Version: 2.1 | Last Updated: June 24, 2026
This Privacy Policy describes how Blink El Salvador, S.A. de C.V., Blink US LLC, and Blink LLC (collectively, “Blink,” “we,” “us,” or “our”) collect, use, store, share, and protect your personal information when you use the Blink Wallet, the Blink Card, the API, and any related services (the “Services”). Blink Technologies, LLC provides the technology platform and delegated custody services underlying the Services, acting under the direction and supervisory oversight of the applicable Blink entity pursuant to licensing and services agreements, and processes personal data on behalf of Blink.
This Privacy Policy applies to all users of the Services worldwide. By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you should not use the Services.
The entity responsible for your personal data depends on your status and country of residence:
For purposes of this Privacy Policy, a “US Person” means any individual who is (i) a citizen or national of the United States, (ii) a lawful permanent resident of the United States (i.e., a green card holder), or (iii) an individual whose primary residence is in the United States. If you are a US Person residing outside the United States, your contracting entity is Blink US LLC and the US-specific provisions of this Privacy Policy apply to you.
Blink Technologies, LLC provides the technology infrastructure for the Services and processes personal data on behalf of the applicable Blink entity. When you use the Blink Card, personal data is also processed by the Issuing Bank and Program Manager as necessary to operate the card program.
For data protection inquiries, contact us at privacy@blink.sv
Information you provide: name, email address, phone number, date of birth, nationality, country of residence, government-issued identification documents, photographs, biometric data (facial recognition for liveness checks where required — see additional US state disclosures below), financial information for Blink Card eligibility, Collateral information (applicable when Credit Mode is in use, including digital asset type, wallet addresses, and amounts posted as Collateral), and any communications you send to our support team.
Biometric Data Notice (US). If you are located in a US state that has biometric information privacy legislation (including Illinois, Texas, and Washington), the following applies: biometric data (such as facial geometry derived from liveness checks) is collected by Blink and processed by our identity verification providers — Sum and Substance Limited, trading as Sumsub (“Subsub”), and/or Onfido Ltd (“Onfido,” now part of Entrust) — solely for identity verification and fraud prevention purposes. The applicable provider extracts facial geometry from your selfie or video and compares it to the photograph on your government-issued identification document to verify your identity. Onfido may also use your facial scan data to determine whether it has previously verified your identity on our behalf. This biometric data is stored by the applicable provider on its secure servers. Biometric data is not sold, leased, traded, or otherwise disclosed to third parties other than the identity verification providers named above, except as required by law. Biometric data is retained and destroyed according to the following schedule: for Illinois residents, biometric data is destroyed no later than 3 years from the date of collection; for Texas residents, biometric data is destroyed no later than 1 year after the purpose for collection expires; for all other users, biometric data is destroyed when the purpose for collection has been satisfied or within 5 years from the date of collection, whichever occurs first. Each provider’s data retention and destruction practices are described in their respective privacy notices. By using the Services and completing a liveness check, you provide your written consent to the collection, use, storage, and destruction of your biometric data by Blink and the applicable identity verification provider as described herein. If you do not consent, you may contact support@blink.sv to discuss alternative identity verification methods, subject to availability.
Information collected automatically: transaction data (amounts, dates, counterparties, wallet addresses), Card Transaction data (merchant name, transaction amount, currency, date, authorization details), device information (device type, operating system, unique identifiers, IP address), usage data (features accessed, interaction patterns), call recordings and communications metadata (when you contact our support team or when we contact you via automated systems, as described in the Cardholder Agreement), and approximate location derived from IP address. Precise geolocation is collected only if you grant permission through your device settings.
Information from third parties: identity verification results, financial information from credit bureaus and screening providers (where applicable for the Blink Card), publicly available blockchain transaction data, Card Network transaction and chargeback data (from Visa and other payment networks), and information shared by Card Program Partners as necessary to operate Partner Services.
