Updated July 21, 2021
Updated July 21, 2021
Divvy knows the importance of and values the privacy of all its customers. We agree that how your personal information is collected, used, and shared is important and we take this responsibility seriously. Our primary goal is to provide you with exceptional service, and we understand that you may have questions or concerns regarding your personal information and how it will be used. You can talk to us about this policy at [email protected]
This document describes how Divvy will process (collect, transmit, store, use, share, and erase) personal information. This document will help you make an informed decision about how you want to use our products and services.
This policy does not include anonymized and aggregated data.
In this policy, the term “personal information” is used to describe information that can be associated with a specific individual and can be used to identify that person. We do not consider personal information to include information that has been anonymized so that it does not identify a specific user.
The information we collect
The Divvy products you use and how you use them dictates which personal information is collected. Divvy collects personal information when you directly interact with Divvy in the following ways:
Information We Collect When You Use Our Products and Services
Information needed to apply for a line of credit and create a Divvy Account
If you are opening a Divvy account, we need to process a certain amount of information about you, your business, and individuals associated with your business to comply with our legal and regulatory obligations and to address our fraud risks. We will collect the following information:
Device and Connection Information
Information needed to use our products and services
Personal information is required to be processed when your business assigns a credit card to you. To use this service, we will collect:
Information processed when you make a transaction
When a payment is made by you on the Divvy platform, we collect information about your transaction. The transaction information is received: (i) directly from you; (ii) from the issuing bank; and/or (iii) from the card networks. We will collect:
Information automatically processed when you visit our websites or use our mobile app
In order to facilitate the best financial and security experience for you and us, personal information is automatically collected when you visit or use our website and/or mobile app. We will collect:
Cookies and trackers
Information processed when you interact with Divvy
Personal information may be collected about you when you interact with our customer-facing teams (e.g., Customer Success, Growth, Sales, or Marketing) through phone calls, chat services, or email. We may collect:
Information from person(s) under the age of 18
We do not knowingly solicit or collect information from any individuals under the age of 18. If we learn that we have collected personal information from a child under age 18, we will delete that information as quickly as possible.
How we protect & store personal information
We store and process your personal information using third-party servers located in secure data centers in the United States. The information is protected by physical, electronic, and procedural safeguards in compliance with applicable US federal and state regulations. We employ electronic safeguards such as firewalls and data encryption. We enforce physical access controls to our office and files. We authorize access to personal information only for those employees who require it to fulfill their job responsibilities.
We make reasonable efforts to ensure security on our systems. Despite our efforts, we cannot guarantee that personal information may not be accessed, disclosed, altered, or destroyed by breach of our administrative, managerial, and technical safeguards. Therefore, we urge you to take adequate precautions to protect your personal data as well, including never sharing your Divvy password with anyone.
If Divvy learns of a systems security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Divvy Service, you agree that Divvy may communicate with you electronically. Divvy may post a notice on the website if a security breach occurs. We may also send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice of a security breach) you should notify us.
How we use the personal information we collect
Our primary purpose in collecting personal information is to provide you with a safe, smooth, efficient, fun, and customized experience. We may use your personal information to:
How we share personal information within the Divvy network
To process payments on Divvy, we need to share some of your personal information with the person or company that you are paying or is paying you. Your contact information, date of sign-up, the number of payments you have received and other verification metrics like social graph activity may be provided to users or companies when you transact with, on, or through Divvy.
We work with vendors to enable them to accept payments from you using Divvy. In doing so, a vendor may share information about you with us, such as your mobile phone number or Divvy username, when you attempt to pay that vendor. We use this information to confirm with that vendor that you are a Divvy customer and that the vendor should enable Divvy as a form of payment for your purchase.
We may share anonymized and aggregated data, including transactional data. We will obtain your prior written consent before ever sharing your data in an attributable format. You may revoke consent at any time here.
Regardless, we will not disclose your credit card number or bank account number to anyone you have paid or who has paid you through Divvy, except with your express permission or if we are required to do so to comply with a subpoena or other legal process.
How we share personal information within the Divvy corporate family
How we share personal information in connection with business transactions or corporate changes.
The information that we collect in connection with the Service is a business asset. As a result, we may share or transfer your information if we or any of the Bill.com Group Companies enter bankruptcy or are party to a business transaction, such as a merger, acquisition, reorganization, or asset sale.
How we share personal information with other parties
Divvy does not share your personal information with third parties for promotional or marketing purposes.
We may share your personal information with:
Except as permitted by law, Vermont is an opt-in state and we cannot share consumer information with third parties without permission from the consumer.
Bill Pay privacy
Additionally, except as prohibited by law, you authorize Bank and Divvy to share information about you with each other without limitation, including information regarding your use of the Services, your activity on the Platform, transactions involving your authorized bank account, and information about you relating to or arising from other Divvy branded products.
Bank and Divvy may use such information shared with the other for any lawful purpose. Without limiting the foregoing, such sharing and use may include:
How you can access or change your personal information
You can review and update your personal information in your account settings at any time by logging into your account.
Links to other sites
The website application and mobile application may contain links to other sites. Divvy does not control the information collection of sites that can be reached through links from our products. We encourage our users to be aware when they are leaving the applications and to read the privacy statements of any site that collects personally identifiable information.
Multi-factor authentication communications
Divvy will send one (1) text message per login to users as part of multi-factor (“MFA”) and the login process. You understand that at any time you can opt out to stop receiving one-time passcodes via text message. If you wish to stop receiving text messages for MFA, simply type STOP. In texting STOP, you understand that you will no longer receive transactional messages containing one-time passcodes, which may affect your ability to log in to your Divvy account. Your opt out will only be effective for the mobile device from which you sent the STOP request and will not cover emails or other communications sent by Divvy. For questions or assistance concerning opting back in to MFA text messages, contact support at [email protected] or by calling 385-352-0374.
Standard messaging and data rates may apply. Carriers are not liable for delayed or undelivered messages. Not all phone carriers or text message providers may support this service.