Legal

Blend Privacy Policy

Effective Date: November 5, 2025

1. Introduction

This Privacy Policy ("Policy") describes how BlendHQ, Inc., a Delaware corporation doing business as Blend ("Blend," "we," "us," or "our"), collects, uses, discloses, and protects personal information. This Policy applies to our corporate website at www.blendx.com and any subdomains we operate (the "Site"), our software-as-a-service platform and related applications (collectively, the "Services"), and our other interactions with you, such as customer support, sales communications, and marketing.

Blend serves business customers in the fitness and wellness industry. We act in two distinct roles depending on the personal information at issue. To make those roles clear, this Policy is organized into three parts:

Part I — Blend as a Service Provider/Processor: Describes how we handle personal information we process on behalf of our business customers (each, a "Customer") when their authorized users and end users ("Users") interact with the Services.
Part II — Blend as a Business: Describes how we collect and use personal information for our own purposes, such as when a Site visitor browses www.blendx.com, requests a demo, contacts us, or manages a Blend account.
Part III — Your Privacy Rights and Choices: Describes the rights available to U.S. residents and how to exercise them.

By accessing or using the Site or the Services, you acknowledge that you have read this Policy. The Services and the Site are intended for users in the United States; we do not target the Services or the Site to individuals located in the European Economic Area, the United Kingdom, or Switzerland.

2. Key Definitions

“Customer” means any business entity that subscribes to and uses the Services pursuant to a master subscription agreement, order form, or other written agreement with Blend.

“User” means an individual whose personal information we process on behalf of a Customer, including a Customer’s employees, contractors, members, clients, and other authorized end users of the Services.

“Visitor” means an individual who interacts with the Site, our marketing channels, our sales team, or our customer support team in a capacity other than as a User.

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. “Personal Information” does not include de-identified, aggregated, or publicly available information.

“Sale” and “Sharing” have the meanings set forth in the California Consumer Privacy Act, as amended (the “CCPA”). “Sharing” refers to disclosing Personal Information to a third party for cross-context behavioral advertising.

“Sensitive Personal Information” has the meaning given by applicable U.S. state privacy laws and includes categories such as government identifiers, precise geolocation, account login credentials, and racial or ethnic origin.

Part I — Blend as a Service Provider

This Part I applies to Personal Information we process on behalf of our Customers in our role as a “Service Provider” under the CCPA, a “Processor” under other U.S. state privacy laws, or in a comparable role under other applicable law.

A. Information We Process for Customers

When we provide the Services to a Customer, the Customer determines what Personal Information is submitted to the Services and how that Personal Information is used. We process that Personal Information solely on the Customer’s documented instructions and as permitted by our agreement with the Customer. Depending on how a Customer configures the Services, we may process the following categories of Personal Information about Users:

Identifiers and contact data: name, email address, mobile telephone number, postal address, account user ID, and similar identifiers.
Authentication data: passwords (in hashed form), multi-factor authentication tokens, session tokens, and login credentials.
Transaction and financial data: billing information, payment method tokens (processed by our payment processors), purchase history, membership status, and other commercial information generated through use of the Services.
Communications content: the content of SMS/text messages, emails, in-app messages, and similar communications sent or received through the Services, including consent records and opt-out events.
Technical data: IP address, device identifiers, browser type, operating system, application logs, error reports, and security event data.
Customer-configured data: any other Personal Information our Customer chooses to submit to the Services.

We do not process special categories of data such as protected health information subject to HIPAA, payment card account numbers stored outside our payment processors, biometric identifiers, or sensitive health, fitness, or biometric measurements, and Customers are contractually prohibited from submitting such data to the Services without our prior written consent.

B. How We Use User Data

Our use of User Personal Information is limited to performing our obligations to the Customer and the following permitted business purposes:

Providing, operating, maintaining, and supporting the Services for the Customer.
Facilitating transactions, communications, and account activity that the Customer has authorized.
Authenticating Users and securing accounts against unauthorized access, fraud, and abuse.
Providing technical support and troubleshooting at the Customer’s request.
Creating de-identified or aggregated data for internal analytics, product improvement, and benchmarking.
Complying with applicable law and responding to lawful requests from public authorities.

