Marqeta Website Privacy Notice

Effective: December 2022
Last updated: May 27, 2025
Marqeta, Inc. and its subsidiaries and affiliates (collectively, “Marqeta”, “we”, “our”, or “us”) are committed to protecting your personal data and privacy rights. This Privacy Notice (or “Notice”) describes how we collect, use, and share your personal data when you use our Services (defined below). We seek to clearly explain to you what personal data we collect, how we use it and what rights you have in relation to it, and we hope you take the time to read through this Notice carefully.
 
To see our California Privacy Notice, please click this link or scroll down. 
 
A downloadable version of this Notice can be found here
 

Scope

 
For purposes of this Notice, our Services (“Services”) include any access, use, interaction, or engagement you have with Marqeta via our websites, online features, social media platforms, developer community, and sandbox environments. 
 
This Privacy Notice applies only to Marqeta Services that display or reference this Notice. It does not apply to any Marqeta websites, tools or platforms that display or reference a different privacy notice. For example, if you apply for a job with Marqeta, the personal data provided in your job application will be treated in accordance with our Applicant Privacy Notice (provided in the application flow) and not this Notice. This Notice will also not apply to personal data Marqeta processes as part of its issuer payment processing and card program management products and services (“Payments Services”).  
 
We may also provide you with supplemental privacy notices in connection with the provision of certain Services and for individuals located in specific jurisdictions. A number of these supplemental notices can be found below and are intended to supplement the generally applicable sections of this Privacy Notice. These supplemental notices describe our data collection, use, and sharing practices as to the specific processing scenarios, and in some cases may differ from the terms of this Notice. In the event of any conflict with this Notice, supplemental privacy notices will govern the specific activities to which they apply, unless we state otherwise in the supplemental notice.
 
Supplemental notices:
  • Canada
  • United States (California)
  • United States (Other US states)
  • EEA/UK
 
By using our Services you acknowledge that you have read and understand this Notice. Marqeta may amend this Notice in line with the “Changes to this Privacy Notice” section below.

Personal Data We Collect


Below we describe the categories of personal data Marqeta may collect depending on the context of our interaction(s) with you. These categories include information you provide directly to us, information created or collected during your use of the Services (which may be collected automatically), inferences we make about you when you communicate with us or use the Services, and information we obtain from other sources, such as third-party service providers and public databases.
 

Categories of Personal Data We Collect

How the Personal Data is collected 

Communications Data/ User Content

Personal data you provide when you communicate with us, including by phone call, chat, email, “contact us” forms, or social media.  This may include your feedback, photographs, or recordings.

Contact details

Personal and business contact information, such as your name, telephone number, job title, department, email address, office location or postal address, and language preference.

Device Information

Information collected automatically about your computer or device through your web browser and other technologies, such as cookies, web beacons, or other tracking/recording tools, such as your IP address, device type, unique device identification numbers, or browser type.

Location Information

Information about your geographic location (country or city-level) inferred from your device data, such as an IP address.

Inferences

Information about your preferences and interests that we infer from your personal data and your use of our Services, such as the topics you would like to learn more about.

Publicly Available Information

Information obtained from public sources and databases, such as your current place of employment.

Usage Information

Information about how your device has interacted with our website and products, including the pages and products accessed and links you clicked on. We also collect certain information automatically when you use our Services, such as Internet page views, time spent on a page, “click stream” data, location information, and other technical usage information. 

User Credentials

Information you provide to us when you create a profile, such as a user ID, email address, name, password, authentication, and profile information.


Certain personal data may be collected or obtained from third-party sources, such as marketing vendors, social media sources, participation in industry conferences and events, and other sources to the extent permitted by applicable law, including: 1) data providers and aggregators from whom we obtain personal data to supplement the information we collect; 2) third-party applications and services, including social networks you choose to connect with or interact with through our Services; 3) partners with whom we offer co-branded services or engage in joint marketing activities; 4) third parties that collect or provide information in connection with work they do on our behalf; and 5) public sources of information, such as social networking websites. 

Like many companies, we may collect environmental variables, including the domain from which you access our Services, the time you accessed our Services, the type of web browsers and operating system or platform used, the Internet address of the website you left to visit our Services, the names of the web pages you visit, the Internet address of the website you visit next, and your browser settings (e.g., language preference). We and our third-party service providers may monitor visits to our Services and sessions of users; this monitoring may log the details of your visits to our Services and information generated in the course of using our Services, such as clicks, page visits, text entered, how long you spent on a page, and other details of your visits to or actions on our Services. We use these technologies to collect and retain usage data for the purposes described in this Notice, including for marketing and security purposes and to improve your experience with our Services. We may also disclose any of the data collected by these technologies to third parties for our business purposes.
 

