United States

Sign In

Support

Search

Close

HomeLegal

CCPA and other State Privacy Laws

CCPA and other State Privacy Laws

Privacy Notice

Last Updated:  September 2, 2025

Certain states have enacted comprehensive privacy laws (“State Privacy Laws”). As of the date this Privacy Notice (“Notice”) was last updated, these states include California (California Consumer Privacy Act), Colorado (Colorado Privacy Act), Connecticut (Connecticut Data Privacy Act), Delaware (Delaware Personal Data Privacy Act), Indiana (Indiana Consumer Data Protection, effective Jan. 1, 2026), Iowa (Iowa Consumer Data Protection Act), Kentucky(Kentucky Consumer Data Protection, effective Jan. 1, 2026), Maryland (Maryland Online Data Privacy Act, effective Oct. 1, 2025), Minnesota (Minnesota Consumer Data Privacy), Montana (Montana Consumer Data Privacy Act), Nebraska (Nebraska Data Privacy Act), New Hampshire (New Hampshire Data Privacy Act), New Jersey(New Jersey Data Protection Act), Oregon (Oregon Consumer Privacy Act), Rhode Island (Rhode Island Data Transparency and Privacy Protection Act, effective Jan. 1, 2026), Tennessee (Tennessee Information Protection Act), Texas (Texas Data Privacy and Security Act), Utah (Utah Consumer Privacy Act), and Virginia(Virginia Consumer Data Protection Act). This Notice supplements, for residents of such states with State Privacy Laws, the general privacy policies of CoreLogic, Inc. d/b/a Cotality (together with its relevant  subsidiaries, associates, and affiliated companies, “Cotality,”“us,” “we,” or the “Company”) including, without limitation, our Privacy Policy, and any other privacy policies, notices or statements on a “Service” (e.g., website, mobile app, or any other digital asset) that is owned and operated by the Company.  This Notice provides information regarding our data practices, including our collection, use, disclosure, and sale of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (collectively, “Personal Information”). For those State Privacy Laws that utilize the term “Personal Data” instead of “Personal Information,” the term “Personal Information” shall refer to “Personal Data.”

Please note:

If you are not a resident of a state with a State Privacy Law, the rights described in this Notice do not apply to you. Even if you are a resident of a state with a State Privacy Law,, the rights described in this Notice may not apply to you as a result of certain exemptions in the State Privacy Laws, including those for publicly available data and data subject to certain other privacy laws, such as the Gramm-Leach-Bliley Act and Fair Credit Reporting Act (as described in more detail below).

The rights described in this Notice will apply to you under the California Consumer Privacy Act(“CCPA”) only if you are currently a California resident and you are:

  • As of January 1, 2022, a current or former job applicant, employee, or contractor of Cotality (“HR Data Subject”). If you are an HR Data Subject, you may make a make an HR Data Subject CCPA request by visiting our online HR Data Subject Request Form or by calling our toll-free telephone number.  

OR

  • As of January  1, 2022, a current or former employee, owner director, officer, or  independent contractor of a company, partnership sole proprietorship, non-profit, or government agency in connection with business-to-business (“B2B”) communications with Cotality, including if you have visited our  website (“B2B Data Subject”).  If you are a B2B Data Subject, you may make a make a B2B Data Subject CCPA request by visiting our online B2B Data Subject Request Form, or by calling our toll-free telephone number.

Please note that although you will get a timely response using the toll-free telephone number, you will likely get a faster response using our online form.

Why We Collect and Use Your Personal Information.


