U.S. Consumer Privacy Notice | U.S. Employee Applicant Privacy Notice
November 2025
This Privacy Policy is meant to help you understand how we and our affiliates collect, use, protect, and share your personal information. This Privacy Policy applies to SoFi’s online and offline collection, use, sharing, and retention of your personal information.
If you are a SoFi consumer or customer and applied for or obtained a financial product or service with SoFi, read our U.S. Consumer Privacy Notice to learn how we collect, use, protect and share your personal information and the privacy options available to you.
This Privacy Policy applies to all SoFi companies that offer products and services, which includes SoFi Technologies, Inc., Social Finance, LLC, and its Affiliates, (collectively, “SoFi,” “we,” or “us”).
SoFi Services means our websites (SoFi.com and LanternCredit.com), our mobile app, our product and services, and any other SoFi sites or services that link to this Privacy Policy.
We may change or update this Privacy Policy periodically. When we do, we will let you know by appropriate means such as by posting the revised Privacy Policy on our website with a new “Last Updated” date. Any changes to this Privacy Policy will become effective when posted unless indicated otherwise.
Financial regulators, consumer protection agencies, and other businesses may share information, typically with your consent and knowledge, regarding complaints you submitted related to SoFi and its products or services.
We retain information we collect about you, and use the following factors to determine the retention period of personal information:
We use your personal information for the following purposes, or as otherwise described at the time of collection:
Provide Financial Services and Products. We use your personal information to provide you with financial services and products and
Website and application delivery. We may use your personal information to:
Research and development and business promotion. We may use your personal information for research and development purposes, including to analyze and improve the Website and our business, and for business promotion purposes.
Marketing and advertising. We, our service providers, advertising and marketing platforms, and our third-party companies with which we maintain advertising agreements may collect and use your personal information for marketing and advertising purposes:
We may also directly share information about you with these companies to facilitate interest-based advertising to those or similar users on other online platforms. To opt out of sharing information for this purpose, please visit “Your Personal Information Choices” on this page for instructions.
SoFi provides customers with access to multiple products and services offered by other companies through our Services. When you select to connect with another such company, SoFi may receive and keep information about your use of the other company’s products and services.
Meet compliance and legal obligations. We may use your personal information to:
Fraud Detection and prevention. We may use your personal information to prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks, and identity theft.
With your consent. In certain cases, we ask for your consent to collect, use, and share your personal information, such as when obtaining a credit report.
We share your personal information with the following parties and as otherwise described in this Privacy Policy, or at the time of collection.
Service providers. Third parties that provide services to SoFi, or to you on our behalf, or help us operate our business (such as data cloud providers), information technology, customer support, email delivery, marketing, consumer research and website analytics.
Insurance providers. If you provide information to SoFi Protect using designated SoFi Protect pages, we will share your information, including sensitive personal information such as health data, with those providers to generate insurance quotes and offers, and to administer insurance policies and services.
Consumer reporting agencies.
Social Media Platforms. If you interact with us or our SoFi Services on or through social media platforms, the platform may be able to collect information about you and your interaction with us. If you interact with social media objects on our sites, both the social media platform and your connections on the platform may be able to view that activity. To control the sharing of information, please review the privacy policy of the relevant social media platform.
Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so. We will share personal information these other companies need to provide the services that you requested.
Business and marketing partners. Third parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.
Other lenders. SoFi may share your information with other lenders or loan brokers to offer products and services to you.
-SoFi operates a website branded as “Lantern” or Lanterncredit” that facilitates you connecting with other lenders or loan brokers. When you submit information, we share your information with other lenders and services providers to help you obtain financial services.
-If you are not eligible for a loan from SoFi or you decline an offer, SoFi may share your information with another lender to determine if that lender can fulfill your request.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.
Legal authorities. Law enforcement, government authorities, regulatory agencies, and third parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above, and in compliance with applicable law.
Business transferees. Acquirers and other relevant participants in business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, SoFi or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Other users and the public Your user-generated content may be visible to other users of our Services and the public. For example, other users or the public may have access to your information if you provide comments, reviews, blog posts, messages or share other content. This information can be viewed, collected, and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information.