How We Use Personal Data


We use the personal data we collect for the purposes described in this Notice or as otherwise disclosed to you in a supplemental notice. For example, we may use any of the above categories of information to:
 
  • Provide the Services to you, including to create and manage an account for you
  • Verify your identity
  • Maintain, improve and enhance the delivery of our Services
  • Improve our websites, including to better understand website visitors and the users of our Services, including where they come from and what content is of interest
  • Provide information related to our Payments Services, new products, software updates, upgrades, and system enhancements
  • Market and advertise our Payments Services (including via digital advertising) across different forums, including sending you informational and marketing materials and promotions, where permitted by applicable law or with your consent 
  • Obtain your feedback
  • Respond to correspondence and inquiries
  • Provide support and customer service
  • Run contests, sweepstakes or other promotional activities, where permitted by applicable law
  • Personalize your website or online experience as part of the Services
  • Monitor and enforce compliance with our policies, applicable laws and regulations, and contractual terms
 

Information Sharing and Disclosure


We may disclose your personal data to the following categories of recipients:
 
  • Affiliates and subsidiaries: We may provide your personal data to our global affiliates and subsidiaries. We share information with our affiliates and subsidiaries so they can help us deliver our Services or conduct data processing on our behalf. 
 
  • Third-Party Service Providers: We may provide your personal data to our third-party service providers (including but not limited to IT service providers, identity verification and fraud prevention providers and data analytics providers) who perform certain functions for us and will process your personal data on our behalf. 
 
  • Parties in a Corporate Transaction or Proceeding: We may share personal data with actual or prospective parties to an actual or potential corporate transaction or proceeding, including their representatives and other relevant participants in or during negotiations of any sale, merger, acquisition, restructuring, bankruptcy, dissolution, or a change in control, divestiture, or sale involving all or a portion of Marqeta’s business or assets.
 
We may also access, transfer, use, disclose, and preserve personal data when we believe that doing so is necessary to:
 
  • Comply with applicable law or respond to valid legal process, including from law enforcement, supervisory or regulatory authorities, or other government agencies
  • Protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone
  • Operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks, or
  • Protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.
 
For information about the safeguarding measures we implement when sharing personal data with entities outside of regions where you may reside, please see the “International Transfers” section below as well as any applicable supplemental notices.
  

Information Retention

 
We retain personal data for as long as necessary to provide the Services and fulfill the transactions you have requested, comply with our legal and regulatory obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different types of information and the different Services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the information, the availability of automated controls that enable users to delete information, and our legal or contractual obligations.
 
A number of retention periods have been specified in our records retention policy and schedules or are otherwise determined based on the criteria above. In other cases, personal data will be retained for the duration of a specific service, such as where you sign up to be part of our developer community. Additional retention periods are set out within our records retention policy and schedule. Please note that any specified retention periods may be reduced or extended in certain cases, for example, where we are required to remove personal data prior to the expiration date pursuant to a deletion request or where the information is subject to a legal claim or proceeding and we need to retain personal data for a longer period. Following the expiration of the retention periods or when the personal data is no longer needed, we will take steps to either delete or de-identify the personal data. 
 
If you wish to receive further information about the period of time for which we retain your personal data, please contact privacy@marqeta.com. 
 

Information Security


We implement reasonable and appropriate technical, physical and organizational security measures to protect the personal data that we collect and process about you. Despite these measures, we cannot guarantee that the collection and ongoing processing of your personal data in connection with Services described in this Notice will be completely secure. 
 
To help us protect personal data, we request that you use a strong password with our Services and never share your password with anyone or use the same password with other sites or accounts.

International Transfers


As we operate a global business, your personal data may be transferred to, and processed in, countries other than the country in which you are a resident or where it was collected. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). We take steps designed to ensure that the personal data we collect under this Notice is processed and protected according to the provisions of this Notice and applicable law wherever the information is located.
 
