When you visit Visa's website or use Visa services, the company collects technical information about your device and your approximate location.
This analysis describes what Visa's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Device identifiers combined with location data and transaction records can enable precise behavioral tracking and are increasingly subject to regulation in privacy-sensitive jurisdictions.
New standalone provision detailing specific device identifiers and location tracking methods, providing greater transparency on technical tracking while assigning it low severity.
View full change record →Visa collects device identifiers and location information from your visits to its website and use of its services, which may be combined with transaction data to build a more detailed profile of your behavior and movements.
How other platforms handle this
We collect information about your location, such as data from your device's GPS or IP address, when you use our products.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Visa has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may collect information about your device and location, including IP address, browser type, operating system, device identifiers, and general location information when you visit our websites or use our services.— Excerpt from Visa's Visa Privacy Notice
REGULATORY LANDSCAPE: Location data collection engages FTC guidance on geolocation privacy, California's SB 2 and related legislation, and GDPR's requirements for processing location data as potentially sensitive information. Device identifiers used for tracking purposes engage CCPA's definition of personal information and may trigger opt-out requirements under CPRA if used for cross-context behavioral advertising. The FTC has taken enforcement action against companies for deceptive collection and use of precise geolocation data. GOVERNANCE EXPOSURE: Medium. The policy describes collection of general location information and standard device identifiers, which is common across web-based services. However, when combined with transaction-level spending data, the resulting dataset is operationally more sensitive than typical website analytics. Compliance teams should assess whether location data is being used in ways that require specific consent or opt-out mechanisms beyond standard cookie consent frameworks. JURISDICTION FLAGS: EU and UK GDPR may classify certain location data as requiring a higher standard of legal basis depending on precision. California's CPRA imposes restrictions on precise geolocation data as a category of sensitive personal information. Illinois, Washington State, and Texas have laws specifically addressing geolocation data collection that may apply depending on Visa's collection methods and precision. CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics and advertising vendors receiving device and location data from Visa's website should be assessed for compliance with applicable tracking and cookie consent regulations. Contracts should specify permitted uses of device identifier and location data and prohibit re-identification or onward sharing without authorization. Cookie consent management platforms should be reviewed to ensure they accurately reflect the categories of data collected. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether current cookie consent mechanisms on Visa's U.S. website meet the standards required for device and location data collection. The interaction between device identifier collection and cross-context behavioral advertising opt-out rights under CPRA should be evaluated. EU teams should confirm that processing of location data has an adequate GDPR legal basis documented in records of processing activities.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Device identifiers combined with location data and transaction records can enable precise behavioral tracking and are increasingly subject to regulation in privacy-sensitive jurisdictions.
Visa collects device identifiers and location information from your visits to its website and use of its services, which may be combined with transaction data to build a more detailed profile of your behavior and movements.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Visa.