We incorporate AI functionalities into our products and services, such as the chatbot used for customer support. We use AI to enhance your banking experience, improve the efficiency and quality of our services, and protect your account from fraud. We require our service providers to keep your personal information secure and do not allow them to use or share it for any purpose other than providing the contracted services on our behalf. Furthermore, we contractually prohibit our AI service providers from using your data to train or improve their own AI models.
| Category of Personal Information | Types of Third Parties to Which the Personal Information Was Disclosed for a Business Purpose | Business Purpose for Disclosing Personal Information |
|---|---|---|
| Identity information |
|
|
| Profile information | ||
| Contact information | ||
| Employment information | ||
| Internet or other electronic network activity information (device data, online activity data) | ||
| Preferences |
|
|
| Geolocation Data, such as the physical location of your device. (NOT Precise geolocation) |
|
|
| Audio, electronic, visual, or similar information, including recordings of calls and online user sessions. |
|
|
| SoFi investor profile |
|
|
| Inferences, drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
|
|
| Transactional data |
|
|
| Categories of Sensitive Personal Information | ||
| Unique Identifiers – Your social security, driver’s license, state identification card, or passport number. |
|
|
Financial accounts |
| Health-related information – such as medical history, diagnoses, and treatment information. | • Insurance providers | • To generate insurance quotes and offers, and to administer insurance policies and services |
| The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication. |
|
|
| Precise geolocation data – (any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, |
|
|
| Biometric data – As part of the verification process, we collect biometric information from government IDs and images to verify your identity. |
|
|
| Health data – When you request information about certain insurance policies, we collect certain self-reported health information. |
|
|
SoFi shares the following categories of personal information for interest-based advertising and analytics with social media platforms and marketing/advertising companies: Identity information, profile information, contact information, Internet or other electronic network activity information, automatic data collection described above, and limited SoFi financial data, demographic information (is a student/is not a student), and combinations of this data to infer interest/relevance.
If you would like to opt out of the sharing/selling of your personal information for interest-based advertising, please visit “How to Exercise Your Right to Opt Out of the Selling/Sharing of Personal Information” on this page for instructions. If you would like to opt out of the disclosure of certain information to nonaffiliated third parties, please read instructions below in “Affiliate and Non-Affiliate Data Sharing Preferences.”
SoFi will not share your phone number with non-SoFi companies for their own texting and auto-dialing purposes unless you provide consent.
SoFi takes the privacy and security of its members’ personal information seriously. We maintain administrative, technical, and physical safeguards designed to protect your information’s security, confidentiality, and integrity.
As part of SoFi Services, we give you the opportunity to use online tools to organize financial information and obtain insights related to financial information, which SoFi offers under the product name brand of “Relay”(we refer to these as personal financial management insights and tools). If you use Relay, we collect and compile information about you and your accounts held at SoFi and at external financial institutions, such as a bank account or a loan serviced by another institution. If you choose to connect an external account in Relay, (referred to as a “Connected Account,”) you authorize SoFi to obtain information from the external account and use it as described below.
SoFi will obtain your account information. If you elect to connect an external account to SoFi, SoFi will obtain information from those Connected Accounts. The specific information SoFi obtains may vary by institution and account type. SoFi will obtain from the account any transactional and balance information from the linked accounts. For example, if you connect a bank account to Relay, SoFi can collect information from the account, including balance and transaction information, such as payments made and their amounts, debits, and deposits. If you connect a loan account from an external institution, SoFi can collect loan balance, interest rate on the loan, and your payment history.
Use of Plaid Services. To connect an account, SoFi requires you to use a service offered by Plaid Inc. (“Plaid”). Review Plaid’s Privacy Policy https://plaid.com/legal/#end-user-privacy-policy to learn more.
