CCPA Privacy Policy

Effective: January 1, 2020

Last Updated: January 9, 2026

INTRODUCTION

We (subsidiaries of Enova International, Inc., operating under the CashNetUSA brand) respect the privacy of your information. This California Consumer Privacy Act (“CCPA”) Privacy Policy is designed to assist California residents in understanding how we collect, use, disclose, share, and retain their personal information both online and offline.

SCOPE AND APPLICATION OF THIS CCPA PRIVACY POLICY

This CCPA Privacy Policy contains information about our privacy practices that is useful to all of our customers regardless of location. However, the CCPA only applies to California residents. Therefore, the rights described herein only apply to California residents.

If you have a consumer financial product or service with us, we will use and share any information that we collect from or about you in accordance with our U.S. Consumer Privacy Notice, which offers you certain choices with respect to the use and sharing of your personal information.

If you are a California resident and a current or former employee, job applicant, or independent contractor of ours, please see our privacy notice available here for more information on our collection and use of your personal information in that capacity.

NOTICE AT COLLECTION OF PERSONAL INFORMATION

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this CCPA Privacy Policy we will refer to this information as “Personal Information.”

Personal Information Collected

As of June 28, 2022, we no longer offer loans to California residents; however, we continue to service loans that we previously provided to California residents. In the 12 months prior to the Last Updated Date of this CCPA Privacy Policy, we collected the following categories of Personal Information:

• Identifiers (name, alias, postal address, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, other similar identifiers)
• Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology)
• Other type of state identification card number
• Physical characteristics or description (only if we request your driver’s license for identity verification purposes)
• Debit card number
• Telephone number
• Signature
• Bank account number
• Other financial information
• Internet or other electronic network activity information (browsing history; search history; and information regarding consumer’s interaction with website, application or advertisement)
• Geolocation data
• Commercial information (records of products or services purchased, obtained or considered or other purchasing or consuming histories or tendencies)
• Professional or employment-related information (including employment history)
• Characteristics of protected classifications under California or federal law (gender, age (40 and older), disability, citizenship status, military status)
• Audio, electronic, visual, or similar information
• Inferences drawn from above information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, behavior, and abilities

Cookies and Other Tracking Technologies

Like many other companies, we use cookies and other tracking technologies (such as pixels and web beacons) (collectively, “Cookies”). Cookies are small files of information that are stored by your web browser software on your computer hard drive, mobile or other devices (e.g., smartphones or tablets). We use Cookies to: (1) estimate audience size and usage patterns; (2) understand and save your preferences for future visits, allowing us to customize our website and services to your individual needs; (3) advertise new content and services that relate to your interests; (4) keep track of advertisements and search engine results; (5) compile aggregate data about site traffic and site interactions to resolve issues and offer better site experiences and tools in the future; and (6) recognize when you return to the website.

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses Cookies to help us analyze how users interact with the website and services, compile reports on their activity, and provide other services related to their activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor, and any referring website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click here.

Google reCAPTCHA

We use Google reCAPTCHA, a free service provided by Google, Inc., to protect our website from spam and abuse. Google reCAPTCHA uses advanced risk analysis techniques to decipher humans and bots. Google reCAPTCHA works differently depending on what version is deployed. For example, you may be asked to check a box indicating that you are not a robot or Google reCAPTCHA may detect abusive traffic without user interaction. Google reCAPTCHA works by transmitting certain types of information to Google, such as the referrer URL, IP address, visitor behavior, operating system information, browser and length of the visit, cookies, and mouse movements. Your use of Google reCAPTCHA is subject to Google’s Privacy Policy and Terms of Service. More information as to Google reCAPTCHA and how it works is available here.

Hotjar

We use Hotjar to better understand our users’ needs and to optimize the service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g., how much time they spend on which pages, which links they choose to click, what users do and do not like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For more information, please view Hotjar’s privacy page by clicking here.

LiveRamp Authenticated Traffic Solution

When you use our website, we share information that we collect from you, such as your email (in hashed form), IP address, or information about your browser or operating system, with our identity partners/service providers. These partners return an online identification code that we may store in our first-party cookie for our use in online, in-app, and cross-channel advertising and it may be shared with service providers to enable interest-based and targeted advertising. To opt out of this use, please click here.

We may use Cookies and similar technologies third-party vendors provide to collect information on user behavior (e.g., screens and pages visited, buttons and links clicked, limited information entered, and user taps and mouse movements). This information enables us to monitor and improve the user experience.

Please see our Terms of Use for additional information about our use of Cookies.

How You Can Opt Out of Cookies

You can block Cookies by changing your Internet browser settings to refuse all or some Cookies. If you choose to block all Cookies (including essential Cookies) you may not be able to access all or parts of the website. You can find out more about Cookies and how to manage them by visiting www.AboutCookies.org or www.allaboutcookies.org.

You can also opt out of Cookies set by specific entities by following the instructions found at these links:

You can understand which entities have currently enabled Cookies for your browser or mobile device and how to opt out of some of those Cookies by accessing the Network Advertising Initiative’s website or the Digital Advertising Alliance’s website. For more information on mobile specific opt-out choices, visit the Network Advertising Initiative’s website or the Digital Advertising Alliance’s website. For more information on mobile specific opt-out choices, visit the Network Advertising Initiative’s Mobile Choices website.

Please note these opt-out mechanisms are specific to the device or browser on which they are exercised. Therefore, you will need to opt out on every browser and device that you use.

Opt Out Preference Signals

The website recognizes the Global Privacy Control (“GPC”) signal. If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, we will treat that as a valid request to opt-out and this will be indicated by the “Do Not Sell of Share My Personal Information” button switched on and the “Targeted Advertising” button switched off when clicking on the Cookie Preferences link at the bottom of the website. You can manually indicate your preferences via the Cookie Preferences button linked at the bottom of the website. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

Sources of Personal Information

We collect Personal Information directly from California residents and credit reporting agencies, third-party data providers, marketing partners, advertising partners, web browsers, internet service providers, government entities, operating systems and platforms, and data brokers. We do not collect all categories of Personal Information from each source. In addition, because we no longer offer loans to California residents, we do not actively collect Personal Information from all of these sources but have done so in the past. California customers can still log into their accounts with us in which case we will collect information such as their Internet Protocol address.

Business and Commercial Purposes for Collection

We collected the above categories of Personal Information for the following business or commercial purposes:

• Auditing related to counting ad impressions to unique visitors
• Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes
• Debugging to identify and repair errors that impair existing intended functionality
• Short-term, transient use
• Performing services or offering products on our behalf or for our partners, such as processing credit applications and servicing credit products
• Undertaking internal research for technological development
• Undertaking activities to verify or maintain the quality or safety of our products and services
• Advancing our commercial or economic interests

Sales and Sharing of Personal Information

The CCPA defines “sale” as the transfer of Personal Information for monetary or other valuable consideration. Although we do not “sell” Personal Information as that term may be commonly interpreted, we engage in online activities that may constitute a sale or a share of Personal Information under California law. This may include showing you advertisements on other websites.

The following table identifies the categories of Personal Information that we sold or shared to third parties in the 12 months preceding the Last Updated Date of this CCPA Privacy Policy and, for each category, the categories of third parties to whom we sold or shared Personal Information: