Bitpoint Crypto Banking

BitPoint Privacy Policy

BitPoint respects your privacy. While BitPoint’s Services are designed for use by business customers, we process some personal data when you use our Services, including when you apply to open a BitPoint Account. This Privacy Policy ("Policy") is meant to help you understand the types of Personal Information that we collect about you, how we use it, how we share it, your rights and choices, and how you can contact us about our privacy practices and your privacy rights. Please read this Policy carefully, as it applies when you use our Services or Products, visit our website, or use the BitPoint mobile app. Capitalized terms that are not defined in this Policy have the definitions provided in the Platform Agreement.

BitPoint partners with a number of Service Partners and Third-Party Service Providers (collectively “Service Providers”) to provide you and your business with the best integrated spend management solution. Some of these Service Providers have their own privacy statements or policies; this Policy does not apply when you are linked to a service providing a different privacy policy or when the website, product, or service involved is operated by a company other than BitPoint.

As part of our services to our business customers and in receiving referrals for new potential customers, you or your business may provide BitPoint with information about individual employees or contacts at other businesses. Where you provide information about individuals, you agree that you have all rights and permissions necessary to provide such information to us. Where you provide us with information about your employees or other individuals connected with your business (such as owners or founders), please ensure that they are referred to this Policy for information about BitPoint’s collection and processing of their Personal Information.

If you have any questions about this policy or privacy at BitPoint, please reach out to us.

I. Who We Are and Some Other Definitions

A. BitPoint. This Policy applies to BitPoint and its affiliates (collectively, “BitPoint”, “we”, “our”, and “us”). BitPoint Card Credit and BitPoint Checking Account Platform

B. Personal Information. “Personal Information” is any information that identifies, relates to, or reasonably could be linked to or associated with a particular person.

C. Services. “Services” means the financial products, technology, expense management, cash management, payment services, integrations with Third-Party Services, and all other services provided by BitPoint, including those available through your BitPoint Account.

II. What Personal Information We Collect About You and Where It Comes From

A. Information BitPoint Collects from You We collect and process Personal Information through our Services when you interact with BitPoint. The data we collect from you varies depending on what specific Services you and your company use. In some cases you actively provide us with the information and in others, BitPoint collects the information automatically. BitPoint collects personal information from you when you directly interact with BitPoint in the following ways:
• Filling out an application and creating a BitPoint Account
• Making a purchase using a physical or virtual BitPoint Card
• Making or receiving payments (such as sending or receiving funds via ACH, wire, or check)
• Uploading a receipt or making a memo for a BitPoint Card transaction
• Signing in to access your BitPoint Account
• Browsing the platform or our website
• Using our iOS or Android mobile apps
• Using or redeeming cash back rewards, such as cash back applied toward future statement balances
• Using or redeeming partner rewards, such as discounts on partner products and services
• Using integrations to connect your BitPoint Account to third party services
• Connecting accounts to your BitPoint Account
• Using BitPoint Rewards
• Calling, chatting, contacting, or interacting with BitPoint (such as with our Customer Experience or Sales, or texting us a copy of a receipt, or clicking through our advertising)
• Reading emails from BitPoint
• Attending a BitPoint event (offline or online) or webinar
• Engaging in our affiliate referral program
• Entering a BitPoint sweepstakes, contest, or promotion

