Privacy Policy

Personal Information - Data that identifies, relates to, describes, or could reasonably be linked directly or indirectly to a particular individual or household. Examples include name, postal address, email address, telephone number, Social Security number, device identifiers, and certain financial information.

Financial Data - Account and transaction details retrieved from your linked bank or payroll accounts via authorized data aggregators (e.g., balances, deposits, withdrawals, recurring payments, and payroll history).

Processing - Any operation performed on Personal Information, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

Service Providers - Third-party companies that process Personal Information on Blink's behalf under written contracts that require them to safeguard the data and use it only for the contracted purpose.

Applicable Law - All privacy, data-protection, and financial-services laws and regulations that apply to Blink's operations, such as the Gramm-Leach-Bliley Act (GLBA), the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), and relevant state earned-wage-access statutes.

You or User - The natural person who downloads or uses the Blink App or otherwise accesses Blink's Services.

Account Registration Data - Full legal name, email address, mobile phone number, mailing address, date of birth, and a password or comparable authentication credential.

Identity & Compliance Data - Social Security number (or other government identifier), driver's license or state ID images, and live selfie or liveness-check images collected during Know-Your-Customer (KYC) verification.

Employment & Income Details - Employer name, pay frequency, pay dates, and salary or wage amounts you input manually or confirm during onboarding.

Customer Support & Communications - The content of messages, emails, or phone calls you send to Blink, including attachments and metadata.

Voluntary Survey & Marketing Preferences - Feedback, product reviews, and opt-in choices for promotional emails or beta features.

Device Information - Hardware model, operating system version, unique device identifiers (e.g., IDFA, Android Ad ID), screen resolution, and language settings.

Usage & Diagnostic Logs - Feature interaction events (e.g., buttons tapped, pages viewed), session timestamps, crash reports, and performance metrics that help us improve stability.

Network & Connection Data - IP address, mobile network provider, and approximate geolocation (derived from IP address or device settings) to detect fraud and support compliance with state eligibility limits.

Cookies & Similar Technologies - Pixel tags, SDKs, and local storage objects used to remember your preferences, conduct analytics, and personalize your experience.

Open Banking & Payroll Aggregators (e.g., Plaid) - Tokenized account identifiers, current and historical balances, transaction descriptions and amounts, deposit and withdrawal history, recurring debits, and income deposits.

Identity Verification Vendors - Results of watch-list screening, document authenticity scores, and device-risk signals.

Fraud Prevention Networks - Information about suspected fraudulent or abusive behavior linked to your device or account identifiers.

Marketing & Attribution Partners - Non-personally identifiable analytics data (e.g., campaign ID, attribution tag) that tells us how you discovered Blink.

We engage carefully vetted third-party Service Providers to perform functions on our behalf—such as cloud-hosting, payment initiation, identity verification, customer-support tooling, analytics, and document storage. These partners are bound by confidentiality obligations and permitted to use Personal Information only as instructed by Blink.

To maintain a secure ecosystem and comply with KYC/AML requirements, we may share relevant data with identity-verification vendors, transaction-monitoring and sanctions-screening services, and network partners that flag devices or accounts linked to known fraud. Such sharing helps us detect suspicious activity, meet regulatory mandates, and protect Users from financial harm.

If Blink enters into a merger, acquisition, reorganization, or sale of assets, Personal Information may be transferred as part of the transaction. Any successor entity will be bound by this Privacy Policy or a policy with materially similar protections, unless you consent otherwise.

We may disclose Personal Information when we believe in good faith that such action is necessary to comply with a subpoena, court order, or other legal process; cooperate with regulators, law-enforcement, or supervisory authorities; or enforce our Terms & Conditions or protect the rights, property, or safety of Blink, our Users, or others.

We may share aggregated statistics or de-identified datasets that cannot reasonably be used to identify you, for purposes such as market research, academic studies, or industry benchmarking.