Residents of the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland should note that we may also transfer personal data from these jurisdictions and countries to other countries, some of which have not been determined by the European Commission or relevant authority to have an adequate level of data protection. This includes transfers to the United States. We also transfer personal data between the EEA and the UK as part of our business operations. These transfers may be covered via an existing adequacy mechanism, but we also use a variety of mechanisms and protections, including standard contractual clauses and data processing agreements, to help ensure your rights and protections. Additional information on international data transfers and the data transfer mechanisms we rely on is available upon request by contacting us at privacy@marqeta.com
 
EU-U.S., the UK Extension and Swiss-U.S. Data Privacy Frameworks
 
For the purposes of transfers to the United States, Marqeta participates in and complies with the EU-U.S. Data Privacy Framework, the UK Extension of the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework (referred to generally as the “DPFs”) as set forth by the U.S. Department of Commerce in relation to the processing of personal data sent from the EEA, the UK and Switzerland to the U.S.
 
Pursuant to its certification, Marqeta has committed to adhere to the respective DPF Principles for the EU, the UK and Switzerland in line with the corresponding frameworks. For more information, please see our Data Privacy Framework Notice. In the event of any conflict between this Notice and the Data Privacy Framework Notice, the Data Privacy Framework Notice  shall govern. 
 

Your Rights and Choices


As part of the Services described in this Notice, we recognize that you may have a right or need to update and manage your personal data. This also includes the ability to manage how we communicate with you, as part of the Services or for marketing purposes (as permitted under the applicable law or where we have your consent). 
 
Managing Your Personal Data and How We Communicate With You
 
For certain Services associated with this Notice, you have the ability to directly manage your personal data. We ask that you take steps to ensure that your personal data is accurate, complete and up to date. If you are unable to update your information directly, please contact us directly through the channels within the Contact Us section of this Notice. 
 
We may also communicate with you directly as part of the Services. This includes communications sent to you for Services that you have requested. In certain cases, depending on the nature of the relationship and what Services you are using or have requested, we may send you marketing and other promotional communications for products or services that we think you might be interested in.  You can opt out of or unsubscribe from these communications within the message itself or by updating your communication preferences (e.g., preferences in an account or through your device). If you are unable to opt out, please contact us at privacy@marqeta.com. In certain cases, depending on the nature of your relationship with Marqeta, you may still receive non-marketing communications after opting out. For individuals outside the US, we will not send you direct marketing unless you expressly opt in or as otherwise permitted under the applicable law. 
 
Other Rights
 
Depending on your state or country of residence, you may have additional rights, including but not limited to the: 
  • Right of access. You may have the right to request copies of the personal data that we hold about you and to receive information from us about how your information is used.
  • Right of erasure. In certain circumstances, you may have the right to require us (or any parties with whom we have shared your information) to delete the personal data that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected). 
  • Right to object to or opt-out of processing. You may have the right to request that Marqeta stop processing your personal data or that we restrict processing of your personal data in certain circumstances. For example, you may receive marketing email communications from us. If you would like to stop receiving these communications, you can update your preferences by using the “Unsubscribe” link found in those emails.
  • Right of portability. You may have a right to obtain and reuse your personal data for your own purposes or across different services, including so that you can provide or “port” that information to another provider.
  • Right to correction. You may have the right to require us to correct any inaccurate or incomplete personal data.
 
Additional information on these rights (including how to exercise them) can be found in the applicable supplemental notices. 
 
Please refer to the Contact Us section below to contact us if you would like any additional information pertaining to your rights and choices or how to exercise your rights.  Marqeta does not discriminate against individuals who exercise their rights under applicable laws and regulations.
 
When contacting us about a rights request, please identify yourself and describe your request in sufficient detail to enable us to properly understand, evaluate, and respond to it. We will consider all requests and provide our response within a reasonable period in accordance with applicable laws. Please note that we cannot respond to your request or provide you with personal data if we cannot verify your identity or your authority to make the request or confirm the personal data we hold relates to you. To verify your identity, we will seek to match the information you provide when you submit your request to any personal data we already maintain, and we may ask you to provide additional verification information in order to assist you with your request. 
 
We may decline to process certain requests, including requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or conflict with our legal obligations. If we decline your request, we will notify you of the rationale for declining. In some jurisdictions, you may have the right to appeal any denial of a rights request, subject to applicable laws. 

