Skip to main content

Privacy Policy

Your privacy is important to us – please familiarize yourself with our policy.

Fair Isaac Corporation (FICO) Data Privacy Policy

In the course of its business activities, FICO collects, processes, stores, and discloses personally identifiable information (“personal data” or “personal information”) about individuals who register to use one of FICO’s websites or become a FICO customer. FICO also processes personal data in its capacity as a service provider for other companies. This Policy does not apply to information that is deidentified, anonymous, or in aggregate format

FICO is committed to fairly and accurately processing and protecting personal data. This FICO Data Privacy Policy (“Policy”) describes FICO’s data privacy practices and the rights consumers have to access, correct, or erase their personal data under FICO’s control. Consumers may also limit FICO’s disclosure of their personal data to third parties; challenge or dispute FICO’s processing of it; and file a complaint.

Collecting personal data at this website is necessary for performance of the services and functionalities offered on this website. In addition, FICO uses personal data to (i) register consumers with the website, (ii) provide consumers with requested information or services, and (iii) analyze and research improvements to the website, and its solutions. If a consumer declines to provide the requested personal data, FICO may not be able to process inquiries, provide access to certain functionality, or fulfill requests. When a consumer uses a FICO website to get products or services, FICO does not permit another party to collect personal data from the FICO website about those online activities beyond what is necessary for that party to perform business activities on behalf of FICO.   

Note: Websites that are owned, operated and hosted by FICO may contains links to other websites. FICO is not responsible for the privacy practices or the content of the other websites.


1.         Categories of Personal Data

A.        Personal Data that FICO Collects, Processes, Stores, and Discloses

FICO collects and processes personal data for its own business purposes that may include:

1.         Identifiers such as a real name, alias, signature, postal address, telephone number, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

2.         Physical and personal characteristics or description, biometric information, geolocation data, education, professional or employment-related information.

3.         Commercial information, including bank account number, credit card number, debit card number, records of personal property, credit data from credit bureaus, and demographic data from data brokers to build and populate FICO models that control its business software.

4.         Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; Internet or other electronic network activity information, including browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.

B.        Inferences

FICO draws inferences from any of the information identified in this section to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. These inferences allow FICO to improve its products and services and tailor its online information for the benefit of its customers.


2.         Sources of Personal Data

A.        Consumer Provided Information

FICO collects personal data  from applications for employment, other applications or questionnaires when you contact us, and other forms you submit to us or our clients, such as your contact information (name, home address, email, and telephone number) and your date of birth, Social Security number, social insurance number, passport or other identification number, nationality, job title, your company’s name and industry sector, your company’s location (country, state and zip code). FICO also collects personal data from your transactions and interactions with us, such as your professional interests, or information you may provide via your interactions with our online forums, blogs, or participation in our online communities.

B.        Credit Bureaus and Other Data Sources 

FICO collects personal data from credit bureaus if it is necessary for the delivery of the services we provide you, and we may access public sources of personal data, such as census data and real estate records, and private source of personal data such as business bureau, industry analyst, or market research data.

C.        Cookies and Web Analytics 

In addition, FICO uses web-based tools when you visit FICO websites, such as “cookies” to track your online activities, including your registration, submissions, and information requests, in accordance with applicable law. Cookies are small text files placed by a website server on your computer or other device you are using to access the website. Sometimes we collect information about the pages you have viewed, which is used to monitor and assess the website and improve its performance. Other cookies track your online activities on this website, including the IP address from which you accessed the website, and may link that information with personal data you have provided us through online registration, to help us remember your settings. We may also use your IP address to help diagnose problems with our server and to administer the website. The length of time we may keep a cookie on your device will depend on the nature of the cookie and the reason we have set it. We use “session” cookies, which expire when you close your browser and do not remain on your computer or device. We may also use “persistent” cookies, which remain on your computer or device, and which are deleted when they no longer have a business purpose.

FICO websites use web analytics services, such as Google Analytics, to analyze your use of the website (including your IP address) through “cookies”. This data is transmitted to and stored by those web analytics services, but the data  may be transferred to third parties where required to do so by law, or where service providers process the data on behalf of the web analytics services. You may refuse the use of cookies by selecting the appropriate settings on your browser, however you understand that if you do this you may not be able to use the full functionality of this website, or you may be required to re-register each time you download or request materials from the website.

