Credit Karma Privacy Report

Privacy Rating
6.2
/10

Encryption

In Transit Yes
At rest? Yes, with sugarsync
All network communications and capabilities? Yes

Security Updates

Automatic, regular software/ firmware updates? No
Product available to use during updates? Yes

Passwords

Mandatory password? Yes
Two-Factor authentication? Yes
Multi-Factor authentication? Yes

Vulnerability Management

Point of contact for reporting vulnerabilities? Report to Hackerone
Bug bounty program? Yes

Privacy Policy

Link https://www.creditkarma.com/about/privacy
Specific to device? No
Readable? Yes
What data they log Full name, street address, email access, social security number, phone number. Information like gender and income stored as aggregate. Usage information like device information, log information, IP address, browser configuration, time of access. Location data and GPS data is opt-in.
What data they don’t log n/a
Can you delete your data? No
Third-party sharing policies Shares information with third-parties

Surveillance

Log camera device/ app footage n/a
Log microphone device/ app n/a
Location tracking device/ app Yes

Parental Controls

Are there parental controls? No

Company History

Any security breaches/ surveillance issues in past? No
Did they do anything to fix it? n/a

Additional Security Features

Anything like privacy shutters, privacy zones, etc.? n/a