Skip to content
 
 

Privacy Policy

Last Updated and Effective Date: July 1, 2023

Bakkt Marketplace Privacy Notice (applicable for Bakkt Marketplace, LLC and Bakkt Crypto Solutions, LLC individually)

In this Privacy Notice (“Notice”), Bakkt (also referred to as “Bakkt,” “we,” “us,” or “our”) describes the types of Personal Information we may collect from you in connection with your interaction with us, including when you visit our websites or mobile application, or use our online products, services or content (the “Services”). We define Personal Information as “information that is linked or reasonably linkable to an identified or identifiable natural person.”

1. PERSONAL INFORMATION WE COLLECT

  1. Personal Information We Collect Directly from You

We collect Personal Information from you when you use our Services and interact with us (such as speaking with Bakkt representatives). The information we collect may include your name, state or country of residence, date of birth, address, phone number, social security number, account number, job title, company, email address, marketing and communications preferences, and other information you choose to provide us, including information provided when you register with us, such as citizenship or citizenship status. In some circumstances, we may collect information such as a government-issued ID, proof of address, or photograph(s) (if you elect to provide them to us). We may also collect information relating to:

  • Records and copies of your correspondence (including email addresses), if you contact us.
  • Your responses to surveys, such as those that we might ask you to complete for research purposes.
  • Details of transactions you carry out using our Services. You may be required to provide financial information before using our Services.

We do not knowingly collect information about your race or ethnicity, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation or genetic or biometric data. We do not knowingly collect Personal Information from consumers under the age of 13. If you learn that a child has provided us with Personal Information in violation of this Privacy Policy, please alert us at privacy@bakkt.com with Subject Line: Children’s Privacy.

  1. Personal Information We Collect Automatically

We collect certain information automatically when you interact with our Services. For example, we may use cookies, web beacons, and other similar technologies to collect information about you as you use our Services. Examples of this type of information include the dates and times of your use of the Services, your IP (Internet Protocol) address, your browser type, your operating system, device identifiers, and the webpages or content to or from which you navigate.

Third parties may use cookies or similar technologies on our Services. For example, these technologies may be used to provide content and advertisements. Other parties may collect Personal Information about your online activities over time and across different websites when you use our Services.

  1. Personal Information We Collect From Third Parties

We also collect information about you from third parties, such as money laundering and fraud prevention information providers, marketing agencies, identity and creditworthiness verification services, and analytics and information providers. We may combine information we collect about you with information from third parties.

2. HOW WE USE YOUR INFORMATION

We use the information we gather to provide services to you and to respond to your inquiries. This includes:

  • Providing Services, including to:
    • Register, create, and maintain your account;
    • Authenticate your identity and/or your access to an account;
    • Initiate, facilitate, process, and/or execute transactions;
    • Communicate with you regarding your account or any Services you use;
    • Perform creditworthiness, fraud prevention or other similar reviews;
    • Evaluate applications; or
    • Compare information for accuracy and verification purposes.
  • Managing our business and protecting ourselves, you, other persons, and the Services.
  • Providing a personalized experience and implementing your preferences.
  • Better understanding our customers and how they use and interact with the Services.
  • Personalizing our Services and providing offers and promotions for our Services via our websites and third-party websites.
  • Providing you with location-specific options, functionalities, and offers.
  • Complying with our policies and obligations, including but not limited to, disclosures made in response to any requests from law enforcement authorities and/or regulators in accordance with any applicable law, rule, regulation, judicial or governmental order, regulatory authority of competent jurisdiction, discovery request, advice of counsel or similar legal process.
  • Resolving disputes, collecting fees, or troubleshooting problems.
  • Providing customer service to you or otherwise communicating with you.

We may also process your Personal Information to fulfill the purposes for which you provide it, or with your consent.

