Privacy and Security Policy

Effective as of January 22, 2024

Bluevine Inc. (“Bluevine” or “Us” or “We”) is serious about protecting the privacy of your personal information.  We have put strict policies into place to ensure that the privacy of your personal information is protected while still enabling you to make use of our website (the “Site”) or any mobile application or other products or services provided by Bluevine (collectively with the Site, the “Services”).  We use information collected about you through the use of the Services or on the Site solely for the purposes set out in this policy.  The terms of this policy are also incorporated into the Bluevine Terms of Use and Registration Terms.

If you are a potential candidate for employment, job applicant, or employee of Bluevine, please see our Employee Privacy Policy for information about our collection and use of certain personal information in connection with our recruiting process and employment.

What information do we collect?

We collect personal information from you when you register for our service (directly or indirectly through a partner).  “Personal information” generally means information that may be used, alone or in combination with other information, to personally identify a business or individual.

This information includes, but is not limited to, your name, e-mail address, mailing address, phone number, social security number and bank account information, and your photograph and related information (for identity verification purposes as further detailed below). We do not collect any biometric information for identity verification purposes for businesses located in Illinois. Personal information does not include publicly available information or information that has been de-identified, aggregated, or in a form that is not capable of being associated with or linked to you.

We also collect information regarding our transactions and experiences with you, including your payment history.  We may also collect information from third parties’ websites or applications as specified in this policy.  We may also collect information automatically through the use of cookies and other technologies, as outlined below.

If you provide, or make available, any personal information about any business personnel, administrators, employees, owners, and other authorized persons you must first obtain their consent to disclose such information to us.  You must inform all such other persons how we process personal information and all other terms of this Privacy and Security Policy.

What do we do with the information we collect?

Any of the information we collect from you may be used in one of the following manners:

  • To compile, save, use, and analyze your information in both a personally identifiable form and an aggregated, non-personally identifiable form;
  • To operate, maintain, improve, and provide our Services to you, conduct our business, and process transactions;
  • To verify your identity;
  • To register you as a user and identify you when you sign-in to your account;
  • To conduct background checks and determine your eligibility for our products;
  • If you are approved for a loan, an account, or other product, to process, service, and otherwise manage your banking or financing arrangement;
  • To personalize your experience and improve customer service (your information helps us to better respond to your individual needs, your service requests, to send marketing communications and send account update notifications);
  • To provide you with information about our products, services, third party offers, and other opportunities that we believe may be of interest to you, including on other platforms and with our third party lending and banking partners, and to personalize, measure, and improve such offers;
  • To develop and improve the Site (we continually strive to improve our website offerings based on the information and feedback we receive from you);
  • To detect and guard against potential fraud, identity theft, security incidents, or other illegal activity; and
  • To comply with our legal obligations; respond to subpoenas, court orders, or legal process; and to establish or exercise our legal rights or defense against legal claims.

Additional uses are outlined in the California-specific section below titled What We Do with Your Information.  We will share your personal information with third parties only in the ways that are described in the policy.

Security or how do we protect your information?

We take security very seriously and have developed a comprehensive set of practices, technologies, and policies to help ensure your data is secure.  We take your security and privacy seriously and make it a priority.  Accordingly, we use advanced security technology and implement a variety of security measures to maintain the safety of your personal information.

More specifically:

  • All of our communications and processing occur through Secure Socket Layers (SSL) technology, which ensures such information is encrypted and secure. Such information is stored in our secure database in an encrypted format, which is only accessible to Bluevine Inc. employees and representatives with special access rights. These individuals are required to keep the information confidential. 
  • We have established a dedicated security team.
  • We maintain SOC2 Type 2 compliance from an external certified auditor.
  • We maintain PCI DSS SAQ A and SAQ A-EP requirements.
  • To help prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. 
  • We also use the services of leading companies to process all financial transactions.

While we strive to protect your personal information and use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, Bluevine Inc. cannot ensure or warrant the absolute security of any data or content you transmit to us. 

In the event of a suspected breach of the security of your personally identifiable information, we will, to the extent required by law, notify you so you can take appropriate protective steps and to inform you of the steps that Bluevine Inc. is taking with respect to any such suspected breach.

Do we use cookies?

As is true of most platforms, we use tracking technology (i.e., cookies and similar technologies) which help us make the Site and our services more user-friendly, efficient, and secure.  We may use such technology for advertising purposes, including to serve ads on other platforms based on your browsing history and other online behavior.  Cookies will not harm your computer or mobile device and do not contain viruses. 

