Open Navigation

Privacy Policy

Built with privacy-by-design, we never see any personally identifiable information

Privacy Policies

  • Overview
  • Information We Collect Through Our Website
  • Information Our Financial Institutions Share
  • Opting Out of a Cardlytics Program
  • Social Media Postings
  • Data Security
  • GDPR
  • Modern Slavery Policy
  • Changes to Cardlytics Privacy Policies
  • Contact Us
  • Anti-Corruption Hotline

Privacy Overview

Thank you for choosing to learn more about the privacy policies of Cardlytics. Cardlytics knows that you care about how your personal information is used and shared. Privacy is not just a priority for Cardlytics, but an essential part of our business model.

Through the links on this page, you can learn more about the privacy policies related to information that Cardlytics collects directly as well as information that our financial institution clients collect.

Information We Collect Through Our Website

Through our website, we collect information you choose to provide us, as well as information that is automatically collected, in order to enhance our website, our products, and our services.

A) Information You Choose To Provide Us Through Our Website

Cardlytics offers visitors to our website the opportunity to reach out to us in various ways, including the opportunity to contact us with questions or comments, to request information from us about our business, or to send us an application in connection with various job postings. In connection with these opportunities, you may provide – and we will therefore necessarily collect – certain personally identifiable information (“PII”) regarding you, such as, without limitation, your name, mailing address, email address, or phone number. You may also choose to provide us certain non-personally identifiable information (“non-PII”), such as website comments, when you contact us through our website, and we will also collect that information.

We will use the information you choose to provide us through our website for legitimate business purposes, such as responding to your questions or comments, providing you with the requested information, or contacting you about the relevant employment opportunity.  As a general matter, we will not disclose any PII you provide us through our website to any third parties.  However, we reserve the right to do so when necessary or required by the circumstances, such as (i) to protect or defend the legal rights of Cardlytics; (ii) to protect against fraud or for risk management purposes; (iii) to comply with applicable law or respond to legal process; or (iv) if Cardlytics undergoes bankruptcy or dissolution. Additionally, if Cardlytics sells, merges, or transfers all or part of its business or assets, we may transfer the information you provided us through our website to the parties involved in that transaction.

Our website is hosted in the United States and is not directed towards individuals under the age of thirteen (13).  Cardlytics does not knowingly or intentionally collect PII from individuals under thirteen (13) years of age.

B) Information We Automatically Collect Through Our Website

When you visit our website, we automatically collect certain information, including information related to the device you used to access our website (such as the IP address and type of device), the URL that referred you to our website or the search terms that led you to our website, the date and time of your visit, your behavior on our website (e.g., paths you take through website), and your geographic location information.  In connection with this collection, we may use analytics services to help us track the efficacy of our website.

We automatically collect information through cookies. Cookies are small text files stored by your browser on your computer, phone, tablet, or other device you used to access our website. Cookies allow us to identify visitors, track aggregate behavior, and enable certain website features. We also automatically collect certain information through web beacons, which can recognize certain types of information on your computer, such as a cookie number, time and date of a page view, and a description of the page where the web beacon is placed.

We may allow third parties to collect the anonymous and non-PII data received from cookies and web beacons on our behalf, and to retain and use this data themselves. In addition, we may share this anonymous and non-PII data with other third parties. To protect your privacy, we do not use cookies or web beacons to store or transmit any PII about you. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify settings on all major browsers to decline cookies if you prefer. You may also render some web beacons unusable by rejecting their associated cookies.

C) Links to External Websites

Our website contains links to third-party websites. We have no influence on the privacy practices or policies of any external websites. As a result, Cardlytics is not responsible for the privacy practices of websites operated by third parties.  Once you leave our website via such a link, we encourage you to read the applicable privacy policy of any third-party site to determine, among other things, how they handle any PII they collect from you.

Information Our Financial Institutions Share

The power of Cardlytics is driven by its relationships with financial institutions. Cardlytics’ financial institution clients utilize Cardlytics’ services so that they can provide their customers with targeted and relevant offers or advertisements inside the banking platform. Cardlytics’ financial institution clients provide Cardlytics with deidentified spend data to make these targeted and relevant offers possible. Additionally, Cardlytics may in certain circumstances use the deidentified spend data to determine the efficacy of advertisements both inside and outside the banking platform as well as craft other spend-based insights. Cardlytics’ financial institution clients include some of the biggest and best names in banking.  Your financial institution might be one of Cardlytics’ clients.

Cardlytics does not receive, or have access to, any PII from its financial institution clients.  As such, we cannot and will not share individual or PII-based transaction data with third parties, including our advertising partners.

Your financial institution’s privacy policy governs its privacy and data sharing practices. If you are interested to learn more about your financial institution’s privacy and data sharing practices, we encourage you to contact your financial institution or examine its relevant policies.

Opting Out of a Cardlytics Program

If you are currently participating in and want to opt out of a Cardlytics card-linked marketing program, you can do so through your financial institution. Every financial institution’s opt-out feature will be slightly different. Cardlytics encourages you to contact your financial institution, or visit your financial institution’s website, for more details. Opting out of a Cardlytics card-linked marketing program will also opt you out of Cardlytics’ other programs and products.

Social Media Postings

In connection with your selection or redemption of an offer through the online banking website or mobile application of one of our financial institution clients, you may be presented with the opportunity to post about your selection or redemption of an offer, or overall participation in our program, via your social media account, such as Facebook or Twitter. A social media post will only be made at your specific direction and with your express consent. Cardlytics does not collect any PII, such as your social media username or password, your email address, or your name, in connection with any such social media posting.  Cardlytics will only collect non-PII information regarding the posting for Cardlytics’ internal analyses.

Data Security

The security of Cardlytics’ data is critical to our business mission. Cardlytics uses commercially reasonable administrative, technical, personnel, and physical security measures that comply with federal regulations to safeguard all of our data against loss, theft, or unauthorized use, disclosure, or modification.

We also regularly conduct risk assessments and audits on our information systems. These security measures help us continually assess our ability to maintain the security of our data. We also maintain strict physical security for our facilities and limit access to critical areas of our business.


On May 25, 2018, the GDPR came into effect in the EU. Read Cardlytics’ external privacy notice here.

Modern Slavery Policy

Read Cardlytics’ Modern Slavery Policy here.

Changes to Cardlytics’ Privacy Policies

We may change Cardlytics’ privacy policies from time to time. We encourage you to periodically review this page for the latest information on our privacy practices.

Cardlytics’ privacy policies were last updated on May 25, 2018.

Contact Us

If you have any questions regarding Cardlytics’ privacy policies, please contact us by email at

Anti-Corruption Hotline

Report corruption, fraud, and other misconduct via the Cardlytics Anti-Corruption Hotline by phone (866-269-1020) or email