Bluevine Privacy Policy

Effective as of April 26, 2026

Bluevine Inc. (“Bluevine” or “Us” or “We”) is serious about protecting the privacy of your personal data. This Privacy Policy explains what personal data we collect, how we collect and use that information, and to whom we disclose it. We have put strict policies into place to ensure that the privacy of your personal data is protected while still enabling you to make use of our website bluevine.com (the “Site”) or any mobile application, platforms, web-based services, or other products or services provided by Bluevine (collectively with the Site, the “Services”). The terms of this Privacy Policy are also incorporated into the Bluevine Terms of Use and Registration Terms.

For the purposes of many privacy laws, Bluevine Inc. is the data controller of your personal data subject to this Privacy Policy. Our contact information is found in Section 16 (“Contact Us”). Please note that we are providing these disclosures and rights in this Privacy Policy in the interest of transparency. Such disclosures and rights are not intended to waive any applicable exemptions under state and federal law.

If you are a potential candidate for employment, job applicant, or employee of Bluevine, please see our Employee Privacy Policy for information about our collection and use of certain personal data in connection with our recruiting process and employment.

Table of Contents

1. Collection of Personal DataWe collect personal data in connection with your use of our Services.
2. Purposes for CollectionWe use personal data for different purposes in connection with your use of our Services.
3. Disclosure of Personal DataWe may disclose personal data to certain third parties, including our service providers and advertising partners.
4. Cookies and Other Tracking TechnologiesWe collect information about your use of our Services through cookies and other tracking technologies.
5. Legal Bases for ProcessingWe rely on one or more legal bases to process personal data.
6. Data SecurityWe use reasonable measures to protect personal data.
7. Data RetentionWe retain personal data for as long as necessary to fulfill purposes set out in this Privacy Policy.
8. Use by Minors Our Services are not directed to or intended for use by anyone under the age of 18.
9. Transfers of Personal DataOur Services are operated in, and personal data may be transferred to, the United States.
10. Opting Out of Promotional CommunicationsWe explain how you may opt out of receiving promotional communications.
11. Supplemental California Privacy NoticeWe provide additional disclosures and rights to residents of California.
12. Biometric Information and Retention PolicyWe provide additional disclosures concerning the collection of biometric information.
13. Supplemental International NoticesWe provide additional disclosures and rights to individuals in the EU, UK, Canada, Australia, and New Zealand.
14. Partner Policies and Links to Other WebsitesThis Privacy Policy does not apply to third-party websites, products, or services, even if they may link to our Site or vice versa.
15. Changes to this Privacy PolicyUpdates to this Privacy Policy become effective on the date they are posted.
16. Contact UsYou may contact us for comments or questions in various ways. 

* * *

1. Personal Data Collected

As used in this Privacy Policy, “personal data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identifiable individual. Personal data includes “personal data” as that term is defined in applicable privacy laws.

Personal data does not include publicly available information; lawfully obtained, truthful information that is a matter of public concern; information that has been de-identified or anonymized; or aggregate information. “Publicly available information” includes information that is made available from federal, state, or local government records; information that a business has a reasonable basis to believe is lawfully available to the general public, either through widely distributed media, or by the individual; and information that is made available by a person to whom the individual has disclosed the information if the individual has not restricted the information to a specific audience.

We may create aggregated, de-identified, or anonymous information from data by removing certain data components that make the data identifiable, or through aggregation, obfuscation, or other means. Subject to applicable law, our use and disclosure of aggregated, de-identified, or anonymized information is not personal data and is not subject to this Privacy Policy.

We may collect the following personal data about you.

A. Personal Data You Provide

We collect personal data from you when you visit our Site, register for our Services (directly or indirectly through a partner), use our Services, or otherwise interact with us. 

This information includes, but is not limited to, your name, e-mail address, mailing address, phone number, social security number, bank account information, and your photograph and related information (for identity verification purposes as further detailed below). 

