Privacy Policy

1. Introduction

Your privacy is important to us.  The purpose of this Online Privacy Policy (as updated from time-to-time, this “Online Privacy Policy”) is to explain the data collection and privacy practices of the following Goldman Sachs Bank USA’s consumer and small business platforms: the Marcus by Goldman Sachs website (www.marcus.com), the Clarity Money, Inc. website (www.marcus.com/us/en/clarity-money) and any associated websites and mobile applications, including websites, products, services or mobile applications that could replace the ones we’ve listed here. Whenever you see the word “Sites” in this Online Privacy Policy, it refers to these specific websites, associated websites and future websites, services or mobile applications.  We want to make sure you understand how we may collect, use, share and keep information about you and the choices you have when you use the Sites. By using or accessing the Sites, you are accepting the terms of this Online Privacy Policy and agree to the collection, use, disclosure and protection of your information as described in this Online Privacy Policy.

This Online Privacy Policy includes the following information:

• A description of the personal information we collect and generate;
• A description of how we use your personal information;
• A summary of who we share personal information with and the context in which it is shared;
• An explanation of how we use online tracking technologies, such as cookies, and our practices relating to interest-based advertising;
• How we protect your information;
• How you can communicate your privacy choices;
• Information for California residents; and
• Other important information.

When we use “personal information” in this Online Privacy Policy, we mean information that identifies or can reasonably be used to identify you and information that is linked to such data; personal information does not include information that is aggregated, de-identified or anonymous.

Other Privacy Disclosures

Our Products may be governed by separate notices, such as the Goldman Sachs Bank USA GLBA Privacy Notice and the Clarity Money, Inc. GLBA Privacy Notice.  For information about the privacy practices and your rights and choices for these two notices, please click on the links.

If there is a conflict between this Online Privacy Policy and any privacy notice, disclosure, policies or terms relating to any Product, the privacy notice, disclosure, policies or terms relating to the Product will govern.

Other Goldman Sachs Relationships

If you have other relationships with Goldman Sachs that are not listed above, please visit the Goldman Sachs Privacy and Cookies Website for more information about how your personal information is processed and to understand your rights and choices for those services.

Important Terms

We want you to understand the following defined terms that we use throughout this Online Privacy Policy:

• When we use “Goldman Sachs,” “we,” “us” or “our” in this Online Privacy Policy, we mean Goldman Sachs Bank USA and its affiliates, and their respective agents and assigns worldwide.
• When we use “you” or “your”, we mean any user of the Sites.
• When we use "Products,” we mean the Online Savings Accounts and Certificate of Deposit Accounts (each an “Account”), the Clarity Money mobile application, loans and other credit products, financial education information and materials and any other products or services provided through the Sites.
• When we use “includes” or “including,” we mean “including but not limited to” or “includes but is not limited to.”

2. What Personal Information We Collect and Generate

We collect or generate personal information about you in a number of ways depending on the product or service and the relationship we have with you.  For example:

• Before you begin an application for a Product, we collect data sets to perform marketing analyses, identify marketing prospects and deliver marketing communications;
• While applying for a Product, and over the course of your relationship with us and through use of the Sites and/or the Products, you provide information directly to us, we collect information about you from third parties and we generate new information about you;
• When you communicate with us through the Sites, over the phone, via social media or other platforms, we collect the content of the communications, information about the channel in which you contacted us and we may also collect personal information about you indirectly through monitoring or other means, such as recording telephone calls and collecting phone metadata and digital information; please note that by communicating with us, you acknowledge your communication may be overheard, monitored, or recorded without further notice or warning;
• When you interact with the Sites or our advertisements, we collect digital information using cookies, web beacons, page tags, pixels or similar tools that we and our service providers and other third parties have set; and
• When you interact with the Sites via a social media platform, we collect a copy of the posts and other information, such as account ID or username.

For more information, see below for a list of the categories of personal information, along with some descriptions and examples, that we may collect or generate through each of the processes described above: 