We collect and use your personal information for the following purposes:

  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;
  • Helping to ensure security and integrity and prevent fraud;
  • Debugging to identify and repair errors that impair functionality;
  • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us;
  • Performing services including  maintaining or servicing accounts, providing customer service, processing  or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, and providing analytic services;
  • Providing advertising and marketing services, which may include cross-context behavioral advertising, to you;
  • Undertaking internal research for technological development and demonstration;
  • Undertaking activities to verify, maintain, or improve the quality or safety of our products or services;
  • To comply with our legal and regulatory obligations;
  • For the performance of our contract with you or to take steps at your request before entering into a contract

 

1. Privacy Laws exemptions

We are a leading global property information, analytics and data-enabled software platforms and services provider. We provide B2B products and services and do not offer products or services directly to consumers. Except for HR Data Subjects and B2BData Subjects (with respect to the CCPA), and except for marketing activities described below (of which you may opt out), when we do collect and process Personal Information from or about consumers, we have determined it is in one of the following contexts that are exemptions under the State Privacy Laws:

Data that is processed in our capacity as a service provider. When we process consumer Personal Information as a service provider or processor for another business, that business, not us, is the owner and controller of the Personal Information and responsible for any State Privacy Law requests related to that data. If you want to inquire about Personal Information we process for our clients as their service provider, you should contact those entities directly. Due to confidentiality considerations, we do not disclose or confirm the identity of our clients or what data we process for them.

Data that is regulated and protected by other laws. The State Privacy Laws recognize that other privacy laws already exist to protect certain types of Personal Information under certain circumstances. We are subject to and comply with several of these laws, including the federal Fair Credit Reporting Act (FCRA)and the federal Gramm-Leach-Bliley Act (GLBA). The State Privacy Laws exempt Personal Information that is already regulated and protected by those laws, and we apply our obligations under those laws to that data.

Data that is publicly available. The State Privacy Laws exempt Personal Information that is “publicly available,” which means information that is lawfully made available from federal, state, or local government records, or information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer or from widely distributed media, or by the consumer; or information made available by a person to whom the consumer has disclosed the information if the consumer has not restricted the information to a specific audience.

Data that is deidentified and/or aggregated. The State Privacy Laws do not consider deidentified and/or aggregated data to be Personal Information. “Aggregated” data is information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device. “Deidentified” data is information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer. We commit to maintain and use the information in deidentified form and not to attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether our deidentification processes are effective.

2. Notice of data practices

The description of our data practices in this Notice covers only the twelve (12) months prior to the Effective Date and will be updated at least annually. Our data practices may differ between updates; however, if materially different from this Notice, we will provide pre-collection notice of the current practices, which may include references to other privacy policies, notices or statements posted or referenced on the Service that reflect current practices.

a) Personal information collection and retention

In the last 12 months, we collected and retained Personal Information about Consumers as follows:

Category of Personal Information

Examples of Personal Information Collected and Retained

Maximum Retention Period

1. Identifiers

Real name, alias, postal address, unique personal identifiers, online identifier, Internet Protocol address, email address, and account name.

Period of engagement / relationship with Cotality:  as long as it is reasonably necessary for the purposes outlined in this Notice.

2. Personal Records

Name, signature, description, address, telephone number, and financial information (e.g., payment card information). Some Personal Information included in this category may overlap with other categories.

Period of engagement / relationship with Cotality: as long as it is reasonably necessary for the purposes outlined in this Notice.

3. Personal Characteristics or Traits

In some circumstances, we may collect Personal Information that is considered protected under U.S. law, such as age, gender, nationality, race or information related to medical conditions. This is typically associated with HR purposes.

Period of engagement / relationship with Cotality: as long as it is reasonably necessary for the purposes outlined in this Notice.

4. Customer Account Details/Commercial Information

Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Period of engagement / relationship with Cotality:  as long as it is reasonably necessary for the purposes outlined in this Notice.

5. Biometric Information

Physiological and biological characteristics, which can be used to establish individual identity, including but not limited to fingerprints. Only for HR benefits purposes.

Period of engagement / relationship with Cotality: as long as it is reasonably necessary for the purposes outlined in this Notice.

6. Internet Usage Information

When you browse our Services or otherwise interact with us online, by telephone, or email, we may collect browsing history, search history, and other information regarding your interaction with our Services or other sites, applications, or advertisements, including personal information collected through our webinars and event registrations/attendance, and email and SMS interactions.