BitPoint may collect the following categories of Personal Information from you when you interact with or use our Services.
• Contact Data, such as your name, business email, phone number and address.
• Professional Data, including your title or role on your team.
• Account Credentials, including your password (hashed) and information for authentication and account access.
• Identity Data, such as your date of birth, Tax Identification Number (TIN) or your Social Security Number (SSN) and copies of your passport, driver’s license, or other national ID and any information captured on such ID (such as facial images/ photographs) or through our ID verification process (including the ID verification results).
• Financial Data, including your bank account information, routing and account numbers for reimbursements, transaction history, and related information, and your BitPoint account data.
• Transaction Data, including information associated with use of your BitPoint Card and transactions such as wire transfers and ACH payments. This also includes information to process your receipts, such as photos and text messages with associated metadata.
• Company Data, any Personal Information submitted to us related to a company when that company applied for or maintained a BitPoint Account. This could include information about the individuals involved in that company's leadership and ownership.
• Communications and Online Content, including content within any messages you send to us (such as when contacting support or asking a question). We also collect content within any messages you exchange with other users through the Products (such as when you submit a request through the Platform to the BitPoint Account administrator to make a transaction or to increase a spending limit on a BitPoint Card).
• Marketing Data, such as your contact preferences and webinar /event registration, attendance and participation information.
• Referral Data, including information you provide about any potential referrals as part of our affiliate referral program, such as their name, email address, and phone number.
• Service Use Data, Device Data and Location Data via Tracking Technologies. When you access or interact with our Platform or use any of our mobile apps, BitPoint uses several types of activity tracking tools to collect data about how and when you interact with our web pages and mobile application; the type of device, browser, and operating software you use; your IP address and other device event information; and imprecise location data that can be derived from this information (such as location that can be identified from your IP address). Unless these technologies have been disabled by a user, BitPoint automatically collects this data through the following types of tracking technologies:
• Log Files record events that occur in connection with your use of the Services.
• Cookies are small data files stored on your device that allow us to uniquely identify your browser. We use two types of cookies: session cookies and persistent cookies. o Session cookies support website navigation and expire when you close your browser o Persistent cookies allow us to identify your unique device across different sessions. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
• Pixels (also known as web beacons) are code embedded in a website, email, or advertisement that sends information about your usage to a server. Pixels are used in combination with cookies to allow BitPoint to track a particular browser’s online activity, like what communications or pages you viewed.
• Device Fingerprinting is the process of combining and analyzing data elements from your device's browser to uniquely identify your browser and device.

If you have access to a BitPoint Dashboard, this information may also available in the Cookie Preferences section of your Settings.

B. Information BitPoint Collects from Other Sources

1. Personal Information Collected from Third Parties

BitPoint may also collect information about you from other sources. The paragraphs below describe the categories of third parties BitPoint collects Personal Information from and what categories of data we collect from them. The information categories referenced in the paragraphs below have the same description as provided in Section II.A of this Policy.
• Category of Third Party: BitPoint Account Holders o Personal Information Category Collected: Contact, Identity, Professional, Company o When Data is Collected:
• When a business applies for or adds you as an authorized user, administrator, manager, controlling officer, or beneficial owner of a BitPoint Account
• When a referral partner provides us with information about you as a representative of a potential customer
• Category of Third Party: Financial Institutions (including banks and money transmitters), Card Network Providers, Payment Processors, Card Issuers o Personal Information Category Collected: Contact, Financial, Transaction o When Data is Collected: These entities are BitPoint’s partners in processing your BitPoint Card and providing you and your business with BitPoint Account services such as reimbursement
• Category of Third Party: Merchants and Receipt Information Aggregating Services o Personal Information Category Collected: Contact, Financial, Transaction, Location Information o When Data is Collected: BitPoint collects information about your financial transactions, including information regarding the location of and other details purchases and receipt information for transactions
• Category of Third Party: Identity Verification Services; Financial Information Providers; Fraud and Financial Crime Monitoring, Prevention, and Detection Service Providers o Personal Information Category Collected: Contact, Identity, Professional, Financial, Transaction, Service Use Data, Device Data, Location Data, Company, Travel o When Data is Collected: When BitPoint is confirming your identity; onboarding or maintaining information for an account you are an administrator, authorized user, or other responsible part for; or managing fraud, financial crime, or other legal risks
• Category of Third Party: Third Party Integrations and Service Providers: Banks and other depository institutions o Personal Information Category Collected: Contact, Account Credentials, Identity, Financial, Transaction, Company o When Data is Collected: When you link your BitPoint Account with your personal bank account. BitPoint does not store non-BitPoint financial account credentials on BitPoint systems
• Category of Third Party: Third Party Integrations and Service Providers: Accounting and Expense Providers o Personal Information Category Collected: Contact, Professional, Company, Financial, Transaction o When Data is Collected: When you or your company connect your BitPoint Account to a third party accounting or expense provider
• Category of Third Party: Third Party Integrations and Service Providers: Travel Services o Personal Information Category Collected: Contact, Identifiers, Financial, Transaction, VIP club, Rewards o When Data is Collected: When we create your BitPoint user account and when you book travel through BitPoint Travel, we process information from our travel partners or lifestyle club about your travel plans and any rewards balances or redemptions involved
• Category of Third Party: Other Service Providers o Personal Information Category Collected: Contact, Identity, Financial, Transaction, Travel, Rewards, Company, Professional o When Data is Collected: When BitPoint receives information back from other categories of Service Providers while providing you with our Services
• Category of Third Party: Social Networks and Online Advertising o Personal Information Category Collected: Contact, Professional, Marketing o When Data is Collected: When BitPoint uses these providers to serve or assist in serving our advertisements
• Category of Third Party: Joint Marketing, Business Partnership, Referrals, and Rewards Partners o Personal Information Category Collected: Contact, Professional, Marketing, Referrals, Rewards, and data regarding your relationship with these partners o When Data is Collected: When BitPoint engages in joint marketing activities and our referral and rewards programs with these partners, as well as when we acquire information about your and your relationship to these partners
• Category of Third Party: Publicly-available sources (including the media and public domain) o Personal Information Category Collected: Contact, Professional, Company, Online Content o When Data is Collected: When BitPoint is identifying potential customers and partners or conducting due diligence or other risk management activities for existing and potential customers