We do not “Sell” or “Share” (as defined by the CCPA) Personal Information that we process on behalf of our Customers, and we do not use that Personal Information for our own marketing or advertising purposes or to build profiles for purposes other than providing the Services.

C. SMS and Text Messaging Sent on Behalf of Customers

The Services include functionality that allows Customers to send SMS and text messages to their Users. When a Customer uses that functionality:

The Customer is the sender of the message and is solely responsible for obtaining and maintaining all consents required under the Telephone Consumer Protection Act, applicable Federal Communications Commission and Cellular Telecommunications Industry Association rules, and other applicable laws.
Blend processes the recipient’s mobile telephone number, message content, delivery status, opt-in and opt-out records, and related metadata solely on the Customer’s instructions and to operate the messaging features of the Services.
Recipients who wish to stop receiving messages from a Customer should reply STOP to the message; recipients who need help should reply HELP or contact the Customer directly.
Blend does not use mobile telephone numbers or message content collected through the Services to send marketing communications on Blend’s own behalf.

D. Customer Responsibilities; How Users Exercise Privacy Rights

Our Customers are independently responsible for their own privacy practices and for providing notice to Users and obtaining any required consents regarding the collection and use of Personal Information through the Services. If you are a User and wish to exercise a privacy right with respect to information processed through the Services (such as a right to access, correct, delete, or opt out), you must submit your request directly to the Customer with which you have a relationship.

As a Service Provider/Processor, Blend is contractually and legally required to act only on the verified instructions of the applicable Customer. If we receive a User request directly, we will refer the request to the Customer and may notify the User of that referral.

Part II — Blend as a Business

This Part II applies to Personal Information that Blend collects and processes for its own business purposes, such as marketing our Services, managing our Site, communicating with prospective and current Customers, and administering Customer accounts. With respect to this information, Blend is a “Business” under the CCPA and a “Controller” under other U.S. state privacy laws.

A. Information We Collect

Information You Provide to Us

Contact and demo requests: name, business email address, business telephone number, company name, job title, country/state, and any message you choose to provide when you complete a form on the Site.
Customer account data: billing contact information, authorized administrator names and credentials, and payment instrument tokens for invoicing.
Support and feedback: information you provide when you contact us at legal@blendx.com, support@blendx.com, or another support channel, including communications you send to our personnel.
Marketing preferences: email subscription status, event registration information, and content downloads.

Information Collected Automatically

Cookies and similar technologies: we and our service providers use cookies, web beacons, pixels, SDKs, and similar technologies to collect information about your interactions with the Site. This information may include IP address, approximate location derived from IP address, device and browser characteristics, referring and exit pages, pages viewed, time on page, and information about ads you have viewed or clicked. See Section II.G (Cookies and Tracking Technologies) below for more detail.
Authentication and security logs: for the Site and for Customer-administrator access to the Services, we log IP addresses, login timestamps, and similar security event data.

Information from Third Parties

We may receive information about prospective Customers from publicly available sources, business contact data providers, joint marketing partners, and our analytics and advertising partners (such as Google, Meta, and LinkedIn).

B. How We Use Your Information

We use Personal Information collected as a Business for the following purposes:

Providing and administering Customer accounts: setting up and managing accounts, invoicing and processing payments, providing customer support, and communicating with Customers about their accounts.
Marketing and advertising: to market our Services to prospective Customers, send newsletters and product updates, host events and webinars, and run advertising campaigns on third-party platforms. We use advertising pixels and similar technologies for cross-context behavioral advertising (which is treated as “Sharing” under the CCPA).
Site analytics and product improvement: to understand how Visitors and Customers use the Site, measure the performance of our marketing, and improve the Site and the Services.
Security and fraud prevention: to detect, investigate, and prevent fraudulent transactions, unauthorized access, abuse of the Site or the Services, and other harmful activity, and to protect the rights, property, and safety of Blend, our Customers, and others.
Compliance and legal: to comply with applicable law, respond to lawful requests from public authorities, enforce our agreements, and establish, exercise, or defend legal claims.

