Capital One Online Privacy Policy

The Capital One Online Privacy Policy includes information for everyone about our online information practices.

Effective: January 1, 2020

Last updated: December 19, 2019

Capital One is committed to your privacy.

Our goal is to maintain your trust and confidence when handling personal and financial information about you.

What this policy covers

This Capital One Online Privacy Policy (“Privacy Policy”) describes how we collect information when you visit or use Capital One’s websites, mobile applications, and other online services that link to this Privacy Policy (“Online Services”). It also describes how we use and share such information and explains your privacy rights and choices. Our Online Services are intended for a U.S. audience. The terms “Capital One,” “we,” “us,” or “our” mean Capital One Financial Corporation and its U.S. affiliates. “You” means an individual who visits our Online Services and does not refer to a business or other entity or to individuals outside the U.S.

What this policy does not cover

This Privacy Policy does not apply to the websites, mobile applications, or services of Capital One’s shopping affiliates (e.g. Wikibuy, Paribus, and Jewel) or our non-U.S. affiliates. It also does not apply to non-Capital One companies, such as our co-branded partners, auto dealerships and auto-finance companies, or any third-party websites that we link to online. Please review the privacy policies of other websites and services you visit to understand their privacy practices.

Other important resources

Our U.S. Consumer Privacy Notice applies to information that we collect about individuals who seek, apply for, or obtain our financial products and services for personal, family, or household purposes. In addition, our California Consumer Privacy Act Disclosure applies to certain information we collect about California residents. For other important information, please visit capitalone.com/privacy.

Collecting, Using, and Sharing Information

We collect information in a variety of contexts. For example, we may collect information:

  • Directly from you. We collect information directly from you, such as when you apply or register for our products and services, use our online banking services or mobile apps, communicate with us, respond to surveys, provide feedback, or enter contests or promotions.
  • Automatically when you use our Online Services. We and others on our behalf may collect Device Data, Online/Mobile Activity Data, and other information automatically when you interact with us online. Learn more about our use of Online Tracking Technologies.

This Privacy Policy applies to information we collect when you use our Online Services. We may combine that information with information we collect in other contexts, such as from our phone calls and emails with you, from third-party data sources for fraud prevention, identity verification, or marketing purposes, from our co-branded card or business partners, and from publicly available data sources. We will treat such combined information in accordance with this Privacy Policy.

Depending on how you interact online with us, we may collect various types of information. For example, when you sign up for or use a financial product or service online, we may collect:

  • Contact or identity data, such as your name, mailing address, email address, phone number, date of birth, government-issued identifier (e.g., Social Security number, tax ID number, driver’s license, or other government ID), citizenship, username and password, profile picture, and other information that directly identifies you.
  • Account-related data, such as account number, credit/debit card number, account history, account balances, loan details, vehicle or property information, information about beneficiaries and joint account holders, business-related information (e.g., business name, address, revenue, and industry type), and other information related to your Capital One accounts, applications, or prequalification inquiries.
  • Transaction data, such as credit/debit card purchases, payment or transaction history, transaction details when you transfer money to or from your Capital One accounts, and third-party billing information or statements.
  • Credit report information, such as your credit score, credit history, and other information that we receive from credit reporting agencies when you use our Creditwise features or mobile app.
  • Demographic data, such as gender, marital status, age, household size/composition, education level, income, occupation, and employment status.

When you browse our website or use our mobile apps, we may also collect:

  • Device data, such as your device type, web browser type and version, operating system type and version, display/screen settings, language preferences, device contacts (e.g., to facilitate Zelle payments), photos (e.g., to deposit checks), internet protocol address, mobile network information, general location (e.g., city, state, or country), precise location (e.g., latitude/longitude to find a nearby Capital One branch, café, or ATM), cookie IDs, device IDs, mobile advertising IDs (e.g., Apple’s IDFA or Google’s Advertising ID), and likely connections among different browsers and devices that you use (collectively, “Device Data”).
  • Online/mobile activity data, such as login data, search history, information about how you use and interact with our Online Services or advertising (including content viewed, links clicked, and features used), when and how often you use our Online Services, the webpage from which you clicked a link to come to our Online Services (e.g., the referrer URL), and crash reports (collectively, “Online/Mobile Activity Data”).
  • Marketing data, such as your marketing preferences, information about products or services we think you might like, and inferences based on your interactions with us or our partners (e.g., Online/ Mobile Activity Data used for targeted advertising).
  • Communications data, such as your communication preferences and details or the content of your communications with us (e.g., chat messages).
  • Survey and research data, such as your responses to questionnaires, surveys, requests for feedback, and research activities.

