Contact Support

Privacy Policy — My Verizon Business

This Privacy Policy describes how My Verizon Business collects, uses, retains, discloses, and protects personal information about account administrators, managers, line users, billing contacts, and visitors to myverizonbusiness.co.com. It covers privacy obligations under the FCC Customer Proprietary Network Information (CPNI) rules, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and the European Union General Data Protection Regulation (GDPR) and UK GDPR for international users. The policy is effective April 1, 2026 and supersedes prior versions.

Use of My Verizon Business, the My Biz app, or any Verizon Business service accessed through the portal indicates acceptance of this policy. Customers with questions can contact the Privacy Office via the portal's Privacy Rights center or by calling +1-800-922-0204.

Privacy Rights Center Contact Privacy Office
Privacy policy overview for My Verizon Business with CPNI, CCPA, GDPR indicators

Privacy Policy Summary — Effective April 1, 2026

  • FCC CPNI protections govern call detail records, usage metadata, and service configuration data
  • CCPA rights available to California residents: know, delete, correct, opt-out of sale, limit sensitive data use
  • GDPR rights available to EEA and UK users: access, rectification, erasure, restriction, portability, objection
  • Cookies: essential (always on), functional, analytics, marketing (opt-in)
  • Third-party sharing limited to service providers, legal obligations, and customer-authorized integrations
  • Retention schedule: 7 years billing, 2 years CPNI/call detail, 7 years audit logs, 180 days post-closure
  • Data-subject request response: 45 days (CCPA), 30 days (GDPR)

Information We Collect

My Verizon Business collects information to provide wireless services, operate the self-service portal, satisfy legal and regulatory obligations, and improve the quality of service.

Account Information

Business account registration data: company name, business address, federal tax ID (EIN) or equivalent, primary administrator name and contact, billing contact information, and payment method details (tokenized card numbers or bank account information through a PCI-compliant payment processor). User profile data: employee name, work email, work phone, role assignment, department, cost center, and reporting hierarchy. We collect this information when accounts are created and when administrators provision new users through user profiles.

Service Usage Data (CPNI)

Customer Proprietary Network Information includes call detail records (incoming and outgoing numbers, call duration, timestamp, cell tower location at connect), data session records (bytes transferred, session duration, access point), messaging metadata (destination, timestamp, but not message content), device identifiers (IMEI, ICCID), and plan configuration details. CPNI is governed by FCC rules under 47 CFR Part 64 and receives enhanced access controls beyond general account information.

Portal Interaction Data

When users interact with My Verizon Business, we collect login timestamps, IP addresses, device fingerprints for MFA, browser or app version, pages visited, actions taken (line provisioning, configuration changes), and audit trail data. This information supports security monitoring, fraud detection, and compliance reporting. Audit logs are retained for seven years per CPNI record-keeping requirements.

Communications Data

Records of communications between users and Verizon Business customer service, including chat transcripts, support ticket content, and recorded calls to +1-800-922-0204 (with notice). These records support service quality and dispute resolution. Recorded calls follow FTC disclosure guidance and state-law consent requirements.

How We Use Your Information

Information collected is used for the purposes disclosed at the time of collection and for reasonably-related operational purposes.

PurposeData Categories UsedLegal Basis (GDPR)Retention
Provide Wireless ServiceAccount, CPNI, Portal, DeviceContract performanceService life + 2 yr
Bill and Collect PaymentAccount, Billing, CPNIContract / Legal obligation7 years
Compliance (FCC, CPNI, Tax)Account, CPNI, AuditLegal obligationPer statute (2–7 yr)
Security MonitoringPortal, Device, AuditLegitimate interest7 years
Fraud PreventionAccount, Portal, DeviceLegitimate interest7 years
Service ImprovementPortal (aggregated), UsageLegitimate interest18 months
Marketing (Opt-In)Account contact, preferencesConsentUntil opt-out
Legal Process ResponseAny relevant categoryLegal obligationPer matter

We do not sell personal information. "Sale" as defined by CCPA does not include the transfers of service-necessary data to service providers or the processing required to perform the wireless contract.

CPNI Restrictions Under FCC Rules

Customer Proprietary Network Information receives special protection beyond general privacy protections.

What CPNI Includes

Under 47 CFR Part 64, CPNI includes "information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service." In practice: call detail records (numbers dialed, received, call duration), data session records, cell tower connection logs, messaging metadata, and plan configuration. Aggregated CPNI that cannot be linked to an individual customer is outside the rule. Information solely about equipment (device make and model without network context) is also outside.

CPNI Access and Disclosure

CPNI access inside My Verizon Business is role-gated. Only authenticated account personnel with appropriate role see CPNI belonging to their scope — an administrator sees company CPNI; a line user sees only their own line. Sharing CPNI with third parties requires explicit customer consent (opt-in for marketing of non-communications services), a legally-permitted purpose, or court order. Verizon Business files an annual CPNI compliance certification with the FCC. Breach notification to affected customers and to law enforcement follows the FCC's CPNI breach-reporting rule.

Cookies and Tracking

My Verizon Business uses cookies and similar technologies to operate the portal, analyze usage, and deliver personalized experiences. Categories are disclosed in the cookie consent banner.

Essential Cookies

Required for portal operation — session management, authentication, security tokens, and shopping-cart-equivalent state during multi-step workflows. Essential cookies cannot be disabled; the portal will not function without them.