If you prefer not to accept cookies, you can opt out of certain cookies in one of the following ways:

  • By interactive webform. You may access our interactive webform by clicking here. Please be advised that you may need to process the opt-out request from each browser and device you use
  • By browser. Most browsers allow you to (1) require that the browser notifies you and lets you choose whether to accept or reject a cookie, (2) disable existing cookies, and/or (3) set your browser to automatically reject cookies. If you wish to reject cookies across all browsers you use, you will need to do this on each browser on each device you use.
  • DAA. The Digital Advertising Alliance (DAA) offers tools to opt out of receiving interest-based online advertisements on your browser from parties that participate in the DAA program.  You can follow the instructions at www.aboutads.info/choices, or http://www.networkadvertising.org/choices/ to place an opt-out cookie on your device.  That opt-out cookie will indicate you do not want to receive interest-based ads, and you will need to add it to each browser on each device if you wish to fully opt out.

Blocking cookies may negatively impact your experience on the Site.  Additionally, you may still receive ads, though they should not be based on your interests.  We are not responsible for the effectiveness of, or compliance with, any third parties’ opt-out options or programs.

Do we disclose any information to outside parties?

We may provide your information to our trusted business partners who assist us in operating the Site, conducting our business (including partners referring you to us), or servicing your account, so long as those parties agree to keep this information confidential.  We also may disclose your information to third parties to whom we may refer you or your inquiry or application for financing or other services, consistent with our notice to you and/or consent from you.  In addition, we may disclose our transactions and experiences with you to credit bureaus. 

Below are the following categories of third parties with whom we may share your information:

  • Affiliates, subsidiaries, advisors, and agents;
  • Our service providers, which may include advertising and marketing companies, social media companies, technology companies, background check and screening companies, fraud prevention agencies, and credit bureaus;
  • Entities with which we have a business relationship, which may include our partners and collection agencies;
  • Third party lending and banking partners;
  • Third party advertising platforms that enable us to serve targeted digital ads to you about our products and services (“Third Party Advertising Platforms”);
  • Regulators, government entities, and law enforcement;
  • Any other third party with your prior consent to do so.

In addition, we may also disclose your information:

  • As required by law, such as to comply with a subpoena, judicial or administrative order or warrant, and/or any similar legal process;
  • When we believe in good faith that disclosure is necessary to (i) protect our rights or the rights of third parties, (ii) protect our property and safety or the property and safety of others, or (iii) investigate fraud or respond to a request from a governmental entity;
  • If Bluevine Inc. is involved in a merger, acquisition, transfer, auction (including in a bankruptcy proceeding), or sale of all (or substantially all) of its assets or equity, or of assets related to the divestiture of a particular division or product, in connection with such a transaction;
  • In connection with the sale of delinquent debt for collections purposes; or
  • With third parties in de-identified or aggregated form for marketing, advertising, research, or other business purposes. 

Text messaging originator opt-in data and consent will not be shared with any third parties.

If you choose to interact with a third party lending partner, apply for their services or
offerings through our Site or by verbally opting-in, or otherwise link or sync your account
to a third party lending partner’s product or service, you consent and direct us to share
your personal information with the third party lending partner providing the service or
offering. These situations include, for example, when we send your personal
information to partners to generate financing offers for you to review, when we send
your application information directly to our partners, or when we send you to the
partner’s site for you to provide the information directly to them. Any information you
provide to a third party lending partner, whether through us or on your own, will be
subject to their privacy practices and terms and conditions.

Using Third Party Services and Data Retention

You allow us to receive information when you use the Services to log in to a third party website or application (e.g., Facebook, Twitter, or LinkedIn) (the “Third Party Platform”).  Please note that we retain the information we receive from your personal profile on the Third Party Platform while you are logged-in to the Services and even after you have logged-out from the Services if such retention is reasonably necessary to enforce this policy and our Terms of Use, in our sole discretion.

Bluevine retains personal information for only as long as is needed to deliver the products and services for which it was collected, as consistent with your expressed preferences, or as otherwise needed to achieve the purposes described in this Privacy and Security Policy or required by law.  Users may request to delete data consistent with the rights described throughout this Privacy and Security Policy, including the Your California Privacy Rights section.

DMV INFORMATION

We may collect information about you from state departments of motor vehicles (“DMVs”) for use in the normal course of business to verify the accuracy of information you may submit to us.  We may redisclose such DMV information only for a permitted use, including for collection purposes.

Partner Policies

From time to time, Bluevine Inc. may help you obtain products or services from other banks or lending partners. Any information you provide other banks or lending partners will be subject to their privacy practices and terms and conditions.

