Skip to main content

Your privacy at Truist

We care deeply about your privacy and security, and protecting your personal information is consistent with our purpose, mission, and values. Learn about how we collect, use, and protect your personal information, or visit our Privacy Center to manage your privacy preferences.

Privacy Disclosures

When you interact with us, we may collect and use your personal information to better serve you. Read our privacy disclosures to learn more about this process and how we protect your information.

View our privacy disclosures

Privacy Center

Through the Privacy Center, choose how we share and use your information, how we market our products and services to you, or submit requests to see, delete, or correct the information we store.

Visit our Privacy Center

Quick links

What does this policy cover?

What isn’t covered by this policy?

Other important notices

What information does Truist collect?

How does Truist use collected information?

How does Truist share collected information?

What if I’m visiting the Truist website from outside the United States?

How long does Truist retain records?

What technologies does Truist use?

How does Truist interact with me online?

How does Truist protect my children?

How does Truist secure information and protect me from fraud?

How can I make sure my information is accurate and use my individual rights?

What is Truist’s cellular phone identity verification statement?

How will Truist notify me about online privacy practices updates?

How can I contact Truist?

Truist Statement of Online Privacy Practices

Updated January 2023

Component ID : "accordionGridLayout-1196538565"
Model : "faq"
Position : "left"

What does this policy cover?

This Truist Statement of Online Privacy Practices (“Privacy Policy”) describes how we collect information when you visit or use Truist’s websites, mobile applications, and other online services (“Online Services”) that link to this Privacy Policy. It also describes how we use and share such information and explains your privacy rights and choices.

Our Online Services are intended for a U.S. audience. The terms “Truist,” “we,” “us,” or “our” mean Truist Financial Corporation and its U.S. affiliates. “You” means an individual who visits our Online Services and does not refer to a business or other entity or to individuals outside the U.S.

Truist’s business address is Truist Financial Corporation, 214 N. Tryon Street, Charlotte, North Carolina 28202, USA. Our Client Contact Center may be reached at 844-4TRUIST (844-487-8478).

What isn't covered by this policy?

This Privacy Policy does not apply to the websites, mobile applications, or services of Truist’s businesses and affiliates that do not directly link to this policy. Some Truist businesses and affiliates have their own privacy policies, which can be found on their websites. It also does not apply to non-Truist companies, such as third-party websites to which we link online. Please review the privacy policies of other websites and services you visit to understand their privacy practices.

Other important notices

Our Consumer Privacy Notice applies to information that we collect about individuals who seek, apply for, or obtain our financial products and services for personal, family, or household purposes. In addition, our CCPA Notice At Collection related to the California Consumer Privacy Act applies to certain information we collect about California residents. 

What information does Truist collect?

When you visit a Truist website, application, or otherwise interact with us online, we may collect the following information:

  • Your browser type (such as Google Chrome, Microsoft Edge, Apple Safari, Mozilla Firefox)
  • Your Internet Protocol or “IP” address (Your IP address is a number that is automatically assigned to your device by your Internet Service Provider. An IP address is identified and logged automatically whenever you visit a site, along with the time of the visit and the page(s) that were visited.)
  • The presence of any software on your device that may be necessary to view our site
  • Configuration information about the device you are using, including, but not limited to, your device type, web browser type and version, operating system type and version, display/screen settings, and language preferences
  • Information from your mobile device, such as contacts, photos (for example, to deposit checks or capture receipts), mobile network information, and cross-device IDs
  • Location information from your device to find nearby branches, ATMs, and other locations or mobile device location information to provide optional deals
  • Personal information submitted on applications, forms, and onsite electronic messaging. Types of personal information typically include:
    • Name
    • Social Security number
    • Driver’s license number or other government-issued ID
    • Address
    • Email
    • Telephone number
    • Account numbers and account information
    • Usernames
    • Passwords and other authentication information like PINs, security questions, and other secure sign-on methods1
    • Other non-public information, including credit and income information, and in certain cases Protected Health Information (as defined by the U.S. Health Insurance Portability and Accountability Act)
  • Website analytics information such as pages visited and average time spent on a particular page
  • Search engine traffic referral information
  • Responses to advertisements and promotions
  • Transactional information from behind the secure login about your relationship with us (such as types of accounts or the state in which you bank)

1 About biometric-enabled sign-ons: Your device stores the information it needs to recognize your facial features or fingerprints. Truist’s Mobile App uses your device’s functionality to obtain a signal that your device recognizes your facial features or fingerprints when you sign on. Truist does not have access to the information your device uses to enable facial or fingerprint recognition, nor does Truist have access to or store your facial image or fingerprint data. You can always turn off facial or fingerprint recognition and go back to inputting user ID and password at any time. Your device’s user information will have additional information regarding its user controls and settings, including its privacy and security controls.

How does Truist use collected information?