Use of information from Connected Accounts. If you connect an account through any SoFi service provider and with your consent, SoFi may use the information from the connected account to identify products and services that may be of interest to you, sharing information with affiliated companies to offer products and services to you, and identify if you would be likely to be eligible for certain products and services. If you do not want us to share this information for marketing purposes with SoFi affiliated companies, you may log in to sofi.com and click on our name in the top right corner > ‘My Profile’> ‘Account Settings’ to update your Optional Information Sharing preferences. If you need additional assistance, call 1-855-456-SOFI and an agent can help update your preferences.
Additionally, SoFi may share certain account information obtained via Plaid with trusted third-party service providers for the purpose of enriching or analyzing the data to enhance the insights and services offered to you through Relay. This third party is contractually bound to use the data only for this limited purpose and to maintain its confidentiality and security.
If you would like to delete a connection from SoFi Relay, you may do so from your account or by calling 1-855-456-SOFI (7634).
If you use the SoFi Pay service, we may collect, use,or share your personal information, initially collected from individuals or counterparty banks, to facilitate sending or receiving funds.
The legal basis for processing your personal information is that the processing is necessary for compliance with a legal obligation to which the controller (SoFi) is subject.
International Data Transfers
Personal information about you may be transferred, accessed, and stored globally including in countries or regions outside of the one in which you reside. In the event your personal information is transferred from one country to another that does not provide an adequate level of protection for our personal information, SoFi will take measures to ensure your personal information is adequately transferred and protected in compliance with applicable laws.
SoFi relies on standard contractual clauses as its primary mechanism for performing cross border data transfers and assuring data protection adequacy.
If you opt into Sofi’s Credit Services Monitoring,
-SoFi will present your credit score and other credit report data to you.
-SoFi will obtain and keep your credit reporting information and use it for the purposes permitted in this Privacy Policy. SoFi’s uses of your information includes:
If you reach SoFi through your employer’s benefits page, Sofi will share information about your use of SoFi with your employer for the purpose of operating the benefits program. If you interacted with us via the SoFi at Work Dashboard or platform, this Privacy Policy covers your use of those tools and services.
SoFi website includes webpages branded as Lantern or Lanterncredit that allow users to connect with other lenders and loan brokers or marketing services providers.
When you provide information to SoFi using Lantern pages, we share your information with other companies that provide loan related offers to you. These parties may interact with you and may retain and use your information whether you use their services or obtain their products.
SoFi Insurance Agency, LLC (“SoFi Protect”) offers a variety of insurance products through multiple providers. If you provide information to SoFi Protect using designated SoFi Protect pages, we will share your information with those providers to generate insurance quotes and offers.
This Privacy Policy applies only to SoFi’s Services. SoFi Services may contain links to other websites or apps or may forward users to other websites or apps that we may not own or operate and to which this Privacy Policy does not apply. We neither can control nor are responsible for the privacy practices or content of these websites or apps. We suggest reading the privacy notices of these websites or app providers or contacting them directly for information on their privacy practices. Nonetheless, we seek to protect the integrity of our Services and welcome any feedback about these linked websites and mobile applications.
Our services are not intended for children under 18 years of age. We do not knowingly collect personal information from an individual under age 18. If you are under the age of 18, please do not submit any personal information through the Website, app, or service. If you have reason to believe that we may have accidentally received personal information from an individual under age 18, please contact us immediately at 1-855-456-SOFI (7634).
We do not knowingly collect, sell, or share the personal information of children under the age of 16.
You may have additional choices if you are from California and Nevada. Please see below if you are a resident of those areas.
We want you to be aware of the choices you have in limiting the sharing of your personal information.
Direct Mail Opt-Out
To opt out of SoFi’s marketing and advertising campaigns conducted via direct/postal mail, please make your request at https://www.sofi.com/optout/.
Access or Update Your Information (Registered Users)
If you have registered for an account with us through the SoFi.com Website, you may review and update certain account information by logging into your account. To update your profile, visit “My Profile” after logging into your account. This section of the site is password protected to safeguard your information. As a registered user, you can update your password, physical address, phone numbers, education, and employment information at any time on the Website. If you need to change any other information in your profile, please contact our customer service hotline at 1-855-456-SOFI (7634).
