Bilt Privacy Guide: Know Your Rights & Protect Your Data

Based on the provided Privacy Policy, Terms of Use, and Rewards Terms, there are the specific privacy implications for the end user. These implications range from the types of data collected and shared to the limits placed on user control.

1. Extensive Data Collection and Surveillance

  • Session Recording: By simply visiting the website, you consent to Session Replay, which records your activity. If you provide contact info (email/phone), that contact info is associated with the recording.
  • Chatbot Monitoring: Your conversations with the chatbot (questions and responses) are recorded, collected, and processed for training, fraud prevention, and support.
  • Device Fingerprinting: Your browser collects IP addresses, cookies, and usage information (clicks, pages viewed) to analyze interaction.
  • Financial Credential Access: To link a bank account, you provide credentials (username/password). These are securely stored but processed by third-party providers (like Plaid) to access your accounts for services.
  • Landlord Data: Your property manager or landlord is authorized to disclose your rental history (name, address, rent amount, payment history) directly to Bilt. You do not have an inherent right to prevent this under the program terms.

2. Widespread Data Sharing

Your data is shared with a wide ecosystem of third parties that the user does not directly interact with:

  • Payment Networks: Mastercard, Visa, Amex, and Discover monitor your transaction data to confirm rewards eligibility.
  • Banks: Column National Association, Evolve Bank & Trust, Wells Fargo, and Plaid store and process financial data.
  • Transaction Monitors: Fidel Ltd., Rewards Network Establishment Services, Inc. monitor transactions to verify purchases for rewards.
  • Marketing Partners: Digital marketing partners use web beacons (pixels) and trackers to collect info for Interest-Based Advertising and cross-contextual advertising.
  • Affiliates: Bilt shares data with affiliates for marketing purposes. However, Bilt shares information for non-affiliates to market to you only if you consent (though in practice, the policy states they share for marketing purposes generally).
  • Credit Bureaus: Rent and mortgage payments are reported to credit bureaus. This reporting cannot be amended or cancelled once submitted.
  • Government: Data is shared in response to court orders, legal investigations, or requests from government authorities.

3. Limitations on User Control and Opt-Outs

  • No "Do Not Track" Support: The policy explicitly states that Bilt does not support "Do Not Track" (DNT) browser signals. You cannot opt out of tracking via browser settings even if your browser offers the feature.
  • Mandatory Transaction Monitoring: To earn rewards, you must authorize transaction monitoring. You cannot opt out while keeping the card linked to earn points; you must unlink the card entirely to stop data sharing (which negates rewards).
  • Marketing SMS Consent: Providing a phone number grants consent to receive SMS messages, even if on a corporate Do Not Call list.
  • Cookie Management: You must accept cookies to use full features of the Service.
  • Data Retention: Even if you delete your account, Bilt states they will "continue to store, access, and use information" to comply with legal obligations. You do not achieve instant erasure.
  • Rent Payment Reporting: Once payments are reported to credit bureaus, the reporting cannot be modified or cancelled by the user.

4. Financial Privacy Risks

  • Bank Account Access: By granting access to your bank account (via Plaid), you authorize Bilt and partners to transmit your financial data. If you revoke this, you may lose the ability to receive services.
  • Payment Account Status: The "Bilt Rent Account" is not a deposit account held by a bank where you are a customer. It is a facilitated payment account. You have no rights as a customer of the Payment Account Bank (e.g., Evolve) beyond what is permitted by law.
  • Sanctions and Restrictions: You cannot use the service for specific high-risk sectors (crypto, marijuana, gambling, etc.). If you attempt to use the account for these purposes, it may be frozen or terminated without notice.
  • Loss of Points: Your "financial reward data" (Points) expires if the account is inactive for 18 months or if the program is cancelled.

5. Privacy Rights (Regulatory Specifics)

  • CCPA (California): Most personal information is exempt from CCPA due to financial regulations (GLBA). However, users have rights to request access to, deletion of, or opt-out of the sale of the small subset of data that is not exempt (e.g., specific identifiers not covered by GLBA).
  • Colorado & Oregon: Users in these states can request specific data disclosures, deletion, correction, and opt-outs from sales/targeting for their Personal Data.
  • GLBA: Non-Public Information (NPI) is protected under the Gramm-Leach-Bliley Act, limiting how it can be disclosed but allowing Bilt to share it as defined in their privacy notice.

6. Security and Liability Implications

  • No Security Guarantee: Bilt states they "cannot guarantee the security of any information." Users assume the risk of unauthorized access or hardware failure.
  • Indemnification: Users must indemnify Bilt if their data is compromised due to their actions or if the data is used in violation of the agreement.
  • No Liability for Data Loss: Bilt is not liable for data loss, interruptions, or errors in point crediting.
  • Feedback Ownership: Any bug reports or feature requests (Feedback) you provide are claimed by Bilt with a perpetual, irrevocable, royalty-free license to use them for any purpose.

Summary of Key Trade-offs

Feature Privacy Implication
Earn Rewards Must share transaction data with Networks (Mastercard/Visa) and Partners (Fidel).
Use App/Website Must consent to Session Replay (screen recording) and Cookie tracking.
Link Bank Grant access to financial credentials for processing; cannot revoke without losing service.
Provide Phone # Consent to SMS marketing and sharing with carriers for fraud prevention.
Use Service Waive Right to Track (Do Not Track) signal support.
Report Rent Data sent to Credit Bureaus cannot be removed or edited.