BILL Privacy Notice

Effective date: January 22, 2024

To review the previous Privacy Notice, click here.

This Privacy Notice applies to  Bill.com, LLC, BILL Operations, LLC, Bill.com International, Inc., Bill.com Canada, LLC, Bill.com International, LLC, and Bill.com Capital Holdings, LLC (collectively, “BILL”) and the BILL family of companies, including DivvyPay, LLC,(together, along with its affiliates, successors, and assigns, “BILL Companies”, “We”, “Us”, or “Our”).  It governs Our collection and handling of personal information about you (“You,” “Your” or “Yourself”) when You interact with Us through any websites, applications, promotions, products, and services offered by any of the BILL Companies (collectively, the “Services”), including all those that link to this Privacy Notice, as well as any any surveys, rewards, promotions, sweepstakes, contests, referrals, or other marketing activities conducted by the BILL Companies or in connection with the Services (collectively “ Marketing”).  This Privacy Notice  does not apply to business information You might provide.  When You share information with Us, or bring over information from third parties (like a bank or accounting software provider), We use that data together, not just within the individual offering(s) You’re using, such as Bill Payments, Accounts Receivables, Consoles, Card Disbursements, Spend and Expense, and Financial Planning Services. 

If you are a resident of California, you are entitled to certain notices and disclosures regarding our collection and use of your personal information at or before the time of collection.  You may review the disclosures that are required by a California Notice at Collection here.

Capitalized terms not defined in this Privacy Notice have the meanings given to them in Our terms of service that apply to the Services that You use. Please review this Privacy Notice carefully.

The BILL Companies will share Your information only as described in this Privacy Notice, or as permitted by law. The BILL Companies will not sell, lease, rent, or trade Your personal information to any third party for that party’s marketing or promotional purposes, unless You give Your consent.

If You are an individual, or are acting on behalf of an individual, and obtained a BILL account primarily for personal, family, or household purposes, please read our Consumer Privacy Notice to understand our privacy practices and the privacy choices available to You.

By continuing to use the Services or participating in Marketing after being provided with this Privacy Notice, You consent to BILL Companies’ policies and practices as described herein.

This Privacy Notice explains:

I. INFORMATION WE COLLECT AND THE SOURCES FROM WHICH WE COLLECT IT

The BILL Companies collect information about You from:

  • You;
  • Your use of the Services or Your participation in Marketing; and
  • Third parties.

The Services You use and how You use them dictate the information We collect.

     A. Information We Collect from You

We collect information from You when You use the Services, contact Us for support, or provide Us with feedback on the Services. As new products, services, or features are offered on the platform, We may collect new and different types of information from You when You use the Services or contact Us in connection with Your account.  The information We receive about You depends on the context of Your interactions with Us, how You configure Your account, the choices that You make, including Your privacy settings, Your location and applicable law.