We also collect information regarding our transactions and experiences with you, including bank account number, financial institution information, and your payment history.  Note that if you provide, or make available, any personal data about any business personnel, administrators, employees, owners, counterparties or other authorized persons you must first obtain their consent to disclose such information to us.  You must inform all such other persons how we process personal data and all other terms of this Privacy Policy.

B. Personal Data Collected Automatically

Our Site uses cookies and other tracking technologies such as web beacons, embedded scripts, and tags (collectively, “cookies”), which collect information from you automatically as you use our Services, including:

  • Browser and device data such as IP address; geolocation information; device identifier, device type; operating system and Internet browser type; screen resolution; operating system name and version; device manufacturer and model; plug-ins; add-ons; and the language version of our Site.
  • Usage data such as time spent on our Services; pages visited; searches conducted; links clicked; patterns of use; and the pages that led or referred you to our Site; and diagnostic data. We may also collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps, and other online features and services.

Please review Section 4 (“Cookies and Other Tracking Technologies”) for more information about our use of these technologies.

C. Personal Data We Collect From Others

We may also collect personal data from the following sources:

  • Our prospective customers, existing customers, and their authorized agents, including via our websites, mobile applications, telephone, text message, postal mail, social media, forums, message boards, live chat, chatbot, or other means;
  • Our affiliates, which may include our subsidiaries;
  • Our service providers, which may include customer relationship management providers, analytics providers, website hosting providers, risk and verification service providers, systems administrators, and communications delivery services;
  • Our business partners, which may include referral, promotional, and joint marketing partners;
  • Social media and other content platforms. We may collect personal data through platforms such as X, YouTube, or Meta if you interact with us on those platforms. Specifically, you allow us to receive information when you use the Services to log in to a third party website or application (e.g., Facebook, Twitter, or LinkedIn) (the “Third Party Platform”).  Please note that we retain the information we receive from your personal profile on the Third Party Platform while you are logged-in to the Services and even after you have logged-out from the Services if such retention is reasonably necessary to enforce this policy and our Terms of Use, in our sole discretion; and
  • Other third parties, which may include technology companies, , other websites and mobile applications, online advertising partners, state departments of motor vehicles, and other data suppliers.

We may supplement the personal data collected from the categories of sources described above with personal data we obtain from other sources.

2. Purposes for Collection

Any of the information we collect from you may be used in one of the following manners:

  • To compile, save, use, and analyze your information in both a personally identifiable form and an aggregated, non-personally identifiable form;
  • To operate, maintain, improve, and provide our Services to you, conduct our business, and process transactions;
  • To verify your identity;
  • To register you as a user and identify you when you sign-in to your account;
  • To conduct background checks and determine your eligibility for our products;
  • If you are approved for a loan, an account, or other product, to process, service, and otherwise manage your banking or financing arrangement;
  • For billing, payment, and fulfillment purposes;
  • To communicate with you (including customer support, surveys or questionnaires, and notifications or information about your account and our products and services);
  • For general business administration;
  • For financial reporting and accounting;
  • To personalize your experience and improve customer service (your information helps us to better respond to your individual needs, your service requests, to send marketing communications and send account update notifications);
  • To market our products and Services and to market the products and services of others, including to provide you with information about our products, Services, third party offers, and other opportunities that we believe may be of interest to you, including on other platforms and with our third party lending and banking partners, and to personalize, measure, and improve such offers;
  • For targeted advertising;
  • For internal analytics;
  • For systems and data security;
  • To develop and improve the Site (we continually strive to improve our website offerings based on the information and feedback we receive from you);
  • To detect and guard against potential fraud, identity theft, security incidents, or other illegal activity;
  • To comply with our legal obligations; respond to subpoenas, court orders, or legal process; and to establish or exercise our legal rights or defense against legal claims;
  • For any other purposes disclosed to you at the time we collect the information; and
  • For any other purpose permitted by law.

