Capital One Software Privacy Policy
Effective: July 15, 2026
What this policy covers
This Capital One Software Privacy Policy (“Privacy Policy”) explains how Capital One Software LLC (collectively, “we,” “us,” or “our”) collect, use, and disclose personal information. It includes information on our legal bases for using your personal information, how long we keep your personal information, how we protect your personal information, the countries to which we may transfer your personal information, and your rights regarding your personal information. If you provide personal information to us relating to other individuals subject to this Privacy Policy, you are responsible for communicating the terms of this Privacy Policy to them.
What this policy does not cover
This Privacy Policy does not apply to:
Information collected by or on behalf of Capital One Financial Corporation or its affiliated entities outside of Capital One Software, which is subject to their respective privacy policies, available here (opens in new tab).
Non-Capital One Software companies or any third-party websites that we link to online. Please review the privacy policies of other websites and services you visit or use to understand their privacy practices.
Information we collect in the context of a person’s role as a job applicant, employee, associate, contractor, or other member of the Capital One workforce. For more information about how we collect, use, and disclose information in this context, please visit capitalone.com/privacy/ (opens in new tab).
Personal information of individuals associated with our business customers where we process that information in our capacity as a data processor. Capital One Software often processes data on behalf of our business customers, such as certain login information and usage data that we collect in order to provide and improve the products that we offer to our business customers. This data is subject to the privacy policies of our business customers, business contracts, and/or Data Processing Addendums.
Categories of personal information we collect
We collect personal information in a variety of contexts, including directly from you (e.g., when you communicate with us or create an authorized user account of our business customers to access our services) and automatically when you visit our website and/or use our online services. Depending on how you interact with us, we may collect various types of information about you. For example, we may collect:
| CATEGORY | EXAMPLES |
|---|---|
Identifiers | Name, address, email address, online identifiers, internet protocol address, account login credentials and other account information, or other similar identifiers |
Professional or employment-related information | An individual’s employer, title, business contact information, industry, personal pronouns |
Demographic information | Gender |
Usage data | Technical and operational details of your usage of our services |
Internet or similar network activity information | Browser version, browsing history, search history, information on a consumer's interaction with a website, application, or advertisement, marketing preferences, cookies stored from your visits to our website |
Location data | Device location, the location of your IP address, where you work, country location |
Audio, electronic, visual, or similar information | Call and video recordings |
Your communications with us | The contents of phone, email, mail, message, or text communications that we receive during a customer engagement including for customer support |
Inferences drawn from other personal information | Certain inferences based on your interactions with us or our partners (e.g., online/mobile activity data used for targeted advertising) |
Sensitive personal information is a broad category that includes high-risk identifiers like personal financial details, government IDs, or credit card numbers as well as special category data—such as race, ethnicity, religious or philosophical beliefs, sexual orientation or practices, political opinions, trade union membership, health information, and genetic or biometric data. We ask that you not send or disclose any such information to us.
Sources of personal information
We may collect personal information about you from the following sources:
| SOURCES | EXAMPLES |
|---|---|
Directly from you, including automatically when you interact with us online | In the course of our business onboarding interactions and provision of services to you or others, including documents or communications we receive from our customers, interactions with our website or services, calls (including video calls) with Capital One Software representatives , or information you may provide to Capital One Software representatives at conferences or similar events |
Affiliates | Companies related by common ownership or control to Capital One Software |
Business partners | Businesses or other professional service providers with whom we have jointly arranged events and to whom you have provided personal information, such as joint marketing partners |
Marketing partners | Companies that collect information through our online services in order to provide marketing services for us, including to target advertising to you based on personal information collected across different websites, mobile apps, and devices over time. Our marketing partners include social media companies |
Service providers and other vendors | Software providers, marketing companies, communication services, fraud prevention services, consumer reporting agencies, data analytics providers, data providers |
Third parties that you have authorized or directed to share information with us | Authorized agents or others on your behalf |
Government entities or other public sources | Federal, state, or local governments that provide publicly available data |
How and why we use personal information
We may collect and use personal information:
To provide a requested service or to carry out a contract, including:
To manage, administer, and improve our provision of products and services to, and contractual obligations with, our customers.
To provide information or services requested by you, or reasonably expected by you given our business relationship.
To conduct reviews of our performance, manage business relationships, and arrange for the termination of business relationships.
Where it is necessary for our legitimate interests:
To ensure a healthy and safe office environment for our vendors, personnel, and visitors.
To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and assist in the prosecution of those responsible for that activity.
To market and promote our services, including by sending to you personalized event invitations, updates and other marketing materials.
To provide, administer, monitor the use of, and improve this website.
To conduct analytics and research on, and improve, our products and services.
To create aggregated and deidentified information.
To develop and train AI models to be used in connection with our products and services.
To comply with our legal obligations, including:
To conduct “Know Your Client”, anti-money laundering, terrorist financing, and conflict checks, and customer due diligence checks.
