement by the California Privacy Protection Agency or FTC action under unfair practices authority becomes a heightened risk. JURISDICTION FLAGS: California residents have specific rights to know the categories of personal information collected and their purposes under CPRA. Illinois residents may have rights regarding biometric data under BIPA. States with comprehensive privacy laws, including Virginia, Colorado, Connecticut, Texas, Oregon, and Montana, impose similar but not identical notice requirements. CONTRACT AND VENDOR IMPLICATIONS: Organizations receiving data from TransUnion should confirm in their vendor agreements which data categories are included in any data feed or report, and whether use restrictions apply. FCRA permissible purpose restrictions apply to consumer report data regardless of how the data is labeled contractually. COMPLIANCE CONSIDERATIONS: Compliance teams should maintain a current data inventory mapping each collection category to its stated purpose and legal basis. Any category used for a purpose not disclosed at collection may require updated notice or consent mechanisms. Biometric data collection in particular should be reviewed for state-specific consent requirements before processing.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The scope of data collection extends well beyond what most people associate with a credit bureau, encompassing behavioral, biometric, and psychological inference data that can affect how companies evaluate you.
Your browsing history, geolocation, and inferred behavioral characteristics are collected alongside your SSN and credit data, meaning TransUnion's profile of you extends beyond financial information into personal behavior and lifestyle patterns.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by TransUnion.