The information we collect online helps Truist to:

  • Effectively manage your account:
    • Ensure your identity and protect the security of your personal and account information from unauthorized access
    • Process transactions on your account
    • Respond to product applications and questions
  •  Fulfill regulatory requirements
  • Analyze our site usage and enhance the user's experience:
    • Diagnose server problems
    • Alert users of any possible software compatibility issues
    • Help us make decisions about how various technologies are used and identify usage trends
  • Send marketing communications:
    • Present personalized or targeted offers, ads, or content we believe may be of interest to you
    • Determine the effectiveness of promotional campaigns
    • Make business decisions
    • Analyze data and credit risk
    • Perform market research
    • Conduct audits
    • Develop and improve products and services
  • Carry out other day-to-day business operations, such as to comply with applicable laws; share with our affiliates and subsidiaries; disclose to contractors, business partners, and other third parties under specific contracts and agreements; perform compliance activities; conduct credit reporting activities; and engage in human resources activities
  • Prevent and detect fraud
  • Protect against risks to security:
    • Monitor network activity logs
    • Detect security incidents and conduct data security investigations
    • Protect against malicious, deceptive, fraudulent, or illegal activity

We only use personal information that we have about you when we have a legal basis to use such personal information under applicable data protection laws.

How does Truist share collected information?

Truist shares your information in different ways as permitted and required by law. For example, we may share your information with:

  • Affiliates and other entities in the Truist family
  • Businesses with which we partner to offer products and services for our clients or prospective customers, such as joint marketing partners or bill pay partners
  • Service providers that provide various services to us, such as those we use to help detect and prevent fraud, improve our online services, and to better market and advertise our services to you
  • Other parties when you authorize or direct us to share your information, such as when you use a third-party service to help manage your financial information across various financial institutions or when you transfer funds from Truist
  • Credit reporting agencies to report on or learn about your financial circumstances and as permitted by law
  • Government entities and other third parties as needed for legal or similar purposes, such as:
    • To respond to requests from our regulators
    • To respond to a warrant, subpoena, governmental audit or investigation, law enforcement request, legal order, or other legal process
    • To facilitate a merger, acquisition, sale, bankruptcy, or other disposition of some or all of our assets
    • To exercise or defend legal claims

Please see the Truist Consumer Privacy Notice for more information on how Truist may share your personal information and how you may be able to limit certain types of sharing.

Please note, we may also share aggregated and de-identified data, such as aggregated statistics regarding product usage, with third parties.

We reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including, without limitation, in the event of a reorganization, dissolution, or liquidation).

What if I'm visiting the Truist website from outside the United States?

If you are visiting the Truist website, please be aware that your personal information may be transferred to, or stored and processed in, the United States. We will rely on legally provided mechanisms (for example, derogations such as performance of a contract) to lawfully transfer personal data across borders. 

How long does Truist retain records?

We store your personal information as long as it is required to meet our contractual and legal obligations, or if we have a legitimate business need to do so. 

What technologies does Truist use?

Truist and its online advertising and marketing partners may employ various technologies to collect information, including:

  • Cookies –

    Cookies are pieces of information stored directly on your device. Cookies provide information that is used for security purposes, to facilitate navigation, to display information more effectively, and to personalize/customize your online experience. The cookies Truist uses do not collect or store any personally identifiable information about you. Truist uses persistent cookies to learn how visitors use our site, such as which pages are viewed the most, to identify the most common navigation paths, or to customize the presentation of information on the site. Truist also uses session cookies to assist in delivering some online transactions, like online banking. Session cookies are no longer active after you log off the service that initiated them, and all session cookies are automatically deleted when you close all browser windows. Truist may also contract with third parties, including, but not limited to, Adobe (see Cross-Device Tracking, below), to track user activity on our website. You can choose to block or disable these cookies as most devices and browsers offer their own privacy settings.  Doing so, however, may result in diminished performance on our site.

  • Marketing pixels, web beacons, clear GIFs, or other technologies –

    This technology may be placed on certain pages of our website, applications, emails, and other marketing initiatives. These tags usually work in conjunction with cookies and allow us to measure the effectiveness of our site and compile statistics about usage and response rates.

  • Software Development Kits (SDKs) –

    Our mobile applications may include third-party SDKs that allow us and our service providers to collect information about your mobile app activity. In addition, some mobile devices come with a resettable advertising ID (such as Apple’s IDFA and Google’s Advertising ID) that, like cookies and pixel tags, may allow us and our service providers to identify your mobile device over time for advertising purposes in compliance with applicable app store consent rules.

  • Advertising and Cross-Device Tracking –

    Truist uses certain Adobe Analytics services and products, which help companies build websites, applications, and advertisements that seamlessly flow between all your devices (such as a desktop, laptop, tablet, phone, or smart watch). The Adobe services recognize which of your devices are linked through use of technology that includes cookies and your IP address (without collecting your sensitive personal information). Visit the Adobe website for more information on opting out of certain services, cross-device tracking, and/or to unlink your devices. NOTE: Adobe needs to install a cookie on your browser to identify that you have opted out. If you delete the opt-out cookie, or change devices or web browsers, you will need to opt out again.

  • Firewalls, passcodes, data encryption, and other safety features –

    Truist uses these technologies to ensure that the information you provide us remains secure. To learn more about how we safeguard your information online, please visit our Truist fraud and security center for measures you can take to protect yourself.

  • Third-party plugins –

    Other companies may have plugins that appear on certain pages of our website or applications. Some of these, for example, may be from social media companies (for example, the Facebook “Like” button). These plugins may collect information, such as information about the pages you visit, and share it with the company that created the plugin even if you do not click on the plugin. These third-party plugins and the way they operate are governed by the privacy policies and terms of the companies that created them.

