CCPA FAQs
General information
What is CCPA?
The California Consumer Privacy Act of 2018 (CCPA) is a new law that changes and raises the bar for the collection and processing of personal information (PI) of California consumers. CCPA went into effect on January 1, 2020.
What does CCPA require JPMorgan Chase to do?
CCPA requires JPMorgan Chase to create a way for eligible California residents to exercise their rights under the law, and to fulfill those consumer privacy rights regarding their personal info. These rights include:
- Right to notice: the right to be informed about collection, disclosure, and sale of their personal info, including: the personal info collected; the categories of personal info disclosed or sold; the categories of sources of personal info and categories of third parties to whom that info is sold or disclosed; the purpose of collecting or selling personal info; and a description of the consumer’s rights.
- Right to access: the right to request the specific pieces of personal info JPMorgan Chase has collected about them; the categories of personal info we collected; the sources used to collect the personal info; the business or commercial purposes for collecting that info; and the categories of third parties with whom we share their personal info.
- Right to data portability: the right to obtain copies of their personal information in a readily usable format that'll allow them to transmit the information from one entity to another.
- Right to delete: the right to request that JPMorgan Chase delete the personal info that we collected from them.
- Right to Equal Service and Price: the right not to be discriminated against for exercising any of these rights.
Please review the California Consumer Privacy Act (CCPA) Disclosure for additional details.
Am I covered by CCPA?
You're covered by CCPA if you're a California resident and aren't excluded based on your existing relationship with us.
I’m a representative of a business that has a relationship with JPMorgan Chase. Can I exercise rights under the CCPA?
Yes, but personal information related to your business relationship is considered exempt from the CCPA and won't be included your CCPA response.
I’m a current or former JPMorgan Chase customer. Can I exercise rights under the CCPA?
Customers include individuals with current retail relationships with us as well as those who applied for, but were denied or otherwise didn't get, financial products or services offered by JPMorgan Chase. Personal info collected, processed, or disclosed in connection with our retail customer relationships is exempt from the CCPA. JPMorgan Chase isn't processing requests from current or former customers. Additionally, your personal information is regulated by other state and federal laws. If you're a current customer, you can access much of the personal information we have about you by signing into your account online.
Can I still send a request if I’m not a customer?
If you're a California resident you can send us a CCPA request. The CCPA doesn't require you to be a JPMorgan Chase customer to make a request.
I'm not in California but I do have a residence there. Can I still request what personal information you have about me?
Yes, you can send in a request if you use your California address when completing your CCPA request. Keep in mind that if this isn't an address you regularly use, it may be harder for us to verify your identity or match personal info we have about you with your request.
Submitting your CCPA request
How do I send in a CCPA request?
Go to chase.com/ccparequest or jpmorgan.com/ccparequest to send in a CCPA request online, or call us at 1-800-573-7138. You can call the CCPA privacy call center toll free number 1-800-573-7138 between 7 AM – 1 AM ET.
What information is needed from me to send a CCPA request?
We need to verify your identity to protect your personal information, as well as that of others. When we verify who you're, we're ensuring that the person making the request is authorized to do so. You'll need to tell us your name, address, phone number, email, date of birth and the last 4 digits of your Social Security number.
What happens after I send in a CCPA request?
Once we have your completed request, you'll be given a reference number as confirmation that your request was received. We'll send you a response within 45 days.
Can I send a request on behalf of someone else (spouse, mother, father, etc.)?
You can if you complete a limited CCPA power of attorney form. A link to this document is included on the website within the CCPA request process, or you can download it by choosing the link below. Please make sure that the name you use when completing the power of attorney (POA) form exactly matches the name you use on the CCPA request that you send in.
Although you may already have a POA (Power of Attorney) form on file with JPMorgan Chase, this POA is specific to CCPA and involves rights to your personal information. This document helps us ensure your info is properly secured and protected and is required to submit an on behalf of request.
Download CCPA Power of Attorney form
Will I receive confirmation that I’ve submitted a CCPA request?
Yes, you’ll receive a confirmation with a CCPA reference number once you send in your request. If you sent your CCPA request online, you’ll see your reference number once you choose “Send request.” If you sent your CCPA request over the phone, we’ll give you your reference number at the end of your call. Your reference number will also be included with your CCPA response.
What personal info of mine will you keep as a result of my CCPA request?
We'll maintain your name, address, email and phone number for 13 months as evidence that we received your request and acted on it.
Receiving your CCPA response
How long does it take to receive my CCPA response?
You can expect to hear from us within 45 days after you submitted your initial request. We hope it’s rare, but in some instances the first response you get from us may be a notification that your response is delayed for up to an additional 45 days.
