Visa Privacy Notice

This is Visa's Privacy Policy explaining how Visa collects and uses your personal information — including your payment transaction history, location data, device identifiers, and inferred spending behaviors — when you use Visa-branded cards, visit Visa websites, or interact with Visa services. The most important thing to know is that Visa uses your transaction and behavioral data not just to process payments but also to build analytics and marketing products sold to banks and merchants, and California residents have the right to opt out of the sale or sharing of their personal data for targeted advertising. If you are a California resident, you can exercise your rights — including opting out of data sharing — by visiting Visa's privacy rights request page at https://usa.visa.com/legal/privacy-policy.html or by calling the number listed in the policy.

This document is Visa's U.S. Privacy Center notice governing the collection, use, sharing, and retention of personal information by Visa Inc. and its subsidiaries, with legal basis rooted in contractual necessity, legitimate interests, legal obligations, and — where applicable — consent under frameworks including CCPA/CPRA and GDPR. Visa's most significant obligations include providing consumers with rights to access, delete, correct, and opt out of the sale or sharing of personal data for cross-context behavioral advertising, as well as maintaining a 'Do Not Sell or Share My Personal Information' mechanism for California residents. A notable provision is Visa's broad collection of inferred and derived data from payment transaction data — including spending patterns, location data, and behavioral analytics — which Visa uses for its own analytics products (Visa Consulting and Analytics, Visa Marketing Services), a practice that extends data use well beyond core payment processing and may exceed consumer expectations. The policy engages CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.), GDPR (Regulation (EU) 2016/679), Gramm-Leach-Bliley Act (GLBA, 15 U.S.C. §6801 et seq.), and applicable state privacy laws; material compliance considerations include Visa's dual role as both a financial institution subject to GLBA and a data analytics provider, creating potential tension between GLBA's opt-out model and CCPA's broader deletion and opt-out rights.