How does Truist interact with me online?

Online advertising on Truist websites and applications

Truist advertises its products and services on pages within our sites and on mobile applications. To make the content and advertising as informative and useful as possible, Truist may target and personalize content and advertisements for products and services on our site and within Online Banking (when clients sign on or off to online accounts with their user ID/password).

If you would prefer to not receive a specific advertisement, content or offers on Truist authenticated (after signing in) pages, you can click “No Thanks” to the specific pop-up ad you’re being presented. Note that this will not prevent you from potentially receiving other ads, content, or offers for a different product or service. Also note that simply closing the pop-up message by clicking on the “X” will not register that you do not wish to receive this specific message again.

Online advertising on third-party websites and applications

Truist advertises its products and services on websites and applications not affiliated with Truist. The third-party companies we hire to display these ads use their own tracking technologies to measure the effectiveness of these ads and to understand your interests. Many of our third-party partners have their own privacy policies. We encourage you to review these policies carefully.

Some of our third-party advertising is interest-based and may use information about your online interests to customize the online ads you see. Truist has adopted the use of the AdChoices Icon for our interest-based advertising (excluding ads appearing on platforms that do not accept the icon). Anyone receiving an interest-based ad can click on the displayed icon to receive more information. The AdChoices Icon does not prevent you from receiving advertisements; instead, it allows you to control whether you receive interest-based advertisements and from which companies.

Visit the Digital Advertising Alliance website for more information about the AdChoices Icon and interest-based advertising. If you would like to know more about how to opt out with your specific browser and device, you may visit the DAA Webchoices Browser Check and NAI Opt Out of Interest-Based Advertising tools for additional options. You can also download the AppChoices app to opt out in mobile apps.

Third-party aggregation services and tools

Aggregation allows you to gather information from many websites and view that information in a consolidated format. An example of why you might use a third-party aggregation tool is if you wanted a comprehensive view of assets and liabilities held within your financial accounts. If you provide information about your Truist accounts (including your access information) to an aggregation service provider, we will consider that as your having authorized all transactions initiated by that aggregation site. Truist reserves the right to disable aggregation for any account without notice. If you wish to cancel your third-party aggregation services, you should also change your password at Truist.com.

Social media

Truist provides experiences on social media platforms such as Facebook, Instagram, LinkedIn, or Twitter that enable online sharing and collaboration. We use social media to facilitate social engagement and sharing, when such sharing is appropriate and safe. Read more about Truist and social media terms and conditions here. Please note, any content you post, such as pictures, information, opinions, or any personal information that you make available to other participants on these social platforms, is subject to the terms of use and privacy policies of those platforms. Please refer to them to better understand your rights and obligations with regard to such content.

Given the very public nature of social media, it is critical that we all safeguard confidential financial information. If you post information on a Truist site that we feel should be shielded from public view, we will remove it. This includes not only specific details about your Truist accounts and other private, confidential information (such as your Social Security number), but details of information relayed in private conversations between you and Truist representatives. Please know that in taking down or editing your posts, we are focusing our experience and best judgment to keep your personal information safe.

Email

Email transmitted across the internet is normally not protected and may be intercepted and viewed by others. Therefore, you should refrain from sending any confidential or private information via unsecured email to Truist. We'll never ask you to send confidential information to us via email, such as your logon ID, password, full account numbers, or Social Security number. To ensure secure communications, use secure Truist Inbox in online banking.

Occasionally, we will retain the content of your email—and our replies—to confirm proper responses to your questions and requests, to comply with legal and regulatory requirements, and to ensure that we consistently deliver an enjoyable client experience to you.

Linking to other sites

Truist may provide links to non-Truist companies, such as credit bureaus or merchants, and will notify you when leaving the Truist site. If you choose to link to websites not controlled by Truist, we are not responsible for the privacy or security of these sites, including the accuracy, completeness, reliability or suitability of their information. If you are asked to provide information on one of these sites, we urge you to carefully study their privacy policies before sharing.

Control your online and other privacy preferences

In summary, the following links can help you to customize and control your privacy preferences when interacting with Truist online:

  • You can also control your marketing preferences for direct mail, email, and telemarketing preferences, along with the sharing of your personal information via our automated voice response line at 888-800-3420, or our Client Contact Center. 
  • Do Not Track and Global Privacy Control
    • We will respond to the Global Privacy Control signal as explained further in our CCPA Notice at Collection. At this time, we do not currently respond to other browser “do not track” signals or other mechanisms that allow you to tell websites you do not want to have online activities tracked.
  • You can also update your email preferences here.

How does Truist protect my children?

Truist strictly follows the federal guidelines of the Children’s Online Privacy Protection Act (COPPA), which gives parents control over what type of information is collected online about their children. We do not knowingly collect, maintain, or use personally identifiable information from children under age 13 on our websites. We are not responsible for the data collection and use practices of nonaffiliated third parties that are linked from our websites. Visit the Federal Trade Commission’s COPPA Website for more information.

How does Truist protect me from fraud and secure information?