• Personal Identifiers:  This includes first and last name, previous name, address, telephone number, unique personal identifier, and signature;
• Device and Online Identifiers and Related Information:  This includes online identifiers, Internet Protocol (IP) address, email address, account user name, mobile/ wireless number, social media profile, unique device identifier and serial number, and other device information;
• Demographic Information:  This includes date of birth and household income data;
• Financial Information:  This includes credit report information, credit scores, bank account number, transaction information (both about your accounts with us and any accounts you link to a Product), financial account information (including statements and checks) used to validate your identity, account information about externally linked accounts, account login credentials, household income data, tax documents, and other financial information;
• Government Identifiers:  This includes social security number, national identification number, other government-issued identification number, driver’s or operator’s license number, passport number, and copies of government IDs;
• Protected Classification Characteristics:  This includes age, national origin, citizenship, nationality, marital status, sex, and veteran or military status; please note that we do not collect information regarding gender identity, gender expression, or sexual orientation unless you provide it to us in connection with servicing your account;
• Purchase History:  This includes customer purchase history or tendencies;
• Biometric Information:  This refers to a voiceprint, which is a numerical representation of your voice when you call us (we use this to identify fraudulent activity and to enhance security);
• Internet, Application, and Network Activity:  This includes text messages or emails sent to us, clickstream/online website tracking information, and data related to user activity (e.g., browser visits and cookies or other similar technologies);
• Location Data:  We may receive information about your location and your mobile device, including a unique identifier for your device; in addition, in some instances, location information can be derived from your IP address or through your wi-fi connection;
• Sensory Data:  This includes audio data, such as a recording of your voice when you call us;
• Professional or Employment-Related Information:  This includes occupation, title, employer, employment history, and education; and
• Inferences About You:  This includes a profile reflecting a person's preferences, characteristics, predispositions, behavior, attitudes and creditworthiness profile.

Although you don’t have to supply any of the personal information we request, we may not be able to provide Products to you or you may not be able to interact with our Sites if you do not. 

3. How We Use Your Personal Information

We use your personal information for the following business purposes:

• Marketing activity, such as developing marketing and acquisitions models, identifying marketing recipients, developing marketing collateral and delivering marketing communications;
• Administering, operating and managing your relationship and/or Products with us;
• Communicating with you and contacting you;
• Responding to and reviewing social media messages or postings about us or our Products;
• Providing you with customized information and reports, tailored content and marketing messages, including through push notifications and text messages;
• Authenticating your identity, including during the application and sign-up processes through the Sites as well as afterwards;
• Supporting our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements;
• Presenting third-party products and services we think may be of interest to you;
• Complying with contractual obligations, relevant industry standards, and our policies;
• Notifying you about changes to the Sites, Products and policies;
• Performing analytics concerning your use of the Products and Sites, including your responses to our emails and the pages and advertisements you view;
• Mitigating fraud and enhancing the security of the Sites, your Products and our online services;
• Managing institutional risk; and
• Operating, evaluating and improving our business (including developing new Products and services; improving existing Products and services; and performing accounting, auditing and other internal functions).

We may also use your personal information for any other purpose that we disclose at the time you provide, or when we collect, your information and other purposes permitted by applicable law. We may also use data that we collect on an aggregate or anonymous basis for various business purposes, where permissible under applicable laws and regulations.

We may use Google, Inc. (“Google”) Maps API and / or Places API to help auto-complete address information on the Sites.  By using the Sites, you agree to be bound by Google’s Terms of Service. To learn more about Google’s Terms of Service, please visit https://www.google.com/policies/terms.

If your relationship with us ends, we will continue to treat your personal information, to the extent we continue to maintain use, and share it, as described in this Online Privacy Policy or as set forth in the privacy notice for the applicable Products and Sites.

4. Who We Share Your Personal Information With

We share personal information as set forth below:

• Goldman Sachs affiliates. We may share personal information with members of the Goldman Sachs family of companies in order to service accounts, improve products or for other purposes permissible under applicable law.
  
• Third-party service providers: We may share your personal information with non-affiliated companies that perform support services for us. This may include advertising networks, internet service providers, data analytics providers, operating systems and platforms, social networks, and other service providers.
• Legal process and emergency situations: We may disclose to third parties as permitted by, or to comply with, applicable laws and regulations. Examples include responding to a subpoena or similar legal process, protecting against fraud and cooperating with law enforcement or regulatory authorities. We may also disclose your information if we believe it is necessary or appropriate to protect our rights, property or safety or the rights, property or safety of our employees, customers or others, or to enforce our contractual rights.
• Corporate transactions: In the event of a corporate transaction, such as a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of any or all of our assets or liabilities, some of the personal information that we hold may be among the assets or liabilities transferred to a buyer or other successor. We may also transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or liabilities or any line of business, change in ownership control or financing transaction.

We also share personal information with others when you provide your consent, and with your authorized representatives, agents and beneficiaries.

We are required to identify the categories of personal information we share with third parties for operational purposes. We disclose the following categories of personal information for operational purposes: personal identifiers; device and online identifiers and related information; demographic information; financial information; government identifiers; protected classification characteristics; purchase history; internet, application, and network activity; location data; sensory (audio data); professional or employment-related information; and inferences about you.

