Skip to main content

Bank of America Security Center

Your security is our top priority

Know fraud when you see it

Knowledge is a powerful defense against fraud.
See how to identify fraud
Warning signs for common scams

Knowledge is a powerful defense against fraud.

See how to identify fraud
Warning signs for common scams

security keyboard

Protect yourself

Take simple steps to help protect your devices,
identity and business.
See how to protect yourself

Take simple steps to help protect your devices, identity and business.

See how to protect yourself

security keyboard

Lost card? Suspicious transaction?

Timely action is important.
Report suspicious activity now

Misplaced debit card?
See how to lock/unlock your card

Timely action is important. Report suspicious activity now
Misplaced debit card? See how to lock/unlock your card

Liability guarantee

Our Online & Mobile
Security Guarantee

You’re never liable for
unauthorized purchases or
transactions—as long as
they’re reported promptly.

Get complete details about Online and Mobile Banking Security Guarantee

Our Online &
Mobile Security Guarantee

You’re never liable for unauthorized purchases or
transactions—as long as they’re reported promptly.

Get complete details about Online and Mobile Banking Security Guarantee

Our Online & Mobile Security Guarantee

You’re never liable for unauthorized purchases or
transactions—as long as they’re reported promptly.

Get complete details about Online and Mobile Banking Security Guarantee

Manage your security

Change your Passcode, see your sign-in
history, update your challenge questions and
much more.

Learn more about managing your security
Sign in now and manage your security

Change your Passcode, see your sign-in
history, update your challenge questions and
much more.

Learn more about managing your security
Sign in now and manage your security

Set your privacy choices

You control how we market to you and
share your information.
Review your privacy choices

Opted out of promotional emails and
want to opt back in?
Sign in and update your email
preferences

You control how we market to you and
share your information. Review your
privacy choices

Opted out of promotional emails and
want to opt back in? Sign in and update
your email preferences

Customize your alerts

Know when irregular card activity or
changes to personal information take
place on your account.

Learn more about alerts
Sign in and manage your alerts

Know when irregular card activity or
changes to personal information take
place on your account.

Learn more about alerts
Sign in and manage your alerts

Free products to increase your security

McAfee LiveSafe is award-winning virus, malware and phishing detection to keep all your devices protected. Shop, search and pay bills online worry-free. And for Bank of America customers, it's available at no cost for 12 month.

  • Virus and threat protection: Keep your identity and data secure by avoiding risky websites and preventing risky downloads.
  • Mobile security: Safeguard your Android and iOS devices from data loss and theft.
  • Protect all of your devices: One subscription protects an unlimited number of PCs, Macs, smartphones and tablets in your household.

Learn more about McAfee LiveSafe

We've teamed up with IBM to offer Trusteer Rapport — online fraud protection software available for Bank of America customers. Trusteer Rapport delivers extra security while you're signed in to our site.

  • No charge, no registration and no commitment
  • Downloads in just minutes
  • Future updates are free

Learn more about Trusteer Rapport®

SafePass is an extra layer of security that is required in Online and Mobile Banking to increase limits for certain transfer types. SafePass uses a 6-digit one-time code sent in a text message to your mobile phone to help verify your identity before authorizing the transfer of funds from your account.

Learn more about SafePass®

Opt out of online behavioral advertising

You have successfully opted out of online behavioral advertising

When you opt out, we will not use information based on online Site behavior to provide online and offline tailored content and advertising to you, but you may still receive untailored advertising from Bank of America. In addition, financial advisors/Client Managers may continue to use information collected online to provide product and service information in accordance with account agreements.

Opting out also means the online content and advertising you receive on our non-servicing sites (before you sign in) will be untailored and will not be based on your online behavior or your relationship with us.

When accessing online account servicing areas (after you sign in), such as Online Banking or MyMerrill, you may receive tailored content and advertising based on your account relationships.

Important reminder: In order for this online behavioral advertising opt-out to work on your device, your browser must be set to accept cookies. If you delete cookies, buy a new device, access our Site from a different device, sign in under a different screen name or change web browsers, you will need to opt out again.

If your browser has scripting disabled, you do not need to opt out, as online behavioral advertising technology does not work when scripting is disabled. Please check your browser's security settings to validate whether scripting is active or disabled.

The opt-out will take effect upon your next visit using the same device to Bank of America Sites. Click on Submit to opt out of online Site behavior used to provide online and offline tailored content and advertising.

Submit Cancel

You have successfully opted out of online behavioral advertising. The opt-out will take effect upon your next visit using the same device to Bank of America Sites.

U.S. Online Privacy Notice

Bank of America U.S. Online Privacy Notice

Last updated August 7, 2020

Your privacy is important to us. We conduct regular assessment reviews to ensure personal information we collect, use and share is protected. This U.S. Online Privacy Notice ("Notice") describes how Bank of America and our affiliates manage personal information about you when you interact with us online through our websites, mobile applications and social sites ("Sites and Mobile Apps").

This notice explains

  • How we collect personal information when you visit, use or interact with us online, and through our ads displayed through online services operated by us or non-affiliated third parties
  • How we may use or share personal information collected to deliver products and services to you and for advertising purposes

The term "Bank of America" or "we", "us" or "our" in this Notice refers to banking and non-banking U.S. affiliates or subsidiaries of Bank of America Corporation that link to or reference this Notice.

