U.S. Consumer Privacy Notice | U.S. Employee Applicant Privacy Notice
November, 2023
This Privacy Policy is meant to help you understand how we and our affiliates collect, use, protect, and share your personal information. This Privacy Policy applies to SoFi’s online and offline collection, use, sharing, and retention of your personal information.
If you are a SoFi consumer or customer and applied for or obtained a financial product or service with SoFi, read our U.S. Consumer Privacy Notice to learn how we collect, use, protect and share your personal information and the privacy options available to you.
This Privacy Policy applies to all SoFi companies that offer products and services, which includes SoFi Technologies, Inc., Social Finance, Inc., and its Affiliates, (collectively, “SoFi,” “we,” or “us”). Affiliates means companies owned by or under common control with Social Finance Inc. SoFi Affiliates include the following entities:
SoFi Services means our websites (SoFi.com and LanternCredit.com), our mobile app, our product and services, and any other sites or services that link to this Privacy Policy.
We may change or update this Privacy Policy periodically. When we do, we will let you know by appropriate means such as by posting the revised Privacy Policy on our website with a new “Last Updated” date. Any changes to this Privacy Policy will become effective when posted unless indicated otherwise.
Financial regulators, consumer protection agencies, and other businesses may share information, typically with your consent and knowledge, regarding complaints you submitted related to SoFi and its products or services.
We retain information we collect about you, and use the following factors to determine the retention period of personal information:
We use your personal information for the following purposes, or as otherwise described at the time of collection:
Provide Financial Services and Products. We use your personal information to provide you with financial services and products and
Website and application delivery. We may use your personal information to:
Research and development and business promotion. We may use your personal information for research and development purposes, including to analyze and improve the Website and our business, and for business promotion purposes.
Marketing and advertising. We, our service providers, advertising and marketing platforms, and our third-party companies with which we maintain advertising agreements may collect and use your personal information for marketing and advertising purposes:
We may also directly share information about you with these companies to facilitate interest-based advertising to those or similar users on other online platforms. To opt out of sharing information for this purpose, please visit “Your Personal Information Choices” on this page for instructions.
SoFi provides customers with access to multiple products and services offered by other companies through our Services. When you select to connect with another such company, SoFi may receive and keep information about your use of the other company’s products and services.
Meet compliance and legal obligations. We may use your personal information to:
Fraud Detection and prevention. We may use your personal information to prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks, and identity theft.
With your consent. In certain cases, we ask for your consent to collect, use, and share your personal information, such as when obtaining a credit report.
We share your personal information with the following parties and as otherwise described in this Privacy Policy, or at the time of collection.
Service providers. Third parties that provide services to SoFi, or to you on our behalf, or help us operate our business (such as data cloud providers), information technology, customer support, email delivery, marketing, consumer research and website analytics.
Advertising and marketing partners. Third-party advertising companies that advertise and promote SoFi.
Consumer reporting agencies.
Social Media Platforms. If you interact with us or our SoFi Services on or through social media platforms, the platform may be able to collect information about you and your interaction with us. If you interact with social media objects on our sites, both the social media platform and your connections on the platform may be able to view that activity. To control the sharing of information, please review the privacy policy of the relevant social media platform.
Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so. We will share personal information these other companies need to provide the services that you requested.
Business and marketing partners. Third parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.
Other lenders. SoFi may share your information with other lenders or loan brokers to offer products and services to you.
-SoFi operates a website branded as “Lantern” or Lanterncredit” that facilitates you connecting with other lenders or loan brokers. When you submit information, we share your information with other lenders and services providers to help you obtain financial services.
-If you are not eligible for a loan from SoFi or you decline an offer, SoFi may share your information with another lender to determine if that lender can fulfill your request.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.
Legal authorities. Law enforcement, government authorities, regulatory agencies, and third parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above, and in compliance with applicable law.