2. Personal information related to administrators, employees, company owners, and authorized persons or representatives

In some circumstances, BitPoint requires our business customers and their representatives to provide us with Personal Information relating to another person (such as providing us with Personal Information about the owners of your business during the application process or providing us with Personal Information about employees). If you are providing BitPoint with information about other individuals, do not provide us with any Personal Information unless you have informed these individuals that their information is being transferred to a third party for card and spend management purposes or a similarly appropriate category of third party or you are sure the disclosure of the Personal Information is otherwise permitted by law or contract. You must inform all other persons whose information you share with us how we collect and process Personal Information and all other terms of this Policy.

III. How BitPoint Processes and Stores Personal Information

A. How BitPoint Processes Personal Information

BitPoint processes Personal Information to provide its customers with a reliable, secure, and loved solution for spend management and corporate cards. That requires us to process Personal Information for a number of purposes, as described below:
• Providing BitPoint Services. We use all of the categories of Personal Information we collect to provide BitPoint’s Services. Personal information may be used as part of the data analytics processes that enable our Services.
• Improving and developing the Services. We use all of the categories of Personal Information BitPoint collects other than identity data to understand how you use our Services, and to improve them. We also use the information to analyze trends and performance to identify future opportunities for the development, promotion, and improvement of our Services. We use analytics services, such as Google Analytics, to help us understand how users access and use our Services.
• Securing the Services and Fraud Detection. We process and analyze all categories of Personal Information BitPoint collects for the purposes of maintaining the safety and security of our systems, websites, Services, including identifying and troubleshooting any problem with the BitPoint Products or Services, investigating suspicious activity, detecting potentially fraudulent or unauthorized transactions, enforcing our terms and policies, and in protecting the rights of BitPoint, our customers, and those we all do business with.
• Providing Customer Support. We process all categories of Personal Information BitPoint collects to troubleshoot and diagnose problems with our Services, and provide other customer care and support services, including to help us support, improve, and secure the quality of our Services, to investigate security incidents, and provide appropriate training to BitPoint staff. We use automated chat capabilities where you may be interacting with a bot rather than a person for appropriate questions.
• Sending administrative communications. We may use your Contact, Professional, and Transaction information to send you information related to our Product and Services such as confirmations, invoices, technical notices, service updates and security feeds, security alerts, and support, onboarding, and administrative messages.
• Sending marketing communications and placing advertising, including marketing analytics. We use your Contact, Professional, Transaction, and Marketing information we collect to advertise and promote BitPoint Services by phone, text, email, or chat, and additional products and services from our partner companies, according to your marketing preferences. We also use Service Use Data, Device Data and Location Data to place and deliver advertisements to you.