3. Disclosure of Personal Data

We may disclose personal data to the following categories of third parties:

  • Our affiliates, subsidiaries, advisors, and agents.
  • Our service providers. We disclose personal data to our service providers, which may include advertising and marketing companies; technology companies, background check and screening companies, fraud prevention agencies, and credit bureaus;
  • Business partners. We disclose personal data to our business partners, which may include referral, promotional, and joint marketing partners.  We also disclose personal data to third party lending and banking partners to whom we may refer you or your inquiry or application for financing or other services, consistent with our notice to you and/or consent from you. 
  • Third-Party Advertising Platforms and Analytics Providers. We may disclose information to third-party platform providers, including advertising, social media, and analytics companies, who assist us in serving advertising regarding the Services to others who may be interested. For example, if you visit the Services while logged into social media or other third-party platform accounts, the platforms may collect information about your interactions with the Site, such as browser/device data and usage data, including through cookies on our Site. We may also partner with third parties who use cookies to serve interest-based advertising and content on their respective third-party platforms that may be based on your preferences, location, and/or interests. Collectively, we refer to the entities in this bullet point as “Third-Party Advertising Platforms and Analytics Providers.”
  • Authorities for compliance and harm prevention. We may disclose personal data to regulators, government entities, and law enforcement; as required by law, such as to comply with a subpoena, judicial or administrative order or warrant, and/or any similar legal process; or when we believe in good faith that disclosure is necessary to (i) protect our rights or the rights of third parties, (ii) protect our property and safety or the property and safety of others, or (iii) investigate fraud or respond to a request from a governmental entity.
  • To business transferees. If Bluevine Inc. or its affiliates is involved in a merger, acquisition, transfer, auction (including in a bankruptcy proceeding), or sale of all (or substantially all) of its assets or equity, or of assets related to the divestiture of a particular division or product, your personal data may be transferred in connection with such a transaction, including to the acquiring or surviving entity.
  • Collection agencies. We may disclose personal data to collection agencies or otherwise in connection with the sale of delinquent debt for collections purposes.
  • Any other third party with your prior consent to do so.

Note that text messaging originator opt-in data and consent will not be shared with any third parties. 

Note about third-party lending parters. If you choose to interact with a third party lending partner, apply for their services or offerings through our Site, Services or by verbally opting-in, or otherwise link or sync your account to a third party lending partner’s product or service, you consent and direct us to share your personal data with the third party lending partner providing the service or offering.  These situations include, for example, when we send your personal data to partners to generate financing offers for you to review, when we send your application information directly to our partners, or when we send you to the partner’s site for you to provide the information directly to them.  Any information you provide to a third-party lending partner, whether through us or on your own, will be subject to their privacy practices and terms and conditions

Note about international payments. Additionally, we use third party service providers, such as Wise US Inc. (“Wise,” formerly TransferWise), for money transmission services for international payments (such as sending or receiving funds via wire transfer).  All of our service providers have entered into agreements with us that restrict what they can do with your personal data.  If you would like specific information about our service providers who have received your information, please contact us at support@bluevine.com and we will provide that information to you. 

4. Cookies and Other Tracking Technologies

As is true of most platforms, we use cookies which help us make the Site and Services more user-friendly, efficient, and secure.  We may use such technology for advertising purposes, including to serve ads on other platforms based on your browsing history and other online behavior.  Cookies will not harm your computer or mobile device and do not contain viruses. 

Cookies on the Site generally fall into the following categories:

  • Strictly Necessary. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
  • Functional. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
  • Performance. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and see how visitors move around the Site.
  • Targeting.  These third-party cookies collect information for analytics and/or to personalize your experience with targeted advertising and track advertising performance. Additionally, we use Google Analytics or other service providers for analytics services. These analytics services may use cookies to help us analyze how users use the Services. Information generated by these services (e.g., your browser, device, and usage data) may be transmitted to and stored by Google Analytics and other service providers on servers in the U.S. (or elsewhere) and these service providers may use this information for purposes such as evaluating your use of our Services, compiling statistic reports on our Services’ activity, and providing other services relating to Services activity and other Internet usage. You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or by downloading the Google Analytics Opt-out Browser Add-on. 