We use your personal information to: provide and operate the Services (including the Wallet, Card Balance, API, and Partner Services in both Custodial Mode and Non-Custodial Mode); verify your identity and conduct KYC/AML screening; detect, investigate, and prevent fraud and unauthorized access (including monitoring for prohibited uses as defined in the Terms and Conditions); process transactions and settle Card payments; process and manage Collateral, including monitoring Market Value and executing Liquidation Events (applicable when Credit Mode is in use); assess creditworthiness and Card eligibility; report Card information to consumer credit reporting agencies as described in the Cardholder Agreement; deliver communications relating to your Card via automated telephone dialing systems, prerecorded voice messages, text messages, and email (as authorized in the Cardholder Agreement); respond to your inquiries and provide customer support (including recording calls for quality assurance and compliance purposes); analyze usage patterns to improve the Services; send service-related notifications and, where you have consented, promotional communications; and comply with applicable laws, regulations, court orders, and regulatory requirements.
Data processing varies by mode of operation. In Non-Custodial Mode, Blink does not have access to your private keys, Backup Phrase, or the ability to access, freeze, or recover your funds. Accordingly, certain data processing activities described above (including transaction settlement, fund recovery, and compliance-related fund restrictions) apply only to Custodial Mode. In Non-Custodial Mode, Blink processes data necessary to operate the wallet interface and facilitate transactions initiated by you, but does not maintain custody of or access to the underlying funds.
Funded Mode and Credit Mode. Your Blink Card currently operates in Funded Mode (prepaid). In Funded Mode, data processing is limited to the activities described above as they relate to funded transactions, Card management, and Overdraft processing. When Credit Mode is in use in accordance with the Cardholder Agreement, the scope of data processing also includes: Collateral valuation and monitoring; Liquidation Event processing; enhanced credit reporting to consumer credit reporting agencies; and any additional data processing necessary to administer the collateral-backed credit facility. Upon activation of Credit Mode, Blink will provide the notices and seek the consents required by applicable law and the Cardholder Agreement.
We process your personal information on one or more of the following bases as applicable under your local law: performance of a contract (to provide the Services you have requested); compliance with legal obligations (including AML/KYC, tax reporting, and regulatory requirements); legitimate interests (including fraud prevention, security, and service improvement, where not overridden by your rights); consent (where you have given specific consent, which you may withdraw at any time); and other bases permitted by applicable law, including credit protection where recognized.
Blink entities: Blink El Salvador, S.A. de C.V., Blink US LLC, Blink LLC, and Blink Technologies, LLC share data as necessary for account management, service delivery, and compliance.
Card Program Partners: The Issuing Bank and Program Manager receive personal and financial information necessary for card issuance, transaction processing, fraud prevention, and regulatory compliance.
Card Networks: Visa and other applicable payment card networks receive transaction data, cardholder information, and merchant details as part of processing every Card Transaction. Card Networks may also receive and process data in connection with chargebacks, fraud investigations, and network compliance. Card Network data processing is subject to their own privacy policies and network rules.
Consumer credit reporting agencies: In Funded Mode, we may share information with consumer credit reporting agencies only in connection with Overdraft amounts that remain unpaid, as described in the Cardholder Agreement. When Credit Mode is activated, we may share additional Card information — including payment history, Card status, balances owed, and default or delinquency information — with consumer credit reporting agencies in accordance with the Cardholder Agreement. This information may appear on your credit reports and could include negative information if you do not comply with the terms of the Cardholder Agreement. In either mode, we may obtain credit and income information about you from consumer credit reporting agencies as the law allows.
Communications service providers: We may share your phone number, email address, and Account-related information with third-party service providers that deliver automated communications on our behalf, including telephone dialing systems, text messaging platforms, and email delivery services, as authorized in the Cardholder Agreement.
Identity verification providers. Identity verification and KYC/AML screening for the Services is performed by one or more of the following third-party identity verification providers. Blink may use any of these providers, and the provider used for your verification may depend on your jurisdiction, the type of verification required, or other operational factors.
Sum and Substance Limited (Sumsub). Sumsub may be used to verify your identity by comparing facial scan data extracted from your selfie or video with the photograph on your government-issued identification document, evaluating the authenticity of identity documents, and conducting liveness detection. Sumsub processes personal data on behalf of Blink for identity verification, fraud prevention, and AML/CFT compliance purposes. Sumsub may also process this data for its own compatible purposes, including fraud detection and service development, as a separate data controller. Biometric data (facial geometry) extracted during liveness checks is stored by Sumsub on its servers located in European data centers.