To protect personal information from unauthorized access and use, we use security measures that comply with applicable federal and state laws. These measures may include device safeguards and secured files and buildings as well as oversight of our third-party service providers to ensure information remains confidential and secure. Please visit the Truist Fraud and Security Center for additional information.

How can I make sure my information is accurate and use my individual rights?

Keeping your account information accurate and up to date is very important. If your account information is incomplete, inaccurate or not current, please visit the Privacy Center. You can also contact us or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a client representative at a branch location, your financial advisor, or an account representative.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We will ask you to verify your identity to help us respond efficiently to your request.

Under non-U.S. data protection laws, you may have the right to complain to a data protection authority about our collection and use of your personal information.

What is Truist's cellular phone identity verification statement?

You authorize your wireless carrier to use or disclose information about your account and your wireless device, if available, to us or our service provider for the duration of your business relationship, solely to help them identify you or your wireless device and to prevent fraud. Truist’s Statement of Online Privacy Practices and Consumer Privacy Notice (PDF) detail how we treat your data.

How will Truist notify me about online privacy practices updates?

Truist’s Online Privacy Practices may be revised from time to time, so please review them periodically. Any changes will become effective when we post the revised Practices on the site (Please note the effective date listed at the top of this page). If we revise our Online Privacy Practices in a material way, we will provide a conspicuous notice on our website when any changes take effect.

How can I contact Truist?

If you have any questions or comments on this notice or our privacy practices generally, please contact us at 888-294-2265.

Quick links

English version (PDF)

Spanish version (PDF)

Consumer Privacy Notice

Quick links

English version (PDF)

Spanish version (PDF)

Printable version (PDF)

Rev. 01/2023

Facts: What Does Truist Do With Your Personal Information?

Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Social Security number and investment experience
  • account balances and transaction history
  • payment history and credit history

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Truist chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information Does Truist share? Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus; or, as permitted by law

Yes

No
For our marketing purposes — to offer our products and services to you

Yes

No
For joint marketing with other financial companies

Yes

No
For our affiliates' everyday business purposes — information about your transactions and experiences

Yes

No
For our affiliates' everyday business purposes — information about your creditworthiness

Yes

Yes
For our affiliates to market to you

Yes

Yes
For nonaffiliates to market to you

No

We don't share

To limit our sharing

Please note:

If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice.


However, you can contact us at any time to limit our sharing.

Questions? Call 1-888-800-3420

T0016410002

Who we are
Who is providing this notice?

This notice is provided by certain specific companies in the Truist family, such as banks, consumer finance companies, securities broker-dealers, investment advisors, and mortgage companies.
What we do
How does Truist protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

Our employees are bound by our Code of Ethics and policies to access consumer information only for legitimate business purposes and to keep information about you confidential.

How does Truist collect my personal information?

We collect your personal information, for example, when you

  • open an account or provide account information
  • apply for a loan or seek advice about your investments
  • give us your employment history

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can't I limit all sharing?

Federal law gives you the right to limit only

  • sharing for affiliates’ everyday business purposes—information about your creditworthiness
  • affiliates from using your information to market to you
  • sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. [See below for more on your rights under state law.
What happens when I limit sharing for an account I hold jointly with someone else?

Your choices will apply to everyone on your account.
Definitions
Affiliates

Companies related in common ownership or control. They can be financial and nonfinancial companies.

  • Our affiliates include companies with Truist name, financial companies such as Sterling Capital Management LLC, GenSpring Holdings, Inc., Regional Acceptance Corporation, McGriff Insurance Services, Inc., MBT, Ltd., and GFO Advisory Services, LLC.
Nonaffiliates

Companies not related by common ownership or control. They can be financial and nonfinancial companies.

  • Nonaffiliates we share with can include government entities, credit bureaus, insurance companies, companies that perform marketing services on our behalf, and companies that assist in servicing your loan(s) or account(s) with us.
Joint marketing

A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

  • Our joint marketing partners include financial institutions such as insurance companies and financial product or service marketing companies.

Other important information

Do Not Call Policy:

This notice is Truist’s Do Not Call Policy under the Telephone Consumer Protection Act. Truist abides by all federal and state regulations on telephone usage, including the maintenance of an internal Do Not Call List. Consumers who ask to be included on Truist’s internal Do Not Call List will be removed from future campaigns, including those of Truist affiliates. This opt out will remain in effect unless the consumer opts back in.

California:

Under California law, we will not share information we collect about CA residents with companies outside Truist unless we have your consent or the law allows. We will limit sharing among Truist entities to the extent required by California law. For information on our compliance with consumer rights laws, including the California Consumer Privacy Act (CCPA), please visit truist.com/privacy.

Nevada:

We are providing this notice under state law, which requires that we provide Nevada residents with the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington Street, Suite 3900, Las Vegas, NV 89101; Phone: 702.486.3132; Email: BCPINFO@ag.state.nv.us. If you prefer not to receive marketing calls from Truist, you may be placed on our internal Do Not Call List (please find our contact information in the “To limit our sharing” section on Pg. 1).

Vermont:

Under Vermont law, we will not share information we collect about VT residents with non-Truist entities without your consent or unless the law allows. We also will not share your creditworthiness information with affiliates without your consent (this does not cover information about transactions or experiences, which may be shared with affiliates without consent).

