Legal

Marqeta Services Privacy Notice

Effective: March 2023
  Last Updated: August 15, 2025
Marqeta, Inc. and its subsidiaries and  affiliates (collectively, “Marqeta”, “we”, “our”, or “us”) are committed to protecting your personal data and privacy rights. This Privacy Notice (or “Notice”) describes how we collect, use, and share personal data in connection with the products and services we provide to our business customers and in limited cases, various end users (“Services”) as described in the Scope section below. This Notice does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our customers or bank partners. We seek to clearly explain to you what personal data we collect, how we use it and what rights you have in relation to it, and we hope you take the time to read through this Notice carefully.
To see our California Privacy Notice, please click this link or scroll down. 
A downloadable version of this Notice can be found here.
Scope
This Notice is intended to broadly cover the following audiences where Marqeta is acting as a controller, including:
  • Customers and customer employees: business that have contracted with Marqeta for our Services and whose employees engage with and access various Services; 
  • Bank partners and bank partner employees: bank partners that we engage with as part of the provision of various aspects of our Services and whose employees may engage with and access various Services; and
  • Individual end users: individuals that engage with specific Marqeta Services that Marqeta manages and oversees, including our mobile application users or cardholders and authorized users that Marqeta is required to disclose this Notice to. 
  For the purposes of this Notice, these specific Services include:
  • The provision, maintenance and oversight of processes that enable our customer and bank partner employees to access and use our platform and products;
  • Services associated with the management of the contractual relationship between Marqeta and our bank partners and customers; 
  • Products and services that Marqeta develops and offers to our customers directly, including our UX Toolkit and mobile application development services as well as other value added services;
  • Products and services Marqeta offers directly to cardholders;
  • Certain program management services associated with our oversight and management of a card program (e.g., dispute management, KYC/KYB, sanctions and other compliance-related services); and
  • Services associated with the oversight of our payment processing platform, including fraud and security-related services.
This Notice does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our customers or bank partners (e.g., program onboarding, use of our payment processing platform generally, the provision of debit, credit or other banking services offered through our bank partners). These services are offered through our bank partners or form part of the program management responsibilities assumed by Marqeta under our agreements with our bank partners.  In other cases, we offer Services directly to customers and process personal data of individual end users on behalf of those customers (e.g., cardholder support, rewards services). Note that in certain cases above, depending on the geographical location of the services, we may also act as a processor for certain services (e.g., certain program management services in the US vs the European Union or United Kingdom). In each of these scenarios - where Marqeta processes your personal data solely on behalf of and at the direction of our customers or bank partners to whom we provide our Services (e.g., when we act as a processor or service provider) - your personal data will be handled in accordance with our agreements with those entities who serve as the controllers of the personal data.  
Our bank partners and customers are independent third parties that maintain their own privacy practices and policies. We are not responsible for the privacy or data security practices of our customers and bank partners, which may differ from those explained in this Notice. For detailed privacy information related to a Marqeta customer or bank partner who uses Marqeta Services as a controller, please contact our customer or bank partner directly. 
This Notice applies only to information we handle in connection with the provision of the Marqeta Services described above. It does not apply to any Marqeta websites, tools, or platforms that display or reference a different privacy notice. For example, if you browse or interact with us via the Marqeta.com website, any personal data collected will be handled in accordance with our Website Privacy Notice and not this Notice. 
We may also provide you with supplemental privacy notices in connection with the provision of certain Services and for individuals located in specific jurisdictions. A number of these supplemental notices can be found below and are intended to supplement the generally applicable sections of this Notice. These supplemental notices describe our data collection, use, and sharing practices as to the specific processing scenarios, and in some cases may differ from the terms of this Notice. In the event of any conflict with this Notice, supplemental privacy notices will govern the specific activities to which they apply, unless we state otherwise in the supplemental notice.
Supplemental notices:
By using our Services you acknowledge that you have read and understand this Notice. Marqeta may amend this Notice in line with the “Changes to this Privacy Notice” section below.
 

Personal Data We Collect

Below we describe the categories of personal data Marqeta may collect depending on the context of our interaction(s) with you and the provision of the Services. These categories include information you provide directly to us, information created or collected during your use of the Services (which may be collected automatically), inferences we make about you when you communicate with us or use the Services, and information we obtain from other sources, such as third-party service providers and public databases.
a. Customers and customer employees; Bank partners and bank partner employees

Categories of Personal Data We Collect

How the Personal Data is collected

Account Data

Information you provide as part of a Marqeta platform account set up to use our Services, which may include your name, business address, phone number and email.

Communications Information 

Information you provide when you communicate with us around your use of the Marqeta platform and the Services, including by phone and email.  This may include your contact information, feedback, photographs or recordings, and language preference.

Contact Information

Business contact information, such as your name, telephone number, job title, email address, and office address.

