Thank you for choosing to learn more about the privacy policies of Cardlytics.  Cardlytics knows that you care about how your personal information is used and shared.  Privacy is not just a priority for Cardlytics, but an essential part of our business model.

Through the links on this page, you can learn more about the privacy policies related to information that Cardlytics collects directly as well as information that our financial institution clients collect.

This privacy policy specifically relates to Cardlytics’ operations in the United States.


Through our website (, or the “Website”), we collect information you choose to provide us, as well as information that is automatically collected, in order to enhance our website, our products, and our services.

A) Information You Choose To Provide Us Through The Website

Cardlytics offers visitors to the Website the opportunity to reach out to us in various ways, including the opportunity to contact us with questions or comments, to request information from us about our business, or to send us an application in connection with various job postings.  In connection with these opportunities, you may provide – and we will therefore necessarily collect – certain personally identifiable information (“PII”) regarding you, such as, without limitation, your name, mailing address, email address, or phone number.  You may also choose to provide us certain non-personally identifiable information (“non-PII”), such as web page comments, when you contact us through the Website, and we will also collect that information.

We will use the information you choose to provide us through the Website for legitimate business purposes, such as responding to your questions or comments, providing you with the requested information, or contacting you about the relevant employment opportunity.  As a general matter, we will not disclose any PII you provide us through the Website to any third parties.  However, we reserve the right to do so when necessary or required by the circumstances, such as (i) to protect or defend the legal rights of Cardlytics; (ii) to protect against fraud or for risk management purposes; (iii) to comply with applicable law or respond to legal process; or (iv) if Cardlytics undergoes bankruptcy or dissolution.  Additionally, if Cardlytics sells, merges, or transfers all or part of its business or assets, we may transfer the information you provided us through the Website to the parties involved in that transaction.

The Website is hosted in the United States and is not directed towards individuals under the age of thirteen (13).   Cardlytics does not knowingly or intentionally collect PII from individuals under thirteen (13) years of age.

B) Information We Automatically Collect Through The Website

When you visit the Website, we automatically collect certain information, including information related to the device you used to access the Website (such as the IP address and type of device), the URL that referred you to the Website or the search terms that led you to the Website, the date and time of your visit, your behavior on the Website (e.g., paths you take through the Website), and your geographic location information.  In connection with this collection, we may use analytics services to help us track the efficacy of the Website.

We automatically collect information through cookies. Cookies are small text files stored by your browser on your computer, phone, tablet, or other device you used to access the Website. Cookies allow us to identify visitors, track aggregate behavior, and enable certain Website features. We also automatically collect certain information through web beacons, which can recognize certain types of information on your computer, such as a cookie number, time and date of a page view, and a description of the page where the web beacon is placed.

We may allow third parties to collect the anonymous and non-PII data received from cookies and web beacons on our behalf, and to retain and use this data themselves. In addition, we may share this anonymous and non-PII data with other third parties. To protect your privacy, we do not use cookies or web beacons to store or transmit any PII about you. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify settings on all major browsers to decline cookies if you prefer. You may also render some web beacons unusable by rejecting their associated cookies.

C) Links to External Websites

The Website contains links to third-party websites.  We have no influence on the privacy practices or policies of any external websites.  As a result, Cardlytics is not responsible for the privacy practices of websites operated by third parties.  Once you leave the Website via such a link, we encourage you to read the applicable privacy policy of any third party site to determine, among other things, how they handle any PII they collect from you.


The power of Cardlytics is driven by its relationships with financial institutions.  Cardlytics’ financial institution clients utilize Cardlytics’ services so that they can provide their customers with targeted, relevant offers or advertisements inside the banking platform.  Additionally, Cardlytics may use deidentified spend data to determine the efficacy of advertisements both inside and outside the banking platform as well as craft other spend-based insights. Cardlytics’ financial institution clients include some of the biggest and best names in banking.  Your financial institution might be one of Cardlytics’ clients.

Cardlytics does not receive, or have access to, any PII from its financial institution clients.  As such, we cannot and will not share individual or PII-based transaction data with third parties, including our advertising partners.

Your financial institution’s privacy policy governs its privacy and data sharing practices.  If you are interested to learn more about your financial institution’s privacy and data sharing practices, we encourage you to contact your financial institution or examine its relevant policies.


If you are currently participating in and want to opt out of a Cardlytics card-linked marketing program, you can do so through your financial institution. Every financial institution’s opt-out feature will be slightly different. Cardlytics encourages you to contact your financial institution, or visit your financial institution’s website, for more details.


In connection with your selection or redemption of an offer through the online banking website or mobile application of one of our financial institution clients, you may be presented with the opportunity to post about your selection or redemption of an offer, or overall participation in our program, via your social media account, such as Facebook or Twitter. A social media post will only be made at your specific direction and with your express consent. Cardlytics does not collect any PII, such as your social media username or password, your email address, or your name, in connection with any such social media posting.  Cardlytics only collects non-PII information regarding the posting, such as the time of the posting, the social media channel used, the post ID, the analytics related to the posting, and the de-identified Cardlytics ID associated with the posting, for the purposes of providing you with a monetary reward in connection with the posting, if applicable, and for Cardlytics’ internal analyses.


The security of Cardlytics’ data is critical to our business mission.  Cardlytics uses commercially reasonable administrative, technical, personnel, and physical security measures that comply with federal regulations to safeguard all of our data, including without limitation any PII in our possession, against loss, theft, or unauthorized use, disclosure, or modification.

We also regularly conduct risk assessments and audits on our information systems. These security measures help us continually assess our ability to maintain the security of our data. We also maintain strict physical security for our facilities and limit access to critical areas of our business.


We may change Cardlytics’ privacy policies from time to time. We will post any changes on the Website.   We encourage you to periodically review the privacy policies for the latest information on our privacy practices.

Cardlytics’ privacy policies were last updated on January 19, 2017.


If you have any questions regarding Cardlytics’ privacy policies, please contact us by email at, or by mail to Cardlytics, Inc., Attn: Legal Department, 675 Ponce de Leon Avenue, Suite 6000, Atlanta, GA 30308.


Report corruption, fraud, and other misconduct via the Cardlytics Anti-Corruption Hotline by phone (678-891-0940) or email (


  1. Under what circumstances will Cardlytics’ financial institution clients give my personally identifiable information to Cardlytics?

    Cardlytics’ financial institution partners do not provide personally identifiable information about their clients to Cardlytics under any circumstances.  Cardlytics only receives transaction data associated with customer identification numbers, which we refer to as “Cardlytics IDs,” that are randomly assigned to financial institutions’ customers and stored by the financial institutions.  Cardlytics does not receive information such as names, addresses, phone numbers, email addresses, bank account numbers, credit or debit card numbers, or social security numbers.

  2. Does Cardlytics give my financial information to its advertisers?

    No.  Cardlytics only provides aggregated information to its advertisers.

  3. How can I opt out of the Cardlytics program?

    Please see the “Opting Out of a Cardlytics Program” section of this policy.

  4. Why does Cardlytics collect de-identified financial transaction data?

    Cardlytics believes that individuals’ spending history is an excellent indicator of future spending habits and inclinations.  By being able to target advertisements or offers based on individuals’ spending history, Cardlytics is able to provide targeted, relevant, and meaningful advertisements and offers, and put its advertisers’ brands in front of the most receptive audience.  This benefits you, our financial institution clients, and our advertisers.

  5. What information does Cardlytics use?

    Cardlytics utilizes aggregated, de-identified transaction data to provide relevant, meaningful advertising campaigns and measure the efficacy of advertising campaigns.  Cardlytics does not receive any PII from its financial institution clients.