If you inquire about or apply for a job at Capital One, we may also collect:

  • Employment application data, such as professional, employment-related, and education history collected through the Online Services about job applicants, employees, associates, contractors, or other members of the Capital One workforce.

If you disclose any information relating to other people to us or to our service providers when you visit or use the Online Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

We use information for various purposes depending on how you interact with us. For example, we may use your information for the purposes described below:

  • Providing, maintaining, and servicing your accounts, such as enabling you to apply for and obtain Capital One products or services, evaluating your application or eligibility for a Capital One product or service, servicing and managing your accounts, providing customer service, communicating with you, and providing online tools and features.
  • Processing transactions and or payments, such as transferring funds between accounts, processing payments or transactions, fulfilling orders, and conducting settlement, billing, processing, clearing, or reconciliation activities.
  • Verifying your identity, such as conducting identity verification when you apply for our products or services, authenticating your login credentials, verifying your location to allow access to your accounts, and storing security questions for subsequent verification online or over the phone.
  • Detecting and preventing fraud, such as determining fraud risk and identifying fraudulent transactions.
  • Protecting against security risks, such as monitoring network activity logs, detecting security incidents, conducting data security investigations, and otherwise protecting against malicious, deceptive, fraudulent, or illegal activity.
  • Advertising and marketing, such as sending you offers for special products and services via mail, email, or text message, displaying online advertising, targeting our offers or promotions, conducting market research, and evaluating or improving the effectiveness of our marketing efforts, including as described here.
  • Conducting analytics and research, such as examining which parts of our website you visit or which aspects of our mobile apps you find most useful, evaluating user interface and experiences, testing features or functionality, performing debugging and error repair, and analyzing the use of our Online Services, including as described here.
  • Improving our products and services, such as personalizing and optimizing your website and mobile experiences, recognizing you across different browsers and devices you use, improving existing products and services, and developing new products and services.
  • Carrying out legal and business purposes, such as complying with applicable laws, responding to civil, criminal, or regulatory lawsuits, subpoenas, or investigations, exercising our rights or defending against legal claims (including for collections and recoveries on past-due accounts), resolving complaints and disputes, performing compliance activities, analyzing credit risk, conducting credit reporting activities, regulatory reporting, performing institutional risk control, conducting human resources activities, and otherwise operating, managing, and maintaining our business.
  • Using aggregated and de-identified information, such as using or modifying the information described in this Privacy Policy in a manner that does not allow us to reasonably identify you. For example, we may compile aggregated statistics to understand trends or to research the percentage of users accessing a specific website feature. Information that has been aggregated and de-identified is no longer subject to this Privacy Policy.

We share information in a variety of contexts. For example, we may share your information with:

  • Affiliates. We may share your information with companies in the Capital One family.
  • Business partners. We may share your information with companies that we have partnered with to offer or enhance products and services for Capital One customers or prospective customers. For example, we may share information with co-branded credit card partners, joint marketing partners, bill pay partners, or retail partners that allow you to redeem credit card rewards.
  • Service providers. We use other companies to provide services on our behalf and to help us run our business. We may share information with these service providers, or they may collect information on our behalf, for various business purposes. For example, we use service providers for hosting and securing our information systems, servicing customer accounts, detecting and preventing fraud, assisting with human resources activities, communicating with our customers, analyzing and improving our Online Services, and targeting our advertising.
  • Third parties with whom you authorize or direct us to share your information. We share information with your consent or at your direction. For example, we may share information when you use a third-party service to help manage your financial information across various financial institutions, when you are shopping for financing for a car, when you send money to friends and family via Zelle, or when you transfer funds to another bank.
  • Credit bureaus. We share information with credit reporting agencies, such as Experian, Transunion, and Equifax, to report on or learn about your financial circumstances and for other lawful purposes.
  • Government entities and others with whom we share information for legal or necessary purposes. We share information with government entities and others for legal and necessary purposes, such as:
    • To respond to requests from our regulators or to respond to a warrant, subpoena, governmental audit or investigation, law enforcement request, legal order, or other legal process.
    • To facilitate a merger, acquisition, sale, bankruptcy, or other disposition of some or all of our assets, in which case we may transfer your information to the relevant third party.
    • For other legal purposes, such as to enforce our terms and conditions, exercise or defend legal claims, or if we determine that disclosure is necessary or appropriate to protect the life, safety, or property of our customers, ourselves, or others.
  • Recipients of aggregated and de-identified information. We may share aggregated and de-identified information (such as aggregated statistics regarding the use of our financial products and services) with third parties for any purpose.