In addition, we may work with agencies, advertisers, ad networks and other technology services to place advertisements on our behalf on other websites and services. For example, we may place ads through advertising and social media firms that you may view on their platforms as well as on other websites and services. As part of this process, we (or these third parties) may incorporate tracking technologies into our own Website and emails or other communications as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you ("Interest-based Advertising"). While you may disable some tracking technologies in your browser settings by blocking cookies in your browser, using global privacy controls, or using other privacy settings on your device or browser, you may still receive non-targeted advertisements we send as part of a general marketing campaign.
• Complying with legal obligations, defending legal claims, and preventing and detecting crime and misuse of BitPoint Services. We may process all categories of Personal Information BitPoint collects to fulfill BitPoint’s legal and regulatory rights and obligations, including in the following situations: o when cooperating with public and government authorities, courts or regulators in accordance with applicable laws; o to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity; o to protect BitPoint’s legal rights, pursue remedies available to us, and limit our damages; o to protect against misuse or abuse of our Services; o to protect personal or public property or safety; o to comply with judicial proceedings, court orders or legal processes; or o to respond to lawful requests.

When complying with court orders and other similar legal processes, BitPoint strives for transparency. We will make reasonable efforts to notify our customers and users of any disclosure of their Personal Information, unless we are prohibited by law or court order, or exigent circumstances prevent us from doing so.
• For our business purposes. We may use information for other legitimate business purposes, such as developing new Services; enhancing, improving or modifying our Services; mitigating financial loss, claims, liability, and other harms to our users, BitPoint, our partners, or third parties.
• With Notice to You and Your Consent. We may otherwise process Personal Information after providing notice to you and obtaining your consent. You may opt out of or refuse your consent for this processing; please see the “Your Rights and Choices” section below for how to do so.

B. Anonymized and aggregated data.

To improve and market our Services, better target advertisements, and for other promotional purposes, BitPoint may transform Personal Information into de-identified information removing or masking information that could be used to identify you and by aggregating or combining de-identified data with other information.

C. Transfers of your Personal Information between BitPoint affiliates

To provide you with a seamless experience, BitPoint affiliates share information to support all of BitPoint’s processing purposes.

D. For EEA and UK residents: Legal basis for processing

The General Data Protection Regulation (GDPR) in Europe requires a "lawful basis" for processing personal data. Our lawful basis includes where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our Service Providers, partners, or business customers; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.

The legal basis for BitPoint’s different Personal Information processes is as follows:
• Process: Providing BitPoint Services o Legal Basis:  BitPoint’s legitimate business interest in providing our business customers with Services; and  BitPoint’s customer’s legitimate interests in managing their business expenses, providing appropriate business spending capabilities, and overseeing how corporate funds are used by employees.
• Process: Improving and developing the Services o Legal Basis:  BitPoint’s legitimate business interests in developing, promoting and improving our Services and identifying future business opportunities; and  In some cases, your consent to providing BitPoint with feedback and data.
• Process: Securing the Services and Fraud Detection o Legal Basis:  BitPoint’s legitimate interest in ensuring the safety and security of our Services and our interest in protecting BitPoint’s rights and the rights of our customers, including avoiding being the victims of or involved in crime.
• Process: Providing Customer Support o Legal Basis:  BitPoint’s legitimate interest in providing our users and business customers’ authorized representatives with customer care and assistance, identify and investigate security and technical incidents, and provide, improve, and secure our Services, as well as our staff’s knowledge and training.
• Process: Sending administrative communications o Legal Basis:  BitPoint’s legitimate interests in administering and securing our Services; and  In some cases, compliance with BitPoint’s regulatory obligations.
• Process: Sending marketing communications and placing advertising, including marketing analytics o Legal Basis:  BitPoint’s legitimate interest in marketing its Services to appropriate groups; and  In some cases, in reliance on your consent to receive marketing materials or have your information used in analyses.
• Process: Complying with legal obligations, defending legal claims, and preventing and detecting crime and misuse of BitPoint Services o Legal Basis:  Compliance with BitPoint’s legal and regulatory obligations; and  In furtherance of BitPoint’s legitimate interests in protecting against the misuse or abuse of our Services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests.
• Process: For BitPoint’s business purposes o Legal Basis:  In reliance on BitPoint’s legitimate interests for pursuing legitimate business purposes.
• Process: With Notice to You and Your Consent o Legal Basis:  In reliance on your consent. 

