Bank of America U.S. Online Privacy Notice
Last updated January 31, 2023
Your privacy is important to us. We conduct regular assessment reviews and abide by rigorous privacy standards to ensure personal information we collect, use and share is protected. This U.S. Online Privacy Notice ("Notice") describes how Bank of America and our affiliates manage personal information about you when you interact with us online through our websites, event registration sites, mobile applications and social sites ("Sites and Mobile Apps") through your computer, smartphone, tablet or other mobile devices ("computer or mobile devices").
This Notice explains
- How we collect personal information when you visit, use or interact with us online, and through our ads displayed through online services operated by us or non-affiliated third parties.
- How we may use or share personal information collected to deliver products and services to you and for advertising or event management purposes.
The term "Bank of America" or "we", "us" or "our" in this Notice refers to banking and non-banking U.S. affiliates or subsidiaries of Bank of America Corporation that link to or reference this Notice.
Bank of America works with third-party providers who are contractually obligated to comply with our policies to protect information. However, if you visit or access one of these third-party provider sites or mobile apps, please review the online privacy practices of that site or mobile app to understand the specifics of how your online personal information may be collected, used and shared.
Updates to this Notice
This Notice is subject to change. We update this Notice periodically to comply with the most recent federal and local laws. Please review it whenever you have questions. If we make changes to this Notice, we will revise the Last updated date on this page.
Our Online Privacy Practices
We are committed to transparency about your personal information. We ask for your consent when required, otherwise by using our Site and Mobile Apps, you consent to the collection, use and sharing of your personal information subject to and consistent with applicable laws, regulations and other notices you may have received based on your relationship with us.
Linking to other sites
We may provide links to non-affiliated third-party sites, such as credit bureaus, service providers or merchants. If you follow links to sites not affiliated with, or controlled by Bank of America, you should review their privacy and security policies and other terms and conditions, as they may be different from those of our Sites and Mobile Apps. Bank of America does not guarantee and is not responsible for the privacy or security of these sites, including the accuracy, completeness or reliability of their information.
Protecting your personal information
To protect personal information from unauthorized access and use, we use security measures that comply with applicable federal and state laws. These measures may include device safeguards and secured files and buildings as well as oversight of our third-party providers to ensure personal information remains confidential and secure. In the event of a data breach, we provide timely notification, in accordance with applicable laws and regulations.
We also recognize the importance of protecting privacy where children are involved. Our Sites and Mobile Apps are not marketed to individuals under the age of 13, and we request that these individuals do not provide personal information through our Sites and Mobile Apps. We do not knowingly collect personal information from children under 13.
Making sure personal information is accurate
Keeping your personal information accurate and up to date is very important. If your personal information is incomplete, inaccurate or not current, please use the Contact Us option on our Sites and Mobile Apps, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a customer representative at a financial center, your Financial Advisor or account representative.
Personal Information We Collect Online
How do we collect personal information online?
- Apply for or open a new account
- Register for a new product or service, or request information about a product or service
- Register as a participant in one of our events
- Complete a survey, contest or sweepstakes or other promotion
- Use aggregation services such as My Portfolio® and My Financial Picture® in order to consolidate your financial account or information at one online location
We may use third-party providers to process personal information for business purposes on our behalf. Third-party providers are contractually obligated to comply with our policies to protect information we share with them or they collect on our behalf.
The personal information we collect is limited to what is required to provide our products or services and to support legal and risk requirements. For additional information, please review the How do we use your personal information section of this Notice.
Types of personal information we collect online
The type of personal information we collect from and about you online will depend on how you interact with us and may include:
- Contact Information such as name, mailing address, email address, telephone and mobile number(s)
- Account Application information such as credit and income information
- Identifiers such as Social Security number, account number(s), driver's license number (or comparable) or other information that identifies you for ordinary business purposes
- Access Authorization such as user ID, alias, PIN and password and security questions and answers
- Documents or images submitted via our Site or Mobile Apps to support account opening, such as statements and voided checks
- Information from your computer and mobile devices where allowed by individual browsers and/or operating systems, such as:
- Unique device identifiers (for example Media Access Control (MAC) and Internet Protocol (IP) addresses)
- Browser type, version, language, and display/screen settings
- Information about how you use and interact with our Sites and Mobile Apps (for example activities on pages visited, links clicked or unique and measurable patterns such as keystrokes, mouse clicks and movements, swipes and gestures)
- Communications data, such as your communication preferences and details or the content of your communications with us (e.g., chat messages)
- Responses to advertisements on sites and mobile apps where we advertise
- Log information such as your search and voice to text queries in the mobile app
- Search engine referrals
- Geolocation information with consent (for example ATM or financial center location, fraud prevention)
- Social media preference
- Information to facilitate virtual or in-person event management (for example attendee names, dietary requirements, special assistance needs, and travel details for participants)
How We Use and Share Personal Information
How do we use your personal information?