California law requires that we describe certain disclosures of personal information where we receive valuable consideration. California law treats such disclosures as “sales” even if no money is exchanged. We do not sell information to third parties as defined under California law.

5. Cookies and Other Tracking Technologies

Like many websites, we use tracking technologies such as cookies, web beacons, device advertising ID and similar technologies. We may also use these technologies to, when applicable, record your preferences, track your use of the Sites across multiple devices, measure exposure to our online advertisements, monitor traffic, analyze use of the Sites, for security purposes, to display information more effectively, to personalize a user’s experience, and to improve the Site and make the Site easier to use.

You have choices to limit some tracking mechanisms that collect information when you use the Site. Many web browsers automatically accept cookies, but you can usually modify your browser’s setting to decline cookies if you prefer. If you choose to decline cookies, certain features of the Site may not function properly or may not remain accessible to you. In addition, you may also render some web beacons unusable by rejecting or removing their associated cookies. Note that, if you choose to remove cookies, you may remove opt-out cookies that affect your advertising preferences.

For more information about your choices, see Interest-Based Advertising below.

Cookies

Cookies are small text files that may be placed on your device when you visit the Site or when you view advertisements that we have placed on other websites. Cookies allow your browser to remember some specific information which the web server can later retrieve and use.  When you quit your browser, some cookies are stored in your computer’s memory, while some expire or disappear.

Tags, Pixels, Web Beacons, Clear GIFs

A web beacon, also known as an Internet tag, pixel tag or clear GIF, is typically a one-pixel, transparent image located on a webpage or in an email.  These may be used when you are served with advertisements, when you interact with advertisements outside of our online services or when you interact with our communications.  They are generally used to transmit information back to a web server.  

Interest-Based Advertising

Interest-based advertising refers to collecting information about your online activities over time and across different websites, devices, and other online services to deliver advertisements to users of that device based on their web-viewing behavior. We use interest-based advertising to deliver advertisements and other targeted content to you.   We partner with third-party advertising companies who also use these tracking tools to provide advertisements on the Sites or other websites to deliver advertisements or other targeted content to you.  These third parties may use these technologies to collect information about you when you use the Sites and your other online activities.  They may collect information about your online activities over time and across different websites and other online services.  They may also use persistent identifiers to track your Internet usage across other websites and devices in their networks beyond the Sites.  They may use this information to provide you with interest-based advertising or other targeted content.

We, and many of the third-party advertisers that place tracking tools on the Sites, are members of the Interactive Advertising Bureau’s Self-Regulatory Program for Online Behavioral Advertising.  Some of our ads that are displayed on third-party websites will feature an Ad-Choices icon inside the ad.  Clicking on the AdChoices icon inside the ad will provide you an opportunity to opt out of interest-based advertising by the third parties that participate in the program.  In addition, you can learn more about the options available to limit these third parties’ collection and use of your information by visiting our opt-out page and the websites for the Network Advertising Initiative and the Digital Advertising Alliance, as well as the webpages for Facebook’s ad preferences tool and privacy policy.

If you choose to opt-out, a cookie will be placed on your browser or device indicating your decision. This cookie is specific to a particular device and browser, so if you use different browsers or devices, you will need to opt-out on each. In addition, because the opt-out is facilitated via cookies, if you clear your cookies you will need to opt-out again.

6. Additional Technology

We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), on the Sites. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use the Sites, compile reports on the Sites’ activity and provide other services related to Sites activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor and any referring website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click https://www.google.com/policies/privacy/partners/.

7. How We Protect Your Information

We take the security of your personal information seriously and work to limit access to your personal information to authorized employees, agents, contractors or vendors. We also maintain physical, electronic and procedural safeguards designed to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure while in our possession.

8. How to Communicate Your Privacy Choices

You may receive a privacy notice in connection with Products that describe privacy choices. You can exercise your choices by following any instructions contained in our privacy notices or marketing materials.