By using the Sites and Mobile Apps, you agree to the terms and conditions of this Notice. Bank of America provides other online interfaces. If you visit or access your accounts from one of these sites or mobile apps, please review the online privacy practices of that site or mobile app to understand how your online personal information may be collected, used and shared.

Updates to this Notice

This Notice is subject to change. Please review it periodically. If we make changes to this Notice, we will revise the Last updated date on this page.

Our Online Privacy Practices

We are committed to transparency about your personal information. We ask for your consent when required, otherwise by using our Site and Mobile Apps, you consent to the collection, use and sharing of your personal information subject to and consistent with applicable laws and other notices you may have received based on your relationship with us.

Linking to other sites

We may provide links to non-affiliated third party sites, such as credit bureaus, service providers or merchants. If you follow links to sites not affiliated with or controlled by Bank of America, you should review their privacy and security policies and other terms and conditions, as they may be different from those of our Sites and Mobile Apps. Bank of America does not guarantee and is not responsible for the privacy or security of these sites, including the accuracy, completeness or reliability of their information.

Protecting your personal information

To protect personal information from unauthorized access and use, we use security measures that comply with applicable federal and state laws. These measures may include device safeguards and secured files and buildings as well as oversight of our third party service providers to ensure personal information remains confidential and secure. In the event of a data breach, we provide timely notification, in accordance with applicable laws.

We also recognize the importance of protecting privacy where children are involved. Our Sites and Mobile Apps are not directed to individuals under the age of 13, and we request that these individuals do not provide personal information through our Sites and Mobile Apps. We do not knowingly collect personal information from children under 13.

Making sure personal information is accurate

Keeping your personal information accurate and up to date is very important. If your personal information is incomplete, inaccurate or not current, please use the Contact Us option on our Sites and Mobile Apps, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a customer representative at a banking center, your Financial Advisor or account representative.

Personal Information We Collect Online

How do we collect personal information online?

We collect personal information about you through your computer, smartphone, tablet or other mobile device by the use of cookies and similar tracking technologies (see our Cookies and Tracking Technologies Guide for details) as well as personal information you provide when you visit or use our Sites and Mobile Apps, for example when you:

  • Apply for or open a new account;
  • Register for a new product or service, or request information about a product or service;
  • Complete a survey, contest or sweepstakes or other promotion; or,
  • Use aggregation services such as My Portfolio® and My Financial Picture® in order to consolidate your financial account or information at one online location.

We may use service providers and vendors to process personal information for business purposes on our behalf. Service providers and vendors are contractually obligated to comply with our policies to protect information we share with them or they collect on our behalf.

The personal information we collect is limited to what is required to provide our products or services and to support legal and risk requirements. For additional information, please review the How do we use your personal information section of this Notice.

Types of personal information we collect online

The type of personal information we collect from and about you online will depend on how you interact with us and may include:

  • Contact Information such as name, mailing address, email address, telephone and mobile number(s),
  • Account Application information such as credit and income information,
  • Identifiers such as social security number, account number(s), driver’s license number (or comparable) or other information that identifies you for ordinary business purposes
  • Access Authorization such as user name, alias, PIN and passcode and security questions and answers
  • Information from your computer, smartphone, tablet or other mobile device, such as
    • Unique device identifiers (for example Media Access Control (MAC) and Internet Protocol (IP) addresses)
    • Browser type, version, language, and display/screen settings
    • Information about how you use and interact with our Sites and Mobile Apps (for example page visited, links clicked)
    • Responses to advertisements on the Sites and Mobile Apps where we advertise
    • Log information such as your search and voice to text queries in the mobile app
    • Search engine referrals
    • Geolocation information with consent, for example ATM or financial center location, fraud prevention)
    • Social media preference

How We Use and Share Personal Information

How do we use your personal information?

Personal information collected from and about you online described in this Notice may be used for many purposes such as:

  • Delivering products and services to you by verifying your identity (for example when you access your account information); processing applications for products or services such as to prequalify for a mortgage, apply for a credit card, or to open a retirement account, investment account or other financial product; processing transactions; finding nearby ATMs, financial centers, and other specialized location based services near your location; and consolidating your financial account information at one online location with services such as My Portfolio® and My Financial Picture®.
  • Personalizing your digital and mobile experience by enhancing overall Sites and Mobile Apps organization and design and analyze data to create relevant alerts, products or services.
  • Providing advertising on our Sites and Mobile Apps as well as non-affiliated third party sites and through off-line channels like financial centers, call centers and direct marketing (for example email, mail and phone).
  • Detecting and preventing fraud, identify theft and other risks to you or Bank of America.
  • Performing analytics concerning your use of our online services, including your responses to our emails and the pages and advertisements you view.
  • Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.
  • Allowing you to use features within our Sites and Mobile Apps when you grant us access to personal information from your device such as contact lists, or geo-location when you request certain services that requires such access, for example locating an ATM.

We retain personal information for a period of time as required by laws and regulations and the necessary business purpose. We securely delete personal information as soon as legally permitted.

Individual health information

To the extent that we receive, maintain or process an individual's health information, Bank of America may use and disclose that information as authorized by and in accordance with applicable federal and/or state law.