Period of engagement / relationship with Cotality: as long as it is reasonably necessary for the purposes outlined in this Notice.

7. Geolocation Data

If you interact with us online we may gain access to the approximate location of the device or equipment you are using.

Period of engagement / relationship with Cotality:  as long as it is reasonably necessary for the purposes outlined in this Notice.

8. Sensory Data

We may collect audio, electronic, or similar information when you contact us through our customer service line.

Period of engagement / relationship with Cotality: as long as it is reasonably necessary for the purposes outlined in this Notice.

9. Professional or Employment Information

Professional, educational, or employment-related information.

Period of engagement / relationship with Cotality: as long as it is reasonably necessary for the purposes outlined in this Notice.

10.Non-public Education Records

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Period of engagement / relationship with Cotality: as long as it is reasonably necessary for the purposes outlined in this Notice.

11. Inferences from Personal Information Collected

We may draw inferences from other information we collect about you.

Period of engagement / relationship with Cotality: as long as it is reasonably necessary for the purposes outlined in this Notice.

12. Sensitive Personal Information

This may include Personal Information that reveals:

  • Social security, driver’s license, state identification card, or passport number
  • Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
  • Racial or ethnic origin
  • The contents of email and text messages
  • Health information
  • Sex life or sexual orientation information

Period of engagement / relationship with Cotality: as long as it is reasonably necessary for the purposes outlined in this Notice.

We will keep your Personal Information while you have an account with us or while we are providing products and/or services to you. Thereafter, we will keep your personal information for as long as is necessary:

  • To respond to any questions, complaints or claims made by you or on your behalf;
  • To show that we treated you fairly; or
  • To keep records required by law

b) Sources of personal information

We collect Personal Information from visitors of our website as set forth in Section 2 of our Privacy Policy or through marketing activities such as, but not limited to, events or conferences when you indicate you want to be contacted about our products or services.  Additionally, we may purchase customer lists containing business contact information, which may be considered Personal Information under certain State Privacy Laws.

We collect Personal Information from HR Data Subjects in connection with their application for employment/engagement and actual employment/engagement with Cotality.

We collect Personal Information from B2B Data Subjects in connection with their business and/or website interaction with Cotality.  

c) Use of personal information

Information regarding how we use Personal Information obtained from our website or through marketing activities can be found in Section 2 of our Privacy Policy.  Personal Information obtained from customer lists is used for marketing purposes.

Personal Information from HR Data Subjects is used solely in connection with HR purposes.

Personal Information obtained from B2B Data Subjects is used for the purposes of the business transaction(s) with Cotality and may be further used for marketing purposes.

d)   Personal information disclosure practices

In the past 12 months, we have sold or shared the following categories of personal information with the following categories of third parties for cross-contextual behavior advertising:

Categories of Third Parties and Purposes of Sale/Sharing Categories of Personal Information
  • Advertising Networks
  • Marketing Partners
  • Merchant Partners
  • Social Networks
for e.g., joint marketing, targeted advertising, etc.
  • Identifiers such as alias, unique personal identifier, online identifier
  • Demographics such as name, title, phone number, business email address, home address, personal email address, industry, and company
  • Commercial information such as purchase or transaction history
  • Internet or other electronic network activity information such as browsing history, search history
  • Inferences such as visitors’ occupation (i.e. realtor)

  • "Cross-context behavioral advertising" means advertising that is targeted to you based on personal information obtained from your activity across businesses, distinctly branded internet websites, applications, or services.
  • You have the right under the CCPA and certain other State Privacy Laws, as applicable, to opt-out of the sale or sharing of your personal information for purposes of cross-contextual behavioral advertising or targeted advertising.
  • We do not knowingly sell or share the personal information of consumers under 16 years of age.