Functional Cookies

Remember user preferences — language, region, accessibility settings, UI preferences (dashboard layout, saved filters on expense reports). Disabling removes personalization but does not break core functionality.

Analytics and Marketing

Analytics cookies measure aggregated portal usage to improve experience. Marketing cookies support promotion of Verizon Business services to existing customers. Both require explicit opt-in in compliance with CCPA and GDPR. Users can change choices any time via the cookie preferences link in the footer.

Your Privacy Rights

Rights available depend on jurisdiction. All customers have baseline federal rights; California residents have CCPA rights; EEA/UK residents have GDPR rights.

CCPA / CPRA Rights (California)

California residents have the right to know what personal information is collected and shared; the right to delete personal information subject to service and legal-retention exceptions; the right to correct inaccurate personal information; the right to opt out of sale or sharing (we do not sell; sharing is limited to service providers); the right to limit use of sensitive personal information; and the right to non-discrimination for exercising these rights. Exercise rights via the Privacy Rights center in the portal or call +1-800-922-0204. Verified requests receive response within 45 calendar days, extendable once by 45 days for complex requests.

GDPR Rights (EEA and UK)

EEA and UK residents have the right of access (subject data report); the right to rectification; the right to erasure ("right to be forgotten") subject to legal-retention exceptions; the right to restriction of processing; the right to data portability (machine-readable export); the right to object to processing based on legitimate interest; and the right to withdraw consent where consent is the lawful basis. Rights are exercised through the same Privacy Rights center. Data protection officer contact: privacy@myverizonbusiness.co.com. Supervisory authority complaints can be filed with the user's national data protection authority.

Third-Party Data Sharing

Personal information is shared with third parties only where necessary for service operation, where legally required, or where the customer has consented.

Service Providers

We engage service providers to operate specific portal functions: payment processors for billing, cloud infrastructure providers for portal hosting (SOC 2 Type II certified), security operations providers for threat monitoring aligned with CISA guidance, email delivery providers for notifications, and SMS gateway providers for two-factor authentication. Each service provider is bound by a data processing agreement limiting use to the contracted purpose. Service provider transfers are not "sales" under CCPA.

Customer-Authorized Integrations

Administrators who configure integrations with accounting or ERP systems through expense reports authorize transfers to those systems. Single sign-on integrations with Azure AD, Okta, or Google Workspace transfer authentication metadata. Mobile Device Management integrations transfer device-state information. Each integration is explicitly configured and revocable at any time from the administrator console. No customer-authorized integration operates without explicit setup by the administrator.

Retention and Deletion

Retention schedules balance operational needs, regulatory obligations, and the principle of data minimization.

Active-Account Retention

During the life of the account: billing records retain for seven years from creation per IRS and state tax rules; CPNI and call detail records retain for two years per FCC rules; audit logs retain for seven years per CPNI record-keeping; user profile data retains while the user remains provisioned; marketing preferences retain until the user changes them; session cookies expire at logout; persistent cookies expire per the cookie policy (13 months unless refreshed).

Post-Closure Deletion

When an account closes, routine personal data is deleted within 180 days. Exceptions: data subject to legal retention (billing, tax, CPNI, audit) retains per the applicable statute; data subject to legal hold retains until the hold is released; aggregated and de-identified data may retain indefinitely for analytics. Deletion is a documented, audited process with verification of complete removal from active systems and backups within backup-cycle time (up to 90 additional days for full backup rotation).

Changes and Contact

Material changes to this policy are announced with at least 30 days' advance notice through portal banner, email, and posting. Continued use after the effective date indicates acceptance.

Privacy Office

Contact: privacy@myverizonbusiness.co.com. Postal: Privacy Office, My Verizon Business, Attn: Legal Department. Phone: +1-800-922-0204 (select Privacy Rights). For CCPA requests: ccpa@myverizonbusiness.co.com. For GDPR requests: gdpr@myverizonbusiness.co.com. For CPNI complaints: cpni@myverizonbusiness.co.com.

Regulatory Complaints

Customers unsatisfied with our response can file complaints with: the FCC for telecommunications privacy; the California Privacy Protection Agency for CCPA matters; the FTC for general privacy matters through FTC channels; the relevant EU data protection authority or the UK Information Commissioner's Office (ICO) for GDPR matters.

7 yr Billing & Audit Retention
45 day CCPA Response Window
30 day GDPR Response Window
180 day Post-Closure Deletion

Frequently Asked Questions About Privacy

CPNI compliance, CCPA and GDPR rights, and data retention explained.

Does My Verizon Business comply with FCC CPNI rules?

Yes. CPNI is governed by 47 CFR Part 64. Access is role-gated; logged; third-party sharing requires consent or legal purpose; annual FCC certification confirms compliance.

How do I exercise my CCPA or GDPR rights?

Use the Privacy Rights center inside My Verizon Business after Verizon Business Login, or call +1-800-922-0204. CCPA: 45 days. GDPR: 30 days.

How long does My Verizon Business retain my data?

Billing: 7 years. CPNI/call detail: 2 years. Audit logs: 7 years. Post-closure deletion: 180 days. Marketing preferences: until changed. See the retention table above for full schedule.

Exercise Your Privacy Rights

Open the Privacy Rights center inside My Verizon Business after completing Verizon Business Login, or contact our Privacy Office for assistance. Administrators can also configure organization-wide privacy preferences from the account console.

Login Guide Contact Privacy Office