  1. Account information. When You sign up for an account or register as a User, We collect contact and identifying information about You, including but not limited to: Your name; billing address; phone number; email; Tax Identification Number or Social Security Number (collectively, “TIN”); date of birth (natural persons); government-issued identification (natural persons); and Organization information, including company name and address, formation documents, business license, tax documents, Organization revenue, phone number and business email address. We may require You to provide device information to receive multi-factor authentication.
  2. Financial information. When You use the Services to make or receive payments or apply for or use certain Services, such as a line of credit, bank account, loan, or expense reimbursements, we may collect certain financial information from You, including bank routing and account information, bank statements and bank transaction history, personal and/or business credit score, verification of bank account ownership, and/or a credit or debit card to bill any Fees.
  3. Information about Your Users, Customers, Employees and Vendors. We may collect information from You about Your Users, Customers, Employees and/or Vendors, including but not limited to name, address, email address, phone number, TIN, and financial information, which may be based on Your use of the Services (e.g. when You sync the Services with Your accounting and/or payroll vendors), and payment instructions.
  4. Payment transaction information. When You request, make, receive, record, or otherwise process a payment or reimbursement through the Services, We collect information about the transaction and the transacting parties, such as the date, time and location(s) of the transaction, identifying information of the sender and recipient, the payment or transfer amount(s), bank account information for the sender and/or recipient, a description of the transaction, and any Fees charged by the BILL Companies.
  5. Feedback. We collect information that You choose to provide to Us in connection with Your feedback about the BILL Companies or the Services, including through Your use of the Services or Your participation in Marketing.
  6. Online forms. We collect the information that You provide to Us through online forms, including but not limited to forms on Our Website or social media forms, such as webinar sign-up forms or LinkedIn forms.
  7. Marketing participant information. We collect the information that You provide voluntarily in connection with Your participation in Marketing, including but not limited to engagement with event booths, sweepstakes, contests, promotions, awards, surveys, and referrals.
  8. Other. When You use the Services or otherwise engage with the BILL Companies, even if You do not establish or use an Account, We may collect information about You, such as name, email address, phone, and mailing address. We may also collect information from You when You visit our Website.
     B. Information We Collect from Your Use of the Services
  1. Device information. We collect information about Your device when You install, access, or use the Services on that device. The device information that we collect may include: IP address; hardware model; operating system information; unique device identifier and other technical identifiers; app version; browser information; device or browser preferences; and mobile network. Your device may also allow Us to collect and use information received through device-based settings, such as access to Your contacts, camera, or photos, based on Your settings. See section V (“Your Choices and Personal Information Rights”) for additional information on managing Your device settings.
  2. Geolocation. We collect the location of the device that You are using to access the Services.
  3. Cookies and similar technologies. We, Our service providers, and third party partners may use tools such as cookies, web beacons, pixels, and similar technologies (collectively “cookies”) to collect information about You and Your use of the Services. We use cookies so we can provide the experiences You request, recognize Your visits, track Your interactions, and improve Your and other customers’ experiences. Our use of cookies typically fall into one of the following general categories:
  • ‍Essential cookies are necessary for the operation of Our Website, the Services, and applications. Without these cookies, Our Website and Services will not perform as smoothly for You as We would like, and We may not be able to provide certain core functions and features, as well as identify irregular or fraudulent behavior and improve security of the Services.
  • Functional cookies allow Us to provide You with a more personal experience and avoid having You to re-enter your preferences every time You visit our Services by, for e.g. remembering Your login details, ensuring the security of Your account when logged-in, and operating the Website and Your account according to Your choices. 
  • Performance cookies collect information about the use of our Website and the Services, and enable Us to improve the way they work. For example, analytics cookies show Us the most frequently visited pages and analyze site traffic. We use them to analyze broad trends and patterns of usage on our Website, rather than to monitor the usage of any particular individual. We use third-party service providers, including Google Analytics, to analyze the use of our Website. 
  • Social Media cookies collect information about Your visits to our Website, but only when You are logged in to your social media account(s).
  • Marketing cookies track browsing habits and are used to deliver targeted (interest-based) advertising. You can opt out of receiving interest-based ads for web properties here.

    You have control over some of the information We collect from cookies and how We use it. Please see Section V (“Your Choices and Personal Information Rights”) for more information.
  1. Services use information. We collect information about how You access and use the Services, including but not limited to: Your IP address; the domain name of the Internet Service Provider You use; the date(s) and time(s) You access the Services; the pages You access and view; any term(s) You search; unique device identifiers.
  2. Information from third parties You choose to interact with through the Services. We collect information about You from third parties with whom You interact through the Services, including but not limited to Your Vendors or Customers. We may also collect information about You from third party services that are supported by, sync, or integrate with the Services, including but not limited to third-party data entry services or accounting and payroll software providers.
     C. Information We Collect about You from Third Parties

We may obtain information about You from third parties where permitted by applicable law. We protect and process information obtained from those parties as described in this Privacy Notice, consistent with any additional restrictions imposed by the source of the information. Our sources may vary over time and depend upon how You use the Services.