Business transferees. Acquirers and other relevant participants in business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, SoFi or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Other users and the public Your user-generated content may be visible to other users of our Services and the public. For example, other users or the public may have access to your information if you provide comments, reviews, blog posts, messages or share other content. This information can be viewed, collected, and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information.
| Category of Personal Information | Types of Third Parties to Which the Personal Information Was Disclosed for a Business Purpose | Business Purpose for Disclosing Personal Information |
|---|---|---|
| Identity information |
|
|
| Profile information | ||
| Contact information | ||
| Employment information | ||
| Internet or other electronic network activity information (device data, online activity data) | ||
| Preferences |
|
|
| Geolocation Data, such as the physical location of your device. (NOT Precise geolocation) |
|
|
| Audio, electronic, visual, or similar information, including recordings of calls and online user sessions. |
|
|
| SoFi investor profile |
|
|
| Inferences, drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
|
|
| Categories of Sensitive Personal Information | ||
| Unique Identifiers – Your social security, driver’s license, state identification card, or passport number. |
|
|
| Financial accounts | ||
| The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication. |
|
|
| Precise geolocation data – (any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, |
|
|
| Biometric data – As part of the verification process, we collect biometric information from government IDs and images to verify your identity. |
|
|
SoFi shares the following categories of personal information for interest-based advertising and analytics with social media platforms and marketing/advertising companies: Identity information, profile information, contact information, Internet or other electronic network activity information, automatic data collection described above, and SoFi financial data (i.e., account balance size, number of invest trades, etc.), demographic information (age, is a student/is not a student), and combinations of this data to infer interest/relevance.
If you would like to opt out of the sharing/selling of your personal information for interest-based advertising, please visit “How to Exercise Your Right to Opt Out of the Selling/Sharing of Personal Information” on this page for instructions.
SoFi takes the privacy and security of its members’ personal information seriously. We maintain administrative, technical, and physical safeguards designed to protect your information’s security, confidentiality, and integrity.
As part of SoFi Services, we give you the opportunity to use online tools organize financial information and obtain insights related to financial information, which SoFi brands as “Relay” or “Insights.” If you use Relay, we collect and compile information about you and your accounts held at SoFi and at external financial institutions, such as a bank account or a loan serviced by another institution. If you choose to connect an external account in Relay, (referred to as a “Connected Account,”) you authorize SoFi to obtain information from the external account and use it as described below.
SoFi will obtain your account information. If you elect to connect an external account to SoFi, SoFi will obtain information from those Connected Accounts. The specific information SoFi obtains may vary by institution and account type. SoFi will obtain from the account any transactional and balance information from the linked accounts. For example, if you connect a bank account to Relay, SoFi can collect information from the account, including balance and transaction information, such as payments made and their amounts, debits, and deposits. If you connect a loan account from an external institution, SoFi can collect loan balance, interest rate on the loan, and your payment history.
Use of Plaid Services. To connect an account, SoFi requires you to use a service offered by Plaid Inc. (“Plaid”). Review Plaid’s Privacy Policy to learn more.
Use of information from Connected Accounts. If you connect an account through any SoFi service provider and with your consent, SoFi may use the information from the connected account to identify products and services that may be of interest to you, sharing information with affiliated companies to offer products and services to you, and identify if you would be likely to be eligible for certain products and services. If you do not want us to share this information for marketing purposes with SoFi affiliated companies, you may log in to sofi.com and click on our name in the top right corner > ‘My Profile’> ‘Account Settings’ to update your Optional Information Sharing preferences. If you need additional assistance, call 1-855-456-SOFI and an agent can help update your preferences.
If you would like to delete a connection from SoFi Relay, you may do so from your account or by calling 1-855-456-SOFI (7634).
If you opt into Sofi’s Credit Services Monitoring,
-SoFi will present your credit score and other credit report data to you.
