Online & California Privacy Policy

Last Revised: July 2021

This Online & California Privacy Policy (“Policy”) is provided by Comenity LLC and its current and future subsidiaries (“we,” “us,” or “our”), and applies to all visitors or users (“you”) of this website, our Social Media Pages, our downloadable software applications, and any affiliated online interface that links to this Policy (referred to collectively as “Sites”). We provide this Policy to help you understand what information we collect from you online and how we use it.

Your use of our Sites signifies that you agree with all terms of this Policy; please do not use our Sites if you disagree with any part of this Policy.

“Personal Information” refers to information that identifies you directly or can reasonably be associated with you using other information. Such personal information may include your name, Social Security number, date of birth, email address, postal address, or telephone number. Generally, you may provide us with two types of personal information when you interact with our Sites:


Information You Provide Directly To Us
We collect personal information from you online whenever you provide it directly to us.  This includes when you send us an email, fill out an application, complete a “Contact Us” form, enter your zip code to find a store, and submit a resume.

We do not knowingly collect, use, or maintain personal information from users under 16.


Information Automatically Collected About Your Device
We, and other parties, such as our analytics and advertising service providers, will automatically collect personal information about your online activities over time and across different websites when you use our Sites. This includes navigational and/or other device-specific information like IP address, browser type, hardware model, and Unique Device Identifier.


Please refer to the “Online Tracking” and “Online Behavioral Advertising” sections of the Policy for additional details.

How We Use Your Personal Information
We may use personal information collected at our Sites for servicing, marketing, security, fraud prevention, other internal business purposes, or for any other purpose permitted by law.


How We Share Your Personal Information
We may share your personal information with third party service providers to perform services on our behalf. In addition, we will also share your information throughout our family of companies and with unaffiliated third parties: (i) as required for legal or regulatory compliance, (ii) to protect our rights and property or the rights and property of other parties, (iii) in the event we sell or transfer all or a portion of our business assets, your information may be one of the business assets that are transferred as part of the transaction, (iv) during a bankruptcy proceeding, (v) for servicing, (vi) for internal business purposes, (vii) for fraud prevention, (viii) for marketing and/or to promote additional products, services, and special offers, as permitted by law, (ix) for any purpose you may request, or (x) for any other purpose that may be required or permitted by law.

We, and certain service providers operating on our behalf, may collect information using tracking technologies, including:


Browser Cookies
Cookies are small text files that are stored directly on your device web browser. We use browser cookies to personalize your visit and improve our Sites and other services. Depending on your browser version, you may be able to block or erase browser cookies. Please be aware that some features of our Sites may be unavailable to you if your browser cookies are blocked or erased.


Pixel Tags
Pixel tags (also known as web beacons, web bugs, or clear GIFs) are nearly invisible pixel-sized graphic images in an email message or on a web page. Pixel tags in emails help us confirm the receipt of and response to our emails, the time our email is viewed, and “click-through” information such as where you click email links. Pixel tags on web pages operate similarly to pixel tags in emails in that they help us understand how you interact with our Sites. Please note that pixel tags are often used in conjunction with browser cookies, which are described above.


“Do Not Track” Browser Signals
Our Sites will continue to operate as described in this Policy, whether or not a “Do Not Track” signal or other similar mechanism is received from your web browser.


Location Based Services
Your IP address is a number assigned to your device by your Internet Service Provider and is captured automatically in our server files. If you consent, we may also collect your actual physical coordinates when a location-based service is used, such as GPS signals sent to us when you are searching for a nearby store on a mobile device. We use location information to improve our Sites and service offerings and administration of our Sites.


Retail Application: Location Based Services
For those customers that choose to utilize our retail applications, Comenity may collect, use, and share precise location data, including the real-time geographic location of your device. This location data is collected anonymously in a form that does not personally identify you and is used by Comenity to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

Online behavioral advertising (“OBA” or “interest-based advertising”) involves the tracking of your online activities in order to deliver tailored advertising of goods and services that are likely to be of interest to you. We permit third party advertising companies to serve advertisements on our behalf on our Sites and those websites and mobile apps not affiliated with us. This Policy does not cover the privacy practices of the third party sites on which we may have advertisements. Please review their privacy policies and terms of service if you have any questions about their privacy practices.


Opting Out of OBA
Behavioral advertisements will feature an AdChoices Icon (also known as the “Advertising Option Icon”), that when clicked, provides more information about how the advertisement was delivered to you and also provides the ability to opt-out from future OBA by the third parties listed. To opt-out of OBA from all Digital Advertising Alliance (“DAA”)-participating companies, please visit


Please note that if you opt-out of OBA, you may still receive online advertising from us on third party sites. Opting out from third party advertising companies means that the advertisements you receive will not be based on your preferences or behavior. Further, opting out does not prevent other parties from tracking your online activity for other uses as described in this Policy.