  1. Other Users. We may receive information about You from other Users, such as Your accountant, bookkeeper, Your employer, or other business customers using the Services. For example, others may be able to input information about You--e.g., one of BILL’s customers may share information about You with Us in order to use and benefit from the Accounts Receivable or Accounts Payable Services. We may also collect such information through features like referral programs.
  2. Social networks. We may receive information about You when You interact with Our Services through various social networks, for example, by “liking” Us on Facebook or “following” us on X or LinkedIn. The types of information we receive depends on Your privacy settings with the particular social network. You should always review, and, if necessary, adjust Your privacy settings on third party websites, mobile applications and services before linking or connecting them to our Services.
  3. Identity verification providers. We collect information about You, such as contact details, Organization information, and financial details, from third party identification verification providers. This may include email and telecommunication providers.
  4. Risk management, cybersecurity, and anti-fraud providers. We collect information about You, such as contact details, Organization information, and financial details, from fraud detection and prevention and security providers. This may include email and telecommunication providers.
  5. Publicly-available and third-party sources. We collect information about current and prospective Users of the Services from publicly and/or commercially available services, including but not limited to lead generation services, providers of customer and lead data, and marketing partners, as well as enriched data about visitors to Our Website, all as permitted by law.
  6. Credit bureaus. Some of Our Services rely on information about You or Your Organization that we receive from personal and business credit reporting agencies.
  7. Joint offering partners. We may offer co-branded services or experiences or engage in joint-marketing activities with others, including through online or live events, and will receive information about You or Your Organization from these partners.
  8. Third parties that You connect to the Services. If You choose to sync or connect an external account/service with Your account, we will receive information from that account/service according to Your settings with that account/service.

II. HOW WE USE THE INFORMATION WE COLLECT

We use the information that We collect for purposes of:

  • providing or facilitating the Services; 
  • improving the Services;
  • maintaining the security of the Services and Our Network;
  • marketing Our products and Services and other products and services offered through the Our platform (unless You choose to opt out); and 
  • as required or permitted by law.
     A. To Provide or Facilitate the Services
  1. Registering Your Account. When You create an account or enroll as a User, we use the information We collect about You, including any identifying information or financial information, for purposes related to the review, establishment, provision, administration, maintenance and monitoring of Your Account or Your use of the Services. We also use this information to verify Your identity and Your eligibility to use the Services, and to comply with applicable law.
  2. Providing or facilitating the Services to You. We use the information We collect about You, together with information You provide about Your Customers, employees and Vendors and the content that You upload to the Services, to provide the Services to You. We also use Your information to facilitate transactions requested by You and to provide You with transaction history and account information.
  3. Providing customer service and technical support. We use Your information, including Your name, phone number, email address, account number, payment history and device information, to process and respond to Your requests or inquiries, and to provide You with customer service, technical support, or software updates.
  4. Communicating with You. We use Your information to communicate with You, including by e-mail, SMS, push notification or phone, about the Services or Your account, and to provide You with security, technical, support, and administrative messages, including for purposes of multi-factor authentication.

