Truist Statement on Privacy

Truist cares deeply about the privacy and security of our clients’ personal information, and protecting your information is consistent with our purpose, mission, and values. We believe it is helpful to have an overview of how this commitment is applied as Truist collects, uses, and protects your personal information when you visit us online or on our mobile and tablet applications.

Truist Statement of Online Privacy Practices

Updated September 2021

Component ID : "accordionGridLayout-1424498366"
Model : "disclaimer"
Position : "left"

This Truist Statement of Online Privacy Practices (“Privacy Policy”) describes how we collect information when you visit or use Truist’s websites, mobile applications, and other online services (“Online Services”) that link to this Privacy Policy. It also describes how we use and share such information and explains your privacy rights and choices. Our Online Services are intended for a U.S. audience. The terms “Truist,” “we,” “us,” or “our” mean Truist Financial Corporation and its U.S. affiliates. “You” means an individual who visits our Online Services and does not refer to a business or other entity or to individuals outside the U.S.

Truist’s business address is Truist Financial Corporation, 214 N. Tryon Street, Charlotte, North Carolina 28202, USA. Our Client Contact Center may be reached at 844-4TRUIST (844-487-8478) or 800.786.8787 (800.SUNTRUST).

This Privacy Policy does not apply to the websites, mobile applications, or services of Truist’s businesses and affiliates that do not directly link to this policy. Some Truist businesses and affiliates have their own privacy policies, which can be found on their websites. It also does not apply to non-Truist companies, such as third-party websites to which we link online. Please review the privacy policies of other websites and services you visit to understand their privacy practices.

When you visit a Truist website, application, or otherwise interact with us online, we may collect the following information:

  • Your browser type (e.g., Google Chrome, Microsoft Edge, Apple Safari, Mozilla Firefox)
  • Your Internet Protocol or “IP” address (Your IP address is a number that is automatically assigned to your device by your Internet Service Provider. An IP address is identified and logged automatically whenever you visit a site, along with the time of the visit and the page(s) that were visited)
  • The presence of any software on your device that may be necessary to view our site
  • Configuration information about the device you are using, including, but not limited to, your device type, web browser type and version, operating system type and version, display/screen settings, language preferences
  • Information from your mobile device, such as contacts, photos (e.g., to deposit checks or capture receipts), mobile network information, and cross-device IDs
  • Location information from your device to find nearby branches, ATMs, and other locations or mobile device location information to provide optional deals
  • Personal information submitted on applications, forms, and onsite electronic messaging. Types of personal information typically include:
    • Name
    • Social Security number
    • Driver’s license number or other government-issued ID
    • Address
    • Email
    • Telephone number
    • Account numbers and account information
    • Usernames
    • Passwords and other authentication information like PINs, security questions, and other secure sign-on methods*
    • Other non-public information, including credit and income information, and in certain cases Protected Health Information (as that is defined by the U.S. Health Insurance Portability and Accountability Act)
  • Website analytics information such as pages visited and average time spent on a particular page
  • If you would prefer that your movements and actions online at truist.com not be monitored, you can opt out of tracking from Truist.com.
    • NOTE: It is necessary to install a cookie on your browser to identify that you have opted out. If you delete the opt out cookie, or change devices or web browsers, you will need to opt out again
  • Search engine traffic referral information
  • Responses to advertisements and promotions
  • Transactional information from behind the secure login about your relationship with us (such as types of accounts or the state in which you bank)

*About biometric-enabled sign-ons:  Your device stores the information it needs to recognize your facial features or fingerprints. Truist’s Mobile App uses your device’s functionality to obtain a signal that your device recognizes your facial features or fingerprints when you sign on. Truist does not have access to the information your device uses to enable facial or fingerprint recognition, nor does Truist have access to or store your facial image or fingerprint data. You can always turn off facial or fingerprint recognition and go back to inputting user ID and password at any time. Your device’s user information will have additional information regarding its user controls and settings, including its privacy and security controls. For more information or questions regarding Truist’s privacy practices, please contact Truist.privacy@Truist.com.