Correcting Information Maintained by the National Credit Reporting Agencies
Credit reporting agencies maintain Information related to your creditworthiness. If you find that there is an error or want to dispute the information found in your credit report, please contact the national credit reporting agencies.
Advertising choices You can limit use of your information for interest-based advertising by:
Unlinking or disconnecting connected accounts.
You can remove links to external institutions by using the External Account Linking Hub within the SoFi app.
Mobile settings.
Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes. You will need to apply these opt-out settings on each device from which you wish to opt-out.
Communication Preferences
SoFi registered users can manage their communication preferences via the “My Profile” section of the site after logging into their account.
Affiliate and Non-Affiliate Data Sharing Preferences
SoFi registered users can manage their “Optional Data Sharing Preferences” via the “My Profile” section of the site after logging into their account. This is a limited right and only applies in certain cases. Review our U.S. Consumer (GLBA) Privacy Notice to learn when the right applies.
Cookie Options
Visit the “Cookies and similar technologies” section to learn how to how opt of cookies.
Other Privacy Choices
Browse to the California Privacy Rights section to view other rights that may be available to you and the method to exercise them.
Declining to provide information
We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
SoFi maintains a process to respond to your concerns regarding violations of this Privacy Policy. If you believe that we have not complied with this policy or have questions regarding your privacy with us, please call us at 1-855-456-SOFI (7634). If you are reporting non-compliance with this Privacy Policy, please describe the issue in as much detail as possible without disclosing any sensitive information about you or third parties.
Depending on the jurisdiction in which you reside, you may have certain rights about how your Personal Information is collected, stored, used, and shared.
Your California Privacy Rights
Under the California Consumer Privacy Act (CCPA), residents have certain rights as outlined in this section. However, the CCPA allows exceptions for and, therefore, does not apply to the following:
Under the California Consumer Privacy Act (CCPA), residents have certain rights as outlined in this section. However, the CCPA allows exceptions for and, therefore, does not apply to the following:
-Publicly available information made lawfully available from government records.
-Information that is deidentified, meaning that the information is rendered so that it cannot reasonably be used to infer information about or link to a specific person.
-Information subject to other laws, such as the following:
• Personal information covered by subject to certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach Bliley Act (“GLBA”) or California Financial Information Privacy Act (“CalFIPA”), and the Driver’s Privacy Protection Act of 1994.
California residents have the right to
-know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of personal information the business has collected about you;
-request the deletion of certain personal information collected by us;
-correct inaccurate personal information;
-know/access or receive a disclosure of your personal information;
-know what personal information is sold or shared and to whom;
-opt-out of the sale or sharing of your personal information;
-in certain cases, limit the use and disclosure of sensitive personal information; and
– no retaliation for opting out or exercising any other rights, including an employee’s right not to be retaliated against for the exercise of their CCPA rights.
Your Brazil Privacy Rights
Under Brazil’s Lei Geral de Protecao de Dados (LGPD), the General Data Protection Law enacted in 2018, individuals have the right to access, rectify, cancel, and and oppose the processing or disclosure of personal data. These rights may be exercised by following the instructions outlined in the “How to Exercise Your Right to Know (Access), Delete, or Correct Your Personal Information” section below.
Your India Privacy Rights
Under India’s Digital Personal Data Protection Act 2023 (DPDP Act), residents of India (Data Principals) have certain rights regarding their personal data. These rights include the right to access, correct or complete inaccurate or misleading personal data, erasure subject to certain conditions, have your complaints addressed, and to nominate another person to exercise these rights in the event of your death or incapacity. These rights may be exercised by following the instructions outlined in the “How to Exercise Your Right to Know (Access), Delete, or Correct Your Personal Information” section below.
Your Mexico Privacy Rights
Under Mexico’s Federal Law for the Protection of Personal Data held by Privacy Parties (LFPDPPP of 2025), entered into force on March 21, 2025, individuals have the right to access, rectify, cancel, and and oppose the processing or disclosure of personal data. These rights may be exercised by following the instructions outlined in the “How to Exercise Your Right to Know (Access), Delete, or Correct Your Personal Information” section below.