    When contacting You by phone, We may use, and You consent to receive, as permitted by applicable law, informational autodialed calls and text messages, as described in the terms of service applicable to the Services You use. If You wish to opt out of receiving autodialed calls or text messages from Us, You can contact Our Customer Support by clicking on Help once You have logged in (if You are unable to log in, please click on the chat modal here to connect with Us). You understand that if You opt out of receiving informational autodialed calls or text messages, such as for multi-factor authentication, You may lose access to certain features and functionalities of the Services, including but not limited to the ability to request or send payments through the Services. We may, without further notice or warning and in Our sole discretion, where permitted by law, monitor or record telephone conversations between US or Our agents and You or anyone acting on Your behalf, for quality control and training purposes or for Our protection. While Your communications with Us may be overheard, monitored, or recorded, not all telephone lines or calls may be recorded by Us, and We do not guarantee that recordings of any particular telephone calls will be retained or retrievable.
     B. To Improve the Services
  1. Improving and developing the Services. We use Your information, including Your payment transaction information and Your feedback to Us, to analyze trends, monitor usage or traffic patterns (including to better understand how You use the Services), develop new products or features, and improve and enhance the Services.
  2. Links to other websites or applications. If You link to a third-party service, website, application, or any services offered through such sites and applications, through the Services, We may track whether the link has been followed to improve the Services, understand how You use the Services, and build and improve Our partnership activities. This Privacy Notice does not apply to and We are not responsible for any third-party websites or applications or any services offered through such sites and applications that are not owned or controlled by Us , including those that link to the Services. To understand how third parties process and protect Your information, We recommend You review their privacy policies, terms of use, and websites.
     C. To Maintain a Secure Environment
  1. Protecting Your Account. We use Your information to prevent, detect, investigate, and report fraud, security incidents, errors, unauthorized transactions, or other activities that may violate Our policies or be illegal.
  2. Ensuring the reliability, safety, and security of the Service. We use the information that We collect to secure and protect the integrity of Our Network, prevent unauthorized access to the Services, help diagnose and troubleshoot potential hardware malfunctions, and otherwise secure the Service.
  3. Compliance with the law. We use the information that We collect to comply with and enforce our Terms of Services and all laws and regulations applicable to the Services.
     D. Marketing and Promotional Purposes
  1. Marketing and advertising. We use the information that We collect about You to market the Services to You, to communicate with You about products, features, or Marketing, and to tailor ads based on Your interests and browsing history (please see Section I.B.3. (Cookies and similar technologies)). If We send You a marketing email, We will provide You with information on opting out of future marketing emails or communications from Us. If You opt out, We can continue to send You informational communications relating to the use of the Services, such as transaction receipts or administrative messages about Your account. We may also use information about You for Our marketing purposes, including to identify other similar prospective customers who may be interested in the Services.
  2. Referrals. If You refer another person to the Services, we will collect a name and email address for the referral. We will use this information to send an email invitation to use BILL to the person You are referring. We may retain the referral information, but solely for the purpose of tracking the success of Our referral program.
  3. Sweepstakes, contests, and other promotions. We may use the information that You voluntarily provide in connection with a sweepstakes, contest or other promotion (“Promotion”) sponsored by BILL Companies in accordance with the official rules for the Promotion.
     E. As Required or Permitted by Law

We may use the information We collect about You as required or permitted by law.  Such uses include, but are not limited to, compliance with anti-money laundering and anti-terrorism financing laws, “know your customer” regulations, and OFAC sanctions requirements.

We may also use information about You where You have given Us consent to do so for a specific purpose not listed above.  As one example, We may publish testimonials or featured customer stories to promote the Services, with Your permission.

III. HOW WE SHARE OR DISCLOSE THE INFORMATION WE COLLECT

We share or disclose Your information:

  • within the BILL Companies;
  • with third parties that You authorize; 
  • with Our service providers and third party partners; 
  • as required or permitted by law; and
  • with Your consent.
     A. Within the BILL Companies

We may share Your information within BILL Companies and any affiliates or subsidiaries of these companies or Our parent company, Bill.com Holdings, Inc. for the purposes identified in this Privacy Notice. As the Services grow and expand, including into other countries, we may add to Our corporate family.

