Credit Karma Privacy Report
Credit Karma’s privacy policy states that it logs a user’s IP address, location data (opt-in only), and aggregated gender and income data. This is more information than the service needs to monitor user identities, and Credit Karma shares user data with third parties. However, in terms of encryption, authentication, and software updates, Credit Karma meets industry standards.
Encryption
| In Transit | Yes |
|---|---|
| At rest? | Yes, with sugarsync |
| All network communications and capabilities? | Yes |
Security Updates
| Automatic, regular software/ firmware updates? | No |
|---|---|
| Product available to use during updates? | Yes |
Passwords
| Mandatory password? | Yes |
|---|---|
| Two-Factor authentication? | Yes |
| Multi-Factor authentication? | Yes |
Vulnerability Management
| Point of contact for reporting vulnerabilities? | Report to Hackerone |
|---|---|
| Bug bounty program? | Yes |
Privacy Policy
| Link | https://www.creditkarma.com/about/privacy |
|---|---|
| Specific to device? | No |
| Readable? | Yes |
| What data they log | Full name, street address, email access, social security number, phone number. Information like gender and income stored as aggregate. Usage information like device information, log information, IP address, browser configuration, time of access. Location data and GPS data is opt-in. |
| What data they don’t log | n/a |
| Can you delete your data? | No |
| Third-party sharing policies | Shares information with third-parties |
Surveillance
| Log camera device/ app footage | n/a |
|---|---|
| Log microphone device/ app | n/a |
| Location tracking device/ app | Yes |
Parental Controls
| Are there parental controls? | No |
|---|
Company History
| Any security breaches/ surveillance issues in past? | No |
|---|---|
| Did they do anything to fix it? | n/a |
Additional Security Features
| Anything like privacy shutters, privacy zones, etc.? | n/a |
|---|