Device Information

Information collected automatically about your computer or device through your web browser and other technologies, including cookies, web beacons, or other tracking/recording tools, such as your IP address, device type, unique device identification numbers, mobile operating system type and version, or browser type.

Identity Verification Information

Information about you and your business, including personal information about your business’ control persons and beneficial owners, such as name, job title, birthdate, gender, nationality, and government identifiers or other information used to verify such individuals’ identification.

Location Information

Information about your general geographic location (typically country or city-level), which may be inferred from your Device Information (e.g., from your IP address).

Publicly Available Information

Information obtained from public sources and databases, such as your current place of employment.

User credentials

Information you provide to us when you create a user log-in or profile in connection with the use of our Services, such as a user ID, email address, name, password, authentication information, and profile information.


b. Individual end user (e.g., cardholders, mobile application users, other authorized users)

Categories of Personal Data We Collect

How the Personal Data is collected

Account Data

Information you provide as part of an account set up as part of our Services, which may include your name, address, phone number and email in addition to Credit and Debit Card Information (see below).

Claim or Dispute Information

Information you provide when you correspond with us about a claim or dispute, such as your contact information or transactional information.

Communications Information

Information you provide when you communicate with us, including by phone (including IVR), virtual chat, IVR and email, “contact us” forms, or social media.  This may include your contact information, feedback, photographs or recordings, and language preference.

Contact Information

Personal and business contact information, such as your name, telephone number, job title, email address, and office or home address.

Credit and Debit Card Information

Information associated with your credit or debit card, such as your primary account number, cardholder name, expiration date and service code, personal identification number (“PIN”), PIN blocks as well as information pertaining to the transactions you make using the credit or debit card.

Device Information

Information collected automatically about your computer or device through your web browser and other technologies, including cookies, web beacons, or other tracking/recording tools, such as your IP address, device type, unique device identification numbers, mobile operating system type and version, or browser type.

Identity Verification Information

Information about you and your business, including personal information about your business’ control persons and beneficial owners, such as name, job title, birthdate, gender, nationality, and government identifiers or other information used to verify such individuals’ identification.

Inferences

Information about your preferences and interests that we infer from your personal information and use of our Services, such as the topics you would like to learn more about and card usage habits.

Location Information

Information about your precise or general geographic location (typically country or city-level), which may be inferred from your Device Information (e.g., from your IP address or GPS).

Publicly Available Information

Information obtained from public sources and databases, such as your current place of employment.

User credentials

Information you provide to us when you create a user log-in or profile in connection with the use of our Services, such as a user ID, email address, name, password, authentication information, and profile information.

 
We may collect some of the personal information described above from third parties, including our customers, identity verification providers, social media services, and other sources, as permitted by applicable law. We may also obtain information from companies with whom we offer co-branded services or engage with in joint marketing activities.
Like many companies, we may collect environmental variables, including the domain from which you access our Services, the time you accessed our Services, the type of web browsers and operating system or platform used, the Internet address of the website you left to visit our Services, the names of the web pages you visit, the Internet address of the website you visit next, and your browser settings (e.g., language preference). We and our third-party service providers may monitor visits to our Services and sessions of users; this monitoring may log the details of your visits to our Services and information generated in the course of using our Services, such as clicks, page visits, text entered, how long you spent on a page, and other details of your visits to or actions on our Services. We use these technologies to collect and retain usage data for the purposes described in this Notice, including for security purposes and to improve your experience with our Services. We may also disclose any of the data collected by these technologies to third parties for our business purposes.

How We Use Personal Data

We use the personal data we collect for the purposes described in this Notice or as otherwise disclosed to you in a supplemental notice. In particular, we may use any of the above categories for the below purposes:
  a. Customers and customer employees; Bank partners and bank partner employees
  • Provide the Services, including to support the issuance of credit and debit cards through our bank partners and providing other program services
  • Enable our customers and bank partners to access and use our Services
  • Verify your identity as part of access to our Services or as part of our KYC/KYB obligations
  • Maintain, improve and enhance our Services as well as the development of new Services (subject to the applicable law and our agreements)
  • Analyze and better understand the use and performance of our Services via data analytics, including the diagnosis of technical or service issues as well as to understand various industry patterns and trends
  • Communicate and market (subject to the applicable law or with your consent) to you including to respond to correspondence and inquiries
  • Monitor and enforce compliance with our policies, applicable laws and regulations, and contractual terms
b. Individual end user (e.g., cardholders, mobile application users, other authorized users)
  • Provide the Services, including to support the issuance of credit and debit cards through our bank partners, provide dispute services, provide risk monitoring services, and manage compliance with card network rules and applicable regulations
  • Enable our end users to access and use our Services, including our online and digital services as well as our mobile applications
  • Verify your identity as part of access to our Services or as part of our KYC/KYB obligations
  • Identify and protect against fraudulent transactions
  • Maintain, improve and enhance our Services as well as the development of new Services (subject to the applicable law and our agreements)
  • Analyze and better understand the use and performance of our Services via data analytics, including the diagnosis of technical or service issues as well as to understand various industry patterns and trends
  • Communicate and market (subject to the applicable law or with your consent) to you including to respond to correspondence and inquiries
  • Monitor and enforce compliance with our policies, applicable laws and regulations, and contractual terms
  As part of the ongoing operation of our Services, where Marqeta is a controller and as permitted under the applicable law and our agreements, Marqeta may use personal data for the purposes of improving the Services you use or developing new Services. As part of the Services, Marqeta may also use de-identified/anonymized and/or aggregated information for the purposes of maintaining and enhancing our existing Services, as well as the development of new Services. Where permitted, such use cases may include the use of information to develop, train and deploy machine learning models as part of artificial intelligence initiatives relating to the Services. 

