TransUnion Customer & Partner Portal Privacy Notice

Privacy Notices

print icon Print

This notice was last modified on and has an effective date of June 26, 2026.

We have recently updated our Privacy Notice. Be sure to review the notice carefully to understand our privacy practices.


This Privacy Notice (“Notice”) explains how TransUnion LLC (“TransUnion”, “we,” “us,” or “our”) handles personal information and outlines your rights. Use of our services constitutes your agreement to the terms of this Notice. 

Scope: This Notice applies when you use our customer and partner portal (the “Portal”), and controls how we process personal information to assess the credentials of our prospective business clients when determining whether to engage with them as customers or partners for our services. This assessment involves vetting a large amount of information, mostly pertaining to the relevant business entity, and any financial and reputational risk that may be associated with it. This Notice does not cover practices of other TransUnion businesses or products, nor your interactions with us as a job applicant. Please see those respective privacy notices listed on the left-hand panel of this page for more information on those privacy practices. 

Visit our US State Privacy Rights page to exercise your privacy rights and choices.


Notice at Collection: We collect personal information as described in this Notice. The categories of personal information that we collect are listed below under “Collection and use of personal information,” which also provides the purposes for which we collect and use personal information. To learn more about your privacy rights, including your right to opt out of the sale or sharing of your personal information, please navigate to the “Privacy rights and choices” section below. Our retention practices are outlined below under “Retaining personal information.”


View annual consumer requests metrics (California Consumer Privacy Act (CCPA) and California Data Broker Registration) for TransUnion Companies.

1. Collection and use of personal information

When prospective business clients use the Portal, we collect personal information directly from users, from third parties, and automatically as outlined below. All personal information collected and used is processed in connection with users’ roles as an owner, employee, or representative of our prospective customer or partner.

Information we receive from prospective business clients (user’s employer/our client):

  • To conduct the eligibility assessment of the prospective client: We receive, from our prospective client, identifiers (e.g., name, date of birth, home address, and workplace address; categories of sensitive personal information: Social Security number) with respect to owners and certain officers of the prospective client.
  • To conduct site visits: We receive, from our prospective client, identifiers (e.g., name, work email address, and workplace address) of the individuals who will serve as onsite contacts for the site visits.
  • Create and maintain an account: We receive from our prospective client the identifiers (name, work email, and workplace address) of individuals who will be authorized users of the Portal. Once the account is created, we will also store the selected account password in an encrypted manner. We use this personal information to create the client’s account and facilitate access to and use of the Portal.

Information we collect directly from users:

When users send us a question or inquiry, or ask for other support, we’ll need users to provide us with identifiers (name and work email address). We use this personal information to respond to questions or inquiries, troubleshoot where necessary, and address any issues with the Portal.

Information we collect automatically:

In the landing page of the Portal (before logging in to the Portal): We use strictly necessary, functional, and analytics cookies and similar technologies to automatically collect internet and other electronic network activity information from you. Our collection and use of this information is governed by TransUnion’s Cookies and Similar Technologies Notice.

After logging in to the Portal: we use strictly necessary, functional, and analytics cookies and similar technologies to automatically collect internet and other electronic network activity information from users, to include:

  • Usage information: This includes information such as: user’s time of visit to the Portal, pages visited, search terms, actions taken, how much time users spend on each page, use of widgets (e.g., providing a truncated view of “my order”) or customer objects throughout the Portal and frequency of access. We use this personal information to: (i) conduct analytics; (ii) enhance user experience; (iii) prevent fraudulent use of the Portal; and (iv) diagnose and repair errors.
  • Error information: In the event of technical errors with the Portal, we collect information in connection with an error message including filename, error line number, and any related error message generated by the component that failed.

Device information: We use strictly necessary, functional, and analytics cookies to collect certain information about the device used to access our Portal, such as browser type, browser language, hardware model, operating system, and user preferences. We use this personal information to: (i) conduct analytics; (ii) enhance user experience; (iii) prevent fraudulent use of the Portal; (iv) diagnose and repair errors; (v) remember user preferences; and (vi) provide enhanced functionality.

2. Disclosing for a business purpose and selling/sharing of personal information

With service providers: We sell/share the personal information collected with certain service providers for the following purposes: the secure transfer of Categories of Sensitive Personal Information: Social Security numbers; certain aspects of the credentialing process, and to conduct site visits. We do not use or sell/share this information for marketing purposes.

With other third parties: We will disclose user personal information to legal advisors, law enforcement agencies and/or governmental/regulatory bodies (including public health authorities) if and to the extent we need to do so to defend against legal claims or as required to by law.

In the event of a corporate reorganization: In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, any personal information contained in the Portal would be sold/shared with the buyer or target (and their agents and advisors) for the purposes of facilitating and completing the transaction and providing functionality of the Portal going forward. We would also sell/share personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings.