Onfido Ltd (Onfido). Onfido (now part of Entrust) may be used to verify your identity by comparing facial scan data extracted from your selfie or video with the photograph on your government-issued identification document, evaluating the authenticity of images, videos, and identity documents (including detecting whether there is a genuine human or physical document in your photos/videos or signs of tampering), and conducting liveness detection. Onfido may also use your facial scan data to determine whether Onfido has previously verified your identity on our behalf, for fraud prevention purposes.
When you complete identity verification (including liveness checks) with any of the above providers, the following personal data is transmitted to and processed by the applicable provider: your name, date of birth, nationality, government-issued identification documents (photographs or scans), facial images (including selfie and video images for liveness detection), and device and session metadata. Blink maintains data processing agreements with each provider that require appropriate technical and organizational security measures.
Other service providers: Analytics providers (aggregated or anonymized data only) and professional advisors (lawyers, auditors, consultants) as necessary for our operations.
Regulatory authorities and law enforcement: We share information where required by law, regulation, court order, or lawful request. This includes: reporting regulated transactions and suspicious activities to the relevant Financial Intelligence Unit (such as the UIF in El Salvador) or other designated agencies; international cooperation under agreements such as FATF recommendations or bilateral mutual legal assistance treaties to support cross-border investigations; and sharing information with authorities in connection with fraud investigations where necessary to safeguard the integrity of the Platform. Blink shares information only with authorized parties and only to the extent legally required or necessary.
Blockchain networks: On-chain transaction data is inherently public on Bitcoin and other blockchain networks. Blink cannot control or delete data recorded on a blockchain.
We do not sell or share your personal information to or with third parties for marketing, advertising, or cross-context behavioral advertising purposes, including as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) and similar US state privacy laws.
Your personal data may be transferred to and processed in jurisdictions outside your country of residence, including El Salvador, Honduras (Próspera ZEDE), and the United States (for Card Program Partners). These jurisdictions may not provide the same level of data protection as your home jurisdiction. Where required by applicable law, we implement appropriate safeguards for such transfers, including standard contractual clauses, adequacy decisions, or other mechanisms recognized by the relevant data protection authority.
We retain your personal information for as long as necessary to provide the Services, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. Specific retention periods vary by jurisdiction and data type:
Transaction data and other records may be retained for longer periods where required to comply with legal, regulatory, or tax obligations, or to resolve disputes.
When personal information is no longer required and the applicable retention period has elapsed, we securely delete or destroy it using methods appropriate to the data format, ensuring that the data cannot be recovered or reconstructed. Blockchain data cannot be deleted due to the immutable nature of distributed ledgers.
We implement appropriate technical and organizational measures to protect your personal information, including: encryption of data in transit and at rest; geographically distributed multisig custody for Bitcoin holdings; access controls and authentication mechanisms; regular security assessments and monitoring; and incident response procedures.
Blink strictly prohibits the transmission of user personal data via email under any circumstances. All internal and external sharing of user data is conducted exclusively through secure, encrypted platforms and communication channels. All instances of data sharing are logged and periodically audited.
For users in Non-Custodial Mode, security of funds depends entirely on your own safeguarding of your Backup Phrase and cryptographic keys. Due to the non-custodial architecture, Blink does not store, have access to, or maintain any copy of your Backup Phrase or private keys, and does not have the technical ability to access, freeze, or recover funds held in Non-Custodial Mode.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information: access a copy of your data; correct inaccurate or incomplete data; request deletion of your data (subject to legal retention requirements); restrict or object to certain processing; receive your data in a portable format; withdraw consent at any time for processing based on consent; request human review of decisions made solely by automated processing that affect you; and lodge a complaint with your local data protection authority (see Section 12 for contact details).
To exercise your rights, contact us at support@blink.sv. We will respond within the timeframe required by applicable law. We may need to verify your identity before processing your request. Disputes that cannot be resolved through this process and that arise out of or relate to the handling of your personal data are subject to the dispute resolution provisions of the Terms and Conditions, including the arbitration and class action waiver provisions therein (subject to the consumer protection carve-outs described in those provisions).