To the extent your use of any Bluevine Inc. products or services involves Celtic Bank, Celtic Bank’s data protection practices, which are available in its Privacy Policy, as modified from time to time, are hereby incorporated into this Privacy and Security Policy. 

Use by Minors

We do not knowingly collect personal information from anyone under the age of 13.  If we learn of such information, we will delete it as quickly as possible.  If you believe we may have such information, please contact us.

Your California Privacy Rights

This section applies to any California residents about whom we have collected personal information from any source, including through your use of our Site, by using our Services, or by communicating with us electronically, in paper correspondence, or in person (collectively, “you”).  For purposes of this section only, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer/resident or household.  Personal information does not include publicly available information or information that has been de-identified, aggregated, or in a form that is not capable of being associated with or linked to you.

Further, this section does not apply to the personal information we collect that is exempt under California law, including information that is already protected by federal privacy laws (such as the Fair Credit Reporting Act (“FCRA”) or the Gramm-Leach-Bliley Act (“GLBA”)).

A. What Information We Collect

We may collect the following categories of personal information about you:

  • Identifiers, which may include real name and alias; mailing address; unique personal identifier; online identifiers as detailed below; Internet Protocol (“IP”) address; email address; telephone number; account number, name, and password; Social Security number; driver’s license number, passport number, state or other government-issued identification card number; and/or other similar identifiers;
  • Commercial information, which may include records of personal property; products or services purchased, obtained, or considered; account balances, payment history, or account activity; bank account information and other information relating to your financial institution; credit application, credit checks, and information from credit reporting agencies; and/or other purchasing or consumer histories or tendencies;
  • Information relating to Internet activity or other electronic network activity, which may include cookie identifiers, clear gifs (a.k.a. web beacons/web bugs), browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, device platform, device version, and/or other device characteristics.
  • Geolocation data; locational information based upon your IP address; cell network data; and/or other similar locational data; and which may be collected from various devices including your mobile device(s);
  • Audio, electronic, or visual information, which may include records of calls to or from our customer service centers; and/or video surveillance information; and/or photos of you and your government-issued ID;
  • Biometric information, which may include facial geometry based on photographic images that you provide for identity verification purposes (see our Biometric Information and Retention Policy below);
  • Professional or employment-related information, such as your current and previous employers; job title and responsibilities; assets; income; and/or other information related to your work history and/or prospective employment;
  • Education information;
  • Inferences about you;
  • Information not listed above and related to characteristics protected under California or federal law; which may include gender; race and ethnicity; nationality; marital status; military service / veteran status; and/or date of birth;
  • Other personal information not listed above and described in California Civil Code § 1798.80(e), which may include signature; physical characteristics or description; insurance policy number; and/or bank account number credit card number, debit card number, and other financial, medical, and/or health insurance information.

Please note that because of the overlapping nature of certain of the categories of personal information identified above, which are required by state law, some of the personal information we collect may be reasonably classified under multiple categories.

Sensitive personal information.  Certain of the personal information that we collect, as described above, may constitute “sensitive personal information” under California law, including: 

  • Social security number, driver’s license, state identification card, or passport number; 
  • Account log-in combined with any required security or access codes, passwords, or other credentials allowing access to an account; and
  • Biometric information for the purpose of uniquely identifying a consumer.

B. What We Do with Your Information

We may collect or use personal information from you for the following purposes:

  • Internal analytics
  • Assessing third party vendors / service providers
  • Audit, compliance, policy, procedures, or regulation
  • Billing, payment, and fulfillment
  • Customer claims and fraud investigation and prevention
  • Customer communications (including, but not limited to, customer support, surveys or questionnaires, and notifications or information about your account and our products and services)
  • Customer relationship management
  • General business administration
  • Marketing our products and services
  • Marketing the products and services of others
  • Financial reporting and accounting
  • Website optimization and maintenance
  • Systems and data security
  • Maintaining and/or servicing accounts
  • Verification purposes
  • Evaluating applications for employment
  • Identifying, fixing, and troubleshooting bugs and errors
  • Understanding how you use our services so we can make improvements
  • Facilitate business relationships or comply with contractual obligations

Our collection, use and disclosure of sensitive personal information (as defined in the California Consumer Privacy Act Regulations) is generally limited what is reasonable and proportionate for the following purposes: (a) to comply with our legal, regulatory and reporting obligations; (b) to provide services requested by you, to respond to your requests, to make reasonable accommodations where necessary, to verify the information you provide to us (for fraud prevention, underwriting decisions, and where otherwise necessary to manage and administer your customer relationship); (c) in support of our equal opportunity and diversity and inclusion efforts (on a voluntary basis); (d) where necessary to protect the health and safety of an individual; and (e) to prevent, protect, and take action against malicious, deceptive, fraudulent, or illegal actions, and security incidents. Our collection and use of biometric information specifically is for the sole purpose of verifying the identity of our business checking account applicants (see our Biometric Information and Retention Policy below). We do not use or disclose your sensitive personal information for any other purpose except as described herein or otherwise permitted pursuant to California law. 