D.        Video Surveillance

FICO may conduct video surveillance of its workplace locations to identify safety and security concerns, detect theft or misconduct, and prevent harassment and workplace violence.


3.         Storage and Retention of Personal Data

Your personal information will be held only as long as you are a FICO customer, or the customer of a business for which FICO is a vendor, and thereafter only if FICO or the business has a legitimate interest in the personal data. FICO may use personal information in a depersonalized (anonymized or pseudonymised) or aggregated format for the purpose of reviewing and improving our own account acquisition and management processes, analyzing the effectiveness of our solutions, and creating, validating or updating our products and services.


4.         Disclosure of Personal Data

A.        Service Providers (vendors; contractors; distributors)

FICO discloses personal information to its service providers who provide technical, operational, or administrative support, but only if the personal information is reasonably necessary and proportionate to provide the services. FICO will only disclose personal information to service providers who process it pursuant to FICO’s instructions and with FICO’s oversight. Disclosure to service providers may occur for these purposes:

1.         Auditing related to a current customer interactions and concurrent transactions, including counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

2.         Maintaining and repairing FICO’s digital infrastructure for efficiency and data security, including the company’s  computer hardware, web servers for cloud hosting its web servers; detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.                     

3.         Undertaking activities to verify or maintain the quality or safety of FICO software or a service FICO engages in, and to improve, upgrade, or enhance the software or service; debugging to identify and repair errors that impair existing intended functionality; performing internal research for technological development and demonstration

4.         Maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of FICO or its service providers.

5.         Processing employees’ personal data for the purposes of: (i) recruitment, relocation, and performance of an Employee’s contract of employment; (ii) health and safety at work; (iii) exercise and enjoyment of rights and benefits related to employment, including compensation, medical benefits stock plan services, and providing other support services; and (iv) the termination of the employment relationship.

6.         Performing certain corporate functions, such as legal compliance with federal, state, or local laws; exercising and defending legal claims; keeping accounting and tax records; company audits; sales and distribution of FICO products and services.

B.        Third Parties

FICO will not sell consumers’ personal information to third parties for their own marketing, advertising, or other purposes. FICO has not sold consumers’ personal information to such third party in the preceding 12 months.

C.        Affiliates and Subsidiaries 

FICO may disclose personal information, in electronic or other form, among FICO affiliates and subsidiaries for the purpose of implementing, administering, and managing your business relationship with FICO, provide the product or service you requested, to contact you in connection with product or service offerings, or for other legitimate business purposes.

D.        Regulators and Law Enforcement  

FICO may disclose personal information if necessary or appropriate to government agencies, advisors, and other third parties, in order to comply with applicable laws, or protect the rights or property of FICO and its affiliated companies, or its customers. FICO may disclose personal information to comply with civil, criminal, or regulatory inquiries, investigations, subpoenas, or summons by federal, state, or local authorities. FICO may disclose personal information in cooperation with law enforcement agencies concerning conduct or activity that FICO reasonably and in good faith believes may violate federal, state, or local law.

E.         Corporate Mergers and Acquisitions

If another company acquires or merges with FICO, or plans to acquire or merge with FICO, our company, business, or our assets, FICO will share personal information with that company, including at the negotiation stage.


5.         FICO Business Solutions That Process Personal Data                                                                                     

A.        Business Solutions.   FICO sells, licenses, hosts, and distributes software solutions, such as predictive models and analytics, which are built with depersonalized (anonymized or pseudonymised) data. FICO clients use the solutions for their business purposes. Some solutions are operational: these solutions assist a company in its resource planning, financial projections, and record-keeping, for example. Other solutions facilitate the processing of consumers’ personal data. Those solutions are designed to be used for:

1. New Customer Acquisition – to predict which consumers are likely to buy certain products or services; marketing solutions process personal data, which may include the age, gender, marital status, and buying patterns of financially and demographically similar consumers, to determine whether a company’s products and services match other consumers’ product preferences and their inclination and ability to purchase the products and services.

2. Credit and Insurance Eligibility – to predict which consumers and current customers are good candidates for financial, insurance, or retail services; credit risk solutions may process personal data, as permitted by law, from (i) an applicant’s credit application, (ii) an applicant’s past credit history (including loan, telecommunication, and rental payments), (iii) an applicant’s cash flow, and (iv) social media, to assess an applicant’s credit or insurance risk.