With your consent: Apart from the reasons identified above, we may request permission to sell/share user personal information for a specific purpose. We will notify users and request consent before collecting the personal information or before the personal information users have already provided is sold/shared for such purpose. Users may revoke consent at any time.

Deidentified information: We may deidentify certain personal information collected, pursuant to applicable privacy regulations. We may sell/share such deidentified information with third parties for certain limited use cases, provided in all such cases that such third parties comply with applicable privacy regulations governing such deidentified data, including but not limited to adopting policies and procedures to prevent the re-identification of such information.

3. Privacy rights and choices

When we act as a data controller, you may have certain privacy rights under applicable US state privacy laws. These may include the right to access, correct, or delete your personal information. You may also have the right to appeal if we deny your request. 

To exercise your privacy rights (subject to limitations and exceptions under applicable law), you may contact us at tuglobalsfdc@transunion.com, make the request in the Portal, or visit our US State Privacy Rights page to submit a verifiable request, and find additional detail below.

  • If you have a TransUnion account, you can use it to make your request.
  • You can also make your privacy request without setting up an account by continuing as a guest. To do so, we will need your name, address, email, phone number, date of birth, and either your full Social Security number or the last four digits.
  • Depending on the type of privacy request, we may also need you to answer knowledgebase questions regarding data associated with you and/or provide a passcode sent to your phone number. We will use that information to verify your identity so we can respond to your request.
  • If we return this information to you electronically, the information will be in a portable format, and to the extent that it is technically feasible, we will provide the information in a readily useable format that can be easily transferred to another entity.

To make an opt-out request or to limit our use of your sensitive personal information (subject to limitations and exceptions under applicable law), visit Submit an Opt-Out / Limitation Request.

  • Because we may “sell” or “share” personal information or engage in “profiling,” “targeted advertising,” “cross-context behavioral advertising,” or use sensitive personal information, consistent with the defined terms in applicable state laws, you may also exercise your opt-out rights from such sales/sharing, profiling/automated decision making, targeted advertising, or cross-context behavioral advertising, and limit our use of your sensitive personal information.
  • To exercise your right to opt out of the sale or sharing of your personal information through trackers or cookies on our websites, please visit the Cookies Settings page, also located in the footer of our website.

The US State Privacy Rights and Submit an Opt-Out / Limitation Request rights pages apply to the services covered in the notices for Transunion LLC, TUI, TURSS, TRADS, and Marketing Solutions. If you use a consumer right using these links, you do not need to make consumer rights again for the other related services.

To exercise your US state privacy rights (subject to applicable legal limits and exceptions), visit our US State Privacy Rights page to submit a request. We may request your name, address, email, phone number, date of birth, and either your full Social Security number or the last four digits to locate your records. For certain requests, we require you to answer some security questions to verify your identity. If we provide your information electronically, we will do so in a portable format. When technically possible, we will provide it in a format that is easy to use and transfer to another entity.

Explanation of Privacy Rights and Choices

In the US, residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia have some or all of the below privacy rights. We may offer these rights to other jurisdictions where required by law or at our discretion.

  • Right to Access/Know. You may have the right to request a privacy report detailing the personal information collected, disclosed, sold, and shared about you and the purpose for doing so, unless such request proves impossible or would involve disproportionate effort.
  • Right to Correct. You may have the right to request that we correct inaccurate personal information that we collect or maintain about you, subject to verification.
  • Right to Delete. If we collected or maintain personal information about you, you may have the right to request the deletion of this personal information, unless an exception applies under applicable law.
  • Right to Opt Out of the Sale/Sharing. You may have the right to opt out of the sale/sharing of your personal information to third parties.
  • Right to Opt Out of Profiling/Automated Decision Making, Targeted Advertising, or Cross-Context Behavioral Advertising. You may have the right to opt out of our use of your personal information for purposes of profiling, automated decision making, targeted advertising, or cross-context behavioral advertising.
  • Right to Limit the Use of Sensitive Personal Information. You may have the right to limit how we use your sensitive personal information. Depending on the applicable law, sensitive personal information may include: Social Security number, driver’s license number, biometric information, precise geolocation data, and racial and ethnic origin.
  • Right to Request Specific List of Third Parties. You may have the right to request a list of the specific third parties with whom we have disclosed personal information.
  • Right to Appeal. If you believe we have denied any of your consumer privacy rights in error, you may have the right to appeal by replying to our denial message or any communication from us.

These rights are subject to limitations and exceptions under applicable privacy laws. They may vary by region, and the functionality and features available on our websites are subject to change. We do not discriminate against you based on your exercise of your privacy rights.

Analytics Disclosure: We use Google Analytics 360, including Google Tag Manager and Google Ads. If you would like to learn more about Google Analytics, or opt out of this data collection and sharing activity, please use this link: https://www.google.com/policies/privacy/partners/. Please visit our Cookies and Similar Technologies Notice for information regarding our tracking technologies.