Your Nevada Privacy Rights
Senate Bill No. 220 (May 29, 2019) amends Chapter 603A of the Nevada Revised Statutes to permit a Nevada consumer to direct an operator of an Internet Website or online service to refrain from making any sale of any covered information the operator has collected or will collect about that consumer. You may submit a request pursuant to this directive by calling us at 1-855-456-SOFI (7634).
Your Phillipines Privacy Rights
Under the Philippines’ Data Privacy Act of 2012 (DPA), residents of the Philippines (Data Subjects) have certain rights regarding their personal information. These rights include the right to be informed, to object, to access, to rectify, erase or block, to damages, and to data portability. These rights may be exercised by following the instructions outlined in the “How to Exercise Your Right to Know (Access), Delete, or Correct Your Personal Information” section below.
Your United Kingdom and the European Economic Area Data Protection Rights
In addition to the rights detailed in the “Data Privacy and Protection Rights” section, the following rights are available.
• Right to object to processing – You have the right to object to the processing of your personal data in situations where we rely on legitimate interests to lawfully process personal data. This includes the right to object to the processing of your personal data, by us or on our behalf, for direct marketing purposes.
• File a Complaint – You have the right to lodge complaints with a supervisory authority regarding the processing of your personal data by us or on our behalf.
• Automated profiling – You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
In cases where you have provided explicit consent or the automated decision is necessary to enter into a contract with us, we have implemented suitable measures to safeguard your rights, freedoms, and legitimate interests by allowing you to (a) obtain human intervention regarding the decision, (b) express your point of view, and (b) contest the decision.
How to Exercise Your Rights to Know (Access), Delete, or Correct Your Personal Information
We must verify your identity before processing most requests, which may require you to provide additional information. You may submit a request by using our self-service Privacy Request Form or by calling us at 1-855-456-SOFI (7634). We strive to honor requests within forty-five (45) days of receipt. In certain instances, we may not be able to honor your request, such as when an exception applies or when we cannot verify your identity. We will notify you if we are unable to process your request within that time or at all and provide you an explanation.
How to Exercise Your Right to Opt Out of the Selling/Sharing of Personal Information
Registered users
SoFi.com registered users may opt out of the sale/sharing of their personal information for cross-contextual behavioral advertising by logging into their account and toggling the button under the “Personal Information Privacy Preferences” section to “No, Don’t Allow Sharing.”
Unregistered visitors or Logged out SoFi.com Users
Click here or browse to the “Privacy Choices” link at the bottom of all SoFi webpages to choose your preferences.
LanternCredit.com visitors
Click here or browse to the “Privacy Choices” link at the bottom of all SoFi webpages to choose your preference.
How to Exercise Your Right to Limit the Use of Sensitive Personal Information at SoFi.com
Click here or browse to the “Privacy Choices” link at the bottom of all SoFi webpages to choose your preference.
How to Exercise Your Right to Limit the Use of Sensitive Personal Information at Lanterncredit.com
Click here or browse to the “Privacy Choices” link at the bottom of all SoFi webpages. to choose your preference.
Submitting Requests on Another’s Behalf/Authorized Agents
You can designate an authorized agent to submit a request on your behalf by calling us at 1-855-456-SOFI (7634). If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent written permission to do so and to verify your own identity directly with us.
Global Privacy Control
SoFi recognizes the Global Privacy Control (GPC), which is a setting that allows you to communicate your privacy preferences to websites and online services that you visit. When we detect a GPC signal from a browser, we interpret this as a valid request to not sell or share the personal information for that browser or device in compliance with applicable laws. Please visit the Global Privacy Control website to learn more about the setting and how to enable it on your browser.
Phone – If you have any questions about SoFi’s privacy practices, please call us at 1-855-456-SOFI (7634).
Web – You may exercise your privacy rights by submitting a request using this form.