Finicity is part of the Mastercard family. Our open banking platform provides the financial data you need.

Privacy Notice

Last updated: September 25, 2023

This Privacy Notice (the “Privacy Notice”) is provided by Finicity Corporation, a wholly-owned subsidiary of Mastercard International Inc. (“Finicity,” “we,” and/or “us”).

This Privacy Notice applies to the Personal Information you provide to us or that we collect through our websites, including https://www.finicity.com, (the “Site”) and through our other online services, websites, applications, and related services that link to this Privacy Notice (collectively with the Site, the “Services”). The Personal Information we collect, use, and share depends on the Services that you use. We process your Personal Information in compliance with applicable law and any other obligations, such as those that may be included in agreements with third parties with which we partner to provide you with the Services. By accessing or using our Services, you agree to the collection, use, and processing of your Personal Information as set forth in this Privacy Notice.

In this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual.

Note that the Services are often accessed or connected through other third parties and their related applications and services who consumers authorize to access consumer information in order for the third party to provide a product or service to the authorizing consumer (“Consumer-Authorized Third Parties”). This Privacy Notice only covers the information that Finicity collects, uses, and shares to provide the Services, and does not explain what a Consumer-Authorized Third Party does with any Personal Information we provide to them (or any other information they may collect about you separately from Finicity). This Privacy Notice also does not cover any websites, products, or services provided by others. We encourage you to review the privacy notices, terms of use, or notices of any Consumer-Authorized Third Parties for information about their practices.

1. PERSONAL INFORMATION WE MAY COLLECT AND WHERE IT COMES FROM

2. HOW WE USE YOUR PERSONAL INFORMATION

3. HOW WE SHARE YOUR PERSONAL INFORMATION

4. HOW WE PROTECT YOUR PERSONAL INFORMATION

5. YOUR RIGHTS AND CHOICES

6. CHILDREN’S PRIVACY

7. DATA RETENTION

8. INTERNATIONAL TRANSFERS

9. UPDATES TO THIS PRIVACY NOTICE

10. U.S. STATE PRIVACY LAW ADDENDUM

11. CONTACT US

1. PERSONAL INFORMATION WE MAY COLLECT AND WHERE IT COMES FROM

Information you provide to Finicity. When you connect your account from your relevant bank, financial institution, payroll provider, or other entity that provides your financial account (“Financial Account”) through the Services or when you request the Services directly from us, you may provide (and we may collect) the following categories of Personal Information:

Information we collect from your Financial Account. After you have successfully connected your Financial Account(s) through the Services, we will access and collect information from your Financial Account on your behalf. The information we will collect from your Financial Account will vary depending on the specific third-party services you are using (e.g., income verification or financial management applications), the information available from the Financial Account, and other factors. We will collect the following categories of Personal Information from your Financial Account, which includes information from all accounts accessible through a single set of credentials to a Financial Account (e.g., checking, savings, and credit card):

Information we collect from your devices. When you use the Services on your device (e.g., computer, phone, tablet) we may automatically collect information about your use of the Services, including via cookies and similar technologies (collectively “cookies”), such as internet protocol (IP) address, device location, time zone setting, hardware model, operating system, the features within our Services you access, browser data, and other technical information about the device. Please review our Cookie Policy for more information about how we use cookies and your options related to cookies.

Information we receive about you from other sources. When you use the Services in connection with a Consumer-Authorized Third Party or in the process of connecting your Financial Accounts to our financial institution partners, we may receive identifiers and commercial information about you directly from a Consumer-Authorized Third Party, our financial institution partners, or other third parties including our service providers and identity verification services. For instance, Consumer-Authorized Third Party (e.g., lenders or payment processors) may provide information to Finicity such as your full name, social security number, date of birth, email address, phone number, or information about your financial accounts and account transactions, and our financial institution partners or service providers may provide information such as the status of a transaction you have initiated.