How do I receive my CCPA Response?
You'll get your CCPA response either electronically or by U.S. mail, whichever you chose when you sent in your request.
If you choose digital delivery and you don't have an existing digital profile with JPMorgan Chase, you'll need to create a CCPA privacy profile. The CCPA privacy profile is a secure option available to users who don't bank with JPMorgan Chase, but who still want to receive their CCPA response electronically. With a CCPA privacy profile, you can easily send in future or follow-up requests and receive your responses by a secure and trusted method. Creating a profile won't create an account with us. After requesting a CCPA privacy profile, you'll receive instructions on how to create your username and password. These instructions will expire after 60 days. Please complete your CCPA privacy profile as soon as you receive your instructions.
I selected electronic delivery. How do I access my CCPA Response?
To access your response digitally, do the following:
- Click the links directly in your CCPA response notification e-mail or visit chase.com/ccparequest or jpmorgan.com/ccparequest. and choose “Manage My Request”
- You'll be asked to verify yourself. Please choose the sign-in method that applies to you: “I have an online profile with JPMorgan Chase” or “I created a privacy profile”
- Once you’ve signed in, choose “See the response to my CCPA request.” This will take you to your CCPA response. You'll have the ability to download your response documents and save to your personal device.
I didn’t get what I expected in my CCPA response. Can I make another request?
If you received your response to a request and you don't believe that it's complete, you can send a follow-up request online at chase.com/ccparequest or jpmorgan.com/ccparequest. You should include in that follow-up request the reasons why you believe the response was incomplete. Keep in mind that we only retain consumer info for a certain period of time, so we may no longer have your information at the time you request it.
Why was my CCPA request declined?
Our response to your request should tell you why your request was denied.
There are several reasons why your request could have been declined, including the following:
- If you aren't a California resident, you aren't covered by CCPA.
- If you're an existing JPMorgan Chase customer, you already have access to your personal info. You can sign in to your online profile and get information that way. You also get annual privacy notices with details about the personal info we collect.
- If we previously collected data but we no longer have your information at the time of your request.
If you disagree with the denial reason stated in your response, you can send a follow-up request online at chase.com/ccparequest or jpmorgan.com/ccparequest and explain why you disagree. Keep in mind that we only retain consumer info for a certain period of time, so we may no longer have your information at the time you request it.
I don't understand the response to my CCPA request. How can I ask questions?
You can send in a follow-up request to clarify questions from your original request. Please review this complete list of FAQs to see if they can answer any of your questions.
I sent in a request to access my info, now I'd like to request to delete it. How do I do that?
You can send in another request and ask that your info be deleted.
I’d like to delete my personal information. Will I receive a copy of the personal information that'll be deleted?
If you’d like to know what personal info may be deleted as a result of your CCPA deletion request, you must first submit an access request to obtain a copy of personal information we have collected and maintain about you.
My CCPA response stated that you were unable to verify my identity. What does that mean?
We may not have been able to verify your identity for several reasons: The info you provided for verification didn't match what we have on file, or we didn't have enough info on you in our files to make a match.
Protecting your data
How does JPMorgan Chase keep my information safe?
We use reasonable physical, electronic, and procedural safeguards that comply with federal standards to protect and limit access to your personal information. This includes device safeguards and secured files and buildings. For more details about how we protect your personal information go to:
chase.com/privacy
jpmorgan.com/privacy
Please note that information you send to us electronically may not be secure when it's transmitted to us. We recommend that you don't use unsecure channels to communicate sensitive or confidential info (such as your Social Security number) to us.
Where are your privacy policies?
Your privacy is important to us and we take our responsibility to protect the privacy and confidentiality of your information, including personal information, very seriously. To learn more about our privacy practices please go to:
chase.com/privacy
jpmorgan.com/privacy
We follow a clear set of guidelines each time we talk with you about your accounts or share your information with others. Our online privacy policies explain how we collect, share, use, and protect information when you go to or use our online services. Other privacy principles or policies could apply depending on how you interact with us, the financial products or services you have with us, or the jurisdiction in which we are doing business with you.
To access CCPA related FAQs please go to chase.com/ccpafaqs or jpmorgan.com/ccpafaqs.
What does JPMorgan Chase do with my personal info?
We use your personal info to verify your identity, and to respond to a request you've made. We also may use it to offer our products and services to you. If we collect your personal info through our website or mobile services, we may use that info to perform analytics concerning your use of our online services, or to provide you with tailored content and marketing messages. We may also need to use your personal info to comply with our legal requirements, industry standards, or contractual obligations. You can find a full description of our privacy policy at chase.com/privacy or jpmorgan.com/privacy.