A. Restrictions on Service Provider’s Use of Your Personal Information BitPoint may transfer your Personal Information to our Service Providers. BitPoint contractually prohibits our Service Providers from retaining, using, or disclosing information about you for any purpose other than performing the services for us and fulfilling their own regulatory and legal obligations, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for other purposes except as prohibited by applicable law or contractual obligation.

B. Transfers authorized by you, by the BitPoint Account holder, or authorized representatives BitPoint enhances its Services by integrating with products and services provided by other companies. As identified section A above, BitPoint currently has integrations that transfer Personal Information to provide accounting, expense management, and travel services. For these integrations to work, we may need to provide your Personal Information to these companies. Information we transfer to these companies will be used and disclosed according to that company’s privacy policy and subject to appropriate contracts with our partners. You should review the privacy policy of any company that has access to your Personal Information related to the integration with your BitPoint Account.

C. Data transfers in corporate transactions In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Information and data we process from you may become part of the assets we transfer or share in preparation for any such transaction. Any acquirer or successor of BitPoint may continue to process Personal Information consistent with this Policy.

D. Compliance and compelled disclosures We may disclose or transfer Personal Information in the following circumstances:
• To comply with applicable law, regulation or payment network rules;
• To enforce our contractual rights or comply with contractual obligations;
• To protect the rights, privacy, safety and property of BitPoint, you, our customers, our business partners, or others; or
• To respond to requests from auditors, courts, law enforcement agencies, regulators, and other public and government authorities, which may include authorities outside your country of residence. When complying with court orders and other similar legal processes, BitPoint strives for transparency. We will make reasonable efforts to notify our customers and users of any disclosure of their Personal Information, unless we are prohibited by law, court order, or exigent circumstances prevent us from doing so.

E. No sale or sharing of Personal Information BitPoint does not sell or allow our Service Providers to process your Personal Information for their own use without your consent, unless the processing of that information is either required by law or we determine that disclosure is reasonably necessary to enforce our rights, protect our property or operations, or enforce the rights and protect the property or operations of our business partners and customers. As part of our arrangements with Service Providers, BitPoint may receive your Personal Information from and transfer your Personal Information to our Service Providers as part of providing our Services and Products, but these transfers are conducted under contracts that protect your data from additional uses and are not considered a sale. BitPoint also does not share Personal Information for cross-contextual behavioral advertising.

IV. How BitPoint stores and protects Personal Information

A. How long BitPoint retains Personal Information and when we delete it BitPoint collects and retains Personal Information to provide our Services. We retain that information for as long as we have a business or operational reason to retain that information, or where we have a legal or regulatory obligation to continue to retain that Personal Information after it has served its business or operational purpose. BitPoint deletes or de-identifies Personal Information when we no longer are required to or have a reasonable business purpose to retain it. BitPoint’s legal retention obligations may require us to retain your Personal Information after you are no longer an authorized user of a BitPoint account or after your BitPoint account has closed. These retention obligations also prohibit us in some cases from deleting certain Personal Information after you have asked us to delete your data under the data privacy and data rights laws in different jurisdictions. BitPoint retains data where it is necessary to comply with our legal obligations, resolve disputes, and enforce our agreements or where deleting it prevents us from billing for our Services, calculating taxes, conducting required audits, or carrying out other legitimate business functions. Please see the “Your Rights and Choices” section and the sections detailing the rights you may have under the laws of your location below for more information.

B. Where BitPoint stores Personal Information and international data transfers As we strive to serve our customers everywhere in the world they operate, BitPoint may process and store Personal Information for the purposes described in this Policy in any other country in which BitPoint, its subsidiaries, affiliates, or Service Providers operate. These countries may have data privacy or protection laws that are different to the laws of your country and may not be as protective. BitPoint takes measures to comply with applicable data privacy laws when we transfer Personal Information internationally. For Personal Information transferred from Europe or the United Kingdom, we will provide appropriate safeguards, such as use of the Standard Contractual Clauses approved by the European Commission, to protect your Personal Information.