With whom do we share your personal information?

We may share the personal information we collect from and about you online described in this Notice (and subject to other legal restrictions and notices you may have received depending on your relationship with us) with:

  • Affiliates and Subsidiaries of Bank of America, such as Merrill
  • Service Providers, Vendors and Third Party Providers who have contracts with Bank of America
  • Government Agencies as required by laws and regulations.

Aggregated / De-identified information

Collected personal information may be aggregated and/or de-identified (we remove any details that identify you personally). We may share this aggregated and/or de-identified information with service providers, vendors and third party providers to help deliver products, services, and content that are better tailored to the users of our online services and for our own business purposes where permissible under applicable laws and regulations.

How to limit sharing

You have choices regarding the sharing of some personal information. Where appropriate, we will limit sharing of your personal information based on your privacy choices. You can register your choices online at Set your Privacy Choices.

Online Behavioral Advertising

What is Online Behavioral Advertising?

Personal information collected from and about you online as described in this Notice is used and shared to deliver advertising and marketing, including prescreened offers of credit, which may be of interest to you.

We present tailored ads to you:

  • On our Sites and Mobile Apps through banner ads and splash ads that appear as your sign on or off of your online accounts
  • In off-line channels such as financial centers, call centers, and through direct marketing (for example. email, mail, phone)
  • On third party sites and mobile apps not affiliated with Bank of America.

How we tailor ads to you

  • Advertising on our sites, mobile apps and off-line channels such as financial centers, call centers, and through direct marketing (for example email, mail, phone): We may use certain personal information about your activities on our Sites and Mobile Apps, such as pages visited and key words entered, to help determine which of our ads or offers may be of interest to you. We may use personal information about your relationship with us (such as types of accounts, transactional information or the state in which you bank) to help determine which advertisements or offers to present to you.
  • Advertising on non-affiliated third party sites and mobile apps: Bank of America contracts with advertising companies to advertise our products and services on sites and mobile apps not affiliated with us. We may use personal information we have collected or that you have provided to assist our non-affiliated third party sites and mobile apps to select bank ads or offers that may appeal to you, display them to you and monitor your responses. Non-affiliated third party sites and mobile apps are not subject to Bank of America Privacy Notices.

How you can opt out of Online Behavioral Advertising

You have choices about how Bank of America advertises to you based on your online behavior.

There is no standard for how "do not track" consumer browser settings should work for online advertising purposes. As such, we do not respond to browser "do not track" signals from browser settings. However, there are several opt out options available to you:

  • Advertising on our Sites and Mobile Apps and off-line channels such as financial centers, call centers, and through direct marketing (for example email, mail, phone): If you prefer we not provide you with tailored content and advertising based on your online behavior with our Sites and Mobile Apps, you may opt out of online behavioral advertising. Please review the important Reminder section that follows.
  • Advertising on Non-Affiliated Third Party sites: Bank of America participates in the Digital Advertising Alliance ("DAA") self-regulatory Principles for Online Behavioral Advertising and uses the Advertising Options Icon on our behavioral ads on non-affiliated third party sites (excluding ads appearing on platforms that do not accept the icon). Ads served on our behalf by these companies do not contain unencrypted personal information and we limit the use of personal information by companies that serve our ads. To learn more about ad choices, or to opt out of interest-based advertising with non-affiliated third party sites, visit YourAdChoices layer powered by the Digital Advertising Alliance or through the Network Advertising Initiative's Opt-Out Tool layer. You may also visit the individual sites for additional information on their data and privacy practices and opt out-options.

Reminder

Please note that if you opt out of this advertising:

  • You may still receive untailored advertising from Bank of America.
  • When accessing online account servicing areas (i.e. after sign-in), such as Online Banking, Merrill Edge or MyMerrill, you may receive tailored content and advertising based on your account relationships.
  • Financial advisors/Client Managers may continue to use personal information collected online as described in this Notice to provide details on products and services in accordance with account agreements.
  • In order for online behavioral advertising opt outs from our Sites and Mobile Apps and on other sites to work on your device, your browser must be set to accept cookies.
  • If you delete cookies, buy a new device, access our Sites and Mobile Apps or other sites from a different device, login under a different screen name, or change web browsers, you will need to opt out again.
  • If your browser has scripting disabled, you do not need to opt out, as online behavioral advertising technology does not work when scripting is disabled.

Additional Information

Aggregation Services

Some companies may offer aggregation websites and services that allow you to consolidate your account information from different sources (such as your accounts with us or with other financial institutions) so that you can view it in one location or perform actions related to your accounts using their services (a "Provider"). To do this, a Provider may request you to authorize access to your Bank of America accounts by providing your Bank of America username and passcode or by providing your information-sharing consent directly to Bank of America.

  • The Provider may access, on your behalf, information about yourself, your Bank of America relationship, and your accounts at Bank of America.
  • You should use caution and ensure that the Provider has appropriate policies and practices to protect the privacy and security of any personal information you provide or to which they are gaining access.
  • Use of your information by the Provider is governed by your agreement with them, not by Bank of America.
  • We are not responsible for the use or disclosure of any personal information accessed by any company or person to whom you provide your site username and passcode.
  • If you share your Bank of America username, passcode or other information about your accounts with others, we will consider that you have authorized any transaction or action initiated by using the access information you provide.
  • If you decide to revoke the authority you have given to a Provider, we strongly recommend that you change your Bank of America passcode to ensure that the Provider cannot continue to access your account.
  • You may revoke your consent for certain Providers through the Security Center within Bank of America Online Banking.

