How It Works: Customer Data Collection & Protection
How It Works is an ongoing series here on our blog, exploring and demystifying topics about which we hear often from our members and the public. Today, we’re taking a look at how we collect and protect customer data.
By Nezha Nickerson and Annie Miller
If you’re a SoFi member, you’ve likely taken the time to provide us with some of your most sensitive information, including your Social Security number, address, and birthdate. Did you read the fine print to find out what we do to protect that information once you give it to us? If you didn’t, here’s some background to help you understand.
We know our members are trusting us with some of their most sensitive information, and we don’t take that lightly. Here at SoFi we put our members (and their privacy!) first. We maintain the most stringent of industry-standard administrative, technical, and physical safeguards designed to ensure that information’s security and confidentiality. We think about member data in two ways:
Personal information (like name, address, or birthdate) is collected solely for the purposes of delivering our best product, as well as to meet our compliance requirements. And whenever we do save personal information, it’s stored on servers and in facilities that only select SoFi personnel and our contractors have access to. Who gets access to that information is based on two principles: what they need to know and what the minimum amount of privileges necessary to fulfill their roles and responsibilities are.
We don’t sell or rent personal information to any unaffiliated third parties. When SoFi shares personal information with a third party after we’ve collected consent (for example, loan servicing partners like MOHELA or credit reporting agencies like Experian), we require that those third parties uphold the same standards for the security and confidentiality of that information that we do, as well as limit their use of the information to only their work with us.
Aggregate information, meaning data we’ve collected from which all personal information that can be tied back to a member has been removed, is used to help us understand trends, needs, interests, and preferences so we can improve our products and services in a manner compliant with laws and regulations.
It’s important to keep in mind the changing legal and regulatory landscape that influences customer data protection. SoFi is subject to the Gramm-Leach Bliley Act (GLBA) and the California Consumer Privacy (CCPA) , which are both domestic US data privacy laws. We seek to comply with these laws by making it easy for our members to control their privacy. We are committed to complying with these regulations by:
Offering security and privacy settings from your profile that will help members protect their personal information.
We continue to monitor the regulatory landscape and evolve as needed. Our InfoSec and Legal teams continue to monitor changes to laws and regulations to help our members maintain their privacy.
Bottom line—we know your trust is paramount, so we treat your information as if it were our own.
Want to learn more about how SoFi works? Be sure to check out our first blog in this “How It Works” series on how we use credit scores.
Disclaimer: Many factors affect your credit scores and the interest rates you may receive. SoFi is not a Credit Repair Organization as defined under federal or state law, including the Credit Repair Organizations Act. SoFi does not provide “credit repair” services or advice or assistance regarding “rebuilding” or “improving” your credit record, credit history, or credit rating. For details, see the FTC’s website .
Third-Party Brand Mentions: No brands, products, or companies mentioned are affiliated with SoFi, nor do they endorse or sponsor this article. Third-party trademarks referenced herein are property of their respective owners.