If you prefer not to accept cookies, you can opt out of certain cookies in one of the following ways:

  • By interactive webform.  You may access our interactive webform by clicking here. Please be advised that you may need to process the opt-out request from each browser and device you use.
  • By browser.  Most browsers allow you to (1) require that the browser notifies you and lets you choose whether to accept or reject a cookie, (2) disable existing cookies, and/or (3) set your browser to automatically reject cookies. If you wish to reject cookies across all browsers you use, you will need to do this on each browser on each device you use.
  • DAA.  The Digital Advertising Alliance (DAA) offers tools to opt out of receiving interest-based online advertisements on your browser from parties that participate in the DAA program.  You can follow the instructions at www.aboutads.info/choices, or http://www.networkadvertising.org/choices/ to place an opt-out cookie on your device.  That opt-out cookie will indicate you do not want to receive interest-based ads, and you will need to add it to each browser on each device if you wish to fully opt out.

Blocking cookies may negatively impact your experience on the Site.  Additionally, you may still receive ads, though they should not be based on your interests.  We are not responsible for the effectiveness of, or compliance with, any third parties’ opt-out options or programs.

Bluevine relies on one or more legal bases to process your personal data under applicable law. We may process personal data (1) as necessary to perform our contractual obligations to you; (2) as necessary to pursue our legitimate interests as further detailed below; and/or (3) as necessary for our compliance with our legal obligations such as a request or order from courts, law enforcement or other government authorities.  Where Bluevine does not process your personal data under one of those three legal bases, it may do so pursuant to your express consent in certain identified circumstances.

Legitimate business interests. We may collect, process, and maintain personal data to pursue the legitimate business interests outlined below. To determine these legitimate interests, we balance our legitimate interests against the legitimate interests and rights of you and others, and only process personal data in accordance with those interests where they are not overridden by your data-protection interests or fundamental rights and freedoms.

Our legitimate interests generally include:

  • Providing requested Services to you and/or the legal entity that you are associated with, including making or receiving international payments (such as sending or receiving funds via wire).
  • Risk management, including compliance with our legal and regulatory obligations and for fraud detection, prevention, and investigation, including “know your customer”, anti-money laundering, conflict, and other necessary onboarding and ongoing client checks, due diligence and verification requirements, credit checks, credit risk analysis, compliance with sanctions procedures or rules, and tax reporting.
  • Complying with laws and regulations applicable to us, including any legal or regulatory guidance, codes, or opinions and to other legal process and law enforcement requirements, including any internal policy based on or reflecting legal or regulatory guidance, codes, or opinions. We may also respond to subpoenas, court orders, or legal process, and establish and exercise our legal rights or defenses against legal claims.

6. Data Security

We take security very seriously and have developed a comprehensive set of practices, technologies, and policies to help ensure your data is secure.  We take your security and privacy seriously and make it a priority.  Accordingly, we use advanced security technology and implement a variety of security measures to maintain the safety of your personal data.

Bluevine implements technical and organizational security safeguards as required under applicable law.

While we strive to protect your personal data and use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, Bluevine Inc. cannot ensure or warrant the absolute security of any data or content you transmit to us. 

In the event of a suspected breach of the security of your personally identifiable information, we will, to the extent required by law, notify you so you can take appropriate protective steps and to inform you of the steps that Bluevine Inc. is taking with respect to any such suspected breach.

7. Data Retention

We will retain personal data for as long as it is needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:  (1) the length of time we have an ongoing relationship with you; (2) whether there is a legal obligation to which we are subject; (3) whether there is a privacy right for which the data has been exercised (such as a request to delete); and (4) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

For users located in India, such retention shall be limited to the extent necessary for the purposes communicated through the applicable notice or as required under applicable law.

8. Use by Minors

Our services are intended for individuals who are at least 18 years old (or the age of majority in their jurisdiction). We do not knowingly collect, solicit, retain, process, sell, disclose or share personal data from anyone under the age of 18.  If we learn of such information, we will delete it as quickly as possible.  If you believe we may have such information, please contact us.

9. Transfers of Personal Data

Your personal data may be transferred and maintained outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside of the United States and choose to provide information to us, please note that we transfer personal data to the United States and process it there. For such transfers, we take the necessary measures to ensure that your personal data receives an adequate level of protection.