Social Media

Bank of America engages with customers on social media platforms such as Facebook®, Twitter®, YouTube® and LinkedIn®.

  • Any content you post on official Bank of America managed social media pages, such as pictures, information, opinions or any personal information that you make available to other participants on these social platforms, is subject to the Terms of Use and Privacy Policies of those respective platforms.
  • When interacting with official Bank of America social media pages, Bank of America's privacy notices, Social Media User Terms and Community Guidelines may apply.
  • Please review the privacy policy for the specific social media service you are using to better understand your rights and obligations with regard to such content.

We may allow certain non-affiliated third party widgets (for example social share buttons) on our sites that enable users to easily share information on another platform, such as a social media platform. The non-affiliated third parties that own these widgets may have access to information about your browsing on pages of our Sites and Mobile Apps where these widgets are placed.

U.S. Consumer Privacy Notice

U.S. Consumer Privacy Notice

FACTS

WHAT DOES BANK OF AMERICA DO WITH YOUR PERSONAL INFORMATION?

Why?

Financial companies choose how they share your personal information. Under federal law, that means personally identifiable information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us.
This information can include:

  • Social Security number and employment information
  • account balances, transaction history and credit information
  • assets and investment experience

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Bank of America chooses to share; and whether you can limit this sharing.

Reasons we can share your personal informationDoes Bank of America share?Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureausYesNo
For our marketing purposes — with service providers we use to offer our products and services to you (please see below to limit the ways we contact you)YesNo
For joint marketing with other financial companiesYesNo
For our affiliates’ everyday business purposes — information about your transactions and experiencesYesNo
For our affiliates’ everyday business purposes — information about your creditworthinessYesYes
For nonaffiliates to market to you — for all credit card accountsYesYes
For nonaffiliates to market to you — for accounts and services endorsed by another organization (e.g., debit card co-branded with a baseball team) “Sponsored Accounts”YesYes
For nonaffiliates to market to you — for accounts other than credit card accounts and Sponsored Accounts, such as insurance, investments, deposit and lendingNoWe don't share

To limit our sharing

Please note: If you are a new customer, we can begin sharing your information 45 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.

To limit direct marketing contact

Please Note: Direct marketing is email, postal mail and telephone marketing. Your telephone and postal mail opt-out choices will last for five years, subject to applicable law. Even if you limit direct marketing, we may still contact you to service your account or as otherwise allowed by law.

Questions?

Who we are

Who is providing this notice?

Bank of America U.S. legal entities that utilize the names: Bank of America, Banc of America, Bank of America Private Bank or Merrill, as well as the entities listed in the Bank of America U.S. legal entities section.

What we do

How does Bank of America protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. For more information, visit bankofamerica.com/security or ml.com/security.

How does Bank of America collect my personal information?

We collect your personal information, for example, when you:

  • open an account or perform transactions
  • apply for a loan or use your credit or debit card
  • seek advice about your investments

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

Why can’t I limit all sharing?

Federal law gives you the right to limit some but not all sharing related to:

  • affiliates’ everyday business purposes—information about your creditworthiness
  • affiliates from using your information to market to you
  • nonaffiliates to market to you

State laws and individual Bank of America companies may give you more rights to limit sharing. See Other important information section for your rights under state law.

What happens when I limit sharing for an account I hold jointly with someone else?

Your choices will apply to you alone unless you tell us otherwise. However, your choice to limit sharing with nonaffiliates to market to you for credit card accounts or Sponsored Accounts will apply to all joint account holders. If you have more than one credit card account or Sponsored Account and you choose to opt out, you will need to do so for each account.

Definitions

Affiliates

Companies related by common ownership or control. They can be Financial and nonfinancial companies.

  • Our affiliates include companies that utilize the names Bank of America, Banc of America, Bank of America Private Bank or Merrill, as well as financial companies such as General Fidelity Life Insurance Company.
Nonaffiliates

Companies not related by common ownership or control. They can be financial and nonfinancial companies.

  • Nonaffiliates we share with can include financial services companies such as insurance agencies or mortgage brokers, nonfinancial companies such as retailers, travel companies and membership groups; and other companies such as nonprofit groups.
Joint marketing

A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

  • Our joint marketing partners include financial services companies.

Other Important Information

Do Not Call Policy. This notice is the Bank of America Do Not Call Policy under the Telephone Consumer Protection Act. We do not solicit via telephone numbers listed on the state or federal Do Not Call lists, unless the law allows. Bank of America employees receive training on how to document and process telephone marketing choices. Consumers who ask not to receive telephone solicitations from Bank of America will be placed on the Bank of America Do Not Call list and will not be called in any future campaigns, including those of Bank of America affiliates.
Call Monitoring and Recording. If you communicate with us by telephone, we may monitor or record the call.