2. HOW WE USE YOUR PERSONAL INFORMATION

We will use your Personal Information in a manner consistent with this Privacy Notice. Specifically, we may use the Personal Information we collect:

3. HOW WE SHARE YOUR PERSONAL INFORMATION

We provide services to or utilize third-party services that may have access to your Personal Information for a variety of business purposes. We only provide your Personal Information to a third party after such third party has a signed a confidentiality contract with us, and we provide your Personal Information to such third parties only for business purposes. We may disclose the categories of information described above in Section 1 “Personal Information We May Collect and Where It Comes From” to third parties and for the purposes described below:

We may use, share, or publicly disclose or otherwise process your information that has been de-identified, anonymized and/or aggregated (so that it does not identify you personally) for any purpose permitted under applicable law, including for research and the development of new products.

4. HOW WE PROTECT YOUR PERSONAL INFORMATION

Because we are trusted with your Personal Information, we have implemented administrative, technical, and physical security controls that are designed to safeguard your Personal Information. We maintain physical, electronic, and procedural safeguards that comply with applicable state and federal standards to guard your Personal Information held by us relative to the Services.

Please recognize that protecting your Personal Information is also your responsibility. We urge you to take every precaution to protect your Personal Information when you are on the internet and when you communicate with us and with other parties through the internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser. If you have reason to believe that your interaction with us or our partners is no longer secure, please let us know immediately by contacting us as indicated in the Contact Us section below.

By using our Services, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security breach involving your Personal Information, we may attempt to notify you electronically by sending an email to you. If you have any questions about the security of your Personal Information, please email us at ob.privacy@mastercard.com

5. YOUR RIGHTS AND CHOICES

You may decline to share certain Personal Information with us, in which case we may not be able to provide to you some of the features and functionalities of our Services. Where required by applicable law, we will indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so.

Depending on your country or state, you may have the right or choice to access, amend, or delete any Personal Information we hold about you, opt out of, object to, or restrict some uses of your Personal Information, and withdraw any consent provided. To exercise your rights and choices, you may contact us using the contact details at the end of this Notice or visit our Data Privacy Consumer Rights Portal.

Depending on your state, you may have additional rights as set out in Section 10, below.

Do Not Track. Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. We currently do not respond to browser “do not track” signals.

6. CHILDREN’S PRIVACY

You must be at least 18 years old to use our Services. We do not knowingly direct our Services to individuals under 18 years old (“Minors”), nor do we knowingly collect, use, or disclose Personal Information about Minors who use our Services. If you use our Services, you represent that you are at least the age of majority under the laws of the jurisdiction of your place of residence. If you believe a Minor has provided us with Personal Information, please alert us at ob.privacy@mastercard.com. If we learn that we have collected Personal Information from a Minor, we will promptly take steps to delete such information.

7. DATA RETENTION

We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

8. INTERNATIONAL TRANSFERS

Our Services and Site are hosted in the United States and are directed to people inside the United States. If you choose to use the Services or access the Site from other regions of the world with laws governing data collection and use that may differ from United States law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing. Also, we may transfer your Personal Information from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services. We comply with applicable legal requirements when transferring Personal Information to countries other than the country where you are located.

9. UPDATES TO THIS PRIVACY NOTICE

We may revise this Privacy Notice or our practices with respect to how we collect, use, and process Personal Information at any time and in our sole discretion. If we make any material changes to how we treat our customers’ Personal Information, we will attempt to notify you by email to the primary email address specified in your account, through a notice on our website’s home page, or through other means. You are responsible for ensuring we have an up-to-date, active email address by which to contact you. You are advised to review this Privacy Notice periodically for any changes. Your continued use of our Services after such modifications will constitute your acknowledgment of the modified Privacy Notice and your agreement to abide and be bound by the modified Privacy Notice. Changes to this Privacy Notice are effective when they are posted on this page.

10. U.S. STATE PRIVACY LAW ADDENDUM

If you reside in a state of the United States which has an applicable privacy law, and we collect Personal Information about you in our role as a controller/business, then this section supplements the information above and applies to you.

Application. This section supplements the information contained above in our Privacy Notice and applies to California residents from whom we collect Personal Information as a business under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) (“CCPA”).

For the purpose of this section, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the CCPA. Personal Information does not include information that is publicly available, deidentified, or aggregated (as those terms are defined in the CCPA) or otherwise excluded from the scope of the CCPA.