-SoFi will obtain and keep your credit reporting information and use it for the purposes permitted in this Privacy Policy. SoFi’s uses of you information includes:
If you reach SoFi through your employer’s benefits page, Sofi will share information about your use of SoFi with your employer for the purpose of operating the benefits program. If you interacted with us via the SoFi at Work Dashboard or platform, this Privacy Policy covers your use of those tools and services.
SoFi website includes webpages branded as Lantern or Lanterncredit that allow users to connect with other lenders and loan brokers or marketing services providers.
When you provide information to SoFi using Lantern pages, we share your information with other companies that provide loan related offers to you. These parties may interact with you and may retain and use your information whether you use their services or obtain their products.
This Privacy Policy applies only to SoFi’s Services. SoFi Services may contain links to other websites or apps or may forward users to other websites or apps that we may not own or operate and to which this Privacy Policy does not apply. We neither can control nor are responsible for the privacy practices or content of these websites or apps. We suggest reading the privacy notices of these websites or app providers or contacting them directly for information on their privacy practices. Nonetheless, we seek to protect the integrity of our Services and welcome any feedback about these linked websites and mobile applications.
Our services are not intended for children under 18 years of age. We do not knowingly collect personal information from an individual under age 18. If you are under the age of 18, please do not submit any personal information through the Website, app, or service. If you have reason to believe that we may have accidentally received personal information from an individual under age 18, please contact us immediately at 1-855-456-SOFI (7634).
We do not knowingly collect, sell, or share the personal information of children under the age of 16.
You may have additional choices if you are from California and Nevada. Please see below if you are a resident of those areas.
We want you to be aware of the choices you have in limiting the sharing of your personal information.
Direct Mail Opt-Out
To opt out of SoFi’s marketing and advertising campaigns conducted via direct/postal mail, please make your request at https://www.sofi.com/optout/.
Access or Update Your Information (Registered Users)
If you have registered for an account with us through the SoFi.com Website, you may review and update certain account information by logging into your account. To update your profile, visit “My Profile” after logging into your account. This section of the site is password protected to safeguard your information. As a registered user, you can update your password, physical address, phone numbers, education, and employment information at any time on the Website. If you need to change any other information in your profile, please contact our customer service hotline at 1-855-456-SOFI (7634).
Correcting Information Maintained by the National Credit Reporting Agencies
Credit reporting agencies maintain Information related to your creditworthiness. If you find that there is an error or want to dispute the information found in your credit report, please contact the national credit reporting agencies.
Advertising choices You can limit use of your information for interest-based advertising by:
Unlinking or disconnecting connected accounts.
You can remove links to external institutions by using the External Account Linking Hub within the SoFi app.
Mobile settings.
Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes. You will need to apply these opt-out settings on each device from which you wish to opt-out.
Do Not Track
Certain Internet browsers can be configured to send “Do Not Track” signals to the online services that you visit. If your browser is set to “Do Not Track” or “Send a Do Not Track Request,” we interpret this as a valid request to not sell or share the personal information for that browser or device.
Read our treatment of the Global Privacy Control.
Communication Preferences
SoFi registered users can manage their communication preferences via the “My Profile” section of the site after logging into their account.
Affiliate and Non-Affiliate Data Sharing Preferences
SoFi registered users can manage their “Optional Data Sharing Preferences” via the “My Profile” section of the site after logging into their account. This is a limited right and only applies in certain cases. Review our U.S. Consumer (GLBA) Privacy Notice to learn when the right applies.
Cookie Options
Visit the “Cookies and similar technologies” section to learn how to how opt of cookies.
Other Privacy Choices
Browse to the California Privacy Rights section to view other rights that may be available to you and the method to exercise them.
Declining to provide information
We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
SoFi maintains a process to respond to your concerns regarding violations of this Privacy Policy. If you believe that we have not complied with this policy or have questions regarding your privacy with us, please call us at 1-855-456-SOFI (7634). If you are reporting non-compliance with this Privacy Policy, please describe the issue in as much detail as possible without disclosing any sensitive information about you or third parties.
