Visa can buy or receive personal information about you from data brokers, social media companies, and other business partners to build a more complete picture of who you are.
This analysis describes what Visa's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Receiving data from external sources like data brokers means Visa's profile of you may go beyond what you directly provided, incorporating inferred demographics and interests from third parties you may not have interacted with intentionally.
Interpretive note: The policy identifies broad categories of third-party sources but does not enumerate specific data brokers or social media platforms, making it difficult to assess the full scope of third-party data enrichment in practice.
New explicit disclosure of third-party data broker and social media data collection practices, representing a significant expansion in tracking sources beyond direct transaction collection.
View full change record →Visa may supplement its own transaction data about you with purchased or received data from data brokers and social media platforms, potentially creating detailed interest and demographic profiles used for marketing and product personalization without your direct knowledge.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Visa has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect personal information about you from third parties, such as data brokers, social media platforms, and our business partners. This information may include demographic information, interests, and other information that helps us understand you better and provide you with relevant products, services, and offers.— Excerpt from Visa's Visa Privacy Notice
REGULATORY LANDSCAPE: The FTC has increasing scrutiny of data broker practices and the purchase of consumer data for profiling purposes. CCPA and CPRA impose disclosure and opt-out obligations on businesses that receive personal information from data brokers for commercial purposes. GDPR Articles 13 and 14 require notification to data subjects when personal data is collected from third parties, including the identity of sources where practicable. The FTC Act Section 5 applies to unfair or deceptive practices related to data broker data use. GOVERNANCE EXPOSURE: High. The use of data broker and social media data to enrich consumer profiles is an area of significant regulatory focus. The FTC has taken enforcement action in related contexts, and CPRA's requirements regarding sensitive inferences drawn from combined datasets add compliance complexity. The combination of transaction data with third-party demographic and interest data could produce inferences that trigger additional regulatory obligations in certain jurisdictions. JURISDICTION FLAGS: EU and UK GDPR require specific legal bases for processing data obtained from third parties and impose notification obligations. California's CPRA imposes obligations regarding data broker sourcing and sensitive personal information. Illinois, Texas, and other states with data broker registration laws may create additional compliance requirements. The broad geographic scope of Visa's operations means this provision engages privacy frameworks in dozens of jurisdictions simultaneously. CONTRACT AND VENDOR IMPLICATIONS: Data broker contracts supplying data to Visa should include representations regarding the lawfulness of original data collection and the appropriateness of downstream commercial use. Due diligence on data broker sources should assess whether those sources themselves comply with applicable privacy laws in the jurisdictions from which consumer data originates. Audit rights provisions should cover broker compliance with data minimization and purpose limitation principles. COMPLIANCE CONSIDERATIONS: Compliance teams should document the specific data broker and social media sources from which third-party data is obtained and assess whether GDPR Article 14 notification obligations are being met. CCPA-required disclosures about data sources should be reviewed for adequacy. Internal data governance policies should address how third-party enrichment data is combined with transaction data and whether resulting inferences constitute sensitive personal information requiring heightened protection.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Receiving data from external sources like data brokers means Visa's profile of you may go beyond what you directly provided, incorporating inferred demographics and interests from third parties you may not have interacted with intentionally.
Visa may supplement its own transaction data about you with purchased or received data from data brokers and social media platforms, potentially creating detailed interest and demographic profiles used for marketing and product personalization without your direct knowledge.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Visa.