The Blink website and App may use cookies and similar technologies for essential functionality (session management, preferences, security) and analytics (understanding how the Services are used). We do not use cookies for third-party advertising. You can manage cookie preferences through your browser or device settings.
The Services are generally intended for individuals aged 18 and over. The Blink Card is available only to individuals aged 18 and over. Use of the Services and the Wallet is restricted to individuals aged 18 and over, consistent with the Terms and Conditions. Blink does not knowingly collect personal data from minors.
We do not knowingly collect personal information from children under the age of 13 (or under such higher age as may be required by applicable law, such as 16 in certain EEA member states). If we become aware that we have collected personal data from a child below the applicable age threshold without appropriate parental or guardian consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data without appropriate consent, please contact us at privacy@blink.sv.
Where the law of your jurisdiction provides mandatory data protection rights — including rights of access, rectification, deletion, or portability, or the right to lodge a complaint with a supervisory authority — nothing in this Privacy Policy limits or excludes those rights. Blink does not hold data protection registrations in every jurisdiction from which the Services may be accessed. Users outside the jurisdictions in which Blink entities are established access the Services on their own initiative and are responsible for determining whether their use of the Services complies with applicable data protection laws in their jurisdiction of residence.
United States. We do not sell or share your personal information for cross-context behavioral advertising. If you are a resident of California or another US state with comprehensive privacy legislation, you may have additional rights including the right to know what personal information we collect and with whom we share it, the right to request deletion, and the right to opt out of the sale of personal information. To exercise these rights, contact support@blink.sv.
Gramm-Leach-Bliley Act (GLBA). For US users of the Blink Card, additional privacy disclosures may apply under the GLBA regarding the sharing of nonpublic personal financial information. The Issuing Bank’s GLBA privacy notice (the “Account Opening Privacy Disclosures”) will be provided to you at or before the time your Card is opened and will be available at the link provided in the Related Documents section of the Terms and Conditions. The Blink Card is not available to US consumers until these disclosures have been published. To the extent you have opt-out rights under GLBA regarding the sharing of your nonpublic personal information with non-affiliated third parties, those rights are described in the Account Opening Privacy Disclosures.
Fair Credit Reporting Act (FCRA). If we report information about your Card to consumer credit reporting agencies, you have rights under the FCRA, including the right to dispute inaccurate information. If you believe we have reported inaccurate information to a credit reporting agency, contact us at support@blink.sv and we will investigate. You also have the right to obtain a free copy of your credit report annually from each of the major credit reporting agencies at www.annualcreditreport.com.
Credit protection and automated decisions. Where permitted by applicable law, we may process personal data for the purpose of credit protection. Where required by applicable law, users may also request a review of decisions made solely on the basis of automated processing that affect their interests, including decisions related to their personal, professional, consumption, or credit profile. Where applicable law requires the appointment of a Data Protection Officer or equivalent role, contact details are available at privacy@blink.sv.
Data Protection Officer. Where required by applicable data protection law, Blink has designated a Data Protection Officer (DPO). For data protection inquiries, to exercise your rights, or to lodge a complaint, you may contact the DPO at privacy@blink.sv. Where Blink transfers personal data outside the jurisdiction in which it was collected, it does so on the basis of standard contractual clauses, adequacy decisions, or such other transfer mechanism as may be recognized under applicable law.
Supervisory authorities. If you wish to lodge a complaint, you may contact the relevant supervisory authority in your jurisdiction of residence. A non-exhaustive list of authorities for jurisdictions in which Blink entities are established:
We may update this Privacy Policy from time to time. When we make material changes — including changes to the categories of personal data collected, the purposes of processing, the parties with whom data is shared, or the legal bases for processing — we will provide at least 30 days’ prior notice and seek your affirmative consent through the Blink App or by email. If you do not consent, you may close your account before the effective date without penalty. For non-material changes (formatting, clarifications, administrative updates, or changes required by law), we will update the “Last Updated” date and may provide notice through the Blink App or other means.
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
By using the Services, you acknowledge that you have read and understood this Privacy Policy.
