Skip to content Skip to footer

 Privacy Policy


**BBB Payouts (bbbpayouts.com)**
**Effective Date: January 1, 2025**
**Last Updated: January 1, 2025**

## 1. Introduction

Visualize One Inc (“we,” “us,” “our,” or “Company”) operates the BBB Payouts service through our websites bbbpayouts.com and bbbpayout.com (collectively, the “Service”). We are committed to protecting your privacy and maintaining the confidentiality of your personal and financial information in accordance with all applicable federal and state laws, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, the California Consumer Privacy Act, the Florida Digital Bill of Rights, and other relevant privacy regulations.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our R&D tax credit services. As a financial services provider, we are subject to strict regulatory requirements designed to protect your privacy and ensure the security of your financial data.

**Important Notice**: This Privacy Policy is provided in compliance with the Financial Privacy Rule under the Gramm-Leach-Bliley Act and other applicable privacy laws. We are required to provide you with this notice annually and whenever we make material changes to our privacy practices.

## 2. Information We Collect

### 2.1 Personal Information

We collect various types of personal information necessary to provide our R&D tax credit services, including:

**Identity Information:**
– Full legal name and any business names or aliases
– Date of birth and Social Security Number or Employer Identification Number
– Government-issued identification documents (driver’s license, passport, etc.)
– Professional licenses and certifications
– Business registration documents and corporate structure information

**Contact Information:**
– Mailing address, email address, and telephone numbers
– Business address and registered agent information
– Emergency contact information
– Preferred communication methods and language preferences

**Financial Information:**
– Bank account information, including account numbers and routing numbers
– Credit card and payment method information
– Tax identification numbers and previous tax filings
– Financial statements, profit and loss statements, and cash flow information
– Payroll records and employee compensation data
– Business expense records and receipts
– Investment and asset information

**Business and Research Information:**
– Business structure, ownership, and operational details
– Research and development activities and expenditures
– Employee information and contractor relationships
– Intellectual property and patent information
– Software development activities and technical documentation
– Project timelines, budgets, and resource allocation

### 2.2 Technical Information

When you use our Service, we automatically collect certain technical information:

**Device and Browser Information:**
– IP address, browser type, and operating system
– Device identifiers and mobile device information
– Screen resolution and display preferences
– Time zone and language settings

**Usage Information:**
– Pages visited, time spent on our Service, and navigation patterns
– Search queries and form submissions
– File uploads and downloads
– Feature usage and interaction patterns

**Cookies and Tracking Technologies:**
– Session cookies for authentication and security
– Persistent cookies for user preferences and analytics
– Web beacons and pixel tags for performance monitoring
– Third-party analytics and advertising cookies (with your consent)

### 2.3 Information from Third Parties

We may receive information about you from various third-party sources:

**Financial Institutions (via Plaid):**
– Bank account balances and transaction history
– Account ownership verification
– Payment processing information
– Credit and debit card transaction data

**Government Agencies:**
– IRS transcript information and tax filing status
– Business registration and licensing information
– Professional credential verification
– Regulatory compliance records

**Business Partners and Service Providers:**
– Identity verification services
– Credit reporting agencies
– Professional references and recommendations
– Industry databases and directories

## 3. How We Use Your Information

### 3.1 Primary Business Purposes

We use your personal information to provide our core R&D tax credit services:

**Service Delivery:**
– Calculating and preparing R&D tax credit claims and Form 6765
– Analyzing your business activities to identify qualifying research expenses
– Preparing and filing amended tax returns and supporting documentation
– Communicating with the IRS and state tax authorities on your behalf
– Monitoring the status of your tax credit claims and refund processing
– Providing ongoing support and consultation regarding your R&D activities

**Financial Processing:**
– Processing payments for our services through Stripe and other payment processors
– Monitoring your bank accounts for refund deposits via Plaid integration
– Executing automated collection of service fees upon refund receipt
– Managing payment plans, refunds, and billing disputes
– Maintaining financial records for accounting and tax purposes

**Compliance and Verification:**
– Verifying your identity and business legitimacy
– Conducting due diligence and risk assessments
– Ensuring compliance with IRS regulations and professional standards
– Maintaining records required by law and regulatory authorities
– Responding to government inquiries and audit requests

### 3.2 Secondary Business Purposes

**Customer Service and Support:**
– Responding to your inquiries, requests, and complaints
– Providing technical support and troubleshooting assistance
– Conducting customer satisfaction surveys and feedback collection
– Training our staff to better serve your needs
– Developing and improving our service offerings