4. Privacy rights via authorized agent

A. Opt-Out Requests and Requests to Limit Use of Sensitive Personal Information 

For an authorized agent (with or without power of attorney) to submit an opt-out request or a request to limit the use of a consumer’s sensitive personal information on behalf of a consumer, the authorized agent is required to provide written authorization signed by the consumer, clearly permitting the agent to act on their behalf. The agent’s name must match the name listed in the authorization. The authorized agent must also have sufficient consumer identification details to submit the request on their behalf, including: first and last name (middle name optional) and residential address (including unit number, city, state, and ZIP code). It’s strongly recommended but optional for the authorized agent to additionally have the consumer’s Social Security number and date of birth to provide in their submission to assist in finding relevant records. 

B. Verifiable Requests (Access, Correction, Deletion)  

For an authorized agent to submit a verifiable privacy request with a valid power of attorney, the agent must provide: 

  • A valid power of attorney executed in accordance with applicable law 
  • Sufficient information to allow us to locate the consumer’s file 

For an authorized agent to submit a verifiable privacy request without a power of attorney, the authorized agent must provide each of the following: 

  1. Signed Authorization. Signed permission from the consumer authorizing the agent to submit the request. The agent’s name must match the name on the authorization. The authorization must describe the type(s) of request (e.g., access, correction, deletion) 
  1. Identity Verification. Sufficient proof of identification for us to verify the consumer’s identity, such as, Social Security number or a copy of a Social Security card, a certified or official copy of a birth certificate, or a valid driver’s license or other government-issued identification. The identification provided must match the name in the authorization. 
  1. Consumer Information. The submission must include sufficient information for us to locate the consumer’s file. The authorized agent may review the types of information we require by looking at information requested on the US State Privacy Rights page. 

C. Submission Instructions  

Documentation may be sent to:  

    TransUnion Data Privacy  

    Attn: Authorized Agent Request Processing 
    PO Box 130 
    Woodlyn, PA 19094 

You can also email the information to privacy+authorizedagent@transunion.com 

To enhance data security, the authorized agent may use confidentiality features offered by their email provider. All personal information collected as part of this process will be deleted after verification is complete. 

5. Personal information of children

Our services are not intended for use by nor directed to individuals under the age of eighteen (18). If we learn that we have collected or received personal information from individuals under the age of eighteen (18), we will delete the personal information or otherwise comply with applicable law. We do not knowingly sell personal information of children under the age of eighteen (18).

If for some reason, you believe we have collected personal information from individuals under the age of eighteen (18), you may reach out to us via the contact center. Additionally, a parent or guardian may make a data privacy opt-out request or limit our use of sensitive personal information (subject to limitations and exceptions under applicable law) by visiting Submit an Opt-Out / Limitation Request.

6. Securing personal information

We maintain a comprehensive information security program with administrative (policies, standards, and processes), physical, and technical controls designed to protect the confidentiality, integrity, and accessibility of personal information.

When handling categories of sensitive personal information such as Social Security numbers, we: (i) protect the confidentiality of Social Security numbers, (ii) prohibit their unlawful disclosure, and (iii) limit access to them only to the individuals for whom access is required for the performance of their job duties and the purpose for which the Social Security numbers were collected.

7. Retaining personal information

We retain personal information for as long as necessary to fulfill the purposes for which it was collected or processed, as previously described in this Notice. For instance, we retain personal information, collected through our services and websites, for as long as a user’s account is active or as needed to provide services to our customers.

When determining retention periods, we consider our relationship with users and their information, the nature and sensitivity of the information, and what is reasonably necessary and proportionate to provide and improve our services. We also adjust retention periods to comply with our legal, reporting, or accounting obligations, to resolve disputes, and to enforce our agreements. We regularly review our retention periods and assess our data minimization practices, retaining the least amount of information for the shortest retention period, while still upholding all our obligations.

8. Links to other sites or services

This Notice does not apply to other third-party sites or services. If you click on a link or browse to a third-party site from our site/service, your activity and interaction is subject to that third-party's rules and policies. We recommend reviewing the privacy statements on those other sites to understand their privacy practices and make an informed decision regarding your use or interaction with their site/service.

9. Contact information

If you have any questions or concerns regarding this Notice, please contact us at tuglobalsfdc@transunion.com.

If you have questions or concerns regarding our privacy practices, the protection of your personal information, or the privacy rights and choices available to you, you may contact us in the following ways:

Email

privacy@transunion.com

Phone

1-866-310-8783

Postal Mail

TransUnion Data Privacy
P.O. Box 130
Woodlyn, PA 19094


10. Notice changes and effective date

This Notice is subject to change at any time. If we make any changes to this Notice, we will post the revised Notice on this page with its effective date. If we change the Privacy Policy in a material way, we will provide appropriate notice. Such notice may be provided, for example, via a temporary banner on our Site, an email sent to users for whom we have an email address, or by temporarily noting “UPDATED” next to the Privacy Policy link on the footer of our Site.