In most cases, you can communicate with us through the Sites. If you need to contact us by phone or mail for more information about our privacy policy and practices, or because you have questions or concerns, you may do so using the information listed below:

• For Marcus deposits and related products call us toll-free at 1-855-730-SAVE (1-855-730-7283) or write us at Goldman Sachs Bank USA, PO Box 1978, Cranberry Twp, PA 16066.
• For Marcus lending products, please call us toll-free at 1-844-MARCUS2 (1-844-627-2872) for personal loans and MarcusPay, or 1-833-906-2224 for small business loans, or write us at Goldman Sachs Bank USA, PO Box 45400, Salt Lake City, UT 84145-0400.
• For Clarity Money, please message us through the Clarity Money app or email us at [email protected]

9. Residents of California

California residents have certain rights in relation to your personal information pursuant to the California Consumer Privacy Act (CCPA). These include the right to:

• Request information about the personal information that we collect about you and the manner in which we process and disclose that information
• Obtain the specific pieces of personal information that we have collected about you in the 12 months preceding your request
• Delete certain personal information that we have collected about you
• Opt-out of disclosures of your personal information to third parties under certain circumstances
• Not be discriminated against as a result of exercising any of the aforementioned rights

California residents should be aware that this section does not apply to:

• Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations, the California Financial Information Privacy Act (CalFIPA), and the Driver’s Privacy Protection Act of 1994; or
• Other information subject to a CCPA exception.

If you would like to discuss or exercise such rights, please contact us through our CCPA Intake Form or at 1-833-971-0826.

California law requires that we verify the requests we receive from you when you exercise certain of the rights listed above. To verify your request, we will check the information you provide us in your request against third party identity verification tools. As part of this process, we may call you after you submit your request to verify information. You may also designate an authorized representative to exercise the rights listed above on your behalf by providing the authorized representative with power of attorney pursuant to the California Probate Code. If an authorized representative submits a request on your behalf, we will contact you to verify that they represent you.

10. Other Important Information

You must be an individual of at least eighteen (18) years of age and reside in the United States or on a United States military base, or in a United States Territory in order to use the Sites. If you do use the Sites outside of the United States, you understand and consent to the transfer of your personal information to, and the collection, processing and storage of your personal information in, the United States and elsewhere. The laws in the United States and these countries regarding personal information may be different from the laws of your state or country.

Except as provided in the next sentence, this Online Privacy Policy shall be governed by and construed in accordance with federal law and any applicable laws of the State of Utah without regard to rules concerning conflicts of law or choice of law. If you are a New York resident, this Privacy Policy shall be governed by and construed in accordance with federal law and the laws of the State of New York, without regard to rules concerning conflicts of law or choice of law.

11. Do Not Call Policy

We do not place marketing telephone calls to numbers appearing on a state or federal do not call list (unless permitted by applicable law) or to the number of a person who has requested not to receive telemarketing calls made by or on behalf of us. If you ask not to receive telemarketing calls from us, you will be placed on our internally-maintained do not call list and will not be called during any future telemarketing campaigns. Any request to be placed on our internally-maintained do not call list will be processed within a reasonable amount of time, not to exceed 30 days. Our employees involved in our telemarketing campaigns receive training on how to use our internally-maintained do not call list, and how to document, process and honor requests to be placed on our internally-maintained do not call list. It is our policy to honor a “do not call” request for five (5) years from the time the request is made. However, some states have do not call laws that require us to honor such a request for a longer period of time, and it is our policy to comply with those laws when applicable. Subject to applicable law, if you communicate with us by telephone, we may monitor or record the call. We reserve the right to revise this Do Not Call Policy.

12. Do Not Track

Your browser or device may include Do Not Track functionality. The Sites are not built to respond to Do Not Track. That means that, even if your browser is set to “Do Not Track,” our information collection and disclosure practices (including the choices that we provide to customers) will continue to operate as described in this Online Privacy Policy.

13. Reporting Security Vulnerabilities

We encourage security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered on Products or Sites. We will investigate all legitimate reports and follow up if more details are required. Goldman Sachs has engaged with HackerOne to manage all submissions. You can submit the vulnerability report at this link: https://hackerone.com/goldmansachs

14. Updates to this Privacy Policy

We may change this Online Privacy Policy from time-to-time. If we make changes to this statement, we will update the “Last Modified” date at the top of this page. Any changes to this Online Privacy Policy will become effective when posted unless indicated otherwise. Your continued use of the Sites following the posting of any changes will mean that you accept those changes.

15. Links and Third Party Products and Services

The Service may contain links and other functionality that connect with certain sites and applications not provided by us, including social media sites and sites hosted by a third party service provider (“Third-Party Sites”). We are providing these links and functionality solely as a convenience to you. We are not responsible for and have no liability for the content, features, products, services, privacy policies or terms of service of any Third-Party Sites. The fact that we have provided a link to a Third-Party Site is not an endorsement of that Third-Party Site (including any information or content made available throughout such site) or its owners, sponsors or operators. We have not tested any information, software or products found on any Third-Party Site and therefore do not make any representations about those sites or any associated products or services.