Additional uses are outlined above in the section titled What do we do with the information we collect?

C. Sources of Collected Information

We may collect personal information from the following categories of sources:

  • Our applicants, prospective customers, existing customers, and their authorized agents, including via our websites, mobile applications, telephone, text message, postal mail, social media, forums, message boards, live chat, chatbot, or other means;
  • Our affiliates, which may include our subsidiaries;
  • Our service providers, which may include customer relationship management providers, analytics providers, website hosting providers, risk and verification service providers, systems administrators, and communications delivery services;
  • Nonaffiliated companies with which we have a business relationship, which may include referral, promotional, and joint marketing partners;
  • Other third parties, which may include technology companies, social media platforms, other websites and mobile applications, online advertising partners, state departments of motor vehicles, and other data suppliers;
  • Things that other third parties may post publicly about you or otherwise provide to us, which may include review platforms, public forums, and testimonial websites; and
  • Employees and job applicants.

We may supplement the personal information collected from the categories of sources described above with personal information we obtain from other sources.

D. With Whom We Disclose Information

We will provide your information to our trusted business partners who assist us in operating the Site, conducting our business (including partners referring you to us), or servicing your account, so long as those parties agree to keep this information confidential and to limit their use of our information to the requested services.  We also may disclose your information to third parties to whom we may refer you or your inquiry or application for financing or other services, including our lending and banking partners, consistent with our notice to you and/or consent from you.  In addition, we may disclose our transactions and experiences with you to credit bureaus.  In the preceding twelve (12) months, we have disclosed each of the categories of personal information described in Section A above for the business purposes described in Section B above.

We do not sell personal information, or otherwise provide personal information to third parties without your prior consent to do so, other than to the extent our use of third party tracking technologies for advertising purposes may constitute “selling”/ “sharing” as those terms are defined by the CCPA (as described further below).  As with nearly every e-commerce company, we do share a limited set of personal information that is gathered when you visit and interact with our Site, such as cookies and pixels, with Third Party Advertising Platforms in order to allow you to see tailored digital advertisements on those platforms.  We have provided you with opt-out rights as to that “selling”/ “sharing” activity as described in subsections (E) and (F) below. 

In the last twelve (12) months, we have disclosed (or “shared”) the following categories of personal information to advertising partners for cross-context behavioral advertising purposes:  

  • Commercial activity information
  • Identifiers
  • Internet or other electronic network activity information

For more information on who we share information with, please see the above section titled Do we disclose any information to outside parties?

E. Your Privacy Rights

If you are a California resident, subject to applicable law, you have the following rights under California law with respect to your personal information:

  • Right to Know (Access). You have the right to request what personal information we collect, use, disclose, and/or sell, as applicable.  You may request we disclose the following to you:
    • categories of personal information collected;
    • categories of sources of personal information;
    • categories of personal information about you we have sold, shared, or disclosed for a business purpose;
    • categories of third parties to whom we have sold, shared, or disclosed for a business purpose your personal information;
    • the business or commercial purposes for collecting, selling, or sharing personal information; and
    • a copy of the specific pieces of personal information we have collected about you.
  • Right to Correct. You have the right to request we correct any inaccurate personal information we maintain.
  • Right to Delete. You have the right to request the deletion of your personal information that is collected or maintained by us, subject to certain exceptions.
  • Right to Opt-Out of Sale/Sharing. You have the right to opt-out of the sale/sharing of your personal information by us.  As described elsewhere in this Privacy Policy, Bluevine “sells”/“shares” personal information when it participates in behavioral ad networks, and we have provided instructions on how you can opt-out in subsection (F) below and by visiting the following link: Do Not Sell/Share My Personal Information. 
  • Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.
  • Right to Limit Use and Disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for us to provide goods or services to you.  We will not use or disclose your sensitive personal information after you have exercised your right unless you subsequently provide consent for the use of your sensitive personal information for additional purposes. 

The above rights are subject to various exclusions and exceptions under applicable laws. 

If you wish to exercise one of the above rights, we will need to verify your identity and authority, including by providing, at a minimum, your first name, last name, and email address.  Identity verification requires matching pieces of personal information you provide with the information we maintain.  In addition, we may require additional information or steps such as a signed declaration that the requestor is the consumer whose personal information is the subject of the request. 