Third-Party Websites and Services


Marqeta Services may provide links to (or may be linked from) websites and apps run by other companies or other third-party properties, none of which are governed by this Notice. This Notice does not apply to any third-party website, app, or online product, service, feature, or businesses you may access from the Services or elect to use. Marqeta is not responsible for third-party content or information practices. We strongly encourage you to review the privacy notices of those third-party properties carefully.

Cookies and Related Technologies


We use cookies and related technologies as part of our Services described in this Notice. For more information on our cookies and similar identification technologies and how they apply to our Services, please see our Cookies and Related Technologies Notice.
 
Do Not Track
Some web browsers may have a “Do Not Track” preference that transmits a “Do Not Track” header to the websites you visit with information indicating that you do not want your activity to be tracked. Outside of certain opt-out preference settings within the browser used to access our websites such as Global Privacy Control noted in the state-specific addendums, we do not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed. 

Children


The Services described in this Notice are not targeted at or directed at children under the age of 16 and we do not intend to, or knowingly collect, the personal data from these individuals. If you have reason to believe a child under the age of 16 has provided personal data to us, please have the child’s parent or guardian contact us via the details in the “Contact Us” section to request the removal of that information. If we ever learn that personal data of a child under the age of 16 has been collected, we will promptly delete that information.

Changes to this Privacy Notice


Changes to this Notice may be made periodically to reflect changes to our information handling practices or relevant laws. If the changes we make are material, we will provide you with prior notice and/or obtain consent regarding such changes in accordance with applicable laws. If the changes we make are not material, this Notice will be updated by posting an updated version on our website. You can tell when this Notice was last updated by looking at the date at the top of the Notice.

An archived version of our previous Notice can be found here

Contact Us

If you have any inquiries about our collection, use, or storage of your personal data, or if you wish to exercise any of your rights in relation to your personal data, you can reach us at:
  • Post:
    • Marqeta, Inc.
    • Attention: Legal – Privacy
    • 180 Grand Ave., 6th Floor, Oakland, CA 94612, USA
  • Phone: (877) 962-7738 

Canada



Supplemental Privacy Notice for Residents of Canada

 
Effective: May 27, 2025
 
  1. Introduction 
 
This supplemental notice is intended for residents of Canada or individuals that are covered by any applicable federal or provincial privacy laws or regulations, including but not limited to the Personal Information Protection and Electronic Documents Act (“PIPEDA”), Quebec’s Act Respecting the Protection of Personal Information in the Private Sector, British Columbia’s Personal Information Protection Act and Alberta’s Personal Information Protection Act. Defined terms shall refer to terms defined under the applicable legislation or as defined in the generally applicable section of the Notice found above.  
 
  1. Individual Rights
 
As an in-scope individual, you have a number of rights available to manage your personal data. The specific rights will depend on your specific location, but these rights include a:
 
  • Right of access to your personal data 
  • Right to request information about  how we process your personal data (including how your information has been or is being used, as well as information pertaining to parties it has been disclosed to)
  • Right of correction/rectification to update personal data we hold about you that is inaccurate, incomplete or unclear and the right to request deletion of personal data that is obsolete or no longer necessary to fulfill the purpose for which it was collected
  • Right of suppression and restriction around the ability to limit how we process your personal data 
  • Right of erasure and the ability to remove your personal data 
  • Right of portability and the ability to produce a portable record of your personal data we store 
  • Right to withdraw your consent to our continued processing of your personal data
You may exercise these rights by submitting your request to privacy@marqeta.com or by contacting us through the channels in the “Contact us” section in the main body of the Notice.  We will not charge you any fees to exercise these rights without first providing you with an estimate of the approximate fees, if any.

All requests will be reviewed and assessed based on the applicable law and your relationship with us. Note that in certain cases, we may refuse to act or limit the processing as permitted by the applicable law.

As part of the submission, we will request personal data in order to verify your identity. To the extent we are unable to fulfill a request, we will provide you with an explanation and any additional steps that might be available to you. 

  1. Notice and Consent 
 
We will provide you with notice and a description of our personal data processing practices as part of the Services (which includes this Notice). We collect, use, and disclose your personal data with your consent or as permitted or required by law. How we obtain your consent, including whether it is express or implied, will depend on the circumstances and the sensitivity of the personal data in question.
 
Subject to any limitations under the applicable law or pursuant to any agreements, you have the right to withdraw your consent. Withdrawing your consent may have implications for the specific Services that we are able to provide. 
 