Quick links

CCPA Privacy Notice / Notice At Collection

Personal Information Collected and Purpose for Collection

What we Sell / Share with Third Parties for Cross-Context Behavioral Advertising and What we Share with Third Parties for Business Purposes

Notice of Right to Opt Out of Sale / Sharing

Notice of Right to Limit Use of Sensitive Personal Information

Retention of Personal Information

Sources of Personal Information

Consumer Rights Under the CCPA

Submitting a Verified Consumer Request

Opt Out Preference Signals

Non-Discrimination

Consumers Under 16 Years of Age

Automated Decision-making

Privacy Center for Requests and Updating Preferences

Updates

 

CCPA Privacy Notice / Notice At Collection

Last Updated January 2023

Maintaining the privacy and security of your personal information is Truist’s highest priority. In doing so, we want to provide transparency regarding how and why your data is collected, how it is used, with whom it may be shared, and how long it is kept. This notice, as well as Truist’s Consumer Privacy Notice and Statement of Online Privacy Practices informs consumers how we will interact with your personal information. 

The purpose of this Notice at Collection and CCPA Privacy Notice (“Notice”) is to provide you with timely notice, at or before the point of collection, of the details about our practices concerning the privacy of your personal information. This Notice is directed to consumers who reside in the state of California (“consumers” or “you”) and relates to personal information covered by the California Consumer Privacy Act (CCPA).  Specifically, this Notice provides comprehensive information about our online and offline practices, along with details concerning how you may exercise your California privacy rights and make requests to access, correct or delete the information that Truist holds about you. We will not collect additional categories of personal information without providing you a new Notice at Collection disclosing these categories.

Please note that Truist adheres to an exemption within the CCPA for data collected pursuant to the Gramm-Leach-Bliley Act (GLBA). This Notice and the rights described do not apply to information we collect when you apply for or obtain our financial products and services for personal, family, or household purposes, which is subject to our Consumer Privacy Notice. This Notice does not apply to Truist subsidiaries and affiliates unless such subsidiary or affiliate links to this policy.

The following charts provide specifics about Truist’s practices related to the collection, use and selling or sharing of personal information:

General Personal Information

Categories of Personal Information Collected & Disclosed Purpose for Collection Purpose for Disclosure
A. Identifiers: For example, real name or alias, address, online identifier, IP address, email address, account name, SSN, driver’s license number, passport number, or other similar identifiers.

  • Deliver, manage and support products and services, manage relationships and maintain accounts
  • Assess and manage risk
  • Manage fraud and financial crimes
  • Manage hiring and ongoing employment, such as benefits, and to manage teammate / organizational performance and staffing
  • Meet legal, regulatory, or compliance requirements
  • Market our products and services
  • Perform services on behalf of another business or entity
  • Manage and optimize internal operations purposes
  • Support and optimize channels and interactions

  • Share for all purposes from “purpose for collection”
B. Personal Information Categories from Cal. Civ. Code § 1798.80I: For example, name, signature, SSN, physical characteristics or description, address, phone number, passport number, driver’s license or state ID card number, policy or account numbers, education, employment, employment history, credit or debit card numbers, or any other financial, medical or health insurance information.

  • Deliver, manage and support products and services, manage relationships and maintain accounts
  • Assess and manage risk
  • Manage fraud and financial crimes
  • Manage hiring and ongoing employment, such as benefits, and to manage teammate / organizational performance and staffing
  • Meet legal, regulatory, or compliance requirements
  • Market our products and services
  • Perform services on behalf of another business or entity
  • Manage and optimize internal operations purposes
  • Support and optimize channels and interactions

  • Share for all purposes from "purpose for collections"
C. Characteristics of CA or Federal Protected Classifications: For example, race, religion, national origin), age (40 and over), gender, sexual orientation, medical condition, ancestry, pregnancy (includes childbirth, breastfeeding and/or related medical conditions), familial status, disability, veteran status, or genetic information.

  • Deliver, manage and support products and services, manage relationships and maintain accounts
  • Assess and manage risk
  • Manage fraud and financial crimes
  • Manage hiring and ongoing employment, such as benefits, and to manage teammate / organizational performance and staffing
  • Meet legal, regulatory, or compliance requirements
  • Market our products and services
  • Perform services on behalf of another business or entity
  • Manage and optimize internal operations purposes
  • Support and optimize channels and interactions

  • Share for all purposes from “purpose for collection”
D. Commercial Information: For example, records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

  • Deliver, manage and support products and services, manage relationships and maintain accounts
  • Assess and manage risk
  • Manage fraud and financial crimes
  • Manage hiring and ongoing employment, such as benefits, and to manage teammate / organizational performance and staffing
  • Meet legal, regulatory, or compliance requirements
  • Market our products and services
  • Perform services on behalf of another business or entity
  • Manage and optimize internal operations purposes
  • Support and optimize channels and interactions

  • Share for all purposes from “purpose for collection”
E. Biometric Information: For example, physiological, biological or behavioral characteristics, including DNA, that can be used to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

  • Assess and manage risk (fraud and security detection through identity verification)
  • Manage hiring and ongoing employment, such as benefits, and to manage teammate / organizational performance and staffing