10. Opting Out of Promotional Communications

We may use your personal data to send you email updates regarding our Services, other announcements, and inquiries. If you no longer wish to receive promotional email communications from us, you may opt out via the unsubscribe link included in such emails or by emailing us at support@bluevine.com. We will comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving promotional emails from us, we may still send you important administrative messages that are required to provide you with the Services or for other reasons disclosed in this Privacy Policy.

Additionally, with your consent, we may send you SMS messages for promotional purposes, internal business purposes, internal user research, and to provide customer service, including troubleshooting. To cancel the SMS service at any time, text “STOP” to any text message you receive. After you send the SMS message “STOP” to us, we will send you an SMS message to confirm that you have unsubscribed. After this, you will no longer receive SMS messages from us. If you are experiencing issues with the messaging program you can text “HELP” for more assistance, or you can email us at support@bluevine.com.

11. Supplemental California Privacy Notice

This section applies to any California residents about whom we have collected personal data.  This section supplements the information contained in the rest of our Privacy Policy and is intended to comply with the California Consumer Privacy Act of 2018 (“CCPA”). For the purposes of this section, “personal data” has the same meaning as “personal information,” as ascribed under the CCPA.  Personal data does not include publicly available information or information that has been de-identified, aggregated, or in a form that is not capable of being associated with or linked to you.

This section does not apply to the personal data we collect that is exempt under California law, including information that is already protected by federal privacy laws (such as the Fair Credit Reporting Act (“FCRA”) or the Gramm-Leach-Bliley Act (“GLBA”).

A. What Information We Collect

We may collect the following categories of personal data about you:

  • Identifiers, which may include real name and alias; mailing address; unique personal identifier; online identifiers as detailed below; Internet Protocol (“IP”) address; email address; telephone number; account number, name, and password; Social Security number; driver’s license number, passport number, state or other government-issued identification card number; and/or other similar identifiers;
  • Commercial information, which may include records of personal property; products or services purchased, obtained, or considered; account balances, payment history, or account activity; bank account information and other information relating to your financial institution; credit application, credit checks, and information from credit reporting agencies; and/or other purchasing or consumer histories or tendencies;
  • Information relating to Internet activity or other electronic network activity, which may include cookie identifiers, clear gifs (a.k.a. web beacons/web bugs), browser type, internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version, and/or other device characteristics.
  • Geolocation data; locational information based upon your IP address; cell network data; and/or other similar locational data; and which may be collected from various devices including your mobile device(s);
  • Audio, electronic, or visual information, which may include records of calls to or from our customer service centers; video surveillance information; and/or photos of you and your government-issued ID;
  • Biometric information, which may include facial geometry based on photographic images that you provide for identity verification purposes (see our Biometric Information and Retention Policy below);
  • Professional or employment-related information, such as your current and previous employers; job title and responsibilities; assets; income; and/or other information related to your work history and/or prospective employment;
  • Inferences about you;
  • Information related to characteristics protected under California or federal law; which may include gender; race and ethnicity; nationality; marital status; military service / veteran status; and/or date of birth;
  • Information described in California Civil Code §1798.80(e), which may include signature; physical characteristics or description; insurance policy number; and/or bank account number credit card number, debit card number, and other financial, medical, and/or health insurance information.

Please note that because of the overlapping nature of certain of the categories of personal data identified above, which are required by state law, some of the personal data we collect may be reasonably classified under multiple categories.

Sensitive personal data.  Certain of the personal data that we collect, as described above, may constitute “sensitive personal data” under California law, including:

  • Social security number, driver’s license, state identification card, or passport number;
  • Account log-in combined with any required security or access codes, passwords, or other credentials allowing access to an account; and
  • Biometric information for the purpose of uniquely identifying a consumer.