For Nevada residents only. We are providing you this notice under state law. You may be placed on our internal Do Not Call List by following the directions in the To limit direct marketing contact section. Nevada law requires we provide the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number: 702.486.3132; email: aginfo@ag.nv.gov; Bank of America, P.O. Box 25118, Tampa, FL 33622-5118; Phone number: 888.341.5000; Click on “Contact Us” at bankofamerica.com/privacy.

Vermont: Under Vermont law, we will not share information we collect about Vermont residents with companies outside of our corporate family, unless the law allows. For example, we may share information with your consent, to service your accounts or under joint marketing agreements with other financial institutions with which we have joint marketing agreements. We will not share information about your creditworthiness within our corporate family except with your consent, but we may share information about our transactions or experiences with you within our corporate family without your consent.

California: Under California law, we will not share information we collect about you with companies outside of Bank of America, unless the law allows. For example, we may share information with your consent, to service your accounts, or to provide rewards or benefits you are entitled to. We will limit sharing among our companies to the extent required by California law.

For Insurance Customers in AZ, CA, CT, GA, IL, ME, MA, MN, MT, NV, NJ, NC, OH, OR and VA only. The term “Information” in this part means customer information obtained in an insurance transaction. We may give your Information to state insurance officials, law enforcement, group policy holders about claims experience or auditors as the law allows or requires. We may give your Information to insurance support companies that may keep it or give it to others. We may share medical Information so we can learn if you qualify for coverage, process claims or prevent fraud, or if you say we can. To see your Information, write Insurance Services, TX2-980-01-43, 4200 Amon Carter Blvd., Fort Worth, TX 76155, Attn: Data Request. You must state your full name, address, the insurance company, policy number (if relevant) and the Information you want. We will tell you what Information we have. You may see and copy the Information (unless privileged) at our office or ask that we mail you a copy for a fee. If you think any Information is wrong, you must write us. We will let you know what actions we take. If you do not agree with our actions, you may send us a statement.

For MA Insurance Customers only. You may ask, in writing, for the specific reasons for an adverse underwriting decision. An adverse underwriting decision is where we decline your application for insurance, offer to insure you at a higher than standard rate or terminate your coverage.

Bank of America U.S. legal entities

Bank of America U.S. legal entities that utilize the names: Bank of America, Banc of America, Bank of America Private Bank or Merrill, as well as the following entities: General Fidelity Life Insurance Company, Managed Account Advisors LLC.

Rev 01/2020

U.S. Online Privacy Notice

Bank of America U.S. Online Privacy Notice

Last updated August 7, 2020

Your privacy is important to us. We conduct regular assessment reviews to ensure personal information we collect, use and share is protected. This U.S. Online Privacy Notice ("Notice") describes how Bank of America and our affiliates manage personal information about you when you interact with us online through our websites, mobile applications and social sites ("Sites and Mobile Apps").

This notice explains

  • How we collect personal information when you visit, use or interact with us online, and through our ads displayed through online services operated by us or non-affiliated third parties
  • How we may use or share personal information collected to deliver products and services to you and for advertising purposes

The term "Bank of America" or "we", "us" or "our" in this Notice refers to banking and non-banking U.S. affiliates or subsidiaries of Bank of America Corporation that link to or reference this Notice.

By using the Sites and Mobile Apps, you agree to the terms and conditions of this Notice. Bank of America provides other online interfaces. If you visit or access your accounts from one of these sites or mobile apps, please review the online privacy practices of that site or mobile app to understand how your online personal information may be collected, used and shared.

Updates to this Notice

This Notice is subject to change. Please review it periodically. If we make changes to this Notice, we will revise the Last updated date on this page.

Our Online Privacy Practices

We are committed to transparency about your personal information. We ask for your consent when required, otherwise by using our Site and Mobile Apps, you consent to the collection, use and sharing of your personal information subject to and consistent with applicable laws and other notices you may have received based on your relationship with us.

Linking to other sites

We may provide links to non-affiliated third party sites, such as credit bureaus, service providers or merchants. If you follow links to sites not affiliated with or controlled by Bank of America, you should review their privacy and security policies and other terms and conditions, as they may be different from those of our Sites and Mobile Apps. Bank of America does not guarantee and is not responsible for the privacy or security of these sites, including the accuracy, completeness or reliability of their information.

Protecting your personal information

To protect personal information from unauthorized access and use, we use security measures that comply with applicable federal and state laws. These measures may include device safeguards and secured files and buildings as well as oversight of our third party service providers to ensure personal information remains confidential and secure. In the event of a data breach, we provide timely notification, in accordance with applicable laws.

We also recognize the importance of protecting privacy where children are involved. Our Sites and Mobile Apps are not directed to individuals under the age of 13, and we request that these individuals do not provide personal information through our Sites and Mobile Apps. We do not knowingly collect personal information from children under 13.

Making sure personal information is accurate

Keeping your personal information accurate and up to date is very important. If your personal information is incomplete, inaccurate or not current, please use the Contact Us option on our Sites and Mobile Apps, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a customer representative at a banking center, your Financial Advisor or account representative.

Personal Information We Collect Online

How do we collect personal information online?

We collect personal information about you through your computer, smartphone, tablet or other mobile device by the use of cookies and similar tracking technologies (see our Cookies and Tracking Technologies Guide for details) as well as personal information you provide when you visit or use our Sites and Mobile Apps, for example when you:

  • Apply for or open a new account;
  • Register for a new product or service, or request information about a product or service;
  • Complete a survey, contest or sweepstakes or other promotion; or,
  • Use aggregation services such as My Portfolio® and My Financial Picture® in order to consolidate your financial account or information at one online location.