C. SMS Communications Sent by Blend

From time to time, Blend may use SMS or text messaging to communicate with Customer administrators, prospective Customers who have given prior express written consent, and event attendees. Any such messages are governed by the Blend SMS Terms posted at www.blendx.com. We will obtain consent as required by law before sending marketing text messages, and recipients can opt out at any time by replying STOP.

D. How We Disclose Your Information

We disclose Personal Information to the following categories of recipients:

Service providers and processors: vendors that perform services on our behalf, including cloud hosting (e.g., Amazon Web Services), email delivery, customer relationship management, telephony and SMS gateway providers, analytics, customer support tooling, and professional services firms. These vendors are contractually limited in how they may use Personal Information.
Payment processors: Stripe, Inc. and Worldpay (FIS), which process payments on our behalf. Payment card information is collected and processed directly by these providers in accordance with their own terms and privacy policies.
Advertising and analytics partners: we “Share” certain online identifiers and Site activity through cookies and pixels with partners such as Google, Meta, and LinkedIn to deliver targeted advertising. You can opt out of this Sharing as described in Part III below.
Legal and compliance: we may disclose Personal Information when we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request, or is necessary to protect the rights, property, or safety of Blend, our Customers, or others.
Corporate transactions: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, Personal Information may be transferred to the acquiring or successor entity, subject to commercially reasonable confidentiality protections.

We do not sell Personal Information for monetary consideration. We do “Share” online identifiers for cross-context behavioral advertising as described above.

E. Sensitive Personal Information

The categories of Sensitive Personal Information we collect are limited to the following:

Account login credentials: usernames in combination with passwords or other access credentials, which we use solely to authenticate access to your Blend account.
Approximate geolocation: derived from IP address at the time of login, which we use solely for security and fraud prevention.

We do not collect or use Sensitive Personal Information to infer characteristics about you, and we do not use Sensitive Personal Information for purposes that would trigger a “right to limit” under applicable law. Blend does not collect protected health information subject to HIPAA, biometric identifiers, genetic information, precise GPS-level geolocation, or health, fitness, or biometric measurements.

F. Children’s Privacy

The Site and the Services are not directed to children, and we do not knowingly collect Personal Information directly from children under the age of 16. If you are a parent or legal guardian and you believe we have collected Personal Information from your child, please contact us at legal@blendx.com and we will take appropriate steps to delete that information. We do not knowingly engage in targeted advertising to, sell the Personal Information of, or share the Personal Information of, consumers under the age of 16.

G. Cookies and Tracking Technologies

We and our service providers use the following categories of cookies and similar technologies on the Site:

Strictly necessary: required to operate the Site and provide basic functionality such as session management and security.
Performance and analytics: help us understand how Visitors use the Site so we can measure and improve performance. We use providers including Google Analytics.
Functional: remember choices you make (such as language or region) and provide enhanced features.
Advertising and targeting: used by us and by third-party advertising partners (including Google, Meta, and LinkedIn) to deliver advertising relevant to you on other websites and platforms. The use of these cookies constitutes “Sharing” under the CCPA.

You can manage cookie preferences at any time by clicking “Cookie Preferences” or “Do Not Sell or Share My Personal Information” in the Site footer, or by adjusting your browser settings. We honor opt-out preference signals such as the Global Privacy Control (GPC) sent by your browser as an opt-out of “Sharing” for cross-context behavioral advertising on browsers from which the signal is received.