Personal information collected from and about you online described in this Notice may be used for many purposes such as:
- Delivering products and services to you by verifying your identity (for example when you access your account information); processing applications for products or services such as to prequalify for a mortgage, apply for a credit card, or to open a retirement account, investment account or other financial product; processing transactions; providing customer service/production support; finding nearby ATMs, financial centers, and other specialized location based services near your location; and consolidating your financial account information at one online location with services such as My Portfolio® and My Financial Picture®.
- Personalizing your digital and mobile experience by enhancing our Sites and Mobile Apps organization and design and analyze data to create relevant alerts, products or services.
- Providing advertising on our Sites and Mobile Apps as well as non-affiliated third-party sites and through off-line channels like financial centers, call centers and direct marketing (for example email, mail and phone).
- Detecting and preventing fraud, identify theft and other risks to you or Bank of America.
- Performing analytics concerning your use of our online services, including your responses to our emails and the pages and advertisements you view.
- Complying with and enforcing applicable legal requirements, industry standards, contractual obligations and our policies.
- Allowing you to use features within our Sites and Mobile Apps when you grant us access to personal information from your device, such as contact lists, or geo-location when you request certain services that requires such access, for example locating an ATM.
- Providing notifications concerning events for which you've registered, providing analysis to improve our events and develop new events, determining event overall effectiveness, enhancing products and services, operating and expanding our business activities.
We retain personal information for a period of time as required by laws and regulations and the necessary business purpose. We securely delete personal information as soon as legally permitted.
California residents covered by the California Consumer Privacy Act may have additional rights. To learn more, California residents can reference the California Consumer Privacy Act Notice for additional information.
Individual health and/or sensitive information
To the extent that we receive, maintain or process an individual's health information, Bank of America may use and disclose that information as authorized by and in accordance with applicable federal and/or state law.
At the time of event registration participants may provide information that requires special accommodations. This information will be used only to the extent necessary to facilitate any special accommodations for event participation.
With whom do we share your personal information?
We may share the personal information we collect from and about you online described in this Notice (and subject to other legal restrictions and notices you may have received depending on your relationship with us) with:
- Affiliates and Subsidiaries of Bank of America, such as Merrill.
- Third-Party Providers who have contracts with Bank of America including event vendors, organizers, volunteers, contractors, and sponsors.
- Government Agencies as required by laws and regulations.
Aggregated / De-identified Information
Collected personal information may be aggregated and/or de-identified (we remove any details that identify you personally). We may share this aggregated and/or de-identified information with third-party providers to help deliver products, services, and content that are better tailored to the users of our online services and for our own business purposes where permissible under applicable laws and regulations.
How to limit sharing
You have choices regarding the sharing of some personal information. Where appropriate, we will limit sharing of your personal information based on your privacy choices. You can register your choices online at Set your Privacy Choices.
Online Behavioral Advertising
Personal information collected from and about you online, as described in this Notice, is used and shared to deliver advertising and marketing, including prescreened offers of credit, which may be of interest to you.
We present tailored ads to you:
- On our Sites and Mobile Apps through ads that appear as you sign on or off of your online accounts.
- In off-line channels such as financial centers, call centers, and through direct marketing (for example email, mail, phone).
- On third-party sites and mobile apps not affiliated with Bank of America.
How we tailor ads to you
- Advertising on our sites, mobile apps and off-line channels such as financial centers, call centers, and through direct marketing (for example email, mail, phone): We may use personal information about your activities on our Sites and Mobile Apps, such as pages visited and key words entered, to help determine which of our ads or offers may be of interest to you. We may use personal information about your relationship with us (such as types of accounts, transactional information or the location in which you bank) to help determine which advertisements or offers to present to you.
