Visa · Visa Privacy Notice · View original document ↗

California Consumer Privacy Rights (CCPA/CPRA)

Medium severity Uncommon · 13 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Visa Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

California residents have specific legal rights to see, delete, correct, and opt out of the sale of their personal data held by Visa.

This analysis describes what Visa's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This clause operationalizes Visa's obligations under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) by establishing specific consumer rights and defining the mechanisms through which those rights may be exercised. The provision creates procedural pathways for California residents to manage their personal information within Visa's systems.

Clause Stability Stable

0
Changes
3
Months Monitored
Apr 4, 2026
First Seen
Apr 10, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Change history

removed Jun 2, 2026

Removal of comprehensive CCPA/CPRA rights including sale opt-out and sensitive data limiting, replaced with narrower California targeted advertising opt-out provision.

View full change record →

Consumer impact (what this means for users)

California residents can request to see all personal data Visa holds about them, demand its deletion, correct inaccuracies, and opt out of data sale or sharing — but must proactively submit requests through Visa's portal.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Within 45 days
    California residents can submit a data deletion, access, or opt-out request by visiting Visa's Privacy Center page and completing the online privacy rights request form.

How other platforms handle this

Revolut Medium

We may also collect your personal data from other people or companies.

Target Medium

If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...

Garmin Medium

If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate person...

See all platforms with this clause type →

Monitoring

Visa has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell about you; the right to request deletion of your personal information; the right to opt-out of the sale or sharing of your personal information; the right to correct inaccurate personal information; and the right to limit the use and disclosure of sensitive personal information. You may submit a request to exercise these rights by visiting our Privacy Center or by calling us.

— Excerpt from Visa's Visa Privacy Notice

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY FRAMEWORK: CCPA §1798.100 (right to know), §1798.105 (right to delete), §1798.120 (right to opt out of sale), §1798.106 (right to correct), §1798.121 (right to limit sensitive personal information); CPRA amendments effective January 2023; enforced by California Privacy Protection Agency (CPPA) and California AG. Civil penalties up to $7,500 per intentional violation. (2)

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • State AG
    California Attorney General and California Privacy Protection Agency (CPPA) enforce CCPA/CPRA rights including deletion, access, and opt-out of data sale.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FCRA
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
GLBA
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Visa Privacy Notice
Entity
Visa
Document last updated
May 5, 2026
Tracking information
First tracked
March 15, 2026
Last verified
April 10, 2026
Record ID
CA-P-002248
Document ID
CA-D-00114
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
e2841c6b02d9354b6ac5071186562d1349532f2e637fe837ed27dbb4b45baa9f
Analysis generated
March 15, 2026 11:56 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Visa
Document: Visa Privacy Notice
Record ID: CA-P-002248
Captured: 2026-03-15 11:56:42 UTC
SHA-256: e2841c6b02d9354b…
URL: https://conductatlas.com/platform/visa/visa-privacy-notice/california-consumer-privacy-rights-ccpacpra/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Visa's California Consumer Privacy Rights (CCPA/CPRA) clause do?

This clause operationalizes Visa's obligations under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) by establishing specific consumer rights and defining the mechanisms through which those rights may be exercised. The provision creates procedural pathways for California residents to manage their personal information within Visa's systems.

How does this clause affect you?

California residents can request to see all personal data Visa holds about them, demand its deletion, correct inaccuracies, and opt out of data sale or sharing — but must proactively submit requests through Visa's portal.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 13 platforms. See the full comparison.

Is ConductAtlas affiliated with Visa?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Visa.