The information we collect online helps Truist to:

  • Effectively manage your account:
    • Ensure your identity and protect the security of your personal and account information from unauthorized access
    • Process transactions on your account
    • Respond to product applications and questions
  • Fulfill regulatory requirements
  • Analyze our site usage and enhance the user's experience:
    • Diagnose server problems
    • Alert users of any possible software compatibility issues
    • Help us make decisions about how various technologies are used and identify usage trends
  • Send marketing communications:
    • Present personalized or targeted offers, ads, or content we believe may be of interest to you
    • Determine the effectiveness of promotional campaigns
    • Make business decisions:
    • Analyze data and credit risk
    • Perform market research
    • Conduct audits
    • Develop and improve products and services
  • Carry out other day-to-day business operations, such as to comply with applicable laws; share with our affiliates and subsidiaries; disclose to contractors, business partners, and other third parties under specific contracts and agreements; perform compliance activities; conduct credit reporting activities; and engage in human resources activities
  • Prevent and detect fraud
  • Protect against risks to security
    • Monitor network activity logs
    • Detect security incidents and conduct data security investigations
    • Protect against malicious, deceptive, fraudulent, or illegal activity

We only use personal information that we have about you when we have a legal basis to use such personal information under applicable data protection laws.

Please see the Truist consumer privacy notice and SunTrust consumer privacy notice for information on how your personal information may be shared and how you may be able to limit certain types of sharing. Please see the Truist consumer privacy notice and SunTrust consumer privacy notice Privacy Policies for the reasons we share your personal information.

If you are visiting the Truist website, please be aware that your personal information may be transferred to, or stored and processed in, the United States.  We will rely on legally provided mechanisms (e.g., derogations such as performance of a contract) to lawfully transfer personal data across borders. 

We store your personal information as long as it is required to meet our contractual and legal obligations, or if we have a legitimate business need to do so.

Truist and its online advertising and marketing partners may employ various technologies to collect information, including:

  • Cookies: Cookies are pieces of information stored directly on your device. Cookies provide information that is used for security purposes, to facilitate navigation, to display information more effectively, and to personalize/customize your online experience. The cookies Truist uses do not collect or store any personally identifiable information about you. Truist uses persistent cookies to learn how visitors use our site, such as which pages are viewed the most, to identify the most common navigation paths, or to customize the presentation of information on the site. Truist also uses session cookies to assist in delivering some online transactions, like online banking. Session cookies are no longer active after you log off the service that initiated them, and all session cookies are automatically deleted when you close all browser windows. Truist may also contract with third parties, including, but not limited to, Adobe (see below), to track user activity on our website. You can choose to block or disable these cookies as most devices and browsers offer their own privacy settings.  Doing so, however, may result in diminished performance on our site.
  • Marketing pixels, web beacons, clear GIFs, or other technologies: This technology may be placed on certain pages of our website, applications, emails, and other marketing initiatives. These tags usually work in conjunction with cookies and allow us to measure the effectiveness of our site and compile statistics about usage and response rates.
  • Software Development Kits (SDKs): Our mobile applications may include third-party SDKs that allow us and our service providers to collect information about your mobile app activity. In addition, some mobile devices come with a resettable advertising ID (such as Apple’s IDFA and Google’s Advertising ID) that, like cookies and pixel tags, allow us and our service providers to identify your mobile device over time for advertising purposes.
  • Cross-Device Tracking: Truist participates in the Adobe Experience Cloud Device Co-op, which helps companies build websites, applications, and advertisements that seamlessly flow between all your devices (devices could include a desktop, laptop, tablet, phone or smart watch).  The Device Co-op recognizes which of your devices are linked through use of technology that includes cookies and your IP address (without collecting your personal information). Visit the Adobe website for more information on cross-device tracking and/or to unlink your devices. NOTE: Adobe needs to install a cookie on your browser to identify that you have opted out. If you delete the opt-out cookie, or change devices or web browsers, you will need to opt out again.
  • Firewalls, passcodes, data encryption, and other safety features: Truist uses these technologies to ensure that the information you provide us remains secure. To learn more about how we safeguard your information online, please visit our Truist fraud and security or SunTrust fraud and security centers for measures you can take to protect yourself.
  • Third-party plugins. Other companies may have plugins that appear on certain pages of our website or applications. Some of these, for example, may be from social media companies (e.g., the Facebook “Like” button). These plugins may collect information, such as information about the pages you visit, and share it with the company that created the plugin even if you do not click on the plugin. These third-party plugins and the way they operate are governed by the privacy policies and terms of the companies that created them.

Online advertising on Truist websites and applications

Truist advertises its products and services on pages within our sites and on mobile applications. To make the content and advertising as informative and useful as possible, Truist may target and personalize content and advertisements for products and services on our site and within Online Banking (when clients sign on or off to online accounts with their user ID/password).