Part III — Your Privacy Rights and Choices

A. State Privacy Rights

Depending on your state of residence, you may have one or more of the following rights with respect to Personal Information that Blend processes about you as a Business:

Right to know/access: the right to request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties to whom we disclose Personal Information.
Right to delete: the right to request that we delete Personal Information we have collected from you, subject to legal exceptions.
Right to correct: the right to request that we correct inaccurate Personal Information we hold about you.
Right to portability: the right to receive a copy of Personal Information you have provided to us in a portable, machine-readable format.
Right to opt out of Sale or Sharing: the right to opt out of the Sale of Personal Information (we do not Sell) and the Sharing of Personal Information for cross-context behavioral advertising (we Share through advertising cookies as described above).
Right to opt out of targeted advertising and profiling: the right to opt out of certain automated processing for targeted advertising or profiling that produces legal or similarly significant effects.
Right to limit use of Sensitive Personal Information: the right to direct us to limit our use of Sensitive Personal Information to certain purposes. We only use the limited Sensitive Personal Information we collect for purposes that are exempt from this right (authentication and security).
Right to non-discrimination: the right not to be discriminated against for exercising any of these rights.
Right to appeal: in certain states, including Colorado, Connecticut, Virginia, and others, the right to appeal our decision on a privacy rights request.

These rights are subject to verification and to exceptions set out in applicable state law. We will respond to verifiable requests within the time period required by the applicable state law (generally 45 days, subject to extensions where permitted).

B. How to Exercise Your Rights

To submit an access, correction, deletion, or portability request, please email us at legal@blendx.com with the subject line “Privacy Rights Request” and include sufficient information for us to verify your identity, the state in which you reside, and the nature of your request. We will not disclose Personal Information in response to a request we cannot verify.

To opt out of Sharing for cross-context behavioral advertising and to manage cookie preferences, please click “Do Not Sell or Share My Personal Information” in the Site footer. We also honor the Global Privacy Control (GPC) signal as described above.

If we deny your request in whole or in part, you may appeal our decision by replying to our response or by emailing us at legal@blendx.com with the subject line “Privacy Rights Appeal.” We will respond to your appeal within the time required by applicable law.

C. Authorized Agents

You may use an authorized agent to submit a privacy rights request on your behalf. The agent must provide us with a written, signed authorization from you, or proof of power of attorney. We may require you to verify your own identity directly with us or to confirm directly that you authorized the agent.

D. California Shine the Light

California Civil Code Section 1798.83 permits California residents to request certain information regarding disclosures to third parties for direct marketing purposes. To make such a request, please email legal@blendx.com.

3. Data Security

We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect Personal Information from unauthorized access, use, alteration, loss, or disclosure. No security measure, however, is perfect, and we cannot guarantee the absolute security of Personal Information.

4. Data Retention

We retain Personal Information for as long as reasonably necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with legal, accounting, and reporting obligations, resolve disputes, and enforce our agreements. The specific retention period for each category of Personal Information depends on factors including:

The nature and sensitivity of the Personal Information and the potential risk of harm from unauthorized use or disclosure.
The purposes for which we process the Personal Information and whether we can achieve those purposes through other means.
Applicable legal, contractual, accounting, or regulatory retention requirements.

Personal Information processed on behalf of Customers is retained in accordance with the Customer’s instructions and the parties’ written agreement.

5. Third-Party Links

The Site may contain links to third-party websites, services, or applications, including those operated by our payment processors and advertising partners. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy notices and terms of any third party before providing Personal Information to it.

6. Updates to This Privacy Policy

We may update this Policy from time to time. When we do, we will post the updated Policy on the Site and update the “Effective Date” above. If we make material changes, we will provide additional notice as required by applicable law. Your continued use of the Site or the Services after the Effective Date constitutes your acknowledgment of the updated Policy to the extent permitted by law.

7. Contact Us

If you have questions about this Policy or our privacy practices, please contact us at:

BlendHQ, Inc.

Attn: Legal

8 The Green, STE B

Dover, DE 19901

United States

Email: legal@blendx.com