Credit Karma Privacy Report

Privacy Rating
Credit-Karma-Credit-Protection  - Product Header Image

Credit Karma’s privacy policy states that it logs a user’s IP address, location data (opt-in only), and aggregated gender and income data. This is more information than the service needs to monitor user identities, and Credit Karma shares user data with third parties. However, in terms of encryption, authentication, and software updates, Credit Karma meets industry standards.


In Transit Yes
At rest? Yes, with sugarsync
All network communications and capabilities? Yes

Security Updates

Automatic, regular software/ firmware updates? No
Product available to use during updates? Yes


Mandatory password? Yes
Two-Factor authentication? Yes
Multi-Factor authentication? Yes

Vulnerability Management

Point of contact for reporting vulnerabilities? Report to Hackerone
Bug bounty program? Yes

Privacy Policy

Specific to device? No
Readable? Yes
What data they log Full name, street address, email access, social security number, phone number. Information like gender and income stored as aggregate. Usage information like device information, log information, IP address, browser configuration, time of access. Location data and GPS data is opt-in.
What data they don’t log n/a
Can you delete your data? No
Third-party sharing policies Shares information with third-parties


Log camera device/ app footage n/a
Log microphone device/ app n/a
Location tracking device/ app Yes

Parental Controls

Are there parental controls? No

Company History

Any security breaches/ surveillance issues in past? No
Did they do anything to fix it? n/a

Additional Security Features

Anything like privacy shutters, privacy zones, etc.? n/a