**Business Operations:**
– Managing our internal business operations and administration
– Conducting financial planning, budgeting, and forecasting
– Performing data analytics to improve our services and efficiency
– Maintaining and updating our technology infrastructure
– Ensuring business continuity and disaster recovery planning

**Legal and Regulatory Compliance:**
– Complying with applicable laws, regulations, and industry standards
– Responding to legal process, court orders, and government requests
– Investigating and preventing fraud, security breaches, and illegal activities
– Maintaining records for audit and examination purposes
– Protecting our legal rights and interests

### 3.3 Marketing and Communications

With your consent, we may use your information for:

**Service-Related Communications:**
– Sending updates about your R&D credit claims and account status
– Providing educational content about tax law changes and opportunities
– Offering additional services that may benefit your business
– Inviting you to webinars, seminars, and educational events

**Marketing Activities:**
– Sending promotional materials about our services (with opt-out options)
– Conducting market research and customer analysis
– Developing targeted marketing campaigns and content
– Participating in industry events and professional networking

## 4. Information Sharing and Disclosure

### 4.1 Authorized Disclosures

We may share your personal information in the following circumstances:

**With Your Consent:**
– When you explicitly authorize us to share information with third parties
– For specific purposes you have requested or approved
– To facilitate services you have requested from our partners
– In response to your direct instructions or requests

**Service Providers and Business Partners:**
– **Plaid Technologies Inc.**: For bank account monitoring and transaction verification
– **Stripe Inc.**: For payment processing and financial transactions
– **Cloud Service Providers**: For secure data storage and backup services
– **Professional Service Firms**: For legal, accounting, and consulting services
– **Technology Vendors**: For software development, maintenance, and support

**Government Agencies and Regulatory Bodies:**
– **Internal Revenue Service**: For tax return preparation and credit claim processing
– **State Tax Authorities**: For state-specific tax compliance and reporting
– **Financial Regulators**: For compliance with banking and financial services laws
– **Law Enforcement**: In response to valid legal process and investigations

### 4.2 Legal and Regulatory Requirements

We are required by law to disclose information in certain circumstances:

**Tax and Financial Reporting:**
– Reporting suspicious activities to FinCEN and other regulatory agencies
– Providing information for tax examinations and audits
– Complying with anti-money laundering (AML) and know-your-customer (KYC) requirements
– Responding to subpoenas, court orders, and other legal process

**Professional Standards:**
– Meeting obligations under IRS Circular 230 and professional conduct rules
– Providing information for professional licensing and regulatory examinations
– Cooperating with investigations by professional organizations and regulatory bodies
– Maintaining records for quality assurance and peer review purposes

### 4.3 Business Transfers

In the event of a merger, acquisition, or sale of our business:
– Your information may be transferred to the acquiring entity
– We will provide notice of any such transfer and changes to this Privacy Policy
– The acquiring entity will be bound by the same privacy commitments
– You will have the right to opt-out of certain uses of your information

### 4.4 Information We Do Not Share

**Prohibited Disclosures:**
– We do not sell your personal information to third parties for marketing purposes
– We do not rent or lease customer lists to outside organizations
– We do not share information with competitors or unauthorized parties
– We do not use your information for purposes unrelated to our services

**Limited Sharing:**
– Information shared with service providers is limited to what is necessary for their services
– We require all service providers to maintain confidentiality and security standards
– Third parties are prohibited from using your information for their own purposes
– We monitor and audit third-party compliance with our privacy requirements

## 5. Data Security and Protection

### 5.1 Security Measures

We implement comprehensive security measures to protect your personal information:

**Technical Safeguards:**
– End-to-end encryption for all data transmission and storage
– Multi-factor authentication for account access and administrative functions
– Regular security assessments and penetration testing
– Intrusion detection and prevention systems
– Secure backup and disaster recovery procedures

**Physical Safeguards:**
– Restricted access to facilities and equipment containing personal information
– Secure storage of physical documents and media
– Environmental controls to protect against natural disasters and equipment failure
– Surveillance and monitoring systems for facility security
– Proper disposal and destruction of sensitive materials

**Administrative Safeguards:**
– Employee background checks and security training programs
– Role-based access controls and need-to-know principles
– Regular review and updating of security policies and procedures
– Incident response and breach notification protocols
– Vendor management and third-party security assessments