To meet relevant regulatory requirements, respond to subpoenas or other government requests, and manage legal disputes.
To conduct compliance activities with the use of our network.
Disclosure of personal information
We may disclose your personal information to the following third parties:
Our customers, in relation to the products and services we provide.
Our affiliates.
Service providers and other vendors that provide services to us, including technology, web and security vendors.
Banks, and other payment processing services.
Marketing partners that collect information through our online services in order to provide marketing services to us.
Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws.
Auditors, insurers, lawyers, accountants and other professional advisers.
Parties designated by you.
In addition, we may disclose personal information about you:
If we are required or permitted to do so by law or legal process, for example, for the exercise of legal proceedings, a request from a law enforcement agency or if we believe in good faith that such disclosure is necessary to comply with a legal obligation or request or to exercise or enforce our legal rights or contractual commitments;
When we believe disclosure is necessary or appropriate to protect the rights, property or safety of Capital One Software, our customers, another party, or the public;
In connection with an investigation of suspected or actual fraudulent or other illegal activity; and
In conjunction with our business continuity, or to another party that acquires, or is interested in acquiring, all or part of our business in connection to a corporate sale, merger, reorganization, dissolution or similar event.
We may also disclose personal information about you in other circumstances where we have your consent.
Data retention and security
The personal information we collect will be retained only for as long as reasonably necessary for the purposes set out in this Privacy Policy and consistent with our retention policies, in accordance with applicable laws. When determining these retention policies, we take into account the length of time personal information is required to be retained to provide the services; satisfy legal and compliance obligations and for audit purposes; address any complaints or troubleshoot issues related to the services; and defend or bring potential legal claims to enforce our policies.
We have an information security program that includes administrative, technical, and physical measures that are designed to protect information within our company. While we strive to protect information about you, no method of data transmission or storage is 100% secure, and we cannot ensure or warrant the security of such information.
International transfers of your personal information
We may need to transfer your personal information to locations outside the jurisdiction in which you provide it, or from where you are viewing this website, in order to use it for the purposes set out above, including to Capital One affiliates, service providers, and partners in countries such as the United States, United Kingdom (UK), Canada, Mexico, India, the Philippines, Singapore, or any other country in which we or they have operations. As such, transfers of personal information may take place to countries that have different data protection rules than are found in the country where you are from.
Where required by applicable law, we implement safeguards to protect your personal information when we transfer it outside your country of residence. For example, for transfers from the European Economic Area (EEA) or the UK to countries not considered adequate by the European Commission or the UK government, we put in place adequate measures, such as standard contractual clauses, to protect your personal information. The list of countries recognized by the EEA and the United Kingdom as providing an adequate level of protection is available here (opens in new tab) for the EEA, and here (opens in new tab) for the UK. You may obtain a copy of these measures by contacting us using the details set out below in the Contact Us section of this Privacy Policy.
Your rights regarding your personal information
California Residents
You may have additional rights under applicable law, such as the California Consumer Privacy Act for California residents, or we may provide you with additional choices to access, delete, correct, or otherwise manage certain personal information. For more information about your rights or choices under the California Consumer Privacy Act and how to exercise them, please visit Capital One’s Manage Your Data (opens in new tab) page or review our Capital One CCPA disclosure (opens in new tab).
European data protection laws
When Capital One is a controller subject to either Regulation (EU) 2016/679 (the “GDPR”), any law implementing or supplementing the GDPR, or the UK Data Protection Act 2018, which implements the “UK GDPR” (as defined in the UK Data Protection Act 2018) (collectively, “European Data Protection Laws”), you may have the following rights:
To request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
To correct any incomplete or inaccurate personal information that we hold about you.
To request us to delete or remove from our systems your personal information where there is no legal basis for us continuing to process it.
To request us to suspend processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it.
To request the transfer of your personal information to a third party.
To withdraw any consent that you have provided to us for processing your personal information.
To make a complaint to a local supervisory authority about how we are processing your personal information (see here (opens in new tab)for the UK Information Commissioner’s Office’s contact details and here (opens in new tab) for a list of EU data protection authorities).
If you are seeking to exercise your rights under European Data Protection Laws, email capitalonesoftware-privacy@capitalone.com. Please describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will respond to your request consistent with applicable law. Once we receive your request, we may verify your identity by requesting additional information sufficient to confirm your identity. You may appoint a representative to exercise these rights on your behalf, but we may require steps to verify the request is legitimate.
We will not charge a fee for your request unless it is excessive, repetitive, or manifestly unfounded. We will deliver our written response electronically. We endeavor to respond to a verifiable request within the time periods provided by relevant law. If we require more time, we will inform you or your authorized agent in writing of the reason and the extension period.
