Last updated: November 27, 2025
This Privacy Notice (the “Privacy Notice”) is provided by Finicity Corporation, a wholly-owned subsidiary of Mastercard International Inc. (“Finicity,” “we,” and/or “us”).
This Privacy Notice applies to the information you provide to us or we collect when you use our services (the “Consumer-Permissioned Data Services,” as referenced in our Terms of Use) to connect your financial accounts with Amazon. It explains the types of personal information we collect, and how we collect, use, maintain, protect, and share this information. This Privacy Notice also tells you about the rights and choices you may have when it comes to your personal information. If you have questions, you can contact us at ob.privacy@mastercard.com for more information.
This Privacy Notice does not apply to any other services provided to you by Finicity or Amazon.
This Privacy Notice does not explain what Amazon does with any information you share with them, including information you choose to share with them by using our Consumer-Permissioned Data Services. We encourage you to review Amazon’s privacy notices and applicable terms and conditions for information about their data practices.
- The Personal Information We Collect and Where It Comes From
- How We Use Your Personal Information
- How We Disclose Your Personal Information
- How We Protect Your Personal Information
- How Long We Keep Your Personal Information
- Your Rights and Choices
- Children’s Privacy
- International Transfers
- Updates to this Privacy Notice
- How to Contact Us
1. The Personal Information We Collect and Where It Comes From
When you use our Consumer-Permissioned Data Services to connect your financial account to Amazon from your bank or financial institution (your “Provider”), we will access and collect information from financial accounts (e.g., checking, savings, credit card, etc.) accessible through an authenticated access token on your behalf. We also collect information from the devices you use to access our Consumer-Permissioned Data Services, and from affiliates, service providers or third parties to protect you and others against fraud.
In this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual (or household, where required by applicable law). The information we collect may vary depending on the specific Amazon services you are using, the information available from your financial account, and other factors. The categories of Personal Information we collect are:
|
Categories of Personal Information We Collect
|
Examples
|
|
Information from your financial account
|
Account identifying details (such as account name, type, number, owner, and identifying or routing information for the financial institution); account balance information, revolving credit account information (including balance owed, due dates, payment details, transaction history, credit limits, repayment status, and interest rates); loan account information (including due dates, repayment status, balances, payment details, interest rates, guarantor, loan types, and payment plans and terms); and transaction or other commercial information (including merchant, amount, date, payee, type, quantity, price, location, and memo or description of the transaction)
|
|
Identifiers
|
Financial account owner name, email address, phone number, and address information, as well as tokens representing this information; device identifiers including cookies, internet protocol (IP) address, and device unique identifiers
|
|
Device, internet, and other electronic network activity information
|
Device hardware model, operating system, browser type and version, referring URLs, and other information collected via automated means such as cookies or web beacons when you interact with our Consumer-Permissioned Data Services. Please review our Cookie Policy for more information about how we use cookies and your options related to cookies.
|
|
Geolocation data
|
Using your IP address and other device information, we collect your time zone setting and geographic area
|
|
Inferences drawn from Personal Information
|
Fraud signals, like the number of times a data element has been queried in a period of time or the last time a data element has been seen, to identify behavioral patterns and insights for our fraud prevention and identity verification services (e.g., patterns confirming that a provided address is genuine), authentication risk scores, transaction risk factors, risk reason codes, and income or cash flow information
|
We collect this Personal Information from various categories of sources, including:
- Your bank or financial institution;
- Directly from you or your devices;
- Our affiliates within the Mastercard group, solely to monitor and prevent fraud;
- Service providers;
- Publicly accessible sources; and
- Third party data providers, who may collect the information from publicly available sources, directly from individuals, or other sources. This data collection includes the mapping of IP addresses to non-precise location data (e.g., city, state), and the collection of the following data elements: name, e-mail address, physical address, phone number, and IP address.
2. How We Use Your Personal Information
We use your Personal Information to provide our Consumer-Permissioned Data Services and to protect you and others against fraud when you authorize us to connect your financial account to Amazon. This involves sharing your account information with Amazon, maintaining connectivity with our data providers, maintaining and enhancing our Consumer-Permissioned Data Services to adapt to changes in technology and data, facilitating transactions requested by you, managing our business operations, auditing your interaction with our Services, verifying your identity, maintaining the safety and quality of our Consumer-Permissioned Data Services, enforcing our Terms of Use or other legal rights, detecting and preventing security incidents, and providing customer service support. We may also use your Personal Information as required by applicable law or requested by judicial process or governmental agency. For some processing activities, we may use techniques such as artificial intelligence and machine learning to process and analyze data.
3. How We Disclose Your Personal Information
When you authorize us to connect your financial account with Amazon, we disclose your Personal Information, including information from the categories identified above, to Amazon.
We may also disclose your Personal Information to:
- Third-party service providers that we employ for the business purposes described above, to provide security, fraud prevention or identity verification, and development to maintain the operations of our Consumer-Permissioned Data Services;
- Our affiliates within the Mastercard group, to whom we will disclose only the Personal Information collected when you connect your financial accounts with Amazon, solely to monitor and prevent fraud;
- Other parties when we reasonably believe such disclosure is required to comply with the law, an investigation, or other legal process, such as a court order or a subpoena; when we believe disclosure is necessary to protect individuals’ vital interests, to enforce our applicable Terms of Use, prevent Mastercard against harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity; or in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.