If you would prefer to not receive a specific advertisement, content or offers on Truist authenticated (after signing-in) pages, you can click “No Thanks” to the specific pop-up ad you are being presented. Note that this will not prevent you from potentially receiving other ads, content, or offers for a different product or service. Also note that simply closing the pop-up message by clicking on the “X” will not register that you do not wish to receive this specific message again. 

Online advertising on third-party websites and applications

Truist advertises its products and services on websites and applications not affiliated with Truist. The third-party companies we hire to display these ads use their own tracking technologies to measure the effectiveness of these ads and to understand your interests. Many of our third-party partners have their own privacy policies. We encourage you to review these policies carefully.

Some of our third-party advertising is interest-based and may use information about your online interests to customize the online ads you see. Truist has adopted the use of the AdChoices Icon (also known as the Advertising Option Icon) for our interest-based advertising (excluding ads appearing on platforms that do not accept the icon). Anyone receiving an interest-based ad can click on the displayed icon to receive more information. The AdChoices Icon does not prevent you from receiving advertisements; instead, it allows you to control whether you receive interest-based advertisements and from which companies. Visit the Digital Advertising Alliance website for more information about the AdChoices Icon and interest-based advertising.

Third-party aggregation services and tools

Aggregation allows you to gather information from many websites and view that information in a consolidated format. An example of why you might use a third-party aggregation tool is if you wanted a comprehensive view of assets and liabilities held within your financial accounts. If you provide information about your Truist accounts (including your access information) to an aggregation service provider, we will consider that as your having authorized all transactions initiated by that aggregation site. Truist reserves the right to disable aggregation for any account without notice. If you wish to cancel your third-party aggregation services, you should also change your password at Truist.com.

Social media

Truist provides experiences on social media platforms such as Facebook, Instagram, LinkedIn, or Twitter that enable online sharing and collaboration. We use social media to facilitate social engagement and sharing, when such sharing is appropriate and safe. Read more about Truist and social media terms and conditions here. Please note, any content you post, such as pictures, information, opinions, or any personal information that you make available to other participants on these social platforms, is subject to the terms of use and privacy policies of those platforms. Please refer to them to better understand your rights and obligations with regard to such content.

Given the very public nature of social media, it is critical that we all safeguard confidential financial information. If you post information on a Truist site that we feel should be shielded from public view, we will remove it. This includes not only specific details about your Truist accounts and other private, confidential information (such as your Social Security number), but details of information relayed in private conversations between you and Truist representatives. Please know that in taking down or editing your posts, we are focusing our experience and best judgment to keep your personal information safe.

Email

Email transmitted across the internet is normally not protected and may be intercepted and viewed by others. Therefore, you should refrain from sending any confidential or private information via unsecured email to Truist. We'll never ask you to send confidential information to us via email, such as your logon ID, password, full account numbers, or Social Security number. To ensure secure communications, use secure Truist Inbox in online banking.

Occasionally, we will retain the content of your email—and our replies—to confirm proper responses to your questions and requests, to comply with legal and regulatory requirements, and to ensure that we consistently deliver an enjoyable client experience to you.

Linking to other sites

Truist may provide links to non-Truist companies, such as credit bureaus or merchants, and will notify you when leaving the Truist site. If you choose to link to websites not controlled by Truist, we are not responsible for the privacy or security of these sites, including the accuracy, completeness, reliability or suitability of their information. If you are asked to provide information on one of these sites, we urge you to carefully study their privacy policies before sharing.

Control your online and other privacy preferences

In summary, the following links can help you to customize and control your privacy preferences when interacting with Truist online:

  • Opting out of website analytics tracking
    • If you would prefer that your movements and actions online at truist.com not be monitored, you can opt out of tracking.
    • NOTE: It is necessary to install a cookie on your browser to identify that you have opted out. If you delete the opt-out cookie, or change devices or web browsers, you will need to opt out again.
  • You can also control your marketing preferences for direct mail, email, and telemarketing preferences, along with the sharing of your personal information via our automated voice response line at 888.800.3420, or our Client Contact Center. 
  • You can also update your email preferences here.

 

Truist strictly follows the federal guidelines of the Children’s Online Privacy Protection Act (COPPA), which gives parents control over what type of information is collected online about their children. We do not knowingly collect, maintain, or use personally identifiable information from children under age 13 on our websites. We are not responsible for the data collection and use practices of nonaffiliated third parties that are linked from our websites. Visit the Federal Trade Commission’s COPPA Website for more information.