  1. International Transfers
 
As described in the main body of the Notice, we may transfer, process and store your personal data in a province or country outside of your province or country of residence, including but not limited to the United States, where different laws may apply. Those laws may require disclosure of your personal data to authorities in that jurisdiction.  We do impose contractual safeguards around the transfer of your personal data to third parties as well as other general safeguards. By using our Services, you consent to the transfer of your personal data in this manner. 
 
Please review the “Internal Transfer” section in the main body of this Notice for additional information. For more information about our policies and practices regarding international transfers of personal data, including to obtain a list of countries where we process personal data, please contact us at privacy@marqeta.com
 
  1. Complaints 
You have the right to file a complaint to the extent you believe your privacy rights have not been respected. Complaints can be directed to our Assistant General Counsel, Privacy through the channels below.
  • Post:
    • Marqeta, Inc.
    • Attention: Assistant General Counsel, Privacy
    • Grand Ave., 6th Floor, Oakland, CA 94612, USA
  • Phone: (877) 962-7738
If you are not satisfied following our review of your complaint and any measures taken in response to it, you may have the right to make a complaint to the
Privacy Commissioner of Canada or the applicable provincial privacy commissioner.

United States 

 
A. California 
 
Supplemental Privacy Notice for California Residents 
 
Effective: May 27, 2025

 
1. Introduction 
 
This supplemental notice is intended for residents of California that qualify as a “consumer” as required by the California Consumer Privacy Act of 2018 (including as amended)(“CCPA”). This Notice describes how we collect, process and manage personal information (as defined by the CCPA) within the scope of the CCPA. Defined terms shall refer to terms defined under the CCPA or as defined in the generally applicable section of the Notice found above.  
 
2. CCPA Personal Information Summary 
 
The information table below summarizes (a) the categories of personal information collected by Marqeta in the past 12 months, (b) the sources of that information, (c) how we use that information and (d) disclosures made for business purposes (including to third parties) in the past 12 months.  
 

Category of personal data

Collected? 

Examples of personal data collected*

Categories of sources

Commercial or business purpose

How we disclose your personal data

Identifiers 

Yes

Name, email, IP address

Provided directly to Marqeta

Collected automatically

Provided by our service providers and partners

To provide, maintain and improve our Services 

For internal operational purposes

To personalize your experience

To advertise and market to you

To communicate with you

For legal, compliance and security purposes 

With our service providers

With our partners

With legal or other regulatory authorities

California Customer Records (Cal. Civ. Code § 1798.80(e))

Yes

Name, email, country of location (US, UK)

Provided directly to Marqeta

Collected automatically

Provided by our service providers and partners

To provide, maintain and improve our Services 

For internal operational purposes

To advertise and market to you

To communicate with you

For legal, compliance and security purposes

With our service providers

With our partners

With legal or other regulatory authorities

Protected Classification Characteristics

No

n/a

n/a

n/a

n/a

Commercial Information

Yes

Business or company name and records of purchased services

Provided directly to Marqeta

Provided by our service providers and partners

To provide, maintain and improve our Services 

For internal operational purposes

To advertise and market to you

With our service providers

With legal or other regulatory authorities

Biometric Information 

No

n/a

n/a

n/a

n/a

Internet/Network Information

Yes

Website browsing activity and interactions 

Provided directly to Marqeta

Collected automatically

Provided by our service providers and partners

Website visibility

With our service providers

Geolocation Data

Yes

IP Address, country of location (US, UK)

Provided directly to Marqeta

Collected automatically

To provide, maintain and improve our Services 

To personalize your experience

To advertise and market to you

For legal, compliance and security purposes 

With our service providers

Sensory Information 

No

n/a

n/a

n/a

n/a

Profession/Employment Information 

No

n/a

n/a

n/a

n/a

Non-Public Education Information (20 U.S.C. § 1232g, 34 C.F.R. Part 99)

No

n/a

n/a

n/a

n/a

Inferences 

Yes

Preferences and behaviors as part of the website services

Provided directly to Marqeta

Collected automatically

To provide, maintain and improve our Services 

For internal operational purposes

To personalize your experience

To advertise and market to you

With our service providers

 
Note that additional detail on our personal information practices can also be found in the generally applicable sections of the Notice above. 
 
3. Categories of Personal Information Sold or Shared
 
Marqeta may disclose personal information obtained from an individual's interactions with our websites to our social media, advertising and analytics providers for the purposes of displaying advertisements and delivering targeted advertising on our websites and potentially across other businesses or third party websites, for data, analytics and for content personalization features. These disclosures may qualify as “sales” or “sharing” of personal information for valuable consideration or cross-context behavioral advertising.
 
