Version: 2.0 | Last Updated: March 21, 2026
This Privacy Policy describes how Blink El Salvador, S.A. de C.V., Blink US LLC, and Blink LLC (collectively, "Blink," "we," "us," or "our") collect, use, store, share, and protect your personal information when you use the Blink Wallet, the Blink Card, the API, and any related services (the "Services"). Blink Technologies, LLC provides the technology platform underlying the Services and processes personal data on behalf of Blink.
This Privacy Policy applies to all users of the Services worldwide. By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you should not use the Services.
The entity responsible for your personal data depends on your location:
Blink Technologies, LLC provides the technology infrastructure for the Services and processes personal data on behalf of the applicable Blink entity. When you use the Blink Card, personal data is also processed by the Issuing Bank and Program Manager as necessary to operate the card program.
For data protection inquiries, contact us at privacy@blink.sv
Information you provide: name, email address, phone number, date of birth, nationality, country of residence, government-issued identification documents, photographs, biometric data (facial recognition for liveness checks where required — see additional US state disclosures below), financial information for Blink Card eligibility, Collateral information (when Credit Mode is activated, including digital asset type, wallet addresses, and amounts posted as Collateral), and any communications you send to our support team.
Biometric Data Notice (US). If you are located in a US state that has biometric information privacy legislation (including Illinois, Texas, and Washington), the following applies: biometric data (such as facial geometry derived from liveness checks) is collected by Blink and processed by our identity verification providers — Sum and Substance Limited, trading as Sumsub ("Sumsub"), and/or Onfido Ltd ("Onfido," now part of Entrust) — solely for identity verification and fraud prevention purposes. The applicable provider extracts facial geometry from your selfie or video and compares it to the photograph on your government-issued identification document to verify your identity. Onfido may also use your facial scan data to determine whether it has previously verified your identity on our behalf. This biometric data is stored by the applicable provider on its secure servers. Biometric data is not sold, leased, traded, or otherwise disclosed to third parties other than the identity verification providers named above, except as required by law. Biometric data is retained and destroyed according to the following schedule: for Illinois residents, biometric data is destroyed no later than 3 years from the date of collection; for Texas residents, biometric data is destroyed no later than 1 year after the purpose for collection expires; for all other users, biometric data is destroyed when the purpose for collection has been satisfied or within 5 years from the date of collection, whichever occurs first. Each provider's data retention and destruction practices are described in their respective privacy notices: Sumsub Privacy Notice (Service Delivery); Onfido Privacy Policy and Onfido Facial Scan Policy and Release. By using the Services and completing a liveness check, you provide your written consent to the collection, use, storage, and destruction of your biometric data by Blink and the applicable identity verification provider as described herein. If you do not consent, you may contact support@blink.sv to discuss alternative identity verification methods, subject to availability.
Information collected automatically: transaction data (amounts, dates, counterparties, wallet addresses), Card Transaction data (merchant name, transaction amount, currency, date, authorization details), device information (device type, operating system, unique identifiers, IP address), usage data (features accessed, interaction patterns), call recordings and communications metadata (when you contact our support team or when we contact you via automated systems, as described in the Cardholder Agreement), and approximate location derived from IP address. Precise geolocation is collected only if you grant permission through your device settings.
Information from third parties: identity verification results, financial information from credit bureaus and screening providers (where applicable for the Blink Card), publicly available blockchain transaction data, Card Network transaction and chargeback data (from Visa and other payment networks), and information shared by Card Program Partners as necessary to operate Partner Services.
We use your personal information to: provide and operate the Services (including the Wallet, Card Account, API, and Partner Services in both Custodial Mode and Non-Custodial Mode); verify your identity and conduct KYC/AML screening; detect, investigate, and prevent fraud and unauthorized access; process transactions and settle Card payments; process and manage Collateral, including monitoring Market Value and executing Liquidation Events (when Credit Mode is activated); assess creditworthiness and Card eligibility; report Account information to consumer credit reporting agencies as described in the Cardholder Agreement; deliver communications relating to your Account via automated telephone dialing systems, prerecorded voice messages, text messages, and email (as authorized in the Cardholder Agreement); respond to your inquiries and provide customer support (including recording calls for quality assurance and compliance purposes); analyze usage patterns to improve the Services; send service-related notifications and, where you have consented, promotional communications; and comply with applicable laws, regulations, court orders, and regulatory requirements.
Funded Mode and Credit Mode. Your Blink Card currently operates in Funded Mode (prepaid). In Funded Mode, data processing is limited to the activities described above as they relate to funded transactions, Account management, and Overdraft processing. When Credit Mode is activated in accordance with the Cardholder Agreement, the scope of data processing will expand to include: Collateral valuation and monitoring; Liquidation Event processing; enhanced credit reporting to consumer credit reporting agencies; and any additional data processing necessary to administer the collateral-backed credit facility. We will notify you of any material changes to data processing at the time Credit Mode is activated.
We process your personal information on one or more of the following bases as applicable under your local law: performance of a contract (to provide the Services you have requested); compliance with legal obligations (including AML/KYC, tax reporting, and regulatory requirements); legitimate interests (including fraud prevention, security, and service improvement, where not overridden by your rights); consent (where you have given specific consent, which you may withdraw at any time); and other bases permitted by applicable law, including credit protection where recognized.