3. HOW WE SHARE INFORMATION

We may disclose the information we gather to our affiliates and to third parties. For example, we may share information with:

  • Service providers and/or data processors: We may share Personal Information with third party service providers that perform services and functions at our direction and on our behalf. These third party service providers may, for example, provide you with services, verify your identity, assist us to comply with law or combat fraud, assist in processing transactions, or provide customer support.
  • Other parties to transactions: We may share information with the other parties to your transactions, including retailers with whom we have partnered to provide the Services.
  • Financial Institutions and Credit Bureaus: We may share information with financial institutions and credit bureaus involved in supporting transactions in which you engage or assessing creditworthiness. For example, we may share information with your bank when you link your bank account to our Services.
  • Other third parties: We may share information with other third parties for our business purposes or as permitted or required by law, including:
    • To comply with any legal, regulatory or contractual obligation, or with any legal or regulatory process (such as a valid court order or subpoena) or with the advice of counsel;
    • To market our or their products or services to you;
    • To establish, exercise, or defend legal claims or our policies;
    • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of ourselves, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud prevention and credit risk reduction; or
    • In connection with the purchase, sale, merger, consolidation or transfer of all or part of Bakkt’s business.

We may also disclose data to fulfill the purposes for which you provide it, or with your consent.

4. CHANGES TO THIS PRIVACY NOTICE

We will notify you of changes to this Notice by revising this Notice and updating the Effective Date above. If you have an account with us, we may notify you of material changes to this notice by e-mail.

5. YOUR CHOICES

If you wish to stop receiving marketing communications, you can opt out by emailing us at help@bakkt.com or privacy@bakkt.com. We may continue to send you non-marketing messages, such as messages relating to your transactions with us.

As of the Effective Date listed above, We participate in a service called Global Privacy Control (GPC) that lets you set a “Do Not Sell or Share” preference at the browser level.  

First, you’ll need a GPC-enabled browser or browser extension. Next, you’ll activate or turn on the GPC setting in the browser. When you visit a website, your browser will automatically send the site a “Do Not Sell or Share” signal and participating websites, like ours, will honor your preference.

Note: Not all browsers and extensions offer a GPC setting. To download a GPC-enabled browser, go to the Global Privacy Control website.  

If you are a registered user of the Services, you may access your personal account information online and make changes by logging into your account.

You may control how your browser accepts cookies. If you reject cookies, you may still use our website, but your ability to use some features or areas of our website may be limited. Please see our cookie policy for more information.

6. SECURITY

Bakkt has implemented administrative, physical and technical safeguards designed to protect your Personal Information. Still, Bakkt cannot guarantee the security or confidentiality of information you transmit to us or receive from us.

For Vermont Customers.

  • We will not disclose information about your creditworthiness to our affiliates and will not disclose your Personal Information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
  • Additional information concerning our privacy policies can be found at https://www.bakkt.com/privacy-policy.

7. YOUR STATE PRIVACY RIGHTS 

State consumer privacy laws may provide their residents with the following additional rights regarding our use of their Personal Information. If you are a California resident, see the Bakkt California Privacy Rights Addendum below for more information about our privacy practices and your rights under California law.

The right to confirm whether we process Personal Information about you and request access to such Personal Information (including, if applicable, in a portable and readily usable format).

  • The right to correct inaccuracies in certain Personal Information we may hold about you; and
  • The right to request that we delete Personal Information collected about you.
  • The right to opt out of the processing of personal data for the purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
    • Although we may process your information for targeted advertising, we do not process Personal Information for purposes that, under applicable law, require us to support the right to opt out of the sale of Personal Information or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • The right to appeal our decision regarding your rights request.
  • The right to not be discriminated against for the exercise of your state privacy rights.

You may exercise these rights by:

  • Logging in to your account (if you have an account) and submitting a request;
  • Emailing us at privacy@bakkt.com;
  • Calling our toll-free number 1-800-322-1719; or
  • Completing our Privacy requests form.