We may use service providers and vendors to process personal information for business purposes on our behalf. Service providers and vendors are contractually obligated to comply with our policies to protect information we share with them or they collect on our behalf.

The personal information we collect is limited to what is required to provide our products or services and to support legal and risk requirements. For additional information, please review the How do we use your personal information section of this Notice.

Types of personal information we collect online

The type of personal information we collect from and about you online will depend on how you interact with us and may include:

  • Contact Information such as name, mailing address, email address, telephone and mobile number(s),
  • Account Application information such as credit and income information,
  • Identifiers such as social security number, account number(s), driver’s license number (or comparable) or other information that identifies you for ordinary business purposes
  • Access Authorization such as user name, alias, PIN and passcode and security questions and answers
  • Information from your computer, smartphone, tablet or other mobile device, such as
    • Unique device identifiers (for example Media Access Control (MAC) and Internet Protocol (IP) addresses)
    • Browser type, version, language, and display/screen settings
    • Information about how you use and interact with our Sites and Mobile Apps (for example page visited, links clicked)
    • Responses to advertisements on the Sites and Mobile Apps where we advertise
    • Log information such as your search and voice to text queries in the mobile app
    • Search engine referrals
    • Geolocation information with consent, for example ATM or financial center location, fraud prevention)
    • Social media preference

How We Use and Share Personal Information

How do we use your personal information?

Personal information collected from and about you online described in this Notice may be used for many purposes such as:

  • Delivering products and services to you by verifying your identity (for example when you access your account information); processing applications for products or services such as to prequalify for a mortgage, apply for a credit card, or to open a retirement account, investment account or other financial product; processing transactions; finding nearby ATMs, financial centers, and other specialized location based services near your location; and consolidating your financial account information at one online location with services such as My Portfolio® and My Financial Picture®.
  • Personalizing your digital and mobile experience by enhancing overall Sites and Mobile Apps organization and design and analyze data to create relevant alerts, products or services.
  • Providing advertising on our Sites and Mobile Apps as well as non-affiliated third party sites and through off-line channels like financial centers, call centers and direct marketing (for example email, mail and phone).
  • Detecting and preventing fraud, identify theft and other risks to you or Bank of America.
  • Performing analytics concerning your use of our online services, including your responses to our emails and the pages and advertisements you view.
  • Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.
  • Allowing you to use features within our Sites and Mobile Apps when you grant us access to personal information from your device such as contact lists, or geo-location when you request certain services that requires such access, for example locating an ATM.

We retain personal information for a period of time as required by laws and regulations and the necessary business purpose. We securely delete personal information as soon as legally permitted.

Individual health information

To the extent that we receive, maintain or process an individual's health information, Bank of America may use and disclose that information as authorized by and in accordance with applicable federal and/or state law.

With whom do we share your personal information?

We may share the personal information we collect from and about you online described in this Notice (and subject to other legal restrictions and notices you may have received depending on your relationship with us) with:

  • Affiliates and Subsidiaries of Bank of America, such as Merrill
  • Service Providers, Vendors and Third Party Providers who have contracts with Bank of America
  • Government Agencies as required by laws and regulations.

Aggregated / De-identified information

Collected personal information may be aggregated and/or de-identified (we remove any details that identify you personally). We may share this aggregated and/or de-identified information with service providers, vendors and third party providers to help deliver products, services, and content that are better tailored to the users of our online services and for our own business purposes where permissible under applicable laws and regulations.

How to limit sharing

You have choices regarding the sharing of some personal information. Where appropriate, we will limit sharing of your personal information based on your privacy choices. You can register your choices online at Set your Privacy Choices.

Online Behavioral Advertising

What is Online Behavioral Advertising?

Personal information collected from and about you online as described in this Notice is used and shared to deliver advertising and marketing, including prescreened offers of credit, which may be of interest to you.

We present tailored ads to you:

  • On our Sites and Mobile Apps through banner ads and splash ads that appear as your sign on or off of your online accounts
  • In off-line channels such as financial centers, call centers, and through direct marketing (for example. email, mail, phone)
  • On third party sites and mobile apps not affiliated with Bank of America.

How we tailor ads to you

  • Advertising on our sites, mobile apps and off-line channels such as financial centers, call centers, and through direct marketing (for example email, mail, phone): We may use certain personal information about your activities on our Sites and Mobile Apps, such as pages visited and key words entered, to help determine which of our ads or offers may be of interest to you. We may use personal information about your relationship with us (such as types of accounts, transactional information or the state in which you bank) to help determine which advertisements or offers to present to you.
  • Advertising on non-affiliated third party sites and mobile apps: Bank of America contracts with advertising companies to advertise our products and services on sites and mobile apps not affiliated with us. We may use personal information we have collected or that you have provided to assist our non-affiliated third party sites and mobile apps to select bank ads or offers that may appeal to you, display them to you and monitor your responses. Non-affiliated third party sites and mobile apps are not subject to Bank of America Privacy Notices.