Information Sharing and Disclosure

We may disclose your personal data to the following categories of recipients:
  • Customers: For individual end users, we will provide your personal data to our customers in order to provide our Services and fulfill transactions or requests you initiate.
  • Bank Partners: For individual end users, we will provide your personal data to our bank partners as part of their role as the issuer for our card programs and the provision of the Services.
  • Affiliates and subsidiaries: We may provide your personal data to our global affiliates. We share information with our affiliates so they can help us deliver our Services. 
  • Third-Party Service Providers: We may provide your personal data to our third-party service providers (including but not limited to IT service providers, communications providers, customer support providers, fraud prevention and identity verification providers) who perform certain functions for us in connection with the Services and process personal data on our behalf.
  • Parties in a Corporate Transaction or Proceeding: We may share personal data with actual or prospective parties to an actual or potential corporate transaction or proceeding, including their representatives and other relevant participants in or during negotiations of any sale, merger, acquisition, restructuring, bankruptcy, dissolution, or a change in control, divestiture, or sale involving all or a portion of Marqeta’s business or assets.
We may also access, transfer use, disclose, and preserve personal data when we believe that doing so is necessary to:
  • Comply with applicable law or respond to valid legal process, including from law enforcement, supervisory or regulatory authorities, or other government agencies.
  • Protect our customers and others, for example to prevent attempts to commit fraud or to help prevent the loss of life or serious injury to anyone.
  • Operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks.
  • Protect our and others’ rights and property, including by enforcing our agreements, terms of service, and policies.
For information about the safeguarding measures we implement when sharing personal data with entities outside of regions where you may reside, please see the “International Transfers” section below as well as any applicable supplemental notices.

Information Security

We implement reasonable and appropriate technical, physical and organizational security measures to protect the personal data that we collect and process about you. Despite these measures, we cannot guarantee that the collection and ongoing processing of your personal data in connection with Services described in this Notice will be completely secure. 
To help us protect personal data, we request that you use a strong password with our Services and never share your password with anyone or use the same password with other sites or accounts.

International Transfers

As we operate a global business, your personal data may be transferred to, and processed in, countries other than the country in which you are a resident or where it was collected. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). We take steps designed to ensure that the personal data we collect under this Notice is processed and protected according to the provisions of this Notice and applicable law wherever the information is located.
Residents of the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland should note that we may also transfer personal data from these jurisdictions and countries to other countries, some of which have not been determined by the European Commission or relevant authority to have an adequate level of data protection. This includes transfers to the United States. We also transfer personal data between the EEA and the UK as part of our business operations. These transfers may be covered via an existing adequacy mechanism, but we also use a variety of mechanisms and protections, including standard contractual clauses and data processing agreements, to help ensure your rights and protections. Additional information on international data transfers and the data transfer mechanisms we rely on is available upon request by contacting us at privacy@marqeta.com
EU-U.S., the UK Extension and Swiss-U.S. Data Privacy Frameworks
For the purposes of transfers to the United States, Marqeta, Inc. participates in and complies with the EU-U.S. Data Privacy Framework, the UK Extension of the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework (referred to generally as the “DPFs”) as set forth by the U.S. Department of Commerce in relation to the processing of personal data sent from the EEA, the UK and Switzerland to the U.S.
Pursuant to its certification, Marqeta, Inc. has committed to adhere to the respective DPF Principles for the EU, the UK and Switzerland in line with the corresponding frameworks. To learn more about the EU-U.S. Data Privacy Framework and the UK Extension of the EU-U.S. Data Privacy Framework and to view our certification, please visit https://www.dataprivacyframework.gov/. For more information, please see our Data Privacy Framework Notice. In the event of any conflict between this Notice and the Data Privacy Framework Notice, the Data Privacy Framework Notice  shall govern. 
 