To protect personal information from unauthorized access and use, we use security measures that comply with applicable federal and state laws.  These measures may include device safeguards and secured files and buildings as well as oversight of our third- party service providers to ensure information remains confidential and secure. Please visit the Truist or SunTrust Security Centers for additional information.

Keeping your account information accurate and up to date is very important. If your account information is incomplete, inaccurate or not current, please contact us at Truist.privacy@Truist.com, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a client representative at a branch location, your financial advisor, or an account representative.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.  We will ask you to verify your identity in order to help us respond efficiently to your request.

Under non-U.S. data protection laws, you may have the right to complain to a data protection authority about our collection and use of your personal information.

Truist’s Online Privacy Practices may be revised from time to time, so please review them periodically. Any changes will become effective when we post the revised Practices on the site (Please note the effective date listed at the top of this page). If we revise our Online Privacy Practices in a material way, we will provide a conspicuous notice on our website when any changes take effect.

If you have any questions or comments on this notice or our privacy practices generally, please contact us at 800-786-8787 (SunTrust); or 888-294-2265 (BB&T/Truist); or at Truist.Privacy@Truist.com.

Consumer Privacy Notice

Click here to view our privacy notice (English)

Click here to view our privacy notice (Spanish)

California Consumer Privacy Notice (effective January 2021)

Maintaining the privacy and security of your personal information is Truist’s highest priority. In doing so, we want to provide transparency regarding how and why your data is collected, how it is used, and with whom it may be shared. This document, as well as Truist’s Consumer Privacy Notice and Online Privacy Practices Statement and SunTrust now Truist's Consumer Privacy Notice and Online Privacy Practices Statement, set forth how we will interact with your personal information. Specifically, it provides information on how you may exercise your California privacy rights. This Notice is directed to consumers who reside in the state of California. That said, all of our consumers are welcome to submit questions or requests about their data.

It is important to note that Truist does not sell your data. To be clear, SunTrust now Truist, BB&T now Truist, and Truist (herein “Truist”) have not and will not disclose or sell any consumer Personal Information to third parties for business or commercial purposes. Because such sales do not occur and would violate company policy, there is no link on our websites to opt-out of such activity.

One of Truist’s privacy principles is that our consumers own their data. To help ensure transparency around our handling of consumer data, we have stood up a portal with our partner, OneTrust, to facilitate receiving and processing requests related to accessing and potentially deleting your data. This portal helps us meet certain legal and compliance requirements such as those under the California Consumer Privacy Act (CCPA). It also gives non-CA consumers a vehicle to make similar requests.

CCPA Privacy Notice

Truist’s Consumer Privacy Notice and Online Privacy Practices Statement and SunTrust now Truist’s Consumer Privacy Notice and Online Privacy Practices Statement, provide consumers details about our practices concerning the privacy of your data. This Notice provides further information about our practices, along with details concerning how “Consumer Access” (“Right to Know”) and/or “Right to Request Deletion” requests may be submitted. This Notice is designed to provide additional information not covered elsewhere on our site, to ensure compliance with the notice provisions of the CCPA.

The following are some general notes about Truist’s practices related to the collection, use and sharing of consumer data:

As a financial institution, it is necessary for us to collect certain personal information from and/or about our clients in order to provide our products and services, fulfill consumer requests, to comply with the federal and state laws and other legal obligations. Below is a list of categories of data we may collect about our clients:

  • Personal information (“information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household,” as defined in the CCPA)
  • Demographic/Protected class information
  • Biometric information (ex: voice recordings when you contact a Call Center or leave a voicemail for a Truist teammate)
  • Commercial information
  • Professional or employment-related information
  • Education information
  • Geolocation (ex: your IP address when visiting a Truist website or your physical location when using a Truist ATM)
  • Internet or other electronic network activity information
  • Audio, electronic, visual, thermal or olfactory information
  • Personally identifiable health information
  • Background/criminal record
  • Marketing opt-out/preference information
  • Inferences drawn from any of the above information

It is necessary for Truist to share certain client data with affiliates and/or trusted service providers in order to provide our products and services, and to comply with legal and contractual obligations. When engaging such service providers, Truist ensures that such partners will maintain the information in accordance with our privacy and security standards, and only use the data for the use(s) specified in the contract. While certain Truist activities and responsibilities may be outsourced, Truist recognizes and embraces ultimate accountability for the privacy and security of the data entrusted to us.