How you can opt out of Online Behavioral Advertising

You have choices about how Bank of America advertises to you based on your online behavior.

There is no standard for how "do not track" consumer browser settings should work for online advertising purposes. As such, we do not respond to browser "do not track" signals from browser settings. However, there are several opt out options available to you:

  • Advertising on our Sites and Mobile Apps and off-line channels such as financial centers, call centers, and through direct marketing (for example email, mail, phone): If you prefer we not provide you with tailored content and advertising based on your online behavior with our Sites and Mobile Apps, you may opt out of online behavioral advertising. Please review the important Reminder section that follows.
  • Advertising on Non-Affiliated Third Party sites: Bank of America participates in the Digital Advertising Alliance ("DAA") self-regulatory Principles for Online Behavioral Advertising and uses the Advertising Options Icon on our behavioral ads on non-affiliated third party sites (excluding ads appearing on platforms that do not accept the icon). Ads served on our behalf by these companies do not contain unencrypted personal information and we limit the use of personal information by companies that serve our ads. To learn more about ad choices, or to opt out of interest-based advertising with non-affiliated third party sites, visit YourAdChoices layer powered by the Digital Advertising Alliance or through the Network Advertising Initiative's Opt-Out Tool layer. You may also visit the individual sites for additional information on their data and privacy practices and opt out-options.

Reminder

Please note that if you opt out of this advertising:

  • You may still receive untailored advertising from Bank of America.
  • When accessing online account servicing areas (i.e. after sign-in), such as Online Banking, Merrill Edge or MyMerrill, you may receive tailored content and advertising based on your account relationships.
  • Financial advisors/Client Managers may continue to use personal information collected online as described in this Notice to provide details on products and services in accordance with account agreements.
  • In order for online behavioral advertising opt outs from our Sites and Mobile Apps and on other sites to work on your device, your browser must be set to accept cookies.
  • If you delete cookies, buy a new device, access our Sites and Mobile Apps or other sites from a different device, login under a different screen name, or change web browsers, you will need to opt out again.
  • If your browser has scripting disabled, you do not need to opt out, as online behavioral advertising technology does not work when scripting is disabled.

Additional Information

Aggregation Services

Some companies may offer aggregation websites and services that allow you to consolidate your account information from different sources (such as your accounts with us or with other financial institutions) so that you can view it in one location or perform actions related to your accounts using their services (a "Provider"). To do this, a Provider may request you to authorize access to your Bank of America accounts by providing your Bank of America username and passcode or by providing your information-sharing consent directly to Bank of America.

  • The Provider may access, on your behalf, information about yourself, your Bank of America relationship, and your accounts at Bank of America.
  • You should use caution and ensure that the Provider has appropriate policies and practices to protect the privacy and security of any personal information you provide or to which they are gaining access.
  • Use of your information by the Provider is governed by your agreement with them, not by Bank of America.
  • We are not responsible for the use or disclosure of any personal information accessed by any company or person to whom you provide your site username and passcode.
  • If you share your Bank of America username, passcode or other information about your accounts with others, we will consider that you have authorized any transaction or action initiated by using the access information you provide.
  • If you decide to revoke the authority you have given to a Provider, we strongly recommend that you change your Bank of America passcode to ensure that the Provider cannot continue to access your account.
  • You may revoke your consent for certain Providers through the Security Center within Bank of America Online Banking.

Social Media

Bank of America engages with customers on social media platforms such as Facebook®, Twitter®, YouTube® and LinkedIn®.

  • Any content you post on official Bank of America managed social media pages, such as pictures, information, opinions or any personal information that you make available to other participants on these social platforms, is subject to the Terms of Use and Privacy Policies of those respective platforms.
  • When interacting with official Bank of America social media pages, Bank of America's privacy notices, Social Media User Terms and Community Guidelines may apply.
  • Please review the privacy policy for the specific social media service you are using to better understand your rights and obligations with regard to such content.

We may allow certain non-affiliated third party widgets (for example social share buttons) on our sites that enable users to easily share information on another platform, such as a social media platform. The non-affiliated third parties that own these widgets may have access to information about your browsing on pages of our Sites and Mobile Apps where these widgets are placed.

U.S. Consumer Privacy Notice

U.S. Consumer Privacy Notice

FACTS

WHAT DOES BANK OF AMERICA DO WITH YOUR PERSONAL INFORMATION?

Why?

Financial companies choose how they share your personal information. Under federal law, that means personally identifiable information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us.
This information can include:

  • Social Security number and employment information
  • account balances, transaction history and credit information
  • assets and investment experience

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Bank of America chooses to share; and whether you can limit this sharing.

Reasons we can share your personal informationDoes Bank of America share?Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureausYesNo
For our marketing purposes — with service providers we use to offer our products and services to you (please see below to limit the ways we contact you)YesNo
For joint marketing with other financial companiesYesNo
For our affiliates’ everyday business purposes — information about your transactions and experiencesYesNo
For our affiliates’ everyday business purposes — information about your creditworthinessYesYes
For nonaffiliates to market to you — for all credit card accountsYesYes
For nonaffiliates to market to you — for accounts and services endorsed by another organization (e.g., debit card co-branded with a baseball team) “Sponsored Accounts”YesYes
For nonaffiliates to market to you — for accounts other than credit card accounts and Sponsored Accounts, such as insurance, investments, deposit and lendingNoWe don't share

To limit our sharing

Please note: If you are a new customer, we can begin sharing your information 45 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.

