Visa · Visa Privacy Notice

Transaction Data Collection from Non-Direct Customers

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Visa collects your purchase history — including when, where, and how much you spend — every time you use a Visa card, even though you never signed up directly with Visa.

Consumer impact (what this means for users)

Every time you use a Visa card, Visa records the transaction details — merchant, amount, date, location — and this data is retained and potentially shared with analytics partners and other third parties without your direct consent.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Navigate to Visa's Privacy Center and locate the privacy rights request form. Submit a request to access or delete your transaction data held by Visa.

How other platforms handle this

Shopify Medium

We use cookies and similar tracking technologies on our website and when providing our services. For more information about how we use these technologies, including a list of other companies that place cookies on our sites, a list of cookies that we place when we power a merchant's store, and an exp...

Netflix Medium

Netflix account/profile information: We collect information that is associated with your Netflix account and/or Netflix profiles on your account (such as profile name and icon, Netflix game handle, ratings and feedback you provide for Netflix content), "My List" (watch list of titles), "continue wat...

OpenAI Medium

We may receive information about you from third parties, such as social media platforms, identity verification services, and other users who share content about you when using our services.

See all platforms with this clause type →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Most cardholders don't realize Visa is a separate company from their bank and that Visa independently collects and retains their detailed spending data across all transactions.

View original clause language
When you use a Visa-branded card or payment product, we receive information about the transaction, such as when and where you made the purchase, the amount of the purchase, and other details about the transaction. We receive this information as part of operating our payment network. We may also receive information about you from our clients (such as financial institutions and merchants), service providers, and other third parties.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision implicates GDPR Art. 14 (indirect data collection notice obligations, enforced by EU DPAs); CCPA §1798.100 (right to know about categories of personal information collected, enforced by CPPA/CA AG); GLBA 15 U.S.C. §6802 (disclosure limitations on nonpublic personal information, enforced by FTC/CFPB); and FTC Act Section 5 for deceptive practices if notice is inadequate. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • CFPB
    CFPB has supervisory authority over Visa as a large payment network participant under 12 U.S.C. §5514 and enforces GLBA financial privacy provisions.
    File a complaint →
  • FTC
    FTC enforces against unfair or deceptive data collection practices under FTC Act Section 5 and oversees financial data privacy under GLBA.
    File a complaint →

Applicable regulations

EU AI Act
European Union
BIPA
Illinois, USA
CCPA/CPRA
California, USA
COPPA
United States Federal
CAN-SPAM
United States Federal
DMA
European Union
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
HIPAA
United States Federal
TCPA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
Visa Privacy Notice
Entity
Visa
Document last updated
April 29, 2026
Tracking information
First tracked
March 15, 2026
Last verified
April 10, 2026
Record ID
CA-P-002661
Document ID
CA-D-00114
Evidence Provenance
Source URL
https://usa.visa.com/legal/privacy-policy.html
Wayback Machine
View archived versions →
SHA-256
e2841c6b02d9354b6ac5071186562d1349532f2e637fe837ed27dbb4b45baa9f
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Visa | Document: Visa Privacy Notice | Record: CA-P-002661
Captured: 2026-03-15 11:56:42 UTC | SHA-256: e2841c6b02d9354b…
URL: https://conductatlas.com/platform/visa/visa-privacy-notice/transaction-data-collection-from-non-direct-customers/
Accessed: April 29, 2026
Classification
Severity
High
Categories
Data collection

Other provisions in this document

Related Analysis