To opt-out of the sale or sharing of your personal information, you may:

  • Click on “Do Not Sell or Share My Personal Information link”;
  • Use an opt-out preference signal, such as the Global Privacy Control https://globalprivacycontrol.org/. You will need to turn it on for each supported browser or device you use. If you are logged into your account, your preference will be associated with your account regardless of which device or browser you use. If you are not logged into your account, your request will only be associated with that one browser and device;
  • Contact us toll-free at 1-800-634-4149;
  • Send an email to privacy@cotality.com and provide us with your name, company name, and email; or
  • Completing the HR Data Subject Request form or B2B Data Subject Request form. Please be aware that we do not accept or process requests through other means (for example, via fax, chats, social media, etc.).

During the last 12 months, for the purposes explained in our Privacy Policy, we disclosed such Personal Information to our vendors, other members of our corporate group, government entities (when we are under a duty to disclose or as required to protect our rights or the rights of others), and other parties as more fully set forth below:

Category of Personal Information

Categories of Recipients

1.  Identifiers

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

2.    Personal Records

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

3.    Personal Characteristics or Traits

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

4.    Customer Account Details / Commercial Information

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

5.    Biometric Information

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

6.    Internet Usage Information

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

7.    Geolocation Data

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

8.    Sensory Data

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

9.    Professional or Employment Information

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

10.  Non-public Education Records

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

11.  Inferences from Personal Information Collected

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

12.  Sensitive Personal Information

  • Vendors (e.g., data analytics providers, payment processors, and marketing services providers; HR service providers).
  • Other members of our corporate group.
  • Governmental entities (making requests pursuant to legal or regulatory process).

3. Your Consumer Privacy Rights and How to Exercise Them

As discussed above, the data included in our products and services are not subject to the State Privacy Laws as a result of certain exemptions found in the State Privacy Laws. Therefore, consumers (other than HR Data Subjects and B2B Data Subjects with respect to CCPA) will not be able to exercise rights granted under the State Privacy Laws.

As described more below, subject to our being able to verify your identity (discussed below), you may exercise the privacy rights described in this section.

a) Right to know/access

You are entitled to access the Personal Information that we maintain about you up to twice in a 12-month period, free of charge.      

(1)   Categories

You have a right to submit a request for any of the following for the 12-month period preceding the request date:

  • The categories of Personal Information we have collected about you;
  • The categories of sources from which we collected your Personal Information;
  • The purposes for our collecting your Personal Information; and
  • A list of the categories of Personal Information disclosed to third parties and, for each, the categories of recipients.

(2)   Specific personal information

You may request to confirm if we are processing your Personal Information and, if we are, to obtain a transportable copy, subject to applicable request limits, of your Personal Information that we have collected and are maintaining.  Before providing you with the specific Personal Information that we maintain about you, we will apply the heightened verification standards described in the How to Exercise Your Consumer Privacy Rights section below.  

(b)   Right to delete

Subject to certain exceptions, you may request that we delete your Personal Information.  

(c)   Correct your personal information

You may request that we correct any inaccuracies you find in the Personal Information that we maintain about you.

(d)   Right to opt-out of sale or sharing

You may request that we stop selling or sharing your personal information (“opt-out”), including via a user-enabled global privacy control.

(e) Right to limit use and disclosure of sensitive personal information

With regard to Personal Information that qualifies as “Sensitive Personal Information” under the CCPA, as of January 1, 2023, if you elect to provide us with Sensitive Personal Information you may limit the purposes for which we may process it to the following:

  • To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
  • To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information.
  • To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions.
  • To ensure the physical safety of natural persons.
  • For short-term, transient use, including, but not limited to, non personalized advertising shown as part of a consumer’s current interaction with us.
  • To perform services on behalf of our business, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of our business.
  • To verify or maintain the quality or safety of a service or device that we own, manufacture or control, and to improve, upgrade, or enhance a service or device we own, manufactured or control.

