Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Visa's data collection, use, and sharing practices for personal information collected through Visa card transactions, websites, and services. Visa collects transaction data, device identifiers, browsing behavior, and inferred interests, and authorizes use of this data for analytics, targeted marketing, and sharing with financial institution partners, merchants, and service providers. California residents are permitted to opt out of certain data sharing for cross-context behavioral advertising through the 'Your Privacy Choices' mechanism.
This document is Visa's U.S.-facing Privacy Center notice, governing how Visa collects, uses, shares, and retains personal information in connection with its payment network operations, website interactions, and related services, with stated legal bases including contractual necessity, legitimate interests, consent, and legal obligation depending on jurisdiction. The policy states that Visa collects a broad range of data including transaction data, device and location information, inferred interests, and data from third-party sources, and the terms authorize use of this data for fraud prevention, analytics, marketing, and sale to or sharing with financial institution partners, merchants, service providers, and affiliates. Notably, the policy authorizes collection and use of transaction-level spending data across Visa's global network for analytics and marketing purposes, which is operationally distinct from typical retail website privacy notices given the scale of payment network data; the agreement asserts broad legitimate interest bases for processing that may face scrutiny under GDPR's balancing test and similar frameworks. The policy engages GDPR and UK GDPR for EU and UK residents, CCPA and CPRA for California residents, and various additional state privacy laws, with Visa acknowledging data subject rights including access, deletion, correction, and portability where applicable; enforcement exposure varies significantly by jurisdiction and user category. U.S. financial transaction data processed in connection with Visa's network role may additionally engage Gramm-Leach-Bliley Act obligations, and the CFPB and FTC both maintain oversight authority over practices described in this notice.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial2 important changes detected
4 versions captured · Last updated: June 2026
Monitoring
Visa has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle California CCPA/CPRA Consumer Rights and similar clauses.
Compare across platforms →AI agents can now shop and pay with your credit card. ConductAtlas tracks the governance terms that determine who is liable when they do.
Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.