3. Financial Fraud Detection and Prevention – to verify the identity of an applicant for credit, and to prevent fraudulent financial transactions; some financial fraud solutions process personal data from a consumer’s application and the consumer’s past credit activity to verify the identity of the consumer requesting credit; other financial fraud solutions process personal data about a current customer’s past shopping and purchasing behavior, to protect the customer from unauthorized access to the customer’s accounts.

4. Healthcare Fraud Detection – to identify and prevent fraudulent or improper healthcare transactions; healthcare fraud solutions process personal data about individual health care claimants from the claimant’s healthcare provider’s claims records and the claim records of other health care providers, to identify fraudulent behaviors by the health care claimant.

5. Customer Management – to determine which customers would benefit from enhanced or additional services; customer management solutions may process personal data about a customer’s payment history, past purchases, and customer service interactions to match customer expectations with available services.

6. Debt Management – to determine whether debt counseling, debt settlement, debt collection, litigation, or other activity is appropriate for a credit grantor or debt buyer; debt collection solutions may process personal data from the data subject, credit bureaus, and other debt collectors, to assess the size and age of the consumer’s debt, the consumer’s past payment history, and the consumer’s current financial situation to find an appropriate response to a consumer’s credit delinquency.

B.        Automated Decisions, Including Profiling.   FICO predictive models can be used to make automated decisions, including profiling. In building and updating these models, FICO reviews the data sets used to address any prejudicial elements, and reviews the correlations indicated by the model to address any non-empirical or non-intuitive results. When FICO hosts the models, FICO audits the performance of its algorithms that drive these models, and regularly reviews the accuracy and relevance of the automated decision-making, including profiling, that results from the use of the models. FICO has strict procedures and measures designed to prevent errors, inaccuracies, or discrimination on the basis of special category data. The outcome of such measures is fed back into the system design.

Some FICO models utilize explainable artificial intelligence (AI) in model development and model operation. One component of AI, called machine learning, adapts through progressive learning algorithms to let the data do the programming. Machine learning finds structure and regularities in data so that the algorithms acquire the ability to classify data and predict outcomes. Machine learning algorithms are built with relevant variables called “features”, and the process of extracting features is called “feature engineering”. This technique of deriving features, which can be automated, is a way to inject expert knowledge into the process of building and deploying accurate machine learning models. Explainable AI inspects relationships among features that drive model outputs and the decisions based on these models. FICO observes the model output of all expert derived features, and the relationships predicted by the models, to prevent bias, ensure palatability, prevent overfitting, and avoid spurious correlation learned through historical data.


6.         Opting Out of Receiving Marketing and Other Financial Services Information: myFICO Email Recipients, myFICO Forums Registrants, and FICO Analytic Cloud Registrants

FICO and myFICO do not send information about FICO and myFICO products or other financial services information to their customers unless the customers have (i) signed up to receive myFICO emails; or (ii) registered as a myFICO Forums user; or (iii) registered as a FICO Analytic Cloud user; and, in each instance, given their express consent to receive such information.

If you are have given your express consent to receive information about FICO and myFICO products or other financial services information, you may receive that information via telephone, automated email messages, or direct mail. FICO may transfer to third party service providers, including business partners in joint marketing agreements, certain personal information for them to assist us in marketing FICO or myFICO products or providing other financial services information. You may update your preferences, or revoke your consent and unsubscribe at any time by clicking the unsubscribe link in the footer of all FICO email messages you receive from us, or by following the unsubscribe instructions at the Trust Center (effective January 1, 2020).

The status of a FICO or myFICO customer will not be affected if the customer declines to sign up to receive myFICO emails or declines to register as a myFICO Forum user. Also, the status of a myFICO customer will not be affected if the customer signs up to receive myFICO emails or registers as a myFICO Forums user, but declines to give consent, or gives and later revokes consent, to receive myFICO emails.

FICO’s email messages may contain web beacons and other features that tell us you received and were able to open the message. FICO does not honor electronic do-not-track signals sent by a consumer’s browser when the consumer visits FICO’s or myFICO’s websites or other mechanisms that would give the consumer an ability to exercise choice regarding the collection of personal information about the consumer’s online activities over time and across third party websites.


