Verizon Business Privacy Policy
This privacy policy explains how Verizon Business collects, uses, retains and discloses information when you browse verizonbusiness.co.com, sign in to the My Verizon Business portal, or use services provided under the Verizon Business brand. Last updated April 13, 2026.
Your Privacy Rights Summary
- Access — request a copy of the personal information tied to your account.
- Delete — request deletion subject to legal retention (billing 7 years, network usage 2 years).
- Correct — fix inaccurate data in the portal or via written request.
- Opt-out — California residents can opt out of sale/share and limit sensitive personal information use.
- CPNI — Customer Proprietary Network Information rights under FCC rules.
Information We Collect
Categories of data collected fall into four buckets: account, device, network usage and website activity.
Account information includes the business legal name, tax identification number, primary billing contact, service addresses, payment method details (card brand, last four digits, billing ZIP), administrator user accounts (email, role, MFA factors) and contract documents. Payment card data is tokenized via a PCI DSS compliant processor — we never store raw card numbers.
Device data includes the device IMEI, serial number, make and model, firmware version, and the wireless line or circuit identifier associated with each piece of hardware. For managed services we also collect device configuration snapshots used to restore the device after a fault.
Network usage includes Call Detail Records (CDRs) for voice, data session records for wireless and broadband, source and destination IP addresses, bytes transferred, session duration, cell site identifier at session start and end, and SMS/MMS log metadata (not message content except where lawfully required). CPNI as defined by FCC rules sits inside this category.
Website activity includes HTTP logs, cookies, session IDs and the page visit sequence. We use essential cookies for authentication and session maintenance, functional cookies for user preferences, and analytics cookies to improve page performance. Third-party marketing cookies are disabled by default for signed-in users.
How We Use Information
Uses align with contractual performance, legal compliance and limited legitimate operations.
Primary uses include: delivering the services the customer contracted (wireless, fiber, 5G, voice, IoT, managed security), billing and collections, customer support, fraud detection, network security monitoring, regulatory reporting and legally mandated recordkeeping. Specific examples: we use call and data records to bill the customer, we use authentication logs to block credential-stuffing attacks, and we use device location at session start to route emergency services calls.
We do not sell personal information. We do not use CPNI for marketing purposes outside the services the customer already subscribes to without prior opt-in consent. Federal Trade Commission guidance on telecommunications privacy informs our default opt-out posture on non-essential marketing.
CPNI: Customer Proprietary Network Information
CPNI is a category of network usage data with specific legal protections under FCC Section 222 and 47 CFR Part 64, Subpart U.
CPNI includes information about what services you subscribe to, calling patterns, data session patterns and billing records. It does not include the content of your communications — content protections live under the federal Wiretap Act and ECPA, which we respect separately.
We use CPNI only for providing services, billing, collecting unpaid amounts, and protecting the rights or property of Verizon Business. We do not share CPNI with affiliates for marketing unless the customer has given affirmative consent. We respond to law enforcement requests for CPNI only under a valid subpoena, court order, warrant or other legal process specifically required by 47 USC Section 222.
Customers who want to restrict CPNI use for any permitted purpose can file a written request. Details on the FCC CPNI reference page.
GDPR for International Users
Users in the European Union, United Kingdom and Switzerland are covered by GDPR or equivalent laws.
Under GDPR, individual users have rights of access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), portability (Article 20) and objection (Article 21). Requests can be submitted to the Data Protection Officer at dpo@verizonbusiness.co.com. We respond within 30 days under Article 12 subject to a 60-day extension for complex requests.
Cross-border transfers from the EU/UK to the United States rely on Standard Contractual Clauses (SCCs) as approved by the European Commission. The Data Protection Impact Assessment for such transfers is available upon written request from an authorized customer contact.
Lawful bases for processing under Article 6 include contractual necessity (delivering services), legal obligation (tax, regulatory reporting), legitimate interest (network security monitoring) and consent (optional marketing, non-essential cookies). We log the lawful basis for each category of processing.