B. What We Do with Your Information

We use the personal data we collect for the following purposes:

  • To compile, save, use, and analyze your information in both a personally identifiable form and an aggregated, non-personally identifiable form;
  • To operate, maintain, improve, and provide our Services to you, conduct our business, and process transactions;
  • To verify your identity;
  • To register you as a user and identify you when you sign-in to your account;
  • To conduct background checks and determine your eligibility for our products;
  • If you are approved for a loan, an account, or other product, to process, service, and otherwise manage your banking or financing arrangement;
  • For billing, payment, and fulfillment purposes;
  • To communicate with you (including customer support, surveys or questionnaires, and notifications or information about your account and our products and services);
  • For general business administration;
  • For financial reporting and accounting;
  • To personalize your experience and improve customer service (your information helps us to better respond to your individual needs, your service requests, to send marketing communications and send account update notifications);
  • To market our products and Services and to market the products and services of others, including to provide you with information about our products, Services, third party offers, and other opportunities that we believe may be of interest to you, including on other platforms and with our third party lending and banking partners, and to personalize, measure, and improve such offers;
  • For targeted advertising;
  • For internal analytics;
  • For systems and data security;
  • To develop and improve the Site (we continually strive to improve our website offerings based on the information and feedback we receive from you);
  • To detect and guard against potential fraud, identity theft, security incidents, or other illegal activity;
  • To comply with our legal obligations; respond to subpoenas, court orders, or legal process; and to establish or exercise our legal rights or defense against legal claims;
  • For any other purposes disclosed to you at the time we collect the information; and
  • For any other purpose permitted by law.

D. To Whom We Disclose Information

We limit our disclosure of the categories of personal data above to our service providers, including those providing hosting, payment, advertising, analytics, customer and technical support, email services, and other services, for one or more business purposes set forth above. “Business purposes” means the reasonably necessary and proportionate use of personal data for our operational purposes, for other purposes described in this Privacy Policy, for the operational purposes of our service providers and contractors, and other purposes compatible with the context in which the personal data was collected.

We may “sell” and/or “share” personal data with Third-Party Advertising Platforms and Analytics Providers for purposes of providing cross-context behavioral advertising. In the last 12 months (from the date listed at the top of this Privacy Policy), we have “sold” or “shared” the following categories of personal data:

  • Identifiers
  • Commercial information
  • Internet or other electronic network activity information
  • Geolocation data
  • Inferences

E. Your Privacy Rights

If you are a California resident, you have the following rights under California law with respect to your personal data, subject to certain exemptions:

  • Right to Know (Access).  You have the right to request what personal data we collect, use, disclose, and/or sell, as applicable.  You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
  • Right to Correct.  You have the right to request we correct any inaccurate personal data we maintain.
  • Right to Delete.  You have the right to request the deletion of your personal data that is collected or maintained by us, subject to certain exceptions.
  • Right to Opt-Out of Sale/Sharing.  You have the right to opt-out of the sale/sharing of your personal data by us.  As described elsewhere in this Privacy Policy, Bluevine “sells”/“shares” personal data when it participates in behavioral ad networks, and we have provided instructions on how you can opt-out in subsection (F) below and by visiting the following link: Do Not Sell/Share My Personal data.
  • Right to Limit Use and Disclosure.  You have the right to limit the use or disclosure of your sensitive personal data to only the uses necessary for us to provide goods or services to you.  We will not use or disclose your sensitive personal data after you have exercised your right unless you subsequently provide consent for the use of your sensitive personal data for additional purposes.
  • Direct marketing by third parties.  Bluevine does not disclose personal data to third parties for their own direct marketing purposes. However, California residents additionally have the right to request information regarding such practices under California’s “Shine the Light” law. If you are a California resident and would like to inquire further, please email support@bluevine.com.
  • Right to Non-Discrimination.  You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.

All requests are subject to certain exceptions under applicable law. Consistent with applicable law, you may designate an authorized agent to submit a request on your behalf, and if so, we may require proof of your authorization of the agent and/or verification of the agent’s own identity. Please note that any request submitted to us is subject to an identification and residency verification process, to the extent permitted under applicable law. We will only use personal data provided in a request to verify your (or your authorized agent’s as applicable) identity or authority to make the request.

We do not charge a fee to process or respond to a request unless it is excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. You may be limited in how many requests you make within a twelve (12) month period. 