(f) Right to opt-out of automated decision-making technologies

(g) Right to not receive discriminatory treatment

(h) How to exercise your consumer privacy rights

To submit a request to exercise your privacy rights as an HR Data Subject or B2B Data Subject under CCPA, or to submit a request as an authorized agent, please follow the instructions at our HR Data Subject Request or B2B Data Subject Request, or call us at 1-800-634-4149 and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (for example, via fax, chats, social media, etc.).

(1)   We must verify your identity

When you submit a request, we may ask you to provide verifying information, such as your name, email, phone number and/or mailing address. We will review the information provided and may request additional information via email or other means to ensure we are interacting with the correct individual. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected Personal Information.  We do not verify requests to limit the processing of sensitive Personal Information unless we suspect fraud.

We will use Personal Information provided in your request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

We verify each request as follows:

  • Right to Know (Categories of Personal Information): We will verify your request by matching at least two data points you provide with data points we maintain, which we have determined to be reliable for the purpose of verifying you.  
  • Right to Know (Specific Personal Information):  We will verify your request by matching at least three data points you provide with data points we maintain, which we have determined to be reliable for the purpose of verifying you, together with a signed declaration under penalty of perjury that you are the Consumer whose Personal Information is the subject of the request. If you fail to provide the data points we will be unable to verify you sufficiently to honor your request, but we will then treat it as a request for disclosure of the categories of Personal Information we maintain about you.
  • Request to Limit the Processing of Sensitive Personal Information: No specific verification required unless we suspect fraud.
  • Right to opt-out of sale or sharing: No specific verification required unless we suspect fraud.
  • Right to Delete:  We will verify your request by matching at least two or three data points you provide with data points we maintain, depending on the sensitivity of the Personal Information and the risk of harm posed by unauthorized deletion.
  • Right to Correction:  We will verify your request by matching at least two or three data points you provide with data points we maintain, depending on the sensitivity of the Personal Information and the risk of harm posed by unauthorized correction.

If you fail to provide the data points specified above, we will be unable to verify you sufficiently to honor your request.

(2)   Agent requests

You may use an authorized agent to exercise your rights on your behalf.  Authorized agents may demonstrate that the agent has authority to exercise rights on the behalf of the requesting HR Data Subject or B2B Data Subject under CCPA by any of the methods specified in Section 3(e) of this Notice.  Thereafter, we will require evidence of the agent’s identity (via submission of a driver’s license or other government-issued identification), and at least one of the following evidencing proof of your legal authority to act on the behalf of the individual who is the subject of this request:

  • Written authorization signed by the individual; or
  • Certified copy of a Power of Attorney granted under the California Probate Code.

Whenever you interact with us on behalf of another individual or entity, such as by providing or accessing Personal Information about another individual, you represent that your interactions and exchanges comply with applicable data privacy laws. You shall have sole responsibility for any violation of applicable laws as a result of a failure to obtain any necessary consent from such individual.

(i) Our responses

Some Personal Information that we maintain is insufficiently specific for us to be able to associate it with a Consumer (e.g., clickstream data tied only to a pseudonymous browser ID).  We do not include such Personal Information in response to requests.  If we cannot comply with a request, we will explain the reasons in our response.  

We will not charge a fee to respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome.  If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision.  

Consistent with our interest in the security of your Personal Information, we will not deliver to you your Social Security number, driver’s license number, or other government-issued ID number, financial account number, any health or medical identification number, an account password, security questions or answers, or unique biometric information generated from measurements or technical analysis of human characteristics in response to a privacy rights request.

4. Non-discrimination

We will not discriminate against you in a manner prohibited by the State Privacy Laws for your exercise of your privacy rights.

5. Our rights and the rights of others

Notwithstanding anything to the contrary, we may collect, use and disclose your Personal Information as required or permitted by applicable law and this may override your rights under U.S. Privacy Laws. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

6. Contact us

If you have any questions, comments, concerns, or complaints about our privacy practices, please contact us by email at privacy@cotality.com.