- Advertising on non-affiliated third-party sites and mobile apps: Bank of America contracts with advertising companies to advertise our products and services on sites and mobile apps not affiliated with us. We may use personal information we have collected or that you have provided to assist our non-affiliated third-party sites and mobile apps to select bank ads or offers that may appeal to you, display them to you and monitor your responses. Non-affiliated third-party sites and mobile apps are not subject to Bank of America Privacy Notices.
How you can opt out of Online Behavioral Advertising
You have choices about how Bank of America advertises to you based on your online behavior.
- Advertising on our Sites and Mobile Apps and off-line channels such as financial centers, call centers, and through direct marketing (for example email, mail, phone): If you prefer we not provide you with tailored content and advertising based on your online behavior with our Sites and Mobile Apps, you may opt out of online behavioral advertising layer. Please review the important Reminder section that follows.
- Advertising on Non-Affiliated Third-Party sites: Bank of America participates in the Digital Advertising Alliance ("DAA") self-regulatory Principles for Online Behavioral Advertising and uses the Advertising Options Icon on our behavioral ads on non-affiliated third-party sites (excluding ads appearing on platforms that do not accept the icon). Ads served on our behalf by these companies do not contain unencrypted personal information and we limit the use of personal information by companies that serve our ads. To learn more about ad choices, or to opt out of interest-based advertising with non-affiliated third-party sites, visit YourAdChoices layer powered by the Digital Advertising Alliance or through the Network Advertising Initiative's Opt-Out Tool layer. You may also visit the individual sites for additional information on their data and privacy practices and opt out-options.
Industry standards continue to evolve around web browser "do not track" signals or configurations set in your internet browser. In addition to the advertising opt-out options above, Bank of America captures opt out preference signals, and to the extent users have rights under applicable law, treats them as valid requests to opt out of sale/sharing at the browser level.
Please note that if you opt out of this advertising:
- You may still receive general advertising from Bank of America.
- When accessing online account servicing areas (i.e. after login), such as Online Banking, Merrill Edge or MyMerrill, you may receive tailored content and advertising based on your account relationships.
- Financial Advisors/Client Managers may continue to use personal information collected online as described in this Notice to provide details on products and services in accordance with account agreements.
- In order for online behavioral advertising opt outs from our Sites and Mobile Apps and on other sites to work on your device, your browser must be set to accept cookies.
- If you delete cookies, buy a new device, access our Sites and Mobile Apps or other sites from a different device, login under a different screen name, or change web browsers, you will need to opt out again.
Third-Party Data Sharing
Some companies may offer aggregation websites and services that allow you to share your data with them in order to consolidate your account information from different sources (such as your accounts with us or with other financial institutions) so that you can view it in one location or perform actions related to your accounts using their services. To do this, a third-party may request you to authorize access to your Bank of America accounts by providing your Bank of America user ID and password or by providing your information-sharing consent directly to Bank of America.
- The third-party may access, on your behalf, information about yourself, your Bank of America relationship, and your accounts at Bank of America.
- You should use caution and ensure that the third-party has appropriate policies and practices to protect the privacy and security of any personal information you provide or to which they are gaining access.
- Use of your information by the third-party is governed by your agreement with them, not by Bank of America. We recommend reviewing the third parties' policies before sharing your personal information to understand how they will use and store your account information. For example, look for whether they sell any of your personal information, and if your information will be transferred, processed, or stored outside of the United States.
- We are not responsible for the use or disclosure of any personal information accessed by any company or person to whom you provide your site user ID and password.
- If you share your Bank of America user ID, password or other information about your accounts with others, we will consider that you have authorized any transaction or action initiated by using the access information you provide.
- If you decide to revoke the authority you have given to a third-party, we strongly recommend that you change your Bank of America password to ensure that the third-party cannot continue to access your account.
- You may revoke your consent for certain third parties through the Security Center within Bank of America Online Banking.
Bank of America engages with customers on social media platforms such as Facebook®, Twitter®, YouTube® and LinkedIn®.
- When interacting with official Bank of America social media pages, Bank of America's privacy notices, Social Media User Terms and may apply.
We may allow social share buttons on our sites that enable users to easily share information on social media platforms. The non-affiliated third parties that own these widgets may have access to information about your browsing on pages of our Sites and Mobile Apps where these widgets are placed.