The categories of personal information we may disclose for these purposes include:
 
  • Identifiers
  • Internet/Network information
  • Inferences
      
Marqeta does not disclose personal information of individuals we know to be under the age of 16 to businesses or third parties for monetary or other valuable consideration as a “sale” of personal information or for cross-context behavioral advertising.
 
For information on how to exercise your right to opt out of the “sale” or “sharing” of personal information, please see Section 4 of this California Notice below. 

 
4. Rights available to consumers and how to invoke those rights 
 
Available rights 
 
Residents of California have the right to exercise the rights described below.
 
  • The right to know what personal information we have collected about you as well as how it is used and shared
  • The right to delete personal information we have collected from you
  • The right to opt out of the sale or sharing of personal information 
  • The right to correct inaccurate personal information held by us
  • The right to non-discrimination for the exercise of any of the rights above 

All rights above are subject to any conditions, exceptions or limitations provided under and available to us under the CCPA. Accordingly, we may refuse to act or impose limitations on your invocation of any of the available rights. The exercise of the rights above may also limit our ability to provide you with the Services under this Notice.

How to invoke your rights

You can invoke your rights by contacting us through any of the channels below. 
  • Post:
    • Marqeta, Inc.
    •   Attention: Assistant General Counsel, Privacy
    • Grand Ave., 6th Floor, Oakland, CA 94612, USA
  • Phone: (877) 323-4376
 
Once a request has been submitted, we may ask for additional information, including your email or phone number,  to verify your identity as well as information needed to process or understand your request. This information will only be used to fulfill your request and for compliance-related tracking purposes. These requests can also be submitted to us via an authorized agent in accordance with the requirements under the CCPA. In these cases, we will take steps to verify that the agent is authorized to act on your behalf. Typically, we require a valid power of attorney or a signed letter with your information that includes a statement of authorization for the request. We may still reach out to you in order to verify the agent’s authority to act as well as for identification purposes. 

Opting out of the Sale or Sharing of Personal Information

Marqeta provides individuals with the ability to opt out of the sale or sharing of their personal information in a frictionless manner in accordance with the CCPA. If we receive and are able to process a signal from your device indicating your preference to opt out from sales or sharing of personal information, as defined by law, then we will apply that preference to personal information we collect from that device, provided that we may not be able to associate the signal to the same device if:
  • you use a different web browser or other tool to interact with us,
  • you make changes to your browser (e.g., uninstall and reinstall or certain types of upgrades) that impact our ability to associate the device with the signal your device originally sent, or
  • you clear cookies or browsing data from your browser or device in a way that impacts our ability to associate the device with the signal your device originally sent.
Our websites currently recognize opt out preference signals that comply with the Global Privacy Control specification.  For more information about the Global Privacy Control, you can visit https://globalprivacycontrol.org.

 
5. Sensitive Personal Information
 
In limited cases, we may also process “sensitive personal information” as defined under the CCPA as part of the Services. A summary of this collection and whether the sensitive personal information is sold or shared (both as interpreted under the CCPA) has been provided below.  
 
 

Category of sensitive personal information 

How the sensitive personal information is used

Is the sensitive personal information sold?

Is the sensitive personal information shared?

Account login details + password/credentials

Developer (and related) accounts that individuals elect to create to access services on the websites.

No

No

 
We do not presently use or disclose the above categories of sensitive personal information to infer characteristics about consumers.
 
6. Accessibility 
 
If you are a user with a disability or are having difficulty with accessing or navigating aspects of this Notice, please contact us at privacy@marqeta.com for support. 
 
7. Retention
 
We retain each category of personal information as described in the “Information Retention” section above.
 
8. De-identified Information 
 
As part of our processing, we may use personal information to create de-identified information that can no longer reasonably be used to infer information about, or otherwise be linked to an individual or household. Any applicable de-identified information will remain in a de-identified form and we will not attempt to re-identify the individual or household unless required or permitted by applicable law.
 
9. Updates
 
We will update this Notice from time to time to reflect changes to our information handling practices or as required by the CCPA by posting an updated version on our website. If the changes we make are material, we will provide you with prior notice and/or obtain consent (where required by applicable law) regarding such changes. 
 