Blink entities: Blink El Salvador, S.A. de C.V., Blink US LLC, Blink LLC, and Blink Technologies, LLC share data as necessary for account management, service delivery, and compliance.
Card Program Partners: The Issuing Bank and Program Manager receive personal and financial information necessary for card issuance, transaction processing, fraud prevention, and regulatory compliance. The Program Manager's privacy policy is available at https://www.raincards.xyz/legal/docs/privacy-policy.
Card Networks: Visa and other applicable payment card networks receive transaction data, cardholder information, and merchant details as part of processing every Card Transaction. Card Networks may also receive and process data in connection with chargebacks, fraud investigations, and network compliance. Card Network data processing is subject to their own privacy policies and network rules.
Consumer credit reporting agencies: We may share Account information — including payment history, Account status, balances owed, and default or delinquency information — with consumer credit reporting agencies as described in the Cardholder Agreement. This information may appear on your credit reports and could include negative information if you do not comply with the terms of the Cardholder Agreement.
Communications service providers: We may share your phone number, email address, and Account-related information with third-party service providers that deliver automated communications on our behalf, including telephone dialing systems, text messaging platforms, and email delivery services, as authorized in the Cardholder Agreement.
Identity verification providers. Identity verification and KYC/AML screening for the Services is performed by one or more of the following third-party identity verification providers. Blink may use any of these providers, and the provider used for your verification may depend on your jurisdiction, the type of verification required, or other operational factors.
Sum and Substance Limited (Sumsub). Sumsub may be used to verify your identity by comparing facial scan data extracted from your selfie or video with the photograph on your government-issued identification document, evaluating the authenticity of identity documents, and conducting liveness detection. Sumsub processes personal data on behalf of Blink for identity verification, fraud prevention, and AML/CFT compliance purposes. Sumsub may also process this data for its own compatible purposes, including fraud detection and service development, as a separate data controller. Biometric data (facial geometry) extracted during liveness checks is stored by Sumsub on its servers located in European data centers. Sumsub's processing of your personal data, including its retention and deletion practices, is governed by the Sumsub Privacy Notice (Service Delivery).
Onfido Ltd (Onfido). Onfido (now part of Entrust) may be used to verify your identity by comparing facial scan data extracted from your selfie or video with the photograph on your government-issued identification document, evaluating the authenticity of images, videos, and identity documents (including detecting whether there is a genuine human or physical document in your photos/videos or signs of tampering), and conducting liveness detection. Onfido may also use your facial scan data to determine whether Onfido has previously verified your identity on our behalf, for fraud prevention purposes. Onfido's processing of your personal data, including biometric data, is governed by the Onfido Privacy Policy and the Onfido Facial Scan Policy and Release.
When you complete identity verification (including liveness checks) with any of the above providers, the following personal data is transmitted to and processed by the applicable provider: your name, date of birth, nationality, government-issued identification documents (photographs or scans), facial images (including selfie and video images for liveness detection), and device and session metadata. Blink maintains data processing agreements with each provider that require appropriate technical and organizational security measures. For a complete list of third-party verification vendors used by Blink, see Third-Party Verification Vendors.
Other service providers: Analytics providers (aggregated or anonymized data only) and professional advisors (lawyers, auditors, consultants) as necessary for our operations.
Regulatory authorities and law enforcement: We share information where required by law, regulation, court order, or lawful request. This includes: reporting regulated transactions and suspicious activities to the relevant Financial Intelligence Unit (such as the UIF in El Salvador) or other designated agencies; international cooperation under agreements such as FATF recommendations or bilateral mutual legal assistance treaties to support cross-border investigations; and sharing information with authorities in connection with fraud investigations where necessary to safeguard the integrity of the Platform. Blink shares information only with authorized parties and only to the extent legally required or necessary.
Blockchain networks: On-chain transaction data is inherently public on Bitcoin and other blockchain networks. Blink cannot control or delete data recorded on a blockchain.
We do not sell or share your personal information to or with third parties for marketing, advertising, or cross-context behavioral advertising purposes, including as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) and similar US state privacy laws.
Your personal data may be transferred to and processed in jurisdictions outside your country of residence, including El Salvador, Honduras (Próspera ZEDE), and the United States (for Card Program Partners). These jurisdictions may not provide the same level of data protection as your home jurisdiction. Where required by applicable law, we implement appropriate safeguards for such transfers, including standard contractual clauses, adequacy decisions, or other mechanisms recognized by the relevant data protection authority.
We retain your personal information for as long as necessary to provide the Services, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. Specific retention periods vary by jurisdiction and data type:
Transaction data and other records may be retained for longer periods where required to comply with legal, regulatory, or tax obligations, or to resolve disputes.
When personal information is no longer required and the applicable retention period has elapsed, we securely delete or destroy it using methods appropriate to the data format, ensuring that the data cannot be recovered or reconstructed. Blockchain data cannot be deleted due to the immutable nature of distributed ledgers.