From time to time, we may create and manage social media pages that include, but are not limited to, a Twitter or Instagram account or a Facebook page (“Social Media Pages”). With your consent, personal information like your name, profile picture, gender, networks, user ID, list of friends, birthday, likes, education history, work history, current city, hometown, interests, relationship status, and any other information you have shared on a social media site may be collected by us. This Policy does not cover the privacy practices of the social media sites on which we may have Social Media Pages. Please review their privacy policies and terms of service if you have any questions about their privacy practices.

If you are visiting us from a location outside of the United States, please keep in mind that we are U.S.-based. This Policy governs the information collected by or on behalf of our Sites irrespective of where you are located when you access it, browse it, or interact with it.


With respect to personal information you provide to us on the Social Media Pages, once received from the social media sites, it is maintained and processed by us on servers and internal systems located in the United States. This means your personal information may be stored outside of the province, state, and/or country in which you reside, and processed by us or a third party as described in this Policy. Moreover, governmental bodies that have jurisdiction over us in the United States (e.g., courts and law enforcement agencies) may be entitled to access your personal information.

Your privacy is important to us. We have implemented physical, technical, and administrative security measures to safeguard the personal information that we maintain.

We strive to maintain accurate personal information about you. If you are a Comenity Bank or Comenity Capital Bank cardholder and believe that our records contain inaccurate or incomplete information about you, please contact the Customer Care phone number listed on your billing statement or on the back of your credit card. Customers with a registered online account may review their personal information by logging in to our secure account management service. For more information, please go to

We may provide links on our Sites to external websites not owned or operated by us as a convenience to you. This Policy does not apply to the data collection, use, and protection practices of these websites. Please read and understand a linked website's privacy policy before using such a website.

From time to time, we may modify this Policy. Should there be a material change to our information collection, use, or disclosure practices, it will be applied only to personal information collected on a going forward basis, and we will update this Policy accordingly.

If you have additional questions about this Policy, please contact us at

The California Consumer Privacy Act (CCPA) defines “Personal Information” as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by a specific federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.


A California resident has the following rights:


1. The right to request what personal information we collect, use, disclose and sell including:


  1. The categories of personal information.
  2. The categories of sources from which the personal information was collected.
  3. Our business or commercial purpose for collecting or selling personal information.
  4. The categories of third parties with whom the business shares personal information
  5. Specific pieces of personal information we have collected about you.


In the past 12 months, we collected the following categories of personal information:


  1. Identifiers (e.g. name, address, social security number) – Identifiers are collected for servicing your credit card account
  2. Commercial information (e.g. products or services purchased) – Commercial information is collected for servicing and marketing purposes
  3. Internet or other electronic network activity (e.g. information concerning your interaction with a website) – Internet or other electronic network activity is collected for marketing purposes
  4. Geolocation data – Geolocation data is collected for marketing purposes
  5. Professional or employment-related information – Professional or employment-related information is collected for servicing your credit card account
  6. Conclusions drawn from any of the information (e.g. predicted purchasing behavior) – Conclusions drawn from any of the information is collected for servicing and marketing purposes


The above data was collected from you and data resellers for the marketing or servicing of a financial product. We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the Personal Information was collected We share the above data with the retailer listed on your card, services providers, vendors, advertising partners and data analytics providers.


In the past 12 months, we sold internet or other electronic network activity for business purposes. However, we did not sell personal information of minors under 16 years of age.


2. The right to request that we delete your personal information if we do not need it or are entitled by law to retain it.


3. The right to request information that we have sold or disclosed to our business partners, including:


  1. The categories of personal information that we collected about you.
  2. The categories of personal information that we sold about you and the categories of third parties to whom we sold it.
  3. The categories of personal information that we disclosed about you for a business purpose.


4. The right to direct us not to sell your personal information.


5. The right to not be discriminated against because you exercised any of the rights described above.


6. The right to designate an authorized agent to make a request under CCPA on your behalf.


In order to exercise your right(s) please go to or dial 1-877-655-5391 (TDD/TTY: 1-800-695-1788). In order to verify your identity you will be required to provide: your first name, last name, address, phone number, date of birth and email address. Once you have provided your data you will be asked a series of questions to confirm your identity.


Contact for More Information: 1-877-655-5391 (TDD/TTY: 1-800-695-1788) 

7. CCPA Requests Handled July 1, 2020 through June 30, 2021

  1. Request to Know: 703 Requests Received, 406 Requests Verified, 406 Verified Requests Answered, 297 Verified Requests Denied
  2. Request to Delete: 140 Requests Received, 84 Requests Verified, 84 Verified Requests Answered, 56 Verified Requests Denied
  3. Request to Opt Out*: 2,474 Requests Received, N/A Requests Verified, 2,474 Verified Requests Answered, 0 Verified Requests Denied

* Requests are passed to our service providers.

  1. During this period, our median time within which we sent responses was 2.24 days.