Information Retention

We retain personal data for as long as necessary to provide the Services you have requested, comply with our legal obligations (including our contractual commitments to our customers and bank partners), resolve disputes, enforce our agreements, and undertake other legitimate and lawful business purposes. Because these needs can vary for different types of information and the different products and services we provide, actual retention periods can vary.
A number of retention periods have been specified in our records retention policy and schedules or are otherwise determined based on the criteria above. In other cases, personal data will be retained for the duration of a specific service, such as where an end user continues to participate in a particular card program. Additional retention periods are set out within our records retention policy and schedule. Please note that any specified retention periods may be reduced or extended in certain cases, for example, where we are required to remove personal data prior to the expiration date pursuant to a deletion request or where the information is subject to a legal claim or proceeding and we need to retain personal data for a longer period. Following the expiration of the retention periods or when the personal data is no longer needed, we will take steps to either delete or de-identify the personal data. 
If you wish to receive further information about the period of time for which we retain your personal data, please contact privacy@marqeta.com

Your Rights and Choices

As part of the Services described in this Notice, we recognize that you may have a right or need to update and manage your personal data. This also includes the ability to manage how we communicate with you, as part of the Services or for marketing purposes (as permitted under the applicable law or where we have your consent).
Managing Your Personal Data and How We Communicate With You
For certain Services associated with this Notice, you have the ability to directly manage your personal data, including if you are a customer or bank partner employee and set up an account within our platform. We ask that you take steps to ensure that your personal data is accurate, complete and up to date. If you are unable to update your information directly, please contact us directly through the channels within the Contact Us section of this Notice. 
We may also communicate with you directly as part of the Services. This includes communications sent to you for Services that you have requested or are required as part of our agreement with you. In certain cases, depending on the nature of the relationship and what Services you are using or have requested, we may send you marketing and other promotional communications for products or services that we think you might be interested in.  You can opt out of or unsubscribe from these communications within the message itself or by updating your communication preferences (e.g., preferences in an account or through your device). If you are unable to opt out, please contact us at privacy@marqeta.com. In certain cases, depending on the nature of your relationship with Marqeta, you may still receive non-marketing communications after opting out. For individuals outside the US, we will not send you direct marketing unless you expressly opt in or as otherwise permitted under the applicable law.
Other Rights
Depending on your state or country of residence and the nature of your relationship with Marqeta, you may have additional rights, including but not limited to the: 
  • Right of access. You may have the right to request copies of the personal data that we hold about you and to receive information from us about how your information is used.
  • Right of erasure. In certain circumstances, you may have the right to require us (or any parties with whom we have shared your information) to delete the personal data that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected). 
  • Right to object to or opt-out of processing. You may have the right to request that Marqeta stop processing your personal data or that we restrict processing of your personal data in certain circumstances. For example, you may receive marketing email communications from us. If you would like to stop receiving these communications, you can update your preferences by using the “Unsubscribe” link found in those emails.
  • Right of portability. You may have a right to obtain and reuse your personal data for your own purposes or across different services, including so that you can provide or “port” that information to another provider.
  • Right to correction. You may have the right to require us to correct any inaccurate or incomplete personal data.
Additional information on these rights (including how to exercise them) can be found in the applicable supplemental notices. 
Please refer to the Contact Us section below to contact us if you would like any additional information pertaining to your rights and choices or how to exercise your rights.  Marqeta does not discriminate against individuals who exercise their rights under applicable laws and regulations.
When contacting us about a rights request, please identify yourself and describe your request in sufficient detail to enable us to properly understand, evaluate, and respond to it. We will consider all requests and provide our response within a reasonable period in accordance with applicable laws. Please note that we cannot respond to your request or provide you with personal data if we cannot verify your identity or your authority to make the request or confirm the personal data we hold relates to you. To verify your identity, we will seek to match the information you provide when you submit your request to any personal data we already maintain, and we may ask you to provide additional verification information in order to assist you with your request. 
We may decline to process certain requests, including requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or conflict with our legal obligations. If we decline your request, we will notify you of the rationale for declining. In some jurisdictions, you may have the right to appeal any denial of a rights request, subject to applicable laws. 
If you are a cardholder or authorized user and we are processing your personal data on behalf of one of our customers or bank partners, please submit your request to them directly. Because we may only access a customer’s or bank partner’s data upon their instructions, if you wish to make your request directly to us, please provide us with the name of the Marqeta customer or issuing bank for your card. We will redirect your request to our customer or bank partner for handling purposes.
 

Third-Party Websites and Services

Marqeta Services may provide links to (or may be linked from) websites and apps run by other companies or other third-party properties, none of which are governed by this Notice. This Notice does not apply to any third-party website, app, or online product, service, feature, or businesses you may access from the Services or elect to use. Marqeta is not responsible for third-party content or information practices. We strongly encourage you to review the privacy notices of those third-party properties carefully.