If you are a California resident and wish to seek to exercise these rights, please reach us in one of the following ways:

For requests to know/access, delete, and correct, we will confirm receipt of your request within ten (10) business days. We will respond to your request within forty-five (45) calendar days after receipt and we reserve the right to extend the response time by an additional forty-five (45) days when reasonably necessary, provided that notification of the extension is made within the first forty-five (45) days. For requests to opt out of sale/sharing and requests to limit, we will fulfill your request within fifteen (15) business days from the date we receive your request.

If you are a visually impaired customer, a customer who has another disability, or a customer who seeks support in other language, you may access your privacy rights by emailing us at support@bluevine.com.

F. Notice of Right to Opt-Out

We do not currently sell your personal data in the traditional sense, but we do sell/share your personal data, as those terms are defined under the CCPA, by participating in behavioral advertising networks, as described in Section D above.  You may opt out of such sales/sharing in one of the following ways:

We do not knowingly sell or share the personal data of consumers under 16 years of age.

12. Biometric Information and Retention Policy

This section applies to any individuals about whom we have collected biometric information, including through your use of our Sites and Services. For purposes of this section, “biometric information” means personal data stored by us and/or our vendors about an individual’s physical characteristics that can be used to identify that person.  As used in this Privacy Policy, biometric information includes “biometric identifiers” and “biometric information” as defined under applicable federal, state, and local laws, including the Illinois Biometric Information Privacy Act), 740 ILCS § 14/10, the Texas Statute on the Capture or Use of Biometric Identifiers, Tex. Bus. Code § 503.001, and the Washington Biometric Privacy Law, RCW 19.375.010 et seq.

When you apply for a business checking account through Bluevine, our vendor Incode Technologies, Inc. (Incode) may, on our behalf, ask you to submit (or ask your permission to take) a photo of your face and an image or photo of your government issued ID (e.g., your driver’s license, state identification card, or passport). Their verification process captures and uses biometric information including facial scan data and numerical biometric data, extracted from such images. Using this information allows Incode to verify your identity by confirming that the person in the photo or video is likely to be the same person pictured in the government-issued ID provided).  You can learn more about Incode’s privacy practices by visiting their site or reviewing their privacy policy.

To the extent that Bluevine or its vendors collect, capture, or otherwise obtain your biometric data, we will first: (a) inform you in writing that we are collecting, retaining, and using your biometric information for the purposes of identity verification; and (b) collect your written consent to collect, retain, and use your biometric information.

 We and our vendors will not sell, lease, trade, or otherwise profit from your biometric information; provided, however, that our vendors may be paid for products or services used by us that utilize such biometric information.

 Except as otherwise described in this Privacy Policy, we will retain such biometric information only until, and will permanently destroy such biometric information when, the first of the following occurs:

  • The initial purpose for collecting or obtaining such biometric information has been satisfied
  • Within one (1) year of your last interaction with us, unless we are required by law to retain it for a shorter or longer period

We and our vendors will store, transmit, and protect from disclosure any biometric information collected using reasonable care and in a manner that is the same as or more protective than the manner in which we and our vendors store, transmit, and protect from disclosure other confidential and sensitive information.

13. Supplemental International Notices

Certain jurisdictions provide individuals rights with respect to their personal data. Note that we are providing the following disclosures and rights regarding personal data in the interest of transparency and our commitment to privacy; such disclosures and rights are not intended to waive any exemptions under applicable laws. 

A. Supplemental Notice for Individuals in the EEA and UK

This notice applies to any individuals located within the European Economic Area (“EEA”) and the United Kingdom (“UK”) about whom we have collected personal data. We provide this notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with the General Data Protection Regulation (“GDPR”) and the UK GDPR, and related laws, regulations, and guidance from the European Union and/or its member states. 