Verification

As required under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may require you to provide additional Personal Information including name, physical address, email address, contact information, account login credentials, and other information about your previous transactions with us to verify your identity in response to exercising requests of the above type. We may limit our response to your exercise of rights as permitted under applicable law.

Agent Authorization

Under applicable state law, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent will need to complete the Authorized Agent Designation Form by clicking here. Please upload the completed Authorized Agent Designation Form to the completed Bakkt privacy request form. As permitted by law, we may require verification of the agent’s authorization to act on your behalf, require you to confirm you have authorized the agent to act on your behalf, or require you to verify your own identity. We may deny a request by an agent if they fail to submit proof that they act on your behalf.

8. BAKKT CALIFORNIA PRIVACY RIGHTS ADDENDUM: CALIFORNIA PRIVACY PRACTICES AND YOUR CALIFORNIA RIGHTS

The following provisions apply to individuals who are residents of California and whose Personal Information we collect (such as website visitors). For such residents, the provisions of this California Privacy Rights Addendum (“Addendum”) prevail over any conflicting provisions of this Notice. If you use one of our financial products or services for personal or household use, our collection of your Personal Information in connection with such product or service is subject to a separate privacy notice that we are required by federal law to provide, and is not subject to this Notice or this Addendum.  

Personal Information We Collect

Within the last 12 months, we may have collected the following categories of Personal Information about you:

  1. Identifiers.

Real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

  1. Information under the California Customer Records statute.

Personal Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to their name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, bank account number, credit card number, debit card number, or any other financial information.

  1. Characteristics of protected classifications under California or federal law.

Characteristics of protected classifications under California or federal law (such as race, gender, age, disability status).

  1. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

  1. Biometric information

Images, including facial data. We may also require you to provide fingerprint data (e.g., through your device to verify your identity).

  1. Internet or other similar network activity.

Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with a website, application or advertisement.

  1. Geolocation information.

Geolocation data.

  1. Sensory data.

Audio, electronic, visual, or similar information.

  1. Inferences drawn from other Personal Information.

Inferences drawn from any of the Personal Information we collect to create a profile about you reflecting your preferences, characteristics, behavior, and attitudes.

  1. Sensitive Personal Information

We collect Sensitive Information (which includes social security, driver’s license, state identification card, or passport number, precise geolocation, racial or ethnic origin), to the extent noted above.

We obtain Personal Information from a variety of sources. These sources include: yourself with respect to both online and offline interactions you may have with us or our service providers; other entities with whom you transact business; others with whom you maintain relationships who may deal with us on your behalf; the devices you use to access our websites, mobile applications, and online services; credit bureaus; identity verification and fraud prevention services; marketing and analytics providers; public databases; social media platforms; and others consistent with this Notice and Addendum. For more information, please see the PERSONAL INFORMATION WE COLLECT section of this Privacy Notice.

Disclosures of Personal Information for Monetary or Other Valuable Consideration, for Behavioral Advertising, or for Business Purposes

Bakkt does not sell or disclose Personal Information for money or other valuable consideration. However, as is common practice among businesses that operate Internet websites and mobile apps, within the last 12 months, we may have disclosed through cookies or similar technologies certain identifiers such as email addresses, pseudonymized identifiers and internet activity, information about the use of our websites and apps, and inferences drawn about you to our social media, analytics, and advertising partners for targeted marketing purposes.

Within the last 12 months, we have disclosed Personal Information identified in the above categories (A)-(J) and/or PERSONAL INFORMATION WE COLLECT for our business purposes. To learn more about the categories of third parties with whom we share such information, please see HOW WE SHARE DATA section of this Notice.

Sales or Sharing of Minors’ Personal Information

We do not sell Personal Information of individuals we know to be under the age of 16, or share such Personal Information with third parties for cross-context behavioral advertising.