Cookies and Related Technologies

We use cookies and related technologies as part of certain Services described in this Notice. For more information on our cookies and similar identification technologies and how they apply to these Services, please see our Cookies and Related Technologies Notice.
Do Not Track
Some web browsers may have a “Do Not Track” preference that transmits a “Do Not Track” header to the websites you visit with information indicating that you do not want your activity to be tracked. We do not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed. 
 

Children

The Services described in this Notice and where Marqeta is acting as a controller are not targeted at or directed at children under the age of 16 and we do not generally intend to, or knowingly collect, the personal data from these individuals.  
In all other cases, if you have reason to believe a child under the age of 16 has provided personal data to us, please have the child’s parent or guardian contact us via the details in the “Contact Us” section to request the removal of that information. If we ever learn that personal data of a child under the age of 16 has been collected, we will promptly delete that information.

Changes to this Privacy Notice

Changes to this Notice may be made periodically to reflect changes to our information handling practices or relevant laws. If the changes we make are material, we will provide you with prior notice and/or obtain consent regarding such changes in accordance with applicable laws. If the changes we make are not material, this Notice will be updated by posting an updated version on our website. You can tell when this Notice was last updated by looking at the date at the top of the Notice.
An archived version of our previous Notice can be found here

Contact Us

If you have any inquiries about our collection, use, or storage of your personal data, or if you wish to exercise any of your rights in relation to your personal data, you can reach us at:
                    Attention: Legal – Privacy
                    180 Grand Ave., 6th Floor, Oakland, CA 94612, USA
  • Phone: (877) 962-7738 

Canada

Supplemental Privacy Notice for Residents of Canada

Effective: August 15, 2025
1. Introduction 
This Supplemental Privacy Notice supplements the Marqeta Services Privacy Notice for residents of Canada or individuals that are covered by any applicable federal or provincial privacy laws or regulations, including but not limited to the Personal Information Protection and Electronic Documents Act (“PIPEDA”), Quebec’s Act Respecting the Protection of Personal Information in the Private Sector, British Columbia’s Personal Information Protection Act and Alberta’s Personal Information Protection Act.  This Supplemental Notice does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our customers or bank partners. Defined terms shall refer to terms defined under the applicable legislation or as defined in the generally applicable section of the Notice found above.  
2. Individual Rights
As an in-scope individual, you have a number of rights available to manage your personal data. The specific rights will depend on your specific location, but these rights include a:
  • Right of access to your personal data 
  • Right to request information about  how we process your personal data (including how your information has been or is being used, as well as information pertaining to parties it has been disclosed to)
  • Right of correction/rectification to update personal data we hold about you that is inaccurate, incomplete or unclear and the right to request deletion of personal data that is obsolete or no longer necessary to fulfill the purpose for which it was collected
  • Right of suppression and restriction around the ability to limit how we process your personal data 
  • Right of erasure and the ability to remove your personal data 
  • Right of portability and the ability to produce a portable record of your personal data we store 
  • Right to withdraw your consent to our continued processing of your personal data
You may exercise these rights by submitting your request to privacy@marqeta.com or by contacting us through the channels in the “Contact us” section in the main body of the Notice.  We will not charge you any fees to exercise these rights without first providing you with an estimate of the approximate fees, if any.
All requests will be reviewed and assessed based on the applicable law and your relationship with us. Note that in certain cases, we may refuse to act or limit the processing as permitted by the applicable law.
As part of the submission, we will request personal data in order to verify your identity. To the extent we are unable to fulfill a request, we will provide you with an explanation and any additional steps that might be available to you. 
3. Notice and Consent
We will provide you with notice and a description of our personal data processing practices as part of the Services (which includes this Notice). We collect, use, and disclose your personal data with your consent or as permitted or required by law. How we obtain your consent, including whether it is express or implied, will depend on the circumstances and the sensitivity of the personal data in question.
Subject to any limitations under the applicable law or pursuant to any agreements, you have the right to withdraw your consent. Withdrawing your consent may have implications for the specific Services that we are able to provide. 
4. International Transfers
As described in the main body of the Notice, we may transfer, process and store your personal data in a province or country outside of your province or country of residence, including but not limited to the United States, where different laws may apply. Those laws may require disclosure of your personal data to authorities in that jurisdiction.  We do impose contractual safeguards around the transfer of your personal data to third parties as well as other general safeguards. By using our Services, you consent to the transfer of your personal data in this manner. 
Please review the “Internal Transfer” section in the main body of this Notice for additional information. For more information about our policies and practices regarding international transfers of personal data, including to obtain a list of countries where we process personal data, please contact us at privacy@marqeta.com
5. Complaints
You have the right to file a complaint to the extent you believe your privacy rights have not been respected. Complaints can be directed to our Assistant General Counsel, Privacy through the channels below.
                   Attention: Assistant General Counsel, Privacy
                   180 Grand Ave., 6th Floor, Oakland, CA 94612, USA
  • Phone: (877) 962-7738
If you are not satisfied following our review of your complaint and any measures taken in response to it, you may have the right to make a complaint to the
Privacy Commissioner of Canada or the applicable provincial privacy commissioner.
United States
A. California 