7.         Consumers’ Rights in the United States

A.        Right to Request Deletion of Your Personal Information

You have a limited right to request that FICO delete any personal information about the consumer that FICO has collected from the consumer. If applicable, upon receiving a verifiable consumer request,  FICO will delete the consumer’s personal information from its records and direct any service providers to delete the same from their records. However, FICO will decline to delete the consumer’s personal information if maintaining it is necessary in order to:

1.         Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of FICO’s ongoing business relationship with you, or otherwise perform a contract between FICO and you;

2.         Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;

3.         Debug to identify and repair errors that impair existing intended functionality;

4.         Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;

5.         Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;

6.         Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when FICO’s deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;

7.         To enable solely internal uses that are reasonably aligned with your expectations based on  your relationship with FICO;

8.         Comply with a legal obligation; or

9.         Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

B.        Right to Access Your Personal Information

You have the right to ask us to disclose the categories and specific pieces of personal information, including information reasonably capable of being associated with you or your household that we have collected about you within the previous 12 months and still retain. Upon receiving a verifiable request (authentication that is reasonable in light of the nature of the personal information requested) we will provide you this information in writing, free-of-charge, within 45 days of receipt of your request, or if reasonably necessary (upon notice to you), within 90 days. We will also disclose, if applicable:

  • The categories of sources from which the personal information was collected
  • The business or commercial purpose for collection the information
  • The categories of service providers with whom we shared the information

When you request access, FICO will not disclose to you:

  • Information lawfully made available from federal, state, or local government records
  • Information that is deidentified or aggregate consumer information
  • A consumer report about you we obtain from a credit bureau

For purposes of this Policy, we will not collect personal information that we would not otherwise collect in the ordinary course of our business, retain personal information for longer than we would otherwise retain such information in the ordinary course of our business, or reidentify or otherwise link information that is not maintained in a manner that would be considered personal information.

C.        Exercising Your Rights

1.         You may exercise your right to request deletion of your personal information at any time by contacting FICO through the online account you have with FICO.

2.         You may exercise your right to request access to your personal information at any time, but not more often than twice in a 12 month period. If you maintain an account with myFICO, or if you are a non-myFICO consumer who has an account with FICO online, you may contact us through your account, and we will provide the information in writing through your account.

3.         You may exercise your right to request access to your personal information if you have interacted with FICO online or offline and do not have an account with FICO. You may contact us at the Trust Center (effective January 1, 2020) or during business hours on Monday through Friday by calling FICO toll free at (to be provided after January 1, 2020), and we will provide the information by mail or electronically at your option, in a portable and readily useable format that allows you to transmit this information to another entity without hindrance.


8.         The General Data Protection Regulation (GDPR)                                                                

This section applies to individuals in the European Union and to individuals in other countries whose data privacy laws are similar to GDPR. In those jurisdictions, special conditions apply, and individuals have certain privacy rights:

  • Special Categories of Personal Data.  We will not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and we will not process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, without your explicit consent, or in accordance with the law.
  • Transfer of Personal Data to Another Country.  If we transfer your personal data to another country for processing, we will comply with the requirements of the General Data Protection Regulation, or the laws of the country from which the personal data is transferred, specifically: (1) FICO is certified under the Privacy Shield; and (2) FICO uses the standard data protection clauses, approved by the European Commission.  
  • Right of Access and Rectification.  You have the right to be informed of the purpose, means, and recipients of the processing of your personal data. You may access your personal data in our possession to amend or correct any errors, and you may request the source of the personal data and the transferees of the personal data. We will attempt to notify each third party who has received the personal data of the corrected information. You may object to our processing of your personal data, but we may decline if the personal data is necessary to complete the delivery of a FICO solution you have requested, or if we have a legitimate interest in the processing.
  • Right to Erasure.  You have the right to have your personal data erased from our systems if it is being processed unlawfully, or is no longer necessary in relation to the purposes for which it was collected or processed. At your request, if we made your personal data public (with your consent), we will take reasonable steps to inform controllers that you requested erasure of any links to, or copy of, that information.
  • Right to Data Portability.  You have the right to receive back the personal data you provided us, if we processed the information by automated means. You will receive the personal data in a structured, commonly used and machine-readable format. We will assist you in the transmission of the personal data to another company if it is reasonably technically feasible. 
  • Right to Object to Automated Decision-Making.  If your personal data is used to make a decision based solely on automated processing, including profiling, and that decision produces legal or significant effects concerning you, you have the right to object. We reserve the right to make such decision if the use of your personal data is necessary for entering into, or performance of, a contract between us. In that event, we will protect your rights and freedoms and legitimate interests, including the right to speak to a human to express your point of view and contest our decision.
  • Right to File a Complaint.  You have the right to file a complaint with us and with a supervisory authority. Contact us at the Trust Center (effective January 1, 2020).