Use of Personal Information

For each of the above categories, we use the Personal Information we collect for the business purposes disclosed in HOW WE USE YOUR INFORMATION section of this Notice. Please note that the business purposes for which we use your information may include:

  • Audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
  • Detecting and protecting against security incidents and malicious, deceptive, fraudulent or illegal activity, and prosecuting the same;
  • Debugging to identify and repair errors in our systems;
  • Short-term, transient use including contextual customization of ads;
  • Providing services on our behalf or on behalf of another, including maintaining or servicing accounts, providing customer service, fulfilling transactions, verifying identity information, processing payments, and other services;
  • Conducting internal research to develop and demonstrate technology; and
  • Conducting activity to verify, enhance, and maintain the quality or safety of services or devices which we may own, control, or provide.

We may also use the information we collect for our own or our service providers’ other operational purposes, purposes for which we provide you additional notice, or for purposes compatible with the context in which the Personal Information was collected.

How Long We Keep Personal Information

The amount of time we retain a particular category of Personal Information will vary depending on the purpose for which it was collected, our business need for it, and our legal obligations to retain it. We retain your Personal Information for the time needed to fulfill the purpose for which that information was collected and as required pursuant to our data retention policies, which reflect applicable statute of limitation periods and legal requirements. In determining the retention period for Personal Information, we consider the nature and sensitivity of your Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we collect, use and maintain your Personal Information and our legal requirements to retain such information.

Your California Rights

If you are a California resident, you have certain rights related to your Personal Information, including:

  • Right to Access and Right to Know. You have the right to request that we disclose the following to you:
    • Specific pieces of Personal Information we have collected;
    • Categories of Personal Information we have collected about you;
    • Categories of sources from which the Personal Information is collected;
    • Our business or commercial purpose for collecting ,selling, or sharing Personal Information; and
    • Categories of third parties with whom we share Personal Information;
  • Right to Deletion. You have the right to request that we delete Personal Information about you that we have collected from you.
  • Right to Correction. You have the right to request that we correct inaccurate Personal Information we may have about you.
  • The Right to Opt-Out of Sales or Sharing.   The CCPA gives you the right to opt-out of the disclosure of Personal Information about you for monetary or other valuable consideration (“sale”) and/or the disclosure of personal information for purposes of behavioral advertising (“sharing”). Our use of tracking technologies may be considered a “sale” or “sharing” under California law. To opt-out, select the Bakkt Privacy Request form, then complete the form by selecting the option Do Not Sell or Share My Personal Information, or by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal).

We collect certain sensitive Personal Information (as discussed above in the “Personal Information We Collect ” section). However, we do not use or disclose sensitive information in a manner that requires us to offer a right to limit such use under the CCPA.

You may exercise these rights by:

  • Logging in to your account (if you have an account) and submitting a request;
  • Emailing us at privacy@bakkt.com;
  • Calling our toll-free number 1-800-322-1719; or
  • Completing our Privacy requests form .

Verification

As required under applicable law, please note that we may take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may require you to provide additional Personal Information including name, physical address, email address, contact information, account login credentials, and other information about your previous transactions with us to verify your identity in response to exercising requests of the above type. We may limit our response to your exercise of rights as permitted under applicable law.

Nondiscrimination

Subject to applicable law, we may not discriminate against you because of your exercise of any of the above rights, or any other rights under the California Consumer Privacy Act, including by:

  • Denying you goods or services;
  • Charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties;
  • Providing you a different level or quality of goods or services; or
  • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value of the Personal Information provided to us and to the extent permitted by law.

Agent Authorization

Under California law, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent will need to complete the Authorized Agent Designation Form by clicking here. Please upload the completed Authorized Agent Designation Form to the completed Bakkt privacy request form. As permitted by law, we may require verification of the agent’s authorization to act on your behalf, require you to confirm you have authorized the agent to act on your behalf, or require you to verify your own identity. We may deny a request by an agent if they fail to submit proof that they act on your behalf.

How to Contact Us

You may contact us with questions and concerns about our privacy policies or practices by contacting us at privacy@bakkt.com or at 1-800-322-1719.