Supplemental Privacy Notice for California Residents

Effective: August 15, 2025
1. Introduction 
This supplemental notice is intended for residents of California that qualify as a “consumer” as required by the California Consumer Privacy Act of 2018 (including as amended)(“CCPA”). This Notice describes how we collect, process and manage personal information (as defined by the CCPA) within the scope of the CCPA as a “business”. Defined terms shall refer to terms defined under the CCPA or as defined in the generally applicable section of the Notice found above.  
  2. CCPA Personal Information Summary 
The information table below summarizes (a) the categories of personal information collected by Marqeta in the past 12 months, (b) the sources of that information, (c) how we use that information and (d) disclosures made for business purposes (including to third parties) in the past 12 months.  

Category of personal data

Collected?

Examples of personal data collected*

Categories of sources

Commercial or business purpose

How we disclose your personal data

Identifiers

Yes

Name, email, IP address, social security number

Provided directly to Marqeta

Collected automatically

Provided by our service providers and partners

To provide, maintain and improve our Services 

For internal operational purposes

To personalize your experience

To advertise and market to you

To communicate with you

For legal, compliance and security purposes

With our service providers

With our partners

With legal or other regulatory authorities

California Customer Records (Cal. Civ. Code § 1798.80(e))

Yes

Name, email, country of location (US, UK), credit or debit card number, social security number

Provided directly to Marqeta

Collected automatically

Provided by our service providers and partners

To provide, maintain and improve our Services 

For internal operational purposes

To advertise and market to you

To communicate with you

For legal, compliance and security purposes


With our service providers

With our partners

With legal or other regulatory authorities

Protected Classification Characteristics

No

n/a

n/a

n/a

n/a

Commercial Information

Yes

Business or company name and records of purchased services

Provided directly to Marqeta

Provided by our service providers and partners

To provide, maintain and improve our Services 

For internal operational purposes

To advertise and market to you

For legal, compliance and security purposes

With our service providers

With our partners

With legal or other regulatory authorities

Biometric Information

No

n/a

n/a

n/a

n/a

Internet/Network Information

Yes

Website browsing activity and interactions 

Provided directly to Marqeta

Collected automatically

Provided by our service providers and partners

To provide, maintain and improve our Services 

With our service providers

Geolocation Data

Yes

IP Address, GPS data, country of location (US, UK)

Provided directly to Marqeta

Collected automatically

Provided by our service providers

To provide, maintain and improve our Services 

To personalize your experience

To advertise and market to you

For legal, compliance and security purposes

With our service providers

Sensory Information

Yes

Audio recordings as part of support calls

Provided directly to Marqeta

Provided by our service providers

To provide, maintain and improve our Services 

For legal, compliance and security purposes

With our service providers

Profession/Employment Information

No

n/a

n/a

n/a

n/a

Non-Public Education Information (20 U.S.C. § 1232g, 34 C.F.R. Part 99)

No

n/a

n/a

n/a

n/a

Inferences

Yes

Preferences and behaviors as part of the Services 

Provided directly to Marqeta

Collected automatically

To provide, maintain and improve our Services 

For internal operational purposes

To personalize your experience

With our service providers


Note that additional detail on our personal information practices can also be found in the generally applicable sections of the Notice above. 
3. Categories of Personal Information Sold or Shared
Marqeta does not sell or share your personal information for valuable consideration or cross-contextual behavioral advertising as defined by the CCPA.
4. Rights available to consumers and how to invoke those rights
Available rights 
Residents of California have the right to exercise the rights described below.
  • The right to know what personal information we have collected about you as well as how it is used and shared
  • The right to delete personal information we have collected from you
  • The right to correct inaccurate personal information held by us
The right to non-discrimination for the exercise of any of the rights above 
All rights above are subject to any conditions, exceptions or limitations provided under and available to us under the CCPA. Accordingly, we may refuse to act or impose limitations on your invocation of any of the available rights. The exercise of the rights above may also limit our ability to provide you with the Services under this Notice.
How to invoke your rights
You can invoke your rights by contacting us through any of the channels below. 
                   Attention: Assistant General Counsel, Privacy
                  180 Grand Ave., 6th Floor, Oakland, CA 94612, USA
Phone: (877) 323-4376
Once a request has been submitted, we may ask for additional information, including your email or phone number,  to verify your identity as well as information needed to process or understand your request. This information will only be used to fulfill your request and for compliance-related tracking purposes. These requests can also be submitted to us via an authorized agent in accordance with the requirements under the CCPA. In these cases, we will take steps to verify that the agent is authorized to act on your behalf. Typically, we require a valid power of attorney or a signed letter with your information that includes a statement of authorization for the request. We may still reach out to you in order to verify the agent’s authority to act as well as for identification purposes. 
5. Sensitive Personal Information
In limited cases, we may also process “sensitive personal information” as defined under the CCPA as part of the Services. A summary of this collection and whether the sensitive personal information is sold or shared (both as interpreted under the CCPA) has been provided below.  