4. How We Protect Your Personal Information
The security of your Personal Information is important to us. We have implemented and maintain administrative, technical, and physical security controls that are designed to safeguard your Personal Information, including physical, electronic, and procedural safeguards consistent with industry-standard practices.
Please recognize that protecting your Personal Information is also your responsibility. We urge you to take every precaution to protect your Personal Information when you are on the internet and when you communicate with us and with other parties through the internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser. If you have reason to believe that your interaction with us or our partners is no longer secure, please let us know immediately by contacting us as indicated in the Contact Us section below.
By using our Consumer-Permissioned Data Services, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of these Services. If we learn of a security breach involving your Personal Information, we may attempt to notify you electronically via any email or mobile device number we may have on file for you. If you have any questions about the security of your Personal Information, please email us at ob.privacy@mastercard.com.
5. How Long We Keep Your Personal Information
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
6. Your Rights and Choices
Depending on your country or state, you may have the right to access, correct, or delete any Personal Information we hold about you; know more about the categories of Personal Information we collect, use, and disclose, as well as our sources of Personal Information and categories or a specific list of third parties with whom we disclose it; confirm whether we have processed your Personal Information; opt out of, object to, or restrict some uses of your Personal Information (including the sale or “sharing” of personal information, the use of Sensitive Personal Information as that term is defined by law, and profiling in furtherance of decisions that produce legal effects); appeal any decision made with respect to your privacy rights; and withdraw any consent provided. You have a right not to receive discriminatory treatment for the exercise of your privacy rights.
Submit requests. To exercise your rights under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) or any other applicable privacy law granting such rights, please submit your request via our Data Privacy Consumer Rights Portal or call (855) 263-3072 and select option 3.
Verification. Requests pertaining to your Personal Information are subject to our ability to reasonably verify your identity in light of the information requested pursuant to relevant legal requirements. When consumers exercise their rights through our Data Privacy Consumer Rights Portal, a two-step verification will enable their account to be guarded by an extra layer of security. To aid us in verifying your identity and identifying any relevant Personal Information on our systems, we may request any usernames that you previously shared with Finicity systems (if applicable), corresponding bank names, and last 4 digits of corresponding account numbers. We may also request a signed affidavit (we provide a suggested template which can be signed physically or electronically) affirming your state of residence, and that you are the consumer whose Personal Information is the subject of your request.
How to Appeal. If your request is denied, you have the right to appeal the decision by calling us at (855) 263-3072 and selecting option 3 or submitting a request through our Data Privacy Consumer Rights Portal.
Authorizing an Agent. If you are acting as an authorized agent to make a request on behalf of a consumer, you may submit a request via our Data Privacy Consumer Rights Portal or call (855) 263-3072 and select option 3. Please note that we will require you to attach a written authorization signed by the state resident whose Personal Information will be subject to the request.
Finicity does not sell or “share” (disclose for targeted advertising purposes) your Personal Information.
Finicity does not use or disclose Sensitive Personal Information for purposes which would require us to offer consumers the right to limit our collection and processing of this data under applicable law.
Do Not Track. Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, Finicity does not respond to web browser-based DNT signals at this time. To learn more about browser tracking signals and DNT, visit https://allaboutdnt.com.
7. Children’s Privacy
You must be at least 18 years old to use our Consumer-Permissioned Data Services. We do not knowingly direct these Services to individuals under 18 years old (“Minors”), nor do we knowingly collect, use, or disclose Personal Information about Minors who use our Services. If you use our Consumer-Permissioned Data Services, you represent that you are at least the age of majority under the laws of the jurisdiction of your place of residence. If you believe a Minor has provided us with Personal Information, please alert us at ob.privacy@mastercard.com. If we learn that we have collected Personal Information from a Minor, we will promptly take steps to delete such information.
We do not have actual knowledge that we sell or “share” (disclose for targeted advertising purposes) Personal Information of consumers under 16 years of age.
8. International Transfers
Our Consumer-Permissioned Data Services are hosted in the United States and are directed to people inside the United States. If you choose to use or access these Services from other regions of the world with laws governing data collection and use that may differ from United States law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing. Also, we may transfer your Personal Information from the United States to other countries or regions in connection with storage and processing of data, fulfilling your requests, and providing the Consumer-Permissioned Data Services. We comply with applicable legal requirements when transferring Personal Information to countries other than the country where you are located.
9. Updates to this Privacy Notice
We may revise this Privacy Notice to reflect how we collect, use, and process Personal Information at any time and in our sole discretion. If we make any material changes to how we treat Personal Information we have already collected about you, we will attempt to notify you by any email or mobile device number we may have for you, by a notice on our website, or by other means. You are advised to review this Privacy Notice periodically for any changes. Your continued use of our Consumer-Permissioned Data Services after such modifications will constitute your acknowledgment of the modified Privacy Notice. Changes to this Privacy Notice are effective when they are posted on this page.
10. How to Contact Us
Questions regarding this Privacy Notice, our information practices or other aspects of privacy in connection with the use of our Consumer-Permissioned Data Services should be directed to our Data Privacy Officer, who can be reached by email at ob.privacy@mastercard.com.
Finicity Headquarters: 434 West Ascension Way, Suite 200 Salt Lake City, UT 84123
(801) 984-4200
Click here to view our Cookie Policy