Our U.S. Consumer Privacy Notice provides additional information about how we share information we obtain when offering financial products and services for personal, family, or household use.

We and third-party providers acting on our behalf use a variety of online tools and technologies to collect information when you visit or use the Online Services, including Device Data and Mobile/Online Activity Data. For example, we use these tools to collect information for debugging, fraud prevention, session management, and other necessary purposes. We also use these to conduct personalization, analytics, and targeted advertising on or through the Online Services. We may associate this tracking data with your Capital One account (if you have one).

These tools include:

  • Server logs. Server logs automatically record information and details about your online interactions with us. For example, server logs may record information about your visit to our website on a particular time and day.
  • Cookies. Cookies are small text files that a website’s server stores in your web browser. Cookies allow companies to recognize your device and store information about your account and preferences. For example, we may use cookies to store information about pages visited on our sites, language preferences, your relationship with us, or other information that we have associated with you or your device. You may be able to manage cookies on your device.
  • Pixel tags. A pixel tag (also known as a web beacon, clear GIF, pixel, or tag) is an image or a small string of code that may be placed in a website, advertisement, or email. It allows companies to set or read cookies or transfer information to their servers when you load a webpage or interact with online content. For example, we or our service providers may use pixel tags to determine whether you have interacted with a specific part of our website, viewed a particular advertisement, or opened a specific email.
  • SDKs and mobile advertising IDs. Our mobile applications may include third-party software development kits (“SDKs”) that allow us and our service providers to collect information about your mobile app activity. In addition, some mobile devices come with a resettable advertising ID (such as Apple’s IDFA and Google’s Advertising ID) that, like cookies and pixel tags, allow us and our service providers to identify your mobile device over time for advertising purposes.
  • Third-party plugins. Our Online Services may include plugins from other companies, including social media companies (e.g., the Facebook “Like” button). These plugins may collect information, such as information about the pages you visit, and share it with the company that created the plugin even if you do not click on the plugin. These third-party plugins are governed by the privacy policies and terms of the companies that created them.

We and third-party providers acting on our behalf use online tracking technology to conduct personalization, analytics, and targeted advertising on or through the Online Services.

  • Personalization. Capital One may customize content and advertisements for our products and services on our own and third-party websites and mobile apps. In order to make the content and advertising as informative and useful as possible, we may use the information we collect about you online, alone or in combination with information about your relationship with us (such as types of accounts, transactional information, or the state in which you bank). We also use online tracking technologies to recognize your computer or device when you’re logged in, enable enhanced features or functionality, improve usability, and otherwise provide the Online Services to you.
  • Analytics. We and our third-party providers use online tracking technologies to engage in data analytics, auditing, measurement, research, reporting, and debugging on our Online Services and to measure the effectiveness of our advertising. For example, we use Google Analytics on our Online Services for such purposes. You can learn more about Google Analytics here and opt out here.
  • Targeted advertising. We and our third-party providers may collect information about your activities on our Online Services and across different websites, mobile apps, and devices over time for targeted advertising purposes. These providers may then show you ads, including across the internet and mobile apps, and other devices, based in part on the information they have collected.

    For example, when you visit the Capital One website and explore our products, our advertising providers may use that information to determine which ads to show you when you go to other, non-Capital One websites. Similarly, when you view a Capital One ad on your computer, our advertising providers may use that information when deciding whether to show you a subsequent ad on your laptop or mobile device. For more information about targeted advertising, please see the Network Advertising Initiative’s (NAI) Understanding Online Advertising page.

    You may opt out of certain targeted advertising. Please note that you may still receive general advertising from Capital One even after you opt out of targeted advertising.

    Opting out relies on information stored in unique browser cookies or mobile or device identifiers, so your opt-out will apply only to the specific browser or device from which you opt out. You will need to opt out separately on all of your browsers and devices. If you delete cookies, change web browsers, reset your mobile advertising ID, or use a different device, you will need to opt out again. You can help preserve web browser opt-out preferences set through the DAA's WebChoices tool by using the ‘Protect My Choices’ plug-ins.

