When you visit Visa's website or use Visa services, the company collects technical information about your device and your approximate location.
This analysis describes what Visa's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Device identifiers combined with location data and transaction records can enable precise behavioral tracking and are increasingly subject to regulation in privacy-sensitive jurisdictions.
Visa collects device identifiers and location information from your visits to its website and use of its services, which may be combined with transaction data to build a more detailed profile of your behavior and movements.
How other platforms handle this
Uber collects precise or approximate location data from riders' and order recipients' mobile devices when the Uber app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their device. Uber collects this data from the time a ride or order is requested ...
Geolocation data, such as device location. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer's interaction with an internet website, application, or advertisement. Device identifiers, such as IP address, unique d...
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
Monitoring
Visa has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may collect information about your device and location, including IP address, browser type, operating system, device identifiers, and general location information when you visit our websites or use our services.— Excerpt from Visa's Visa Privacy Notice
REGULATORY LANDSCAPE: Location data collection engages FTC guidance on geolocation privacy, California's SB 2 and related legislation, and GDPR's requirements for processing location data as potentially sensitive information. Device identifiers used for tracking purposes engage CCPA's definition of personal information and may trigger opt-out requirements under CPRA if used for cross-context behavioral advertising. The FTC has taken enforcement action against companies for deceptive collection and use of precise geolocation data. GOVERNANCE EXPOSURE: Medium. The policy describes collection of general location information and standard device identifiers, which is common across web-based services. However, when combined with transaction-level spending data, the resulting dataset is operationally more sensitive than typical website analytics. Compliance teams should assess whether location data is being used in ways that require specific consent or opt-out mechanisms beyond standard cookie consent frameworks. JURISDICTION FLAGS: EU and UK GDPR may classify certain location data as requiring a higher standard of legal basis depending on precision. California's CPRA imposes restrictions on precise geolocation data as a category of sensitive personal information. Illinois, Washington State, and Texas have laws specifically addressing geolocation data collection that may apply depending on Visa's collection methods and precision. CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics and advertising vendors receiving device and location data from Visa's website should be assessed for compliance with applicable tracking and cookie consent regulations. Contracts should specify permitted uses of device identifier and location data and prohibit re-identification or onward sharing without authorization. Cookie consent management platforms should be reviewed to ensure they accurately reflect the categories of data collected. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether current cookie consent mechanisms on Visa's U.S. website meet the standards required for device and location data collection. The interaction between device identifier collection and cross-context behavioral advertising opt-out rights under CPRA should be evaluated. EU teams should confirm that processing of location data has an adequate GDPR legal basis documented in records of processing activities.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Device identifiers combined with location data and transaction records can enable precise behavioral tracking and are increasingly subject to regulation in privacy-sensitive jurisdictions.
Visa collects device identifiers and location information from your visits to its website and use of its services, which may be combined with transaction data to build a more detailed profile of your behavior and movements.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Visa.