Privacy Policy
Last updated July 2026
At BlueSpend, we believe privacy is a fundamental right. This Privacy Policy explains how BlueSpend collects, uses, and shares information when your organization uses our platform and card program (the “Services”), and the rights and choices you have over that information.
1. Introduction
BlueSpend provides corporate cards, spend controls, and automated compliance reporting to Democratic and progressive-aligned organizations. To do that well, we rely on data. This policy describes the information that identifies, relates to, or could reasonably be linked to an individual (“Personal Information”), how we handle it, and how you can exercise your rights. As used here, “BlueSpend,” “we,” and “us” refer to BlueSpend and its affiliates, and “you” refers to the individual interacting with us.
2. Who this policy covers
The Services are intended for organizations — campaigns, committees, PACs, C4s, and unions — and their authorized staff (“Authorized Users”), not for personal or household use. Much of the information in a customer's account is processed on the organization's behalf and under our agreement with them: for that information, the organization decides how it is used, and we act as its processor. If you want to access or change information held in your organization's BlueSpend account, contact your organization's administrators — and if you send us a request meant for them, we will forward it. We act on our own behalf (as a “controller”) when we decide how to use information for our own operations, such as onboarding, fraud prevention, and legal compliance; this policy governs that use.
This policy does not cover third-party products you connect to BlueSpend — for example an accounting system, bank account, or messaging tool. Those services are run by others under their own terms and privacy policies.
3. Information we collect
What we collect depends on how you use the Services. It falls into three groups.
A. Information you provide directly.
- Contact information— your name, email, phone number, mailing address, employer, and job title.
- Identity & onboarding information— details we and our banking partner need to verify your organization and the people who control it, such as date of birth, residential address, government-issued ID, and, where required by law, beneficial-ownership and tax identification information.
- Communications and content— messages you send to sales or support, product feedback, and any documents, receipts, or files you upload, which may contain Personal Information.
- Third-party information— information you provide about co-workers, vendors, or referrals, such as their name, email, or role.
B. Information we collect automatically.
- Transaction data from your cards and payments, including merchant, amount, date, and the disbursement coding applied.
- Usage data such as log-ins, the pages and features you use, the workflows you build, and diagnostic and performance data.
- Device data such as browser type, operating system, IP address, and device or advertising identifiers.
- Location data limited to a coarse location derived from your IP address or the addresses you provide. Our Services do not collect precise, GPS-based geolocation.
C. Information from other sources. We also receive information from our banking and card-network partners; from identity, fraud, and compliance providers who help us verify users and keep the Services safe; from other Authorized Users at your organization; and from referral partners and publicly available sources. We treat that information consistent with this policy and applicable law.
4. How we use information
- To provide the Services— operate the card program, process transactions, enforce your spend controls, and deliver support.
- To automate compliance— code spend and generate your FEC and state disbursement reports from your data.
- To verify identity and prevent fraud— confirm who you are, detect suspicious or unauthorized activity, and protect the integrity of the Services.
- To communicate with you— send transactional notices, security alerts, and, where permitted, product updates you can opt out of.
- To improve the product— understand how the Services are used, troubleshoot issues, and build new features.
- To comply with the law— meet our legal, regulatory, tax, and campaign-finance recordkeeping obligations and respond to lawful requests.
5. How we share information
We share information only as needed to run the Services and operate our business:
- Banking and card-network partners that issue the cards, process payments, and run their own identity and compliance programs.
- Service providers— such as cloud hosting, analytics, and fraud-prevention vendors — who work on our behalf under confidentiality obligations.
- Your organization and the Authorized Users it designates, so administrators, finance staff, and approvers can do their jobs.
- Connected services you or your organization choose to link, at your direction.
- Public authorities when required by law, to respond to legal process, or to prevent fraud and protect people and the Services.
- In a business transfer such as a merger, acquisition, or sale of assets.
We do not sell your Personal Information, and we do not share it with any Republican or opposing organization. We also do not send solicitations on behalf of the organizations that use BlueSpend.
6. Your rights and choices
Depending on where you live, you may have the right to access, correct, delete, or receive a copy of your Personal Information, to object to or restrict certain processing, and to withdraw consent. Because much of the information in an account is processed on your organization's behalf, the fastest path is often through your organization's administrators. You can also reach us through our contact page, and we will verify your identity before acting on a request. We will not discriminate against you for exercising these rights.
You can opt out of promotional email at any time using the unsubscribe link, or of SMS by replying STOP. You cannot opt out of transactional messages about your account, such as security and servicing notices. Where applicable law treats our advertising as a “sale” or “share” of Personal Information, you can opt out; we also honor the Global Privacy Control browser signal.
7. Cookies and tracking technologies
Our website and Services use cookies and similar technologies to keep you signed in, remember your preferences, understand how the Services are used, and measure our communications. Most browsers accept cookies by default; you can decline or delete them in your browser settings, though some features may not work as a result. You must set your preferences separately on each browser and device you use.
8. Data retention
We retain information for as long as your account is active and as needed to provide the Services, and afterward as required to meet legal, tax, and campaign-finance recordkeeping obligations, resolve disputes, and prevent fraud. Those obligations may require us to keep some information even after you ask us to delete it. When a retention period ends, we delete, de-identify, or anonymize the information.
9. Security
We protect your data with encryption in transit and at rest, role-based access controls, and continuous monitoring. No system is perfectly secure, so we recommend strong passwords and multi-factor authentication. If you believe your account may be compromised, contact us immediately. See our security page for more.
10. Where your data is processed
BlueSpend is based in the United States, and your Personal Information may be processed and stored there and in other jurisdictions whose data protection laws may differ from your own. When we transfer information internationally, we use appropriate safeguards, such as standard contractual clauses, as required by applicable law.
11. Minors
The Services are for organizations and their authorized staff, and are not directed to anyone under 18. We do not knowingly collect Personal Information from minors; if you believe a minor has provided us information, contact us and we will address it.
12. Changes to this policy
We will update this policy as the Services change. When we do, we will revise the date above, and if the changes are material we will provide additional notice through the platform or by email. Continued use after an update takes effect means the updated policy applies to you.
13. Contact us
Questions about your privacy or this policy? Reach us at our contact page.