California “Shine the Light” disclosure

If you are a California resident that has an established relationship with us, you have a right to know how your information is disclosed to third parties for their direct marketing practices under California’s “Shine the Light” law (Civ. Code § 1798.83). You can contact us via the “Contact Us” section in the main body of the Notice to invoke these rights. 
 
B.    Other US States
 
Supplemental Privacy Notice for Residents of Other U.S. States 
 
Effective Date: May 27, 2025
 
1.    Introduction

This supplemental notice is intended for applicable U.S. residents that reside in states where a state-specific privacy law has been enacted (i.e., CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA) outside of California.  

2.    Individual Rights

Depending on your state of residence and the nature of your relationship with us, you may have a number of individual rights. These include a:
  • Right of access and the ability to request copies of the personal data that we hold about you and details on how your information is used
  • Right of deletion and the ability to direct that we (or any parties with whom we have shared your information) delete the personal data that we hold about you
  • Right to opt-out of processing, including in cases where (i) targeted advertising is occurring, (ii) where there is a sale of personal data and (iii) where certain instances of profiling (e.g., profiling in furtherance of decisions that produce legal or similarly significant effects) are occurring
  • Right of portability and the right to obtain and reuse your personal data for your own purposes or across different services, including so that you can provide or “port” that information to another provider
  • Right of correction and the ability to require us to correct any inaccurate or incomplete personal data
  • Right to request a list of third parties to which we have disclosed your personal data
   
How to invoke your rights

You can invoke your rights by contacting us through any of the channels below.

  • Post:
    • Marqeta, Inc.
    • Attention: Assistant General Counsel, Privacy
    • 180  Grand Ave., 6th Floor, Oakland, CA 94612, USA
  • Phone: (877) 323-4376

Once a request has been submitted, we may ask for additional information, including your email and phone number, to verify your identity as well as information needed to process or understand your request. This information will only be used to fulfill your request and for compliance-related tracking purposes. These requests can also be submitted to us via an authorized agent as applicable under the various US state legislation. In these cases, we will take steps to verify that the agent is authorized to act on your behalf. Typically, we require a valid power of attorney or a signed letter with your information that includes a statement of authorization for the request. We may still reach out to you in order to verify the agent’s authority to act as well as for identification purposes.

In certain states, you may have a right to appeal a decision where we refuse to act or impose limitations on your rights. In such cases, we will notify you within 45 days of receipt of the original request with an explanation and an overview of how you may appeal that decision.  All appeal requests should be submitted to privacy@marqeta.com with the subject line, “Privacy Request Appeal”.

3.    Opting out of sales of personal data and targeted advertising

Where we carry out practices that qualify as a “sale” of personal data or "targeted advertising” under applicable state laws, individuals can opt out of these practices by visiting the Digital Advertising Alliance website or the Network Advertising Initiative website or by selecting the Cookie Settings link and disabling cookies. We will also process opt-out requests submitted by an individual’s opt-out preference signal as required by applicable law. Our websites currently recognize opt out preference signals that comply with the Global Privacy Control specification. Please note that a Global Privacy Control-compliant signal will be specific to the device and browser you use when you opt out. For more information about Global Privacy Control signals, please visit https://globalprivacycontrol.org.  
 
  
European Economic Area (“EEA”) and the United Kingdom (“UK”)
Supplemental Privacy Notice for the EEA and UK
 
Effective: May 27, 2025
 
1. Introduction 

The provisions below supplement the generally applicable sections of the Notice above and apply where the General Data Protection Regulation (the “GDPR”), the UK’s GDPR and UK Data Protection Act 2018 (referred to generally as the “UK Data Protection Law”) and other local implementing legislation apply to the processing of personal data within the EEA and UK.



2. Basis for Processing Personal Data

When we process your personal data as a data controller part of the Services, we do so in line with the purposes and legal bases below. 

Purposes of processing

Legal basis

Providing the Services, including account creation and management and customer support services 

If you are a customer, this is necessary for the performance of the agreement 

If you do not have a contract with us, we have a legitimate interest to manage our business 

Improving our websites and related technologies to better understand our visitors

If consent is required (e.g., as a result of cookies and tracking technologies), with your consent

Otherwise, we have a legitimate interest to manage our business and pursue commercial interests

Communicating with you, including responding to inquiries, obtaining feedback or otherwise. 