Your Privacy Rights and Choices

Depending on how you interact with us, you have the ability to make certain choices regarding our collection, use and sharing of your information. Your controls and choices may include:

Review or update your account information

Review or update your account information. You may review or update certain account information by logging into your account online. If you cannot change the incorrect information online, or you prefer to request changes offline, please contact us through customer support, or call or write to us using the contact information listed on your account statements or records.

Unsubscribe from our marketing emails

You can visit our Email Preferences page to opt out of receiving our marketing emails. Our marketing emails also contain instructions on how to opt out. Please note that you may receive marketing emails from Capital One up to 10 business days after submitting your request. If you opt out of receiving marketing emails, we may still send you emails about your account or for other non-marketing purposes.

Opt out of targeted advertising

You can opt out of certain targeted advertising in web browsers by visiting the Digital Advertising Alliance (DAA) WebChoices Tool (DAA) WebChoices Tool (for DAA participating companies) and the NAI Opt Out Page (for NAI member companies).

You can opt out of certain targeted advertising in mobile apps by adjusting privacy settings available on your mobile device (e.g., “Limit Ad Tracking” on iOS or “Opt out of Ads Personalization” on Android), or using the DAA's AppChoices App or the TRUSTe Privacy App for participating companies.

Learn more about how we use online tracking technologies.

Manage cookies on your device

You may be able to set your web browser to inform you when cookies are set, delete your cookies, or block cookies altogether. Each browser (e.g., Chrome, Safari, Firefox, Internet Explorer) is a little different, so look at your browser’s settings or support pages to assist you in managing cookies on your browser or device. Your decision not to accept cookies could limit access to some of our Online Services and features. For example, we may not recognize your device and, if you are an online banking customer, you may need to answer challenge questions each time you log on.

Certain web browsers can transmit “Do Not Track” signals, but there is no universally accepted standard for how to interpret such signals. Our Online Services do not function differently in response to these web browser “Do Not Track” signals. However, you may opt out from certain targeted advertising as described above.

Manage how Capital One shares your financial information

For certain consumers of our financial products and services, our U.S. Consumer Privacy Notice governs how we share certain information with our affiliates and third parties, including for their direct marketing purposes, and will enable you to opt out of certain types of sharing.

Exercise other privacy rights or choices

You may have additional rights under applicable law, such as the California Consumer Privacy Act for California residents, or we may provide you with additional choices to access, delete, or otherwise manage certain personal information. For more information about these rights or choices and how to exercise them, please visit the Manage Your Data page or review our California Consumer Privacy Act Disclosure (for California residents), or contact us.

Keeping Information Secure

At Capital One, we care about your safety and security. We have an information security program that includes administrative, technical, and physical measures to protect information within our company. While we strive to protect your information, no method of data transmission or storage is 100% secure, and we cannot ensure or warrant the security of your information.

  • If you suspect a website or mobile app is pretending to be from Capital One (also known as “spoofing”), do not enter personal information. Instead, contact us in a branch or through a phone number you know is associated with your account at Capital One. You can also email us at abuse@capitalone.com.
  • If you receive an email that claims to be from us, but you are not sure or think it is suspicious, do not click on any of the links in the email. Instead, forward it to us at abuse@capitalone.com and delete it.
  • If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at abuse@capitalone.com.

Visit our Fraud and Identity Theft Prevention page for more information about our commitment to security and tips about how to guard against fraud and identity theft.

Children's Privacy

Our Online Services are not directed to children under 13. We also do not knowingly collect personal information from children under 13 through our Online Services. We kindly request that children do not provide information to us through our Online Services.

Social Media

Capital One has official pages on social media services such as Facebook, Twitter, Pinterest, Tumblr, LinkedIn, and YouTube. When you interact with us on these pages or elsewhere on social media, we may collect information such as your likes, interests, feedback, and preferences. We may collect additional information from social media companies if you choose to share with them and they, in turn, share such information with us.

Any posts you make on our official social media pages -- including posts that contain pictures, comments, suggestions, opinions, complaints, or personal information -- are available to others who use those pages. Never include sensitive personal, financial, or other confidential information such as your Social Security number, account number, phone number, mailing address, or email address when posting or commenting online. Please refer to the privacy policies of our social media partners when you interact with them online.

Additional Resources