     B. With Third Parties That You Authorize
  1. With other Users on Your BILL Account. If You are the Administrator for an account, We will share Your information with Your Users in accordance with Your account settings and preferences. If You are a User, the Account Administrator can access certain of Your information and change certain of Your settings, and We may send information about Your Use of the Service to the Administrator.
  2. With Your authorized service providers. If You sign up or authorize Your accountant, payroll or another third party service provider to use or access the Services on Your behalf or to use Your account, including by linking Your account to a Console, we will share Your information with that authorized third party.
  3. With third parties You choose to interact with through Us. We share Your information with third parties that You choose to interact with through the Services, including, but not limited, to Your Vendors or Customers. We may also share Your information with third party services that are supported by and integrate or sync with the Services, based on Your choices and account settings, such third-party data entry services, accounting software providers, payroll providers, or social media sites that link to the Services. This Privacy Notice does not apply to collection, storage, or other processing of Your information by third parties. The privacy practices of third parties, such as accounting software providers or social media sites, are governed solely by their privacy policies and terms of use. To understand how third parties process and protect Your information, We recommend that You review their privacy policies, terms of use, and websites.
  4. Fraud prevention. We may share information about changes to Your BILL account, such as changes to a bank account or to Your address, with Your Vendors or Customers for purposes of fraud prevention and detection.
  5. With others on the Our Network. We may share certain information about You with members of the Our Network, in accordance with the Network Rules. The processing of Your information by any other member of the Our Network is governed solely by the privacy policy of the third party.
     C. With Our Service Providers and Third Party Partners
  1. With Our service providers. We may share Your information with Our service providers that perform services on Our behalf, as needed to carry out their work for Us, which may include providers of services for identifying and serving advertisements, content or service fulfillment, or providing analytic, archival, auditing, accounting, legal, business consulting, banking, payment, delivery, data processing, data analysis, research, investigation, marketing, website or other technology services. Services provided to Us by these providers include, but are not limited to, identity verification, payment processing, fraud prevention, database management, data storage, web analytics, and marketing services. Service providers are required to implement reasonable privacy and information protection controls to maintain the privacy and security of information provided to them consistent with the privacy practices outlined in this Privacy Notice, and are obligated not to use or disclose Your information for any other purpose or in any manner that is inconsistent with this Privacy Notice.
  2. With Our third party partners. We may share Your information with Our third party partners, depending on how You use the Services For example:
  • If You apply for or use a line of credit, bank account, or loan, We may share Your information with the partner providing that service and the partner may also collect or receive additional information from You, all of which may be subject to the partner’s own privacy policies and terms.
  • We may use Plaid Technologies (“Plaid”) or other partners to gather certain information about You from financial institutions. By using the Services, You grant Us, Plaid, and other partners the right, power, and authority to access and transmit the information obtained about You from financial institutions for purposes related to the Services. This Privacy Notice does not apply to collection, storage or other processing of Your information by Plaid, which is governed solely by the Plaid Privacy Policy.
  • If You access or use the Google Maps Platform (“Google Maps”) through the Services, Your use of Google Maps is subject to Google’s Terms of Service and the Google Privacy Policy.
     D. As Required or Permitted by Law
  1. As required by law. We will share Your information with third parties as required by law. We cooperate with government, law enforcement, and private third party requests for information as We, in Our sole discretion, determine is reasonably necessary to comply with any applicable law, regulation, government request or legal process, including but not limited to subpoenas.
  2. As permitted by law. We may share Your personal information as permitted by law, including, but not limited to, as We, in Our sole discretion, believe necessary or appropriate to ensure the security and confidentiality of the Services, to prevent, detect or respond to fraud or security incidents, to enforce, remedy, or apply our Terms of Service or other agreements, to respond to claims and legal process, to protect the property or rights of BILL, BILL Companies or a third party, to protect the safety of the public or any person, or to prevent or stop any illegal, unethical or legally actionable activity.
  3. In connection with business transactions or corporate changes. The information that we collect in connection with the Services is a business asset. As a result, We may share or transfer Your information if we enter bankruptcy or are party to a business transaction, such as a merger, acquisition, reorganization, or asset sale without additional prior notice.
     E. With Your Consent

We may share Your information at Your direction or with Your consent.

IV. HOW LONG WE RETAIN INFORMATION

We will retain Your information as long as it is necessary to comply with Our internal records retention and management policies and procedures and to provide You with the Services or administer Your account, or as long as necessary to comply with legal obligations, resolve disputes, reserve legal rights, and enforce agreements.

V. YOUR CHOICES AND PERSONAL INFORMATION RIGHTS
     A. Managing Your Account.

     When You create an account, You will create an account profile. You have options for managing Your account information and communication preferences      within Your account. You can update, change, or correct certain account information and communication preferences at any time by logging into Your account      and changing Your account settings. If You have questions about reviewing or modifying Your account information, You may contact Our Customer Support by      clicking on Help once You have logged in (if You are unable to log in, please click on the chat modal here to connect with Us).

     B. Managing Marketing Communications From Us.

     We will honor any request from You to opt out of receiving marketing communications, including emails and text messages.

     To opt out of receiving marketing emails from Us, click the “unsubscribe” link at the bottom of a marketing email. For marketing text (SMS) messages, reply      “STOP” or follow the instructions in the message.

     Please note that, even if You choose not to receive marketing communications from Us , We can continue to send You informational communications related      to Your use of the Services or Your account.