If you are a customer, this is necessary for the performance of the agreement 

If you do not have a contract with us, we have a legitimate interest to manage our business

For contests, sweepstakes and other promotional activities 

Where required, with your consent and, alternatively, pursuant to our legitimate interests (commercial interests)

Marketing and advertising our Payments Services, including sending you marketing and promotions

Where required, with your consent and alternatively, pursuant to our legitimate interests (commercial interests) 

Enhancing our system and providing updates in relation to our Payments Services, new products, upgrades and services. 

Pursuant to our legitimate interests (commercial interests) where we have an interest in enhancing our business and Services

For compliance, legal and security-related purposes, including verifying your identity, securing our websites and Services as well as managing our compliance and legal obligations associated with our policies, the applicable law and contractual terms (including protecting our legal interests as deemed appropriate). 

Processing is necessary in order for us to manage compliance with applicable laws, regulations and other obligations.  

Where processing is not pursuant to a legal or compliance requirement, such processing is a result of a legitimate interest to protect and manage our business operations and interests.

 
Note that where we rely on a legitimate interest basis, we undertake a balancing test to ensure that our legitimate interests are not outweighed by your interests and fundamental rights. When we rely on consent as the basis for our processing, you can request to withdraw or partially revoke your consent any time by contacting us at privacy@marqeta.com or by following the instructions for revoking your consent contained within communications we send you. We honor such requests as required by applicable laws. 
 
Note that when we collect and process personal data on behalf of our customers or other parties to provide Payments Services, we are typically acting as a data processor and rely on our customer’s legal basis for processing.
 
If you have questions about or need further information concerning the legal basis we rely on to process your personal information, please contact us via email at privacy@marqeta.com.
 
3. International Transfers 
 
See the “International Transfer” section in the generally applicable portion of this Notice. 
 
4. Individual Rights 
 
As a resident of the EEA or the UK, you have additional rights in relation to how your personal data is processed. These include: 
 
  • A right of erasure to remove your data 
  • A right of access and the ability to obtain a copy of your personal data
  • A right of correction/rectification where your personal data is inaccurate or outdated
  • A right of portability and the ability to request a transfer of your personal data to another entity in a structured, commonly used and machine-readable format
  • Rights of restriction and objection around how your personal data is processed, including the right to object to direct marketing.
 
Where the legal basis for the processing is based on your consent, you also have a right of withdrawal and can revoke your consent at any time. Note that this will not impact any processing that has already occurred. 
 
All rights above are subject to the limitations under the applicable law. You may exercise these rights by submitting your request to privacy@marqeta.com or by contacting us through the channels in the “Contact us” section in the main body of the Notice. Note that in certain cases, we may refuse to act or limit the processing as permitted by the applicable law. Although such requests are free of charge, to the extent requests are found to be excessive or repetitive, we may impose a reasonable fee or refuse to act on the request. 
 
5. Data Controllers 
 
For the purposes of the Services and this supplemental notice, joint data controllers include:
 
  • Marqeta UK Ltd (Marqeta UK) 
  • Marqeta, Inc. (Marqeta US) 
  • Marqeta sp. z.o.o.(Marqeta Poland) 
 
In most instances, for the Services within the Notice, Marqeta US will be the primary controller although your personal data may also be processed by Marqeta UK and Marqeta Poland for the purposes of the Services (e.g., for lead generation purposes in the UK and the EEA respectively). Marqeta Poland and Marqeta UK each act as a controller under the respective EEA and UK laws.
 
Marqeta US is primarily responsible for ensuring that Marqeta is compliant with applicable legislation and our internal policies in the EEA and UK. Marqeta US is also entrusted with managing individual rights requests. 
 
Marqeta may use various processors in order to provide the Services (as detailed in the “Information Sharing and Disclosure” section above). 
  
6. Contact Information 
 
If you have a question or concerns around the processing of your personal data, we can be reached via the “Contact Us” section in the main body of the Notice.
  
7. Retention 
 
See the “Information Retention” section in the generally applicable portion of this Notice. 
 
8. Cookies and related tracking technologies 
 
Please see the “Cookies and related Technologies” section in the generally applicable section of this Notice.
 
9. Children
 
See the “Children” section in the generally applicable portion of this Notice. 
 
10. Complaints
 
You have the right to raise a complaint with the relevant data protection authority. Please see additional details below:
 

© 2025 Marqeta, Inc. 180 Grand Avenue, 6th Floor, Oakland, CA 94612