CCPA and CPRA: California Rights
California residents have rights under the CCPA as amended by the CPRA.
Rights include: the right to know what personal information we collect (categories and specific pieces), the right to delete subject to legal exceptions, the right to correct inaccurate data, the right to data portability, the right to opt out of sale and sharing (we do not sell), and the right to limit use of sensitive personal information. The California Attorney General's office publishes official consumer guidance at the California OAG privacy site.
Submit requests via the privacy request form linked from this page or by calling 1-800-465-4054. We verify identity before processing deletion or access requests. Authorized agents can submit on behalf of a California resident with signed authorization. We do not discriminate against customers who exercise CCPA rights — rates, services and quality remain identical.
Sensitive personal information categories we may process include precise geolocation (from wireless sessions) and account credentials (for authentication). We limit use of these to the purposes disclosed above and offer the CPRA "limit use" opt-out to restrict further processing.
Data Retention, Third-Party Disclosures and Security
Retention timelines, disclosure rules and security practices rolled together.
Retention: billing records retain seven years to satisfy IRS and state tax audit periods. CDRs and data session records retain two years under operational need and FCC Section 222 recordkeeping. Cookies follow a one-year maximum lifespan unless the user deletes earlier. Audit logs retain three years. Legal holds may extend retention for records involved in active litigation or investigation.
Third-party disclosures: we disclose personal information to (1) service providers who process on our behalf under written data processing agreements (payment processors, cloud hosts, managed security partners), (2) professional advisors (auditors, outside counsel) under confidentiality, (3) law enforcement under valid legal process, (4) acquiring entities during a corporate transaction, and (5) the customer itself via the portal. We do not disclose to third-party advertisers.
Security: we maintain administrative, physical and technical safeguards aligned with the NIST Cybersecurity Framework, ISO 27001 and PCI DSS. Payment processing runs through PCI DSS Level 1 compliant providers. Managed security services follow the practices documented at security and network security. Data breach notification follows state breach notification laws and GDPR Article 33 timelines where applicable.
Data Categories, Purposes and Retention
Summary of each data category with its primary purpose and retention window.
| Data Category | Purpose | Retention |
|---|---|---|
| Business Account Info | Service delivery, billing | 7 years post-termination |
| Payment Method (tokenized) | Payment processing | Until replaced + 1 year audit tail |
| Call Detail Records | Billing, fraud detection, regulatory | 2 years |
| Data Session Records | Billing, network operations | 2 years |
| Device IMEI & Config | Activation, support, warranty | Device lifecycle + 1 year |
| Portal Login Audit | Security monitoring, SOX support | 3 years |
| Cookies (functional) | Session maintenance, preferences | 1 year maximum |
| Cookies (analytics) | Page performance insights | 1 year, opt-out available |
| Support Call Recordings | Quality assurance, training | 90 days unless disputed |
| Customer Correspondence | Support history, dispute evidence | 3 years |
People Also Ask
What data does Verizon Business collect?
What are my CCPA and CPRA rights?
How does GDPR apply to international users?
How long is data retained?
Contact Us About Privacy
Privacy questions, rights requests, CPNI restrictions and GDPR/CCPA submissions route through these channels.
Data Protection Officer: dpo@verizonbusiness.co.com. Privacy hotline: 1-800-465-4054. Postal requests to the Verizon Business Privacy Office, care of the contact us address. California residents can also reference oag.ca.gov/privacy/ccpa. Related pages: security practices, network security services.
Security
Administrative, physical and technical safeguards we maintain.
Network Security
Managed security services for customer-owned infrastructure.
Contact Us
Postal, phone and portal contact paths.
Help Centre
Self-service answers on privacy, billing and support.
Account Settings
Privacy preferences inside the portal.
My Verizon Business
Manage your own data directly in the portal.