Category of sensitive personal information

How the sensitive personal information is used

Is the sensitive personal information sold?

Is the sensitive personal information shared?

Government Issued Identifiers (social security number, driver’s license, passport number)

KYC and related identity verification 

No

No

Account login details + password/credentials

Platform or end user accounts that individuals elect to create to access services on the websites.

No

No


We do not presently use or disclose the above categories of sensitive personal information to infer characteristics about consumers.
6. Accessibility
If you are a user with a disability or are having difficulty with accessing or navigating aspects of this Notice, please contact us at privacy@marqeta.com for support. 
7. Retention
We retain each category of personal information as described in the “Information Retention” section above.
8. De-identified Information 
As part of our processing, we may use personal information to create de-identified information that can no longer reasonably be used to infer information about, or otherwise be linked to an individual or household. Any applicable de-identified information will remain in a de-identified form and we will not attempt to re-identify the individual or household unless required or permitted by applicable law.
9. Updates
We will update this Notice from time to time to reflect changes to our information handling practices or as required by the CCPA by posting an updated version on our website. If the changes we make are material, we will provide you with prior notice and/or obtain consent (where required by applicable law) regarding such changes. 
California “Shine the Light” disclosure
If you are a California resident that has an established relationship with us, you have a right to know how your information is disclosed to third parties for their direct marketing practices under California’s “Shine the Light” law (Civ. Code § 1798.83). You can contact us via the “Contact Us” section in the main body of the Notice to invoke these rights. 
B. Other US States

Supplemental Privacy Notice for Residents of Other U.S. States 

Effective Date: August 15, 2025
1. Introduction
This supplemental notice is intended for applicable U.S. residents that reside in states where a state-specific privacy law has been enacted (i.e., CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA) outside of California that applies to the Services and where Marqeta acts in a “business” or “controller” capacity.  
2. Individual Rights
Depending on your state of residence and the nature of your relationship with us, you may have a number of individual rights. These include a:
  • Right of access and the ability to request copies of the personal data that we hold about you and details on how your information is used
  • Right of deletion and the ability to direct that we (or any parties with whom we have shared your information) delete the personal data that we hold about you
  • Right to opt-out of processing, if occurring, including in cases where (i) targeted advertising is occurring, (ii) where there is a sale of personal data and (iii) where certain instances of profiling (e.g., profiling in furtherance of decisions that produce legal or similarly significant effects) are occurring
  • Right of portability and the right to obtain and reuse your personal data for your own purposes or across different services, including so that you can provide or “port” that information to another provider
  • Right of correction and the ability to require us to correct any inaccurate or incomplete personal data
  • Right to request a list of third parties to which we have disclosed your personal data
How to invoke your rights
You can invoke your rights by contacting us through any of the channels below.
          Attention: Assistant General Counsel, Privacy
          180  Grand Ave., 6th Floor, Oakland, CA 94612, USA
  •   Phone: (877) 323-4376
Once a request has been submitted, we may ask for additional information, including your email and phone number, to verify your identity as well as information needed to process or understand your request. This information will only be used to fulfill your request and for compliance-related tracking purposes. These requests can also be submitted to us via an authorized agent as applicable under the various US state legislation. In these cases, we will take steps to verify that the agent is authorized to act on your behalf. Typically, we require a valid power of attorney or a signed letter with your information that includes a statement of authorization for the request. We may still reach out to you in order to verify the agent’s authority to act as well as for identification purposes.
In certain states, you may have a right to appeal a decision where we refuse to act or impose limitations on your rights. In such cases, we will notify you within 45 days of receipt of the original request with an explanation and an overview of how you may appeal that decision.  All appeal requests should be submitted to privacy@marqeta.com with the subject line, “Privacy Request Appeal”.
3. Opting out of sales of personal data and targeted advertising
As part of the Services, Marqeta does not sell or use your personal data for targeted advertising.
European Economic Area ("EEA") and the United Kingdom ("UK")

Supplemental Privacy Notice for the EEA and UK

Effective: August 15, 2025
1. Introduction
The provisions below supplement the generally applicable sections of the Notice above and apply where the General Data Protection Regulation (the “GDPR”), the UK’s GDPR and UK Data Protection Act 2018 (referred to generally as the “UK Data Protection Law”) and other local implementing legislation apply to the processing of personal data within the EEA and UK and where Marqeta is acting as a “controller”. 
2. Basis for Processing Personal Data
When we process your personal data as a data controller part of the Services, we do so in line with the purposes and legal bases below. 

Purposes of processing

Legal basis

To provide, maintain and support the Services

Where we have a contract or agreement with you, this is necessary for the performance of the agreement 

If you do not have a contract with us, we have a legitimate interest to manage our business 

Communicating with you, including responding to inquiries, obtaining feedback or otherwise. 

If you are a customer, this is necessary for the performance of the agreement

If you do not have a contract with us, we have a legitimate interest to manage our business

Marketing and advertising our Services, including sending you marketing and promotions

Where required, with your consent and alternatively, pursuant to our legitimate interests (commercial interests) 

Enhancing our system and providing updates in relation to our Services, new products, upgrades and services. 

Pursuant to our legitimate interests (commercial interests) where we have an interest in enhancing our business and Services

The use of artificial intelligence-related technologies as part of providing our Services, including, but not limited for fraud detection and security-related purposes. 

We have a legitimate interest to manage our business and pursue commercial interests

For compliance, legal and security-related purposes, including verifying your identity, securing our websites and Services as well as managing our compliance and legal obligations associated with our Services, the applicable law and contractual terms (including protecting our legal interests as deemed appropriate). 

Processing is necessary in order for us to manage compliance with applicable laws, regulations and other obligations

Where processing is not pursuant to a legal or compliance requirement, such processing is a result of a legitimate interest to protect and manage our business operations and interests


Note that where we rely on a legitimate interest basis, we undertake a balancing test to ensure that our legitimate interests are not outweighed by your interests and fundamental rights. When we rely on consent as the basis for our processing, you can request to withdraw or partially revoke your consent any time by contacting us at privacy@marqeta.com or by following the instructions for revoking your consent contained within communications we send you. We honor such requests as required by applicable laws. 
Note that when we collect and process personal data on behalf of our customers or other parties to provide payments Services, we are typically acting as a data processor and rely on our customer’s legal basis for processing.
If you have questions about or need further information concerning the legal basis we rely on to process your personal information, please contact us via email at privacy@marqeta.com.
3. International Transfers 
See the “International Transfer” section in the generally applicable portion of this Notice. 
4. Individual Rights
As a resident of the EEA or the UK, you have additional rights in relation to how your personal data is processed. These include:
  • A right of erasure to remove your data 
  • A right of access and the ability to obtain a copy of your personal data
  • A right of correction/rectification where your personal data is inaccurate or outdated
  • A right of portability and the ability to request a transfer of your personal data to another entity in a structured, commonly used and machine-readable format
  • Rights of restriction and objection around how your personal data is processed, including the right to object to direct marketing.
Where the legal basis for the processing is based on your consent, you also have a right of withdrawal and can revoke your consent at any time. Note that this will not impact any processing that has already occurred. 
All rights above are subject to the limitations under the applicable law. You may exercise these rights by submitting your request to privacy@marqeta.com or by contacting us through the channels in the “Contact us” section in the main body of the Notice. Note that in certain cases, we may refuse to act or limit the processing as permitted by the applicable law. Although such requests are free of charge, to the extent requests are found to be excessive or repetitive, we may impose a reasonable fee or refuse to act on the request. 
5. Data Controllers 
For the purposes of the Services and this supplemental notice, joint data controllers include:
  • Marqeta UK Ltd (Marqeta UK) 
  • Marqeta, Inc. (Marqeta US) 
  • Marqeta sp. z.o.o.(Marqeta Poland) 
In most instances, for the Services within the Notice, Marqeta US will be the primary controller although your personal data may also be processed by Marqeta UK and Marqeta Poland for the purposes of the Services. Marqeta Poland and Marqeta UK each act as a controller under the respective EEA and UK laws.
Marqeta US is primarily responsible for ensuring that Marqeta is compliant with applicable legislation and our internal policies in the EEA and UK. Marqeta US is also entrusted with managing individual rights requests. 
Marqeta may use various processors in order to provide the Services (as detailed in the “Information Sharing and Disclosure” section above). 
6. Contact Information
If you have a question or concerns around the processing of your personal data, we can be reached via the “Contact Us” section in the main body of the Notice.
7. Retention
See the “Information Retention” section in the generally applicable portion of this Notice. 
8. Cookies and related tracking technologies
Please see the “Cookies and related Technologies” section in the generally applicable section of this Notice.
9. Children
See the “Children” section in the generally applicable portion of this Notice. 
10. Complaints
You have the right to raise a complaint with the relevant data protection authority. Please see additional details below:

© 2025 Marqeta, Inc. 180 Grand Avenue, 6th Floor, Oakland, CA 94612