C. BitPoint’s data security BitPoint uses organizational, technical, and administrative measures, including 2FA to protect Personal Information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Information. The specific measures we use include encrypting your Personal Information in transit and at rest, device and identity verification processes, and idle lockouts. Where you have created a username and unique password to enable you to access your BitPoint Account, or use our Services, it is your responsibility to keep this password secure and confidential.

Please contact us immediately if you believe that your Personal Information or any other confidential information that you have provided to us is no longer secure or has been lost or stolen.

V. Additional Important Information About Your Personal Information

A. BitPoint Account users and administrators’ access and authorities

BitPoint Services are intended for use only by companies, and you may only use a BitPoint Account or Card if you are an employee or other authorized representative of a company that has opened a BitPoint Account. The information in your BitPoint Account is governed by our agreements with the applicable business customer. You may access, update, or delete certain information within your BitPoint Account through the Platform, provided that the business customer’s administrator is responsible for determining how that data is processed. The business customer's administrator is responsible for your BitPoint Account and any BitPoint Cards associated with the business customer. The administrator can also access information about you via their own access to BitPoint’s Services, access and retain information we have stored on its behalf, and limit your ability to edit, modify, delete, or use information associated with your use of the Services. However, losing authorized access to a company’s BitPoint Account does not deprive you of rights you may have under the data privacy or other data rights laws in your jurisdiction.

B. Closure of a BitPoint Account

Closure or deletion of your company’s BitPoint Account will mean that the business customer will permanently lose access to the Personal Information and data associated with the BitPoint Account. Personal information or de-identified information associated with your company’s BitPoint Account may nonetheless remain on systems owned or maintained by BitPoint where required to comply with the law, our contractual obligations, or carrying out legitimate business functions. Where BitPoint retains Personal Information after an account has closed, individuals may have the right to access, delete, or assert other rights under the laws of their jurisdiction.

VI. Your Rights and Choices

A. Your Choices with BitPoint

1. Electronic Communications
• Emails. You may choose not to receive promotional emails from us by following the unsubscribe/opt-out instructions in those emails at any time. Please note that you cannot opt-out of non-promotional messages, such as those about your BitPoint account, transaction information about our Services (such such as updates to our platform agreement, privacy notices, security alerts, and other notices relating to your access to or use of our Services) or our ongoing business relationship.
• Text, SMS, or WhatsApp Messages. If you have opted in to receiving text, SMS, or WhatsApp messages related to your use of the Products or Services, you can opt-out at any time by texting "STOP" to the short code to be provided in an updated policy. After you send the SMS or WhatsApp message "STOP" to us, we will send you an SMS or WhatsApp message to confirm that you have been unsubscribed. After this, you will no longer receive SMS or WhatsApp messages from us.

Please note that your opt out is limited to the email address or phone number used and will not affect subsequent subscriptions.

BitPoint will not discriminate against you for any use of your privacy rights. To exercise any of these rights, you may make a request by emailing us. You can also reach out to our Customer Experience team. BitPoint will confirm receipt of your request and provide you with information about our processes for acting on your request, including when you can expect a response, within 10 business days. We will need to verify your identity to ensure the security of your Personal Information before providing you with any Personal Information. If you are currently a BitPoint user, you may correct any Personal Information we have about you either in your settings, by contacting your BitPoint Account administrator, or by using the contact details above in addition to requesting correction.

VII. Updates to This Policy

We may update this Policy from time to time in response to changing legal, regulatory, technical or business developments. When we update this Policy, we will notify you of material changes, changes that limit any of the rights you have related to the manner in which we process your Personal Information, or that we are required to disclose by law, via a prominent notice on our website, login screen, your mobile app, or via email at least 7 days prior to the changes taking effect. We will obtain your consent to any material changes to this Policy if, and where, required by applicable data protection laws.