As noted above, it is a violation of Truist’s Consumer Privacy Notices to share consumer information with non-affiliated third parties for their marketing purposes. Consumer information will not be shared with third parties (non-service providers) absent prior authorization from the client or their agents.

Truist's No Sale Policy

As noted above, it is a violation of company policy to sell client or consumer data. To be clear, Truist has not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding 12 months. Therefore, there is no opt-out for the sale of data provided on our website, since there is no activity to opt out from.

Consumer Access Requests

Consumers may exercise their “Right to Know” under the CCPA to request that Truist disclose categories of information we may have collected about them over the last 12 months, the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, and the categories of third parties with whom we share personal information.

Consumers are welcome to submit requests for more information by visiting our Consumer Rights Request Portal, hosted by OneTrust:

  • To submit a data access request for yourself, click here.
  • To submit a data access request on behalf of another individual, click here.
  • To dispute or appeal a prior data access request, click here.

Consumers are also welcome to submit requests by calling:

All requests must be verified prior to receiving a response, using Truist authentication protocols. Requesters will be asked to supply certain basic Personal Information to enable us to validate the requestor is the consumer who is subject to the request, such as name, social security number and address. Information submitted for verification purposes will only be used to verify the requestor’s identity and/or authority to make a request on another’s behalf.

Requests made on another person’s behalf can only be accepted upon receipt of documentation that the requestor is an authorized agent, parent or legal guardian of the consumer whose information is being requested. This will require the submission of a valid Power of Attorney, Birth Certificate, approved Truist authorization form, Guardianship Order or other court order granting authority to receive information, as appropriate.

Upon submission of a request, CA consumers will receive an initial response confirming receipt within 10 days. A full response will be provided to CA consumers within 45 days (unless an extension of up to 45 additional days is requested, upon which the consumer will receive notice and an explanation for the extension).

Please note that Truist is taking advantage of the exemption within the CCPA for data collected pursuant to the Gramm-Leach-Bliley Act (GLBA). This enables us to best protect the security of our clients when responding to requests. Data provided pursuant to GLBA is often highly sensitive Personal Information, including financial data, that could lead to identity theft should it land in the wrong hands. We will continue to provide access to sensitive financial data only through our established, secure mechanisms to obtain that information such as online or mobile banking, or visiting a branch. Therefore, specific pieces of data collected pursuant to GLBA will not be provided through the Consumer Rights Access Request Portal.

"Right to Request Deletion" Requests

Consumers also have a right under the CCPA to request deletion of their personal information collected or maintained by Truist.

The submission methods, authentication protocols, and time frames for response are identical to those referenced above in the “Consumer Access Requests” section. Keep in mind that the GLBA exemption and other legal exemptions may also apply to these requests. For example, Truist cannot delete data provided by a client to service an active (or recently active) account, because such data is still needed to provide the product or service and/or meet legal retention requirements. Another example would be the inability to delete certain data that is subject to a legal hold.

Truist will explain in its response the manner in which it has deleted the personal information. Or, if an exemption applies restricting Truist’s ability to delete the data, Truist will describe the basis for the denial of the request in its response. Should an exemption apply precluding the destruction of the data, Truist will not use the consumer’s personal information for any other purpose than provided for by that exemption (for example, if certain data cannot be deleted due to a legal hold, we will ensure that such data is no longer used for Truist marketing purposes).

Non-Discrimination

The submission of a "Right to Know" or "Right to Request Deletion" request will have no impact on the service and/or pricing you receive from Truist. It will not result in any denial of goods or services, or different prices, rates or quality of goods or services.

Updates

This Consumer Rights and CCPA Notice may be revised from time to time, so please review this page periodically. Any changes will become effective when we post the revised notice on the site (please note the effective date listed at the top of this page). If we revise this or other privacy notices in a manner that materially changes our privacy practices, we will provide conspicuous notice on our website and provide direct notice to our clients.

Our annual report showing request metrics can be found here.

Contact Us

If you have any questions or comments on our Online Privacy Practices, please contact us at: Truist.privacy@Truist.com

Cellular Phone Identity Verification Statement

To help us verify your identity, you authorize your wireless operator (AT&T, Sprint, T-Mobile®, US Cellular®, Verizon, or any other branded wireless operator) to use your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber status details, if available, to allow us to verify your identity, and to compare information you have provided to us with your wireless operator account profile information for the duration of our relationship. See our Consumer Privacy Notice https://www.truist.com/privacy-policy for more information of how we treat your data.