Effective January 1, 2023
Effective January 1, 2023
Divvy knows the importance of and values the privacy of all its customers. We agree that how your personal information is collected, used, and shared is important and we take this responsibility seriously. Our primary goal is to provide you with exceptional service, and we understand that you may have questions or concerns regarding your personal information and how it will be used. This document describes how Divvy collects, transmits, stores, uses, shares, and erases personal information. If you are a resident of California, Colorado, Connecticut, Virginia, or Utah, you may have additional rights. To learn more, review our US State Supplemental Privacy Notice to Residents of California, Colorado, Connecticut, Virginia, and Utah.
In this policy, the term “personal information” is used to describe information that can be associated with, and can be used to identify, an individual. We do not consider personal information to include:
The Information We Collect
The Divvy products you use and how you use them dictates which information is collected. Divvy collects personal information when you use our products and services, including when you: browse getdivvy.com or use app.divvy.co, apply for a charge card, create a Divvy account, use our iOS or Android mobile apps, make a purchase using your physical or virtual Divvy card, communicate with us (e.g. calling, chatting, or interact with us, including Customer Experience or Sales interactions), and interact with us at a conference or event.
Information to apply for a line of credit and create a Divvy Account
If you apply for a Divvy account, we need to collect and process a certain amount of information about you, your business, and individuals associated with your business to comply with our legal and regulatory obligations and to address our fraud risks.
Identification Information, including name, email address, telephone number, home street address, social security number or passport number, date of birth, business name, business address, business industry, business tax ID, and business revenue.
Banking Information, including your bank name, account holder name, account number, routing number, and bank address.
Device and Connection Information, including your IP address, geolocation data, browser type and version, operating system and other software installed on your device, unique device identifier and other technical identifiers, performance data, error reports.
Usage Data, including features you used, settings you selected, your URL clickstream data (including date and time stamp and referring and exit pages), and pages you visited on the Service.
Information to use our products and services
Personal information is required to be collected and processed when your business assigns a credit card to you. To use this service, we will collect identification information, including your name, email address, and phone number.
Information when you make a transaction
When a payment is made by you on the Divvy platform, we collect information about your transaction, including payment method information, purchase amount, purchase date, purchase location, receipt information, information provided to us by the card network associated with transactions, merchants, or cardholders. The transaction information is received: (i) directly from you; (ii) from the issuing bank; and/or (iii) from the card networks.
Information automatically processed when you visit our websites or use our mobile app
In order to facilitate the best financial and security experience for you and us, personal information is automatically collected when you visit or use our website and/or mobile app, including browser and device information, device and connection information, IP address, geolocation data, browser type and version, operating system and other software installed on your device, unique device identifier and other technical identifiers, performance data, error reports, and usage data (such as features you used, settings you selected, URL clickstream data (including date and time stamp and referring and exit pages), and pages you visited on the Service).
Cookies and trackers
You have the option to block cookies and other activity tracking tools used by us; however, in doing so, you may limit the functionality and use of certain features of our services. To block cookies, you can disable them through your web browser or visit an industry-standard opt-out website like www.networkadvertising.org/choices or www.aboutads.info/choices.
Information processed when you interact with Divvy
Personal information may be collected about you when you interact with our customer-facing teams (e.g., Customer Success, Growth, Sales, or Marketing) through phone calls, chat services, or email, including your name, your email, phone number, and other contact information, and content of your communications and survey responses.
How We Use the Information We Collect
Divvy may use or disclose the information we collect for one or more of the following business purposes:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
How We Share the Information We Collect
Divvy shares your personal information with our third-party service providers and business partners as needed to provide, maintain, support, secure, and improve the Service. Except as described below, when Divvy shares personal information for a business purpose, Divvy enters into a contract that describes the purpose for which the information is shared and requires the recipient to both keep that personal information confidential and not use it for any purpose except for performing the contracted services.
Sharing within the Divvy network
To process payments on Divvy, we need to share some of your personal information with the person or company that you are paying or is paying you. Your contact information, date of sign-up, the number of payments you have received and other verification metrics like social graph activity may be provided to users or companies when you transact with, on, or through Divvy.
We work with vendors to enable them to accept payments from you using Divvy. In doing so, a vendor may share information about you with us, such as your mobile phone number or Divvy username, when you attempt to pay that vendor. We use this information to confirm with that vendor that you are a Divvy customer and that the vendor should enable Divvy as a form of payment for your purchase.
Regardless, we will not disclose your credit card number or bank account number to anyone you have paid or who has paid you through Divvy, except with your express permission or if we are required to do so to comply with a subpoena or other legal process.
Sharing within the Divvy corporate family
We may share your information within our corporate family, including, but not limited to Bill.com, LLC; Bill.com, Canada LLC; DivvyPay, LLC; zipbooks.com and any affiliates or subsidiaries of these companies or our parent company, Bill.com Holdings, Inc. (collectively, “Bill.com Group Companies”) for the purposes identified in this Privacy Notice. As we grow and expand our Services and offer our Services in other countries, we may add to our corporate family.
Sharing in connection with business transactions or corporate changes
The information that we collect in connection with the Service is a business asset. As a result, we may share or transfer your information if we or any of the Bill.com Group Companies enter bankruptcy or are party to a business transaction, such as a merger, acquisition, reorganization, or asset sale.
Sharing personal information with other parties
Divvy does not share your personal information with third parties for promotional or marketing purposes.
We may share your personal information with:
Information From Person(s) Under the Age of 18
We do not knowingly solicit or collect information from any individuals under the age of 18. If we learn that we have collected personal information from a child under age 18, we will delete that information as quickly as possible.
How We Protect and Store Information
We store and process your personal information using third-party servers located in secure data centers in the United States. The information is protected by physical, electronic, and procedural safeguards in compliance with applicable US federal and state regulations. We employ electronic safeguards such as firewalls and data encryption. We enforce physical access controls to our office and files. We authorize access to personal information only for those employees who require it to fulfill their job responsibilities.
We make reasonable efforts to ensure security on our systems. Despite our efforts, we cannot guarantee that personal information may not be accessed, disclosed, altered, or destroyed by breach of our administrative, managerial, and technical safeguards. Therefore, we urge you to take adequate precautions to protect your personal data as well, including never sharing your Divvy password with anyone.
If Divvy learns of a systems security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. Divvy may post a notice on the website if a security breach occurs. We may also send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
Links to other sites
The website application and mobile application may contain links to other sites. Divvy does not control the information collection of sites that can be reached through links from our products. We encourage our users to be aware when they are leaving the applications and to read the privacy statements of any site that collects personally identifiable information.
Multi-factor authentication communications
Divvy will send one (1) text message per login to users as part of multi-factor (“MFA”) and the login process. You understand that at any time you can opt out to stop receiving one-time passcodes via text message. If you wish to stop receiving text messages for MFA, simply type STOP. In texting STOP, you understand that you will no longer receive transactional messages containing one-time passcodes, which may affect your ability to log in to your Divvy account. Your opt out will only be effective for the mobile device from which you sent the STOP request and will not cover emails or other communications sent by Divvy. For questions or assistance concerning opting back in to MFA text messages, contact support at [email protected] or by calling 385-352-0374.
Standard messaging and data rates may apply. Carriers are not liable for delayed or undelivered messages. Not all phone carriers or text message providers may support this service.
If you have any questions or comments about this information, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, you may contact us at [email protected] or (855) 229-3111.