This section applies solely to residents of California and their personal information that is subject to the California Consumer Privacy Act (CCPA). The CCPA allows exceptions for, therefore, does not apply to the following:
-Publicly available information made lawfully available from government records.
-Information that is deidentified, meaning that the information is rendered so that it cannot reasonably be used to infer information about or link to a specific person.
-Information subject to other laws, such as the following:
California residents have the right to
-know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of personal information the business has collected about you;
-request the deletion of certain personal information collected by us;
-correct inaccurate personal information;
-know/access or receive a disclosure of your personal information;
-know what personal information is sold or shared and to whom;
-opt-out of the sale or sharing of your personal information;
-in certain cases, limit the use and disclosure of sensitive personal information; and
– no retaliation for opting out or exercising any other rights, including an employee’s right not to be retaliated against for the exercise of their CCPA rights.
How to Exercise Your Rights to Know (Access), Delete, or Correct Your Personal Information
We must verify your identity before processing most requests, which may require you to provide additional information. You may submit a request by using our self-service Privacy Request Form or by calling us at 1-855-456-SOFI (7634).
We strive to honor requests within forty-five (45) days of receipt. In certain instances, we may not be able to honor your request, such as when an exception applies or when we cannot verify your identity. We will notify you if we are unable to process your request within that time or at all and provide you an explanation.
How to Exercise Your Right to Opt Out of the Selling/Sharing of Personal Information
Registered users
SoFi.com registered users may opt out of the sale/sharing of their personal information for cross-contextual behavioral advertising by logging into their account and toggling the button under the “Personal Information Privacy Preferences” section to “No, Don’t Allow Sharing.”
Unregistered visitors or Logged out SoFi.com Users
Click here or browse to the “Privacy Choices” link at the bottom of all SoFi webpages to choose your preferences.
LanternCredit.com visitors
Click here or browse to the “Privacy Choices” link at the bottom of all SoFi webpages to choose your preference.
How to Exercise Your Right to Limit the Use of Sensitive Personal Information at SoFi.com
Click here or browse to the “Privacy Choices” link at the bottom of all SoFi webpages to choose your preference.
How to Exercise Your Right to Limit the Use of Sensitive Personal Information at Lanterncredit.com
Click here or the Browser to the “Privacy Choices” link at the bottom of all SoFi webpages. to choose your preference.
Submitting Requests on Another’s Behalf/Authorized Agents
You can designate an authorized agent to submit a request on your behalf by calling us at 1-855-456-SOFI (7634). If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent written permission to do so and to verify your own identity directly with us.
Opt-Out preference signal (Valid request to not sell/share personal information)
SoFi processes browser opt out/do not track signals in a frictionless manner. If your browser is set to “Do Not Track” or “Send a Do Not Track Request,” we interpret this as a valid request to not sell or share the personal information for that browser or device in compliance with applicable laws.
Global Privacy Control
SoFi recognizes the Global Privacy Control (GPC), which is a setting that allows you to communicate your privacy preferences to websites and online services that you visit. When we detect a GPC signal from a browser, we interpret this as a valid request to not sell or share the personal information for that browser or device in compliance with applicable laws. Please visit the Global Privacy Control website to learn more about the setting and how to enable it on your browser.
Senate Bill No. 220 (May 29, 2019) amends Chapter 603A of the Nevada Revised Statutes to permit a Nevada consumer to direct an operator of an Internet Website or online service to refrain from making any sale of any covered information the operator has collected or will collect about that consumer. You may submit a request pursuant to this directive by calling us at 1-855-456-SOFI (7634).
We will provide further information about how we verify the authenticity of the request and your identity.
Phone – If you have any questions about SoFi’s privacy practices, please call us at 1-855-456-SOFI (7634).
Web – You may exercise your privacy rights by submitting a request in this form.