  • Share for all purposes from “purpose for collection”
F. Internet or Other Similar Network Activity: For example, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement

  • Deliver, manage and support products and services, manage relationships and maintain accounts
  • Assess and manage risk
  • Manage fraud and financial crimes
  • Meet legal, regulatory, or compliance requirements
  • Market our products and services
  • Perform services on behalf of another business or entity
  • Manage and optimize internal operations purposes
  • Support and optimize channels and interactions

  • Share for all purposes from “purpose for collection”
G. Geolocation Data: For example, information that can be used to determine a device’s physical location

  • Deliver, manage and support products and services, manage relationships and maintain accounts
  • Manage and optimize internal operations purposes
  • Support and optimize channels and interactions

  • Share for all purposes from “purpose for collection”
H. Sensory Data or Recordings: For example, audio, electronic, visual, thermal, olfactory, or similar information that can be linked or associated with a particular consumer or household

  • To assess and manage risk
  • To meet regulatory or compliance requirements
  • Manage and Optimize Internal Business Operations
  • Support and Optimize Channels and Interaction

  • Share for all purposes from “purpose for collection”
I. Professional or Employment-Related Information: For example, compensation, evaluations, performance reviews, personnel files and current and past job history.

  • Assess and manage risk
  • Deliver, manage and support products and services, managing relationships and maintaining accounts
  • Manage hiring and ongoing employment needs such as benefits
  • Manage teammate and organizational performance and staffing
  • Maintain records around continuing education
  • Perform services on behalf of another entity or business
  • Meet legal, regulatory or compliance requirements

  • Share for all purposes from “purpose for collection”
J. Education Information (defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)): Education records directly related to a student maintained by an education institution or party acting on its behalf, for example, non-public information that can be used to distinguish or trace an individual’s identity in relation to an educational institution either directly or indirectly through linkages with other information.

  • Assess and manage risk
  • Deliver, manage and support products and services, managing relationships and maintaining accounts
  • Manage hiring and ongoing employment needs such as benefits
  • Manage teammate and organizational performance and staffing
  • Maintain records around continuing education
  • Perform services on behalf of another entity or business
  • Meet legal, regulatory or compliance requirements

  • Share for all purposes from “purpose for collection”
K. Profile Data: For example, inferences drawn from personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

  • Deliver, manage and support products and services, manage relationships and maintain accounts
  • Assess and manage risk
  • Manage fraud and financial crimes
  • Market our products and services
  • Manage and optimize internal operations purposes
  • Support and optimize channels and interactions

  • Share for all purposes from “purpose for collection”

We may also disclose personal information for other purposes at your direction or with your consent.

Sensitive Personal Information

Categories of Sensitive Personal Information Purpose for Collection Purpose for Disclosure
SSN, Driver’s License, State ID Card, Passport Number
  • Deliver, manage and support products and services manage relationships and maintain accounts
  • Assess and manage risk
  • Manage fraud and financial crimes
  • Manage hiring and ongoing employment, such as benefits, and to manage teammate / organizational performance and staffing
  • Meet legal, regulatory, or compliance requirements
  • Perform services on behalf of another business or entity
  • Share for all purposes from "purpose for collections"
Account Login, financial account, debit or credit card number when provided with any security or access code, password or credentials allowing access to an account

  • Deliver, manage and support products and services, manage relationships and maintain accounts
  • Manage fraud and financial crimes
  • Manage and optimize internal operations purposes

  • Share for all purposes from "purpose for collections"
Precise geolocation

  • Deliver, manage and support products and services, manage relationships and maintain accounts
  • Manage and optimize internal operations purposes
  • Support and optimize channels and interactions

  • Share for all purposes from "purpose for collections"
Racial or ethnic origin, religious or philosophical beliefs, or union membership
  • Deliver, manage and support products and services, manage relationships and maintain accounts such as fair lending legal requirements
  • Assess and manage risk
  • Manage hiring and ongoing employment, such as benefits, and to manage teammate / organizational performance and staffing, such as collecting demographic data to ensure employee diversity, equity and inclusion or to conduct insurance underwriting
  • Meet legal, regulatory, or compliance requirements
  • Perform services on behalf of another business or entity

  • Share for all purposes from "purpose for collections"
Contents of a consumer’s mail, email and text messages (unless Truist is the intended recipient)

N/A

N/A
Genetic Data

N/A

N/A
Biometric information for the purpose of unique identification
  • Assess and manage risk (fraud and security detection through identity verification)
  • Manage hiring and ongoing employment, such as benefits, and to manage teammate / organizational performance and staffing
  • Manage and Optimize Internal Business Operations

  • Share for all purposes from “purpose for collection”
Health information

  • Manage ongoing employment needs such as benefits
  • Deliver, manage and support products and services such as insurance underwriting
  • Perform services on behalf of another business or entity

  • Share for all purposes from “purpose for collection”
Information concerning sex life or sexual orientation
  • Collected when voluntarily disclosed in order to manage employment needs such as supporting diversity, equity and inclusion efforts

N/A

What we Sell to Third Parties or Share with Third Parties for Cross-Context Behavioral Advertising and What we Share with Third Parties for Business Purposes

We have sold or shared with third parties for cross-context behavioral advertising personal information to third parties in the preceding 12 months as disclosed in the table below. We also share personal information for business purposes with the third parties described below.