In certain circumstances, individuals located within the EEA and UK may have the following data protection rights regarding their personal data:

  • Right to access. You may have the right to request confirmation of whether Bluevine processes personal data relating to you, and if so, to request a copy of that personal data.
  • Right to rectification. You may have the right to request that Bluevine correct or update your personal data that is inaccurate, incomplete, or outdated.
  • Right to deletion. You may have the right to request that Bluevine erase your personal data in certain circumstances provided by law.
  • Right to restrict processing. You may have the right to request that Bluevine restrict the use of your personal data in certain circumstances.
  • Right to object to processing. You may have the right to object to Bluevine’s processing of your personal data, under certain conditions.
  • Right to data portability. You may have the right to request that Bluevine export the data that we have collected to you or another company, under certain conditions.
  • Right to withdraw consent. Where the processing of your personal data is based on your previously provided consent, you have the right to withdraw your consent at any time.  If you would like to exercise any of these rights, please submit a written request to support@bluevine.com. We will respond to these requests in accordance with applicable data protection laws. We may ask you to verify your identity to help us respond efficiently to your request.
  • Right to lodge complaint. You also have the right to lodge a complaint about our data collection and processing actions with the appropriate supervisory authority. If you are in the European Economic Area, you can view the contact information for your data protection authority here. If you are in the United Kingdom, please visit https://ico.org.uk/make-a-complaint/.

You may exercise your privacy rights by emailing us at support@bluevine.com.

B. Supplemental Notice for Individuals in Canada

This notice applies to individuals in Canada about whom we may have collected personal data. We provide this notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with applicable laws, including the Personal data Protection and Electronic Documents Act (“PIPEDA”) and/or provincial privacy laws.

For the purposes of this notice, “personal data” means information about an identifiable individual. Personal data does not include any business contact information that is solely used to communicate with you in relation to your employment, business or profession, such as your name, position name or title, work address, work telephone number, or work email address. Personal data also does not include information that has been de-identified, anonymized, or aggregated in such a way that there is no serious possibility it can be used to identify an individual, whether on its own or in combination with other available information.

In certain circumstances, individuals located in Canada are entitled to the following privacy rights, subject to certain exceptions:

  • Right to access. You have the right to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data.
  • Right to correct. You have the right to request to have your personal data corrected or updated if that information is inaccurate, outdated, or incomplete.
  • Right to withdraw consent. If you have already consented to the collection, use, and/or disclosure of your personal data, you may subsequently withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.

You may exercise your privacy rights by emailing us at support@bluevine.com. If you have any questions or concerns about our privacy practices, please email us at support@bluevine.com. You may also contact the Office of the Privacy Commissioner at (800) 282-1376 if you are unsatisfied with our response to your privacy concern.

C. Supplemental Notice for Individuals in Australia and New Zealand

This notice applies to any individuals located within Australia and New Zealand about whom we may have collected personal data. We provide this notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with applicable laws, including the Australia Privacy Act 1988 and the New Zealand Privacy Act 2020.

In certain circumstances, individuals located in Australia and New Zealand have the following privacy rights, subject to certain exceptions:

  • Right to access. You have the right to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data.
  • Right to correct. You have the right to request to have your personal data corrected or updated if that information is inaccurate, outdated, or incomplete.

You may exercise your privacy rights by emailing us at support@bluevine.com.            

From time to time, Bluevine may help you obtain products or services from other banks or lending partners.  Any information you provide other banks or lending partners will be subject to their privacy practices and terms and conditions. 

To the extent your use of any Bluevine products or services involves Celtic Bank, Celtic Bank’s data protection practices, which are available in its Privacy Policy.

Additionally, the Site may offer links to websites of other companies and associations.  We are not responsible for the privacy practices or consent of such third-party websites.  These external websites are not subject to this Privacy Policy, and we have no control over their content.  Please carefully review the policies of these websites before providing any personal data.

15. Changes to this Privacy Policy

We may make changes to this Privacy Policy from time to time to reflect changes in our data practices or applicable law, and we encourage you to regularly check this page to review any changes we may make. We will notify you of any changes consistent with applicable law, including by posting the new Privacy Policy on this page and updating the “Effective Date” at the top of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise one of your privacy rights, please contact us using the following information:

Bluevine is a financial technology company, not a bank.