If you are a job applicant who is a California resident, please refer to the Mastercard Applicant Privacy Notice for further information.

A. Privacy Disclosures for California Residents

1. Categories of Personal Information about you that we Collect or Disclose

The chart below provides the categories of Personal Information (as defined by the CCPA) we have collected or disclosed for a business purpose. 

CategoryWe CollectWe Disclose for a Business Purpose
A. Identifiers   Examples: Personal and business contact information (e.g., name, postal address, telephone number, job title), date of birth, social security number, unique personal identifiers or numbers, online identifier, internet protocol address, email address, account name, authentication information, and similar identifiers.  Yes  Yes
B. Categories of Personal Information in Cal. Civ. Code Section 1798.80(e)   Examples: Name, address, telephone number, bank account number, or any other financial information.  Yes  Yes
C. Commercial Information   Examples: Information we create or retain that are fundamental to our business, e.g., bank statements, bank transactions, records of personal property; products or services purchased or obtained; purchase history; consumer habits or tendencies; banking account numbers; bank routing numbers; W-2s and other tax related documentation, and credit scores.  Yes  Yes
D. Internet or Other Electronic Network Activity Information   Examples: Cookie and web beacon data, IP address, browser type, operating system, mobile device identifier, referring business partner URLs, and pages viewed and actions you take on our online properties and apps.  Yes  Yes
E. Geolocation Data   Example: Your mailing address, city, state, or IP address/the location associated with your IP address.
Yes
  Yes
F. Sensory Information   Examples: Audio recordings (including call recordings for customer service purposes).  Yes  No
G. Professional or Employment-Related Information   Examples: Business-to-business (“B2B”) information such as job title, department, and name of organization.Professional employment information, which may include: current work status; payroll provider username and passwords; paystubs, and multi-factor authentication.    Yes    Yes
H. Inferences Drawn from Personal Information   Examples: Based on your bank transaction data or pay checks: your income or employment, your likelihood to make a payment on a given day, your regular payments (e.g., utilities, rent subscription services).    Yes    Yes
I. Sensitive Personal Information   Examples: Authentication information, such as credentials, username, password, security questions and responses, Personal Identification Numbers (PINs), multi-factor authentication responses, security tokens, and/or other information required to authenticate you to connect your Financial Account(s) through the Services. A consumer’s social security number.  

Note: we do not use or disclose sensitive personal information for purposes which would require us to offer consumers the right to limit our collection and processing of this data under the CCPA.
    Yes    Yes

2. Use of Personal Information

We collect, use, and disclose your Personal Information in accordance with the specific business and commercial purposes below:

3. Sources of Collection of Personal Information

We have collected Personal Information from the following categories of sources:

4. Disclosure of your Personal Information to Other Parties; no Sale of Personal Information

With respect to the categories of Personal Information identified in the table above, we disclosed for a business purpose your Personal Information to the following categories of third parties:

We do not sell or “share” your Personal Information.

We do not have actual knowledge that we sell or “share” Personal Information of consumers under 16 years of age.

We do not use or disclose sensitive personal information for purposes which would require us to offer consumers the right to limit our collection and processing of this data under the CCPA.

5. Retention

We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

B. Your California Privacy Rights

If you are a California resident, you may exercise the following rights.

Submit Requests. To exercise your rights under the CCPA, please submit your request via our Data Privacy Consumer Rights Portal or call (855) 263-3072 and select option 3.

Authorizing an Agent. If you are acting as an authorized agent to make a request to know, delete, correct, or opt out on behalf of a California resident, you may submit a request via our Data Privacy Consumer Rights Portal or call (855) 263-3072 and select option 3. Please note that we will require you to attach a written authorization signed by the resident whose Personal Information will be subject to the request.

11. CONTACT US

Questions regarding this Privacy Notice, our information practices or other aspects of privacy in connection with the use of our Services should be directed to our Data Privacy Officer, who can be reached by email at ob.privacy@mastercard.com.

Finicity Headquarters:

434 West Ascension Way, Suite 200
Salt Lake City, UT 84123
(801) 984-4200

Click here to view our Cookie Policy.


Certain open banking solutions are provided by Finicity, a Mastercard company.