Opt out of targeted advertising
You may opt out of having personal information shared for certain targeted advertising purposes, including by:
Enabling the Global Privacy Control (opens in new tab) (GPC) setting in your browser to communicate your choice to opt out of web-based sharing, such as through pixels and tags. When we detect a GPC signal from a browser, our online services are designed to treat the browser as opted out and to stop web-based sharing of personal information for certain targeted advertising purposes, in accordance with applicable laws. You can confirm whether we are processing your GPC signal as a valid request to opt out by clicking here (opens in new tab). Please visit the Global Privacy Control (opens in new tab) website to learn more about the setting and how to enable it on your browser.
Filling out an opt-out form that applies to certain offline sharing, by visiting the Your California Privacy Choices (opens in new tab) link and following the instructions.
You can also opt out of certain targeted advertising by visiting the Digital Advertising Alliance Opt Out Page and TrustArc Preference Manager (opens in new tab) or by adjusting the privacy settings on your mobile device (e.g., "Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android).
Please note that your preferences will only limit the sharing of personal information for certain targeted advertising purposes in accordance with applicable laws or as disclosed by the organization providing the opt-out. For example, if you opt out, we may still use your personal information to personalize our interactions with you, and you may still see Capital One Software advertisements that result from other advertising techniques. For web-based sharing, you will need to opt out separately on all of your browsers and devices, as your web-based preferences will only apply to the specific browser from which you opt out. If you delete cookies, change web browsers, reset your mobile advertising ID, or use a different device, you may need to opt out again. Our online services do not function differently in response to browser "Do Not Track" signals, but you may opt out of certain targeted advertising as described above.
Cookies & online tracking technologies
We, and third-party providers acting on our behalf, use a variety of online tools and technologies to collect information when you visit or use our online services, including Internet or similar network activity information and identifiers. For example, we use these tools to collect information for debugging, fraud prevention, session management, and other necessary purposes. We and our third-party providers also use these to conduct personalization, analytics, and targeted advertising on or through our online services.
These tools include:
Server logs. Server logs automatically record information and details about your online interactions with us. For example, server logs may record information about your visit to our website on a particular time and day.
Cookies. Cookies are small text files that a website’s server stores in your web browser. Cookies allow companies to recognize your device and store information about your account and preferences. For example, we may use cookies to store information about pages visited on our sites, language preferences, your relationship with us, or other information that we have associated with you or your device, including to better understand users like you, facilitate log-ins, and improve our services and advertising. You may be able to manage cookies on your device.
Pixel tags. A pixel tag (also known as a web beacon, clear GIF, pixel, or tag) is an image or a small string of code that may be placed in a website, advertisement, or email. It allows companies to set or read cookies or transfer information to their servers when you load a webpage or interact with online content. For example, we or our providers may use pixel tags to determine whether you have interacted with a specific part of our website, viewed a particular advertisement, or opened a specific email.
Third-party plugins. Our Online Services may include plugins from other companies, including social media companies (e.g., the Facebook “Like” button). These plugins may collect information, such as information about the pages you visit, and share it with the company that created the plugin even if you do not click on the plugin. These third-party plugins are governed by the privacy policies and terms of the companies that created them.
We and third-party providers acting on our behalf use online tracking technologies (e.g. cookies) for the following purposes:
Required Cookies. These cookies are necessary to enable the basic features of this site to function.
Functional & Analytics Cookies. We and our third-party providers use online tracking technologies to engage in data analytics, auditing, measurement, research, reporting, and debugging on our website and to measure the effectiveness of our advertising.
Targeted Advertising & Personalization Cookies. Capital One Software may customize content and advertisements for our products and services on our own and third-party websites.We and our third-party providers may collect information about your activities on our online services and across different websites, mobile apps, and devices over time for targeted advertising purposes. These providers may then show you ads, including across the internet and mobile apps, and other devices, based in part on the information they have collected or that we have shared with them. You may opt out of certain targeted advertising, as described in the “Opt out of targeted advertising” section below.
For more information about how we use cookies and other online tracking technologies, and how to manage your cookies preferences, please visit Capital One Software's Cookie Policy.
Managing cookie preferences
You can manage your cookie preferences for our sites at any time by navigating to “Cookie Preferences” in the footer of capitalonesoftware.com.
You can also control how cookies are placed on your device and remove existing cookies using your web browser settings.
You can find out how to do this on your browser's website, by using a search engine to search for how to change the privacy policy in your specific browser or by checking the instructions/preference settings within the browser. Generally this setting is within the privacy section. For mobile devices these may be within the browser app settings. Up-to-date browsers give you the option to accept or decline cookies as a global setting that applies to every website you visit with some allowing you to manage sites individually.
Changes to this Policy
We may change or update this Privacy Policy in the future. When we do, we will post the revised Policy on our website. Please check this Policy regularly to ensure that you are familiar with its content.
This Policy was last updated and became effective on the date posted at the top of this page.
Contact Us
Have questions about this policy or our privacy practices? Please email us at capitalonesoftware-privacy@capitalone.com or by mail below:
[ATTN: Capital One Software, 1680 Capital One Drive, McLean, VA 22102-349]