You may also authorize someone to exercise the above rights on your behalf.  To designate an authorized agent, please submit a request through our supportform.  As may be necessary, we will verify that the agent has proper authorization to exercise the above rights on the consumer’s behalf.  

If you are a California resident and wish to seek to exercise these rights, please reach us in one of the following ways:

For more information regarding this Privacy and Security Policy, or if you have any questions or concerns, you may contact us in the following ways:

Direct marketing by third parties. Bluevine does not disclose personal information to third parties for their own direct marketing purposes. However, California residents additionally have the right to request information regarding such practices under California’s “Shine the Light” law. If you are a California resident and would like to inquire further, please email support@bluevine.com.

We will continue to update our business practices as direct regulatory guidance becomes available.

F. Notice of Right to Opt-Out

We do not currently sell your personal information in the traditional sense, but we do sell/share your personal information, as those terms are defined under the CCPA, by participating in behavioral advertising networks, as described in Section D above.  You may opt-out of such sales/sharing in one of the following ways:

We also encourage you to visit the Network Advertising Initiative and/or the Digital Advertising Alliance’s Self-Regulatory Program for Online Behavioral Advertising for more information about opting out of seeing targeted digital advertisements.

Please consult the other sections of our Privacy and Security Policy for further information on our practices regarding your personal information.

Biometric Information and Retention Policy

This section applies to any individuals about whom we have collected biometric data, including through your use of our Site or by using our Services (collectively, “you”).  As used in this Privacy and Security Policy, biometric information includes “biometric identifiers” and “biometric information” as defined under applicable federal, state, and local laws, including the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS § 14/10, the Texas Statute on the Capture or Use of Biometric Identifiers, Tex. Bus. Code § 503.001, and the Washington Biometric Privacy Law, RCW 19.375.010 et seq.

When you apply for a business checking account through Bluevine, we may ask you to submit (or we may ask your permission to take) a photo of you and an image or photo of your government-issued ID (e.g., your driver’s license, state identification card, or passport). The verification process captures and uses Biometric Data in some jurisdictions. Using this information allows us to verify your identity (confirm that the person in the photo or video is likely to be the same person pictured in the government-issued ID).

To the extent that Bluevine or its vendors collect, capture, or otherwise obtain your Biometric Data, we will first: (a) inform you in writing that Bluevine and/or its vendors are collecting, retaining, and using your Biometric Data for the purposes of identity verification; and (b) collect your written consent to collect, retain, and use your Biometric Data.

Bluevine and its vendors will not sell, lease, trade, or otherwise profit from your Biometric Data; provided, however, that our vendors may be paid for products or services used by us that utilize such Biometric Data. Bluevine will not otherwise disclose, re-disclose, or disseminate Biometric Data unless the disclosure:

1.       Is consented to by the individual or the individual’s legally authorized representative;

2.    Is required by applicable law; or

3.    Is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Except as described in this Privacy and Security Policy, Bluevine and its vendors will retain such Biometric Data only until, and will request that our vendors permanently destroy such biometric information when, the first of the following occurs:

  • The initial purpose for collecting or obtaining such biometric information has been satisfied;
  • Within three (3) years of your last interaction with us.

Bluevine will store, transmit, and protect from disclosure any Biometric Data collected in a manner that is the same as or more protective than the manner in which Bluevine stores, transmits, and protects from disclosure other confidential and sensitive information.

The Site may offer links to websites of other companies and associations.  We are not responsible for the privacy practices or consent of such third party websites.  These external websites are not subject to this Privacy and Security Policy, and we have no control over their content.  Please carefully review the policies of these websites before providing any personal information.

Governing Law

You agree that this policy is governed by and will be enforced in accordance with the laws of the State of California without regard to conflict of laws hereof.

By using the Site, you consent to the Site’s Terms of Use.

Changes to our Privacy and Security Policy

We may make changes to this Privacy and Security Policy, and we encourage you to regularly check this page to review any changes we may make. You understand that you will be deemed to have accepted an update if you continue to use the Site and Services after any update takes effect. If any material changes are made to this Privacy and Security Policy, advance notice may be posted on the Site.

Contact Us

If you have any questions about this Privacy and Security Policy or wish to exercise one of your privacy rights, please contact us using the following information:

Email privacy.ops@bluevine.com

Address 30 Montgomery Street, Suite 1400

Jersey City, NJ 07302

Contact Form       https://www.bluevine.com/contact-us/Privacy Preferences   https://www.bluevine.com/privacy-policy#modal-privacy-preferences