General Personal Information

Categories sold to or shared with third parties over the last 12 months Categories of third parties to whom this category of personal information has been sold or shared Categories of third parties to whom the information was shared for business purposes
A. Identifiers
  • Ad servers, networks, & exchanges
  • Social media platforms
  • Online publishers
  • Data analytics providers
  • Data providers and aggregators
  • Advertising services platforms
  • Market research companies
  • Consumer survey companies
  • Affiliates and other entities in the Truist family
  • Service Providers that provide various services to us
  • Other parties when you authorize or direct us to share your information,such as when you use a third party service to help manage your financial information across financial institutions or when you transfer funds from Truist
  • Credit reporting agencies to report on or learn about your financial circumstances
  • Government entities and other third parties as needed for legal or similar purposes
B. Personal Information Categories from Cal. Civ. Code § 1798.80(e)

N/A

C. Characteristics of CA or Federal Protected Classifications

N/A
D. Commercial Information
  • Ad servers, networks, & exchanges
  • Social media platforms
  • Online publishers
  • Data analytics providers
  • Data providers and aggregators
  • Advertising services platforms
  • Market research companies
  • Consumer survey companies
E. Biometric Information

N/A

  • Affiliates and other entities in the Truist family
  • Service Providers that provide various services to us
F. Internet or Other Similar Network Activity
  • Ad servers, networks, & exchanges
  • Social media platforms
  • Online publishers
  • Data analytics providers
  • Data providers and aggregators
  • Advertising services platforms
  • Market research companies
  • Consumer survey companies
  • Affiliates and other entities in the Truist family
  • Service Providers that provide various services to us
  • Other parties when you authorize or direct us to share your information, such as when you use a third party service to help manage your financial information across financial institutions or when you transfer funds from Truist
G. Geolocation Data

N/A
  • Service Providers that provide various services to us
H. Sensory Data or Recordings

N/A

  • Affiliates and other entities in the Truist family
  • Service Providers that provide various services to us
I. Professional or Employment-Related Information

N/A
  • Affiliates and other entities in the Truist family
  • Service Providers that provide various services to us
  • Other parties when you authorize or direct us to share your information
  • Credit reporting agencies to report on or learn about your financial circumstances
  • Government entities and other third parties as needed for legal or similar purposes
J. Education Information

N/A
  • Service Providers that provide various services to us
K. Profile Data
  • Ad servers, networks, & exchanges
  • Social media platforms
  • Online publishers
  • Data analytics providers
  • Data providers and aggregators
  • Advertising services platforms
  • Market research companies
  • Consumer survey companies
  • Service Providers that provide various services to us

Sensitive Personal Information

Categories sold to or shared with third parties over the last 12 months Categories of third parties to whom this category of personal information has been sold or shared Categories of third parties to whom the information was shared for business purposes
Social Security Number, Driver’s License, State Identification Card, or Passport Number

N/A
  • Affiliates and other entities in the Truist family
  • Service Providers that provide various services to us
  • Other parties when you authorize or direct us to share your information
  • Credit reporting agencies to report on or learn about your financial circumstances
  • Government entities and other third parties as needed for legal or similar purposes
Account log-in, financial account, debit card, or credit card number when provided with any required security or access code, password, or credentials allowing access to an account

N/A

  • Service Providers that provide various services to us
Precise geolocation

N/A
  • Service Providers that provide various services to us
Racial or ethnic origin, religious or philosophical beliefs, or union membership

N/A
  • Service Providers that provide various services to us
Contents of a consumer’s mail, email, and text messages (unless we are the intended recipient of the communication)

N/A

N/A
Genetic Data

N/A

N/A
Biometric information for the purpose of unique identification

N/A
  • Affiliates and other entities in the Truist family
  • Share for all purposes from “purpose for collection”
Health information

N/A

  • Affiliates and other entities in the Truist family
  • Service Providers that provide various services to us
  • Other parties when you authorize or direct us to share your information
  • Government entities and other third parties as needed for legal or similar purposes
Information concerning sex life or sexual orientation

N/A

N/A

Notice of Right to Opt Out of Sale/Sharing

You may at any time direct Truist to stop selling or sharing your personal information, which is called the “Right to Opt Out.” Once you make an opt out request, Truist will comply within 15 business days, and will wait at least 12 months before asking you to reauthorize sales or sharing.

You may exercise your Right to Opt Out of Sale/Sharing in the following ways:

To opt out of tags, cookies, pixels that collect information when you visit Truist.com
To opt out of other personal information sold to or shared with third parties

Notice of Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of your sensitive personal information collected by Truist for the purpose of inferring characteristics about you. This is called the “Right to Limit”.