     C. Device Settings.

     The device You use to interact with the Services may have setting options that can be enabled or disabled to allow the Services to access and use certain      information and features on Your device, such as mobile app push notifications, Your contacts, camera, or photos. You can adjust Your device setting if You do      not want Us or the Services to have access to this information or these features. You can also adjust Your device or browser settings to block or provide notice      of cookies on Your browser or mobile device. Please note, however, that disabling or limiting certain cookie settings on Your device or browser may prevent      You from interacting with some or all of the features of the Services, or may require You to do additional authentication.

     D. Opting Out of Targeted Online Ads.

     We use cookies to gather information about Your activities in order to provide You with targeted advertising based on Your online activity and interests. If You      reside in California, Colorado, Connecticut, Montana, Oregon, TexasUtah, or Virginia, please refer to the US State Supplemental Privacy Notice for more      information about opting out of tracking for targeted advertising purposes, or opting-out of sale and/or sharing of Your Information.

     E. Community Forums.

     We may offer blogs and publicly accessible community forums. You should be aware that any information You provide in these forums may be read, collected,      and used by others who access them. To request removal of Your information from a blog or community forum, contact Our Customer Support by clicking on      Help once You have logged in (if You are unable to log in, please click on the chat modal here to connect with Us).

     F. Supplemental Privacy Notice

     Residents of some states have additional privacy rights. Information on these rights are provided in the following supplemental privacy notices:

VI. HOW WE PROTECT THE SECURITY OF YOUR INFORMATION

We recognize the importance and confidentiality of Your information, and are committed to protecting the security and privacy of Your information collected through the Services. We have implemented commercially reasonable technical, administrative, and physical security measures designed to protect Your information from unauthorized access, disclosure, use, and modification. We maintain industry standard attestations and have formal SSAE18 SOC1, SOC2 and SOC3 attestation reports. Please be aware, however, that no security measures are perfect or impenetrable and We cannot guarantee that Your information under Our control may not be accessed, disclosed, altered, or destroyed by breach of our administrative, managerial, and technical safeguards. Therefore, We encourage You to take adequate precautions to protect Your personal information as well, including never sharing Your BILL password with anyone.

If We learn that Your personal information under Our control is compromised as a result of a breach of security, We will take reasonable steps to investigate the situation and where required by law , notify those individuals or customers whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

VII. INTERNATIONAL TRANSFERS

Your information may be transferred to and maintained on computers located outside of Your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in Your jurisdiction. For example, if You are located in the European Economic Area (“EEA”), Canada, New Zealand, or Australia, We may transfer Your personal information to the United States or other countries outside of the country of Your residence. By using Our Services or Website or otherwise providing personal information to Us, You hereby expressly consent to the transfer of Your personal information outside Your country or region.

VIII. NOTICES TO CONSUMERS

Consumer Privacy Notice

IX. INFORMATION FOR PERSONS  UNDER THE AGE OF 18

Persons under the age of 18 years old are not eligible to use, access or otherwise interact with BILL, BILL Companies, or the Services. If we become aware that a person under the age of 18 has created an account with Us or is otherwise using the Services, we will take steps to remove access, disable the account, and delete any information related to that person as soon as reasonably possible and where required by law.

X. UPDATES TO THIS PRIVACY NOTICE

This Privacy Notice may be updated periodically and will be posted on the Website, with an “Effective Date” at the top of the page indicating when it was last updated and when the changes go into effect.   If the applicable law requires that We provide notice in a specified manner prior to making any changes to this Privacy Notice, We will provide such required notice.  If You object to any changes to this Privacy Notice, You can cancel Your account at any time.  By continuing to use the Services or participating in Marketing after being provided with this Privacy Notice, You consent to the updated Privacy Notice.

XI. HOW TO CONTACT US

If You have any questions or concerns about this Privacy Notice or about how We  collect, use, or otherwise process Your information, You can contactOur  Customer Support by clicking on Help once You have logged in (if You are unable to log in, please click on the chat modal here to connect with Us) or the Our  Privacy Team at privacy@hq.bill.com or contact us at:

Attn: Privacy Officer

BILL

6220 America Center Drive, Suite 100

San Jose, CA 95002

U.S.A