To limit direct marketing contact

Please Note: Direct marketing is email, postal mail and telephone marketing. Your telephone and postal mail opt-out choices will last for five years, subject to applicable law. Even if you limit direct marketing, we may still contact you to service your account or as otherwise allowed by law.

Questions?

Who we are

Who is providing this notice?

Bank of America U.S. legal entities that utilize the names: Bank of America, Banc of America, Bank of America Private Bank or Merrill, as well as the entities listed in the Bank of America U.S. legal entities section.

What we do

How does Bank of America protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. For more information, visit bankofamerica.com/security or ml.com/security.

How does Bank of America collect my personal information?

We collect your personal information, for example, when you:

  • open an account or perform transactions
  • apply for a loan or use your credit or debit card
  • seek advice about your investments

We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.

Why can’t I limit all sharing?

Federal law gives you the right to limit some but not all sharing related to:

  • affiliates’ everyday business purposes—information about your creditworthiness
  • affiliates from using your information to market to you
  • nonaffiliates to market to you

State laws and individual Bank of America companies may give you more rights to limit sharing. See Other important information section for your rights under state law.

What happens when I limit sharing for an account I hold jointly with someone else?

Your choices will apply to you alone unless you tell us otherwise. However, your choice to limit sharing with nonaffiliates to market to you for credit card accounts or Sponsored Accounts will apply to all joint account holders. If you have more than one credit card account or Sponsored Account and you choose to opt out, you will need to do so for each account.

Definitions

Affiliates

Companies related by common ownership or control. They can be Financial and nonfinancial companies.

  • Our affiliates include companies that utilize the names Bank of America, Banc of America, Bank of America Private Bank or Merrill, as well as financial companies such as General Fidelity Life Insurance Company.
Nonaffiliates

Companies not related by common ownership or control. They can be financial and nonfinancial companies.

  • Nonaffiliates we share with can include financial services companies such as insurance agencies or mortgage brokers, nonfinancial companies such as retailers, travel companies and membership groups; and other companies such as nonprofit groups.
Joint marketing

A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

  • Our joint marketing partners include financial services companies.

Other Important Information

Do Not Call Policy. This notice is the Bank of America Do Not Call Policy under the Telephone Consumer Protection Act. We do not solicit via telephone numbers listed on the state or federal Do Not Call lists, unless the law allows. Bank of America employees receive training on how to document and process telephone marketing choices. Consumers who ask not to receive telephone solicitations from Bank of America will be placed on the Bank of America Do Not Call list and will not be called in any future campaigns, including those of Bank of America affiliates.
Call Monitoring and Recording. If you communicate with us by telephone, we may monitor or record the call.

For Nevada residents only. We are providing you this notice under state law. You may be placed on our internal Do Not Call List by following the directions in the To limit direct marketing contact section. Nevada law requires we provide the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number: 702.486.3132; email: aginfo@ag.nv.gov; Bank of America, P.O. Box 25118, Tampa, FL 33622-5118; Phone number: 888.341.5000; Click on “Contact Us” at bankofamerica.com/privacy.

Vermont: Under Vermont law, we will not share information we collect about Vermont residents with companies outside of our corporate family, unless the law allows. For example, we may share information with your consent, to service your accounts or under joint marketing agreements with other financial institutions with which we have joint marketing agreements. We will not share information about your creditworthiness within our corporate family except with your consent, but we may share information about our transactions or experiences with you within our corporate family without your consent.

California: Under California law, we will not share information we collect about you with companies outside of Bank of America, unless the law allows. For example, we may share information with your consent, to service your accounts, or to provide rewards or benefits you are entitled to. We will limit sharing among our companies to the extent required by California law.

For Insurance Customers in AZ, CA, CT, GA, IL, ME, MA, MN, MT, NV, NJ, NC, OH, OR and VA only. The term “Information” in this part means customer information obtained in an insurance transaction. We may give your Information to state insurance officials, law enforcement, group policy holders about claims experience or auditors as the law allows or requires. We may give your Information to insurance support companies that may keep it or give it to others. We may share medical Information so we can learn if you qualify for coverage, process claims or prevent fraud, or if you say we can. To see your Information, write Insurance Services, TX2-980-01-43, 4200 Amon Carter Blvd., Fort Worth, TX 76155, Attn: Data Request. You must state your full name, address, the insurance company, policy number (if relevant) and the Information you want. We will tell you what Information we have. You may see and copy the Information (unless privileged) at our office or ask that we mail you a copy for a fee. If you think any Information is wrong, you must write us. We will let you know what actions we take. If you do not agree with our actions, you may send us a statement.

For MA Insurance Customers only. You may ask, in writing, for the specific reasons for an adverse underwriting decision. An adverse underwriting decision is where we decline your application for insurance, offer to insure you at a higher than standard rate or terminate your coverage.

Bank of America U.S. legal entities

Bank of America U.S. legal entities that utilize the names: Bank of America, Banc of America, Bank of America Private Bank or Merrill, as well as the following entities: General Fidelity Life Insurance Company, Managed Account Advisors LLC.

Rev 01/2020