We implement appropriate technical and organizational measures to protect your personal information, including: encryption of data in transit and at rest; geographically distributed multisig custody for Bitcoin holdings; access controls and authentication mechanisms; regular security assessments and monitoring; and incident response procedures.
Blink strictly prohibits the transmission of user personal data via email under any circumstances. All internal and external sharing of user data is conducted exclusively through secure, encrypted platforms and communication channels. All instances of data sharing are logged and periodically audited.
For users in Non-Custodial Mode, security of funds depends on your own safeguarding of your Backup Phrase and cryptographic keys. Blink does not store and cannot access Non-Custodial Mode private keys or Backup Phrases.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information: access a copy of your data; correct inaccurate or incomplete data; request deletion of your data (subject to legal retention requirements); restrict or object to certain processing; receive your data in a portable format; withdraw consent at any time for processing based on consent; request human review of decisions made solely by automated processing that affect you; and lodge a complaint with your local data protection authority (see Section 12 for contact details).
To exercise your rights, contact us at support@blink.sv. We will respond within the timeframe required by applicable law. We may need to verify your identity before processing your request.
The Blink website and App may use cookies and similar technologies for essential functionality (session management, preferences, security) and analytics (understanding how the Services are used). We do not use cookies for third-party advertising. You can manage cookie preferences through your browser or device settings.
The Services are generally intended for individuals aged 18 and over. The Blink Card is available only to individuals aged 18 and over. In jurisdictions where minors may use the Wallet under parental or legal guardian authorization as described in the Terms and Conditions, Blink does not knowingly collect personal data from minors without such authorization. Parents or legal guardians who authorize a minor's use of the Wallet are responsible for the minor's activity and for consenting to the collection and processing of the minor's personal data on the minor's behalf.
We do not knowingly collect personal information from children under the age of 13 (or under such higher age as may be required by applicable law, such as 16 in certain EEA member states). If we become aware that we have collected personal data from a child below the applicable age threshold without appropriate parental or guardian consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data without appropriate consent, please contact us at privacy@blink.sv.
United States. We do not sell or share your personal information for cross-context behavioral advertising. If you are a resident of California or another US state with comprehensive privacy legislation, you may have additional rights including the right to know what personal information we collect and with whom we share it, the right to request deletion, and the right to opt out of the sale of personal information. To exercise these rights, contact support@blink.sv.
Gramm-Leach-Bliley Act (GLBA). For US users of the Blink Card, additional privacy disclosures may apply under the GLBA regarding the sharing of nonpublic personal financial information. The Issuing Bank's GLBA privacy notice (the "Account Opening Privacy Disclosures") will be provided to you at or before the time your Card Account is opened and is available at Account Opening Privacy Disclosures — US Consumer. These disclosures are currently being finalized with our banking partner and will be published at the link above. To the extent you have opt-out rights under GLBA regarding the sharing of your nonpublic personal information with non-affiliated third parties, those rights are described in the Account Opening Privacy Disclosures.
Fair Credit Reporting Act (FCRA). If we report information about your Card Account to consumer credit reporting agencies, you have rights under the FCRA, including the right to dispute inaccurate information. If you believe we have reported inaccurate information to a credit reporting agency, contact us at support@blink.sv and we will investigate. You also have the right to obtain a free copy of your credit report annually from each of the major credit reporting agencies at www.annualcreditreport.com.
Brazil. In addition to the legal bases described in Section 4, we may process personal data of Brazilian users for the purpose of credit protection, as permitted by applicable law. Brazilian users may also request a review of decisions made solely on the basis of automated processing that affect their interests, including decisions related to their personal, professional, consumption, or credit profile. Blink will appoint a Data Protection Officer (Encarregado) as required; contact details are available at privacy@blink.sv.
European Economic Area and United Kingdom. Blink has designated a Data Protection Officer (DPO) for the purposes of GDPR and UK GDPR compliance. For data protection inquiries, to exercise your rights, or to lodge a complaint, you may contact the DPO at privacy@blink.sv. Where Blink transfers personal data outside the EEA or UK, it does so on the basis of standard contractual clauses approved by the European Commission or the UK Information Commissioner, or such other transfer mechanism as may be recognized under applicable law.
Data protection authorities. If you wish to lodge a complaint with your local data protection authority, the following is a non-exhaustive list of relevant authorities:
El Salvador
Superintendency of the Financial System (SSF)
Honduras (Próspera)
Roatán Financial Services Authority (RFSA)
European Economic Area
Your local Data Protection Authority
ec.europa.eu/justice/data-protection
United Kingdom
Information Commissioner's Office (ICO)
United States (California)
California Privacy Protection Agency
Brazil
Autoridade Nacional de Proteção de Dados (ANPD)
We may update this Privacy Policy from time to time. When we make material changes, we will provide at least 30 days' prior notice through the Blink App, by email, or by other appropriate means, and update the "Last Updated" date. For non-material changes, we will update the "Last Updated" date and may notify you through the Blink App or other means. Your continued use of the Services after the effective date of a revised Privacy Policy constitutes acceptance of the changes.
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
By using the Services, you acknowledge that you have read and understood this Privacy Policy.