9.         The EU-U.S. Privacy Shield Framework, including the United Kingdom, and the Swiss-US. Privacy Shield Framework  

FICO complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s) (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and  the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield.  FICO has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. FICO will disclose personal information to lawful requests by the Department of Commerce and other public authorities, including to meet national security or law enforcement requirements. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, visit

FICO’s certification means FICO has committed to the principles of the Privacy Shield:

1.         Notice. We will notify you about the purposes for which we collect and use personal data about you. This Policy explains the types of third parties to which we disclose the personal data; the choices and means you have for limiting its use and disclosure; and how you can contact us with any inquiries or complaints.

2.         Choice. We will not disclose your personal data to a third party for a purpose incompatible with the purpose for which it was originally collected, or subsequently authorized by you, without your consent. For sensitive information (“special categories of personal data”), we will get your explicit (opt in) consent if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by you. You may withdraw your consent at any time by contacting us as described in this Policy.

3.         Onward Transfer. If we transfer personal data to a third party that is acting as an agent, we will (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal data transferred in a manner consistent with the organization’s obligations under the Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.

4.         Security.  We will take reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

5.         Data Integrity and Purpose Limitation. We will collect and retain personal data that is relevant to the purposes of processing, and not in a way incompatible with the purposes for which it has been collected or subsequently authorized by you. We will take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current.

6.         Access. You will have access to personal data about yourself that we hold, and you may correct amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the privacy risks in question, or where the rights of persons other than you would be violated. For security reasons, FICO will take steps to authenticate your identity before providing you with access to personal data.

7.         Recourse, Enforcement and Liability.  FICO will maintain a mechanism to provide that your complaints or disputes are investigated and resolved, and damages awarded where applicable law so provides. FICO will remedy problems arising out of its failure to comply with the Principles.  If you believe FICO has violated its obligations to you under the Principles, you should first raise the claimed violation directly with us, and we will respond within 45 days of receiving a complaint. If we are unable to resolve your complaint, you should next raise the issue through your Data Protection Authority to the U.S. Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue, at no cost to you. Then, if such violation still remains fully or partially unremedied, you may contact JAMS, which is an international dispute resolution provider, at no cost to you. JAMS may be reached by Internet at, phone 800.352.5267, or mail to JAMS, 620 8th Avenue, 34th Floor, New York, New York 10018. If you are contacting JAMS to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about JAMS or the operation of JAMS’ dispute resolution process, contact Patrick Mullarkey, JAMS Global Practice Development Manager,, 212.607.2771. The JAMS dispute resolution process shall be conducted in English. For complaints and disputes over human resources data, FICO has agreed to cooperate with Data Protection Authorities. You may, under certain conditions, invoke binding arbitration.


10.       Personal Data Security and Confidentiality

FICO has industry standard physical safeguards, such as secure areas in buildings; electronic safeguards, such as passwords and encryption; and procedural safeguards, such as customer authentication procedures designed to prevent ID theft. We restrict access to your personal data to only those employees who need to know that information to provide products or services to you. We carefully select and monitor outside service providers, such as mail vendors, who have access to personal data, and we require them to keep it safe and secure. We do not allow them to use or share personal data for any purpose other than the job they are hired to do. We train our employees on these security procedures, and we conduct regular audits designed to check on compliance with the procedures.


11.       Contacting FICO and myFICO

If you have a question about FICO’s or myFICO’s privacy practices, or want to submit a complaint, you may contact us at the FICO Trust Center (effective January 1, 2020). Members of FICO’s Privacy Team include:

United States
Vickie Miller, Data Protection Officer
3661 Valley Centre Drive, Suite 500
San Diego, CA 92130 USA
(858) 369-8101
Email Address:

European Union
Simon Elsom, Vice President Legal
Cottons Centre 5th Floor
Hays Lane
London SE1 2 QP
United Kingdom
Email Address:

Alexander Bugl
Bugl & Kollegen GmbH 
Sedanstraße 7  
93055 Regensburg
Mobil.   +49 151-1862 2310
Tel.         +49 941-630 49 789


12.       Revisions to the FICO Data Privacy Policy

If FICO changes this Policy, we will post the changes here. This Policy is effective as of January 1, 2020.