Strictly Necessary Cookies / SDK Flags - Enable core functionality such as session management, load balancing, fraud detection, and user authentication.

Performance & Analytics Tools - Collect aggregated usage metrics to help us understand feature adoption and improve stability. We currently employ platforms such as Firebase Analytics and Sentry.

Preference Cookies - Remember your language selection, marketing opt-in state, and in-app tutorial progress.

Advertising & Attribution Tags - Limited to first-party campaign measurement. Blink does not use third-party advertising networks for interest-based ads.

Security & Fraud Mitigation - Detect automated bots, unauthorized access attempts, and unusual device fingerprints.

Performance Monitoring - Identify slowdown points, error rates, and UX bottlenecks across different OS versions and device models.

Product Analytics - Evaluate which features are most valuable to Users to guide roadmap prioritization.

User Experience Personalization - Remember your onboarding progress, dismissed alerts, and preferred dashboard layout.

Marketing Attribution - Measure the effectiveness of Blink's own advertising campaigns in a privacy-respecting manner.

In-App Settings - Toggle analytics sharing and marketing-communication preferences at any time via Settings > Privacy Controls.

Device-Level Controls - Most mobile operating systems allow you to reset or limit ad identifiers.

Browser Controls - If you access Blink's web properties, you can set your browser to refuse or delete certain cookies.

Global Privacy Control (GPC) - Where technically feasible on our web properties, we honor valid GPC signals as a request to opt out of any 'sale' or 'sharing' of Personal Information under the CCPA/CPRA.

Access: You may request a copy of the Personal Information we hold about you, including a list of data sources and processing purposes.

Correction: If any information is inaccurate or incomplete, you can update most fields directly in the Blink App or by contacting support@blinkfinances.com.

Deletion: You may ask us to delete your Personal Information. We will honor the request unless retention is required for an ongoing relationship, legal obligations, or defense of legal claims.

Right to Know / Access: Request the categories and specific pieces of Personal Information we collected, the sources, purposes, and categories of third parties to whom the data was disclosed.

Right to Delete: Ask us to delete Personal Information, subject to statutory exceptions.

Right to Correct: Require us to rectify inaccurate Personal Information.

Right to Opt-Out of Sale or Sharing: Blink does not sell or share Personal Information for cross-context behavioral advertising.

Right to Non-Discrimination: Blink will not deny goods or services, charge different prices, or provide different levels of quality solely because you exercised a privacy right.

Under the Gramm-Leach-Bliley Act, you have the right to opt out of our affiliate using your information to market new, non-Blink products or services to you. To opt out, visit Settings > Privacy Controls > GLBA Opt-Out or email support@blinkfinances.com.

Email & SMS: Click the 'unsubscribe' link in any marketing email or respond 'STOP' to marketing SMS messages.

Push Notifications: Disable via your device's notification settings or in-app under Settings > Notifications.

Analytics & Personalization: Use the toggles under Settings > Privacy Controls to disable optional analytics or personalized content.

Encryption in Transit & at Rest - All network traffic is protected by TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256.

Tokenization & Segmentation - We never store full bank credentials. Production databases are logically segregated from development environments.

Continuous Monitoring & Logging - SIEM tools aggregate logs to detect anomalies in real time with 24×7 incident-response team alerts.

Role-Based Access Control (RBAC) - Employees receive minimum permissions needed. Administrative access requires unique credentials and MFA.

Security Awareness & Confidentiality - All personnel undergo background checks, receive annual security training, and sign confidentiality agreements.

Vulnerability Management - Regular internal code reviews, automated dependency scanning, and quarterly external penetration tests.

Independent Audits & Certifications - Core infrastructure hosted on ISO 27001- and SOC 2 Type II-certified providers.

Incident Response & Breach Notification - Documented incident-response plan aligned with NIST SP 800-61. Breach notifications within 72 hours of confirmation.

If you believe your account or data has been compromised, contact us immediately at security@blinkfinances.com.