However, you do not have the right to limit certain uses and disclosures of your sensitive personal information for the following business purposes:

  • Providing our goods and services reasonably expected of an average consumer,
  • Preventing, detecting, and investigating security incidents affecting personal information, provided that the use of personal information is reasonably necessary and proportionate for this purpose,
  • Resisting malicious, deceptive, fraudulent, or illegal actions against us and prosecuting those responsible for those actions, provided that the use of personal information is reasonably necessary and proportionate,
  • Ensuring the physical safety of an individual, provided that the use of personal information is reasonably necessary and proportionate for this purpose,
  • Short-term, transient use, including non-personalized advertising shown as part of a consumer’s current interaction with us, provided that we do not build a profile about the consumer or alter the consumer’s experience outside their current interaction with us,
  • Performing services on behalf of another business (e.g., maintaining accounts, processing orders or transaction),
  • Verifying or maintaining the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, or improving, upgrading, or enhancing the services or device owned, manufactured, manufactured for, or controlled by us,
  • Any collection or processing that is not for the purpose of inferring characteristics about you.

You may exercise your Right to Limit by:

1.     Submitting a request through the Truist Privacy Center.

- On the landing page, select whether you have a Truist online account. If so, sign in.

- Select Information Sharing Preferences and complete form to verify your identity

- Select “Limit the Use of Sensitive Personal Information”

2.     Calling Truist’s Privacy Line at 888-294-2265.

Retention of Personal Information

Truist has established product and business-level criteria for retention and disposal according to business requirements, laws, regulations, and applicable industry standards.

Sources of Personal Information

Truist collects information from various sources, including:

  • Directly from you or your guardians/representatives
  • Service providers that support our business operations (e.g., data analytics providers)
  • Websites, mobile applications, and social media
  • Our affiliates or subsidiaries
  • Outside merchants or business partners such as credit card or lending partnerships, or corporate clients
  • Public records or publicly available data
  • Data brokers
  • Advertising networks
  • Government entities

Consumer Rights Under the CCPA

Right to Know / See Data Request

You have the right to request that Truist disclose categories or specific pieces of personal information we have collected about you over the last 12 months, the categories of sources from which that information was collected, the business or commercial purpose(s) for which the information was collected, sold, or shared with third parties for cross context behavioral advertising, and the categories of third parties with whom we share personal information.

Right to Correct

You have the right to request correction of inaccurate personal information maintained by Truist.  In many instances, such updates are best made by logging into your online account or employee portals, calling 1-844-4TRUIST, or visiting a branch, and some corrections may require specific documentation to be provided as required by law. If you provide us documentation, it will only be used or maintained for the purpose of correcting the information and complying with our recordkeeping requirements under the CCPA. Truist also provides the Privacy Center and privacy request line as described below.

Right to Delete

You have the right to request deletion of personal information that Truist has collected, subject to certain exceptions. For example, we may deny your request if retaining the information is necessary for us to complete a transaction you requested or comply with our legal obligations.  

Submitting a Verified Consumer Request

Consumers are welcome to submit right to know, correction, or deletion requests by visiting our Privacy Center or by calling 888-294-2265.

All requests must be verified prior to receiving a response, using Truist authentication protocols. Requesters will be asked to supply certain basic personal information to enable us to verify the request against our records, such as name, Social Security number, and address. Information submitted for verification purposes will only be used to verify the requestor’s identity and/or authority to make a request on another’s behalf.

Requests made on another person’s behalf can only be accepted upon receipt of documentation that the requestor is an authorized agent, parent, or legal guardian of the consumer whose information is being requested. This will require the submission of a valid Power of Attorney, Birth Certificate, approved Truist authorization form, Guardianship Order, or other court order granting authority to receive information, as appropriate.

Upon submission of a request, consumers will receive an initial confirmation of receipt within 10 days. We will respond to your request within 45 days (unless an extension of up to 45 additional days is requested, upon which the consumer will receive notice and an explanation for the extension).

Opt Out Preference Signals

Your internet browser may give you more control over your privacy preferences via a Global Privacy Control (GPC) signal. This is a setting in your browser that notifies the websites you visit of your preferences to opt out of selling or sharing your personal information under California law. If you have opted out via the GPC signal, Truist sites will recognize this signal and process your preference automatically as it pertains to tags, cookies and pixels that collect personal information when you visit Truist.com. Please note the signal is processed at the browser-level and is not applied if you visit Truist.com from a different browser or device that does not have the GPC signal enabled.

Non-Discrimination

The submission of any CCPA request will have no impact on the service and/or pricing you receive from Truist. It will not result in any denial of goods or services, or different prices, rates or quality of goods or services, nor will it result in retaliation against an employee, applicant, or independent contractor.

Consumers Under 16 Years of Age

Truist products and services are not intended for consumers under the age of 16, and we do not knowingly collect information from children under the age of 16 without consent. Truist does not knowingly sell the personal information of minors under the age of 16 or share such information for cross-contextual advertising.

Automated Decision-making

You have the right to opt out of Truist’s use of your personal information for certain automated decision-making and/or profiling purposes. This opt out can be accomplished by visiting the Truist Privacy Center.

Privacy Center for Requests and Updating Preferences

Through the Truist Privacy Center, you can submit requests to see, delete and edit information we’ve collected and update your sharing and marketing preferences. 

Updates

This Notice may be revised from time to time, so please review this page periodically. Any changes will become effective when we post the revised notice on the site (please note the effective date listed at the top of this page).

Our annual report showing request metrics for the previous calendar year can be found here.

Contact Us

If you have any questions or comments on this notice or our privacy practices generally, please contact us at 888-294-2265. You can also visit www.truist.com/privacy for additional information.