### 5.2 Data Retention

**Retention Periods:**
– Tax-related information: Retained for seven (7) years after the last service date
– Financial transaction records: Retained for five (5) years as required by law
– Communication records: Retained for three (3) years for quality assurance
– Marketing preferences: Retained until you opt-out or close your account
– Technical logs: Retained for one (1) year for security and troubleshooting

**Secure Disposal:**
– Electronic data is securely deleted using industry-standard methods
– Physical documents are shredded or incinerated by certified vendors
– Storage media is physically destroyed when no longer needed
– We maintain certificates of destruction for audit purposes
– Disposal activities are logged and monitored for compliance

### 5.3 Breach Response

In the event of a data security incident:
– We will investigate and contain the incident immediately
– Affected individuals will be notified within 72 hours when required by law
– Regulatory authorities will be notified as required
– We will provide credit monitoring services if appropriate
– Our incident response plan will be activated to prevent future occurrences

## 6. Your Privacy Rights

### 6.1 General Rights

You have the following rights regarding your personal information:

**Access Rights:**
– Request a copy of the personal information we maintain about you
– Obtain information about how we collect, use, and share your information
– Review the sources of your personal information in our possession
– Understand the business purposes for which we process your information

**Correction Rights:**
– Request correction of inaccurate or incomplete personal information
– Update your contact information and communication preferences
– Modify your account settings and service preferences
– Provide additional information to complete your records

**Deletion Rights:**
– Request deletion of your personal information, subject to legal and regulatory requirements
– Close your account and request removal from marketing communications
– Request deletion of specific categories of information
– Understand limitations on deletion due to legal retention requirements

**Portability Rights:**
– Request a copy of your personal information in a structured, machine-readable format
– Transfer your information to another service provider (where technically feasible)
– Obtain copies of documents and records we maintain on your behalf
– Receive information in the format of your choice when possible

### 6.2 California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have additional rights under the CCPA:

**Right to Know:**
– The categories of personal information we collect about you
– The categories of sources from which we collect personal information
– The business or commercial purposes for collecting personal information
– The categories of third parties with whom we share personal information
– The specific pieces of personal information we have collected about you

**Right to Delete:**
– Request deletion of personal information we have collected from you
– Understand exceptions to deletion, including legal and regulatory requirements
– Receive confirmation when your information has been deleted
– Know that deletion may affect our ability to provide services to you

**Right to Opt-Out:**
– Opt-out of the sale of your personal information (Note: We do not sell personal information)
– Opt-out of targeted advertising and marketing communications
– Withdraw consent for certain uses of your information
– Modify your privacy preferences at any time

**Right to Non-Discrimination:**
– We will not discriminate against you for exercising your CCPA rights
– We will not deny services, charge different prices, or provide different service levels
– We may offer incentives for certain uses of information with your consent
– You may decline incentives without penalty

### 6.3 Florida Digital Bill of Rights (FDBR)

If you are a Florida resident, you have rights under the Florida Digital Bill of Rights:

**Consumer Rights:**
– Confirm whether we process your personal data
– Access your personal data and obtain a copy
– Correct inaccuracies in your personal data
– Delete personal data provided by or obtained about you
– Obtain a copy of your personal data in a portable format

**Data Processing Transparency:**
– Know the purposes for which your personal data is processed
– Understand the categories of personal data we process
– Know the categories of third parties with whom we share data
– Understand the length of time we retain your personal data

### 6.4 European Union General Data Protection Regulation (GDPR)

If you are located in the European Union, you have rights under the GDPR:

**Lawful Basis for Processing:**
– We process your information based on contract performance, legal obligations, or legitimate interests
– We will obtain your consent for certain processing activities
– You may withdraw consent at any time without affecting prior processing
– We will inform you of the lawful basis for each processing activity

**Data Subject Rights:**
– Right of access to your personal data
– Right to rectification of inaccurate data
– Right to erasure (“right to be forgotten”)
– Right to restrict processing
– Right to data portability
– Right to object to processing
– Rights related to automated decision-making and profiling

### 6.5 Exercising Your Rights

**How to Submit Requests:**
– Email: privacy@bbbpayouts.com
– Phone: 1-800-BBB-PAYOUT (1-800-222-7296)
– Mail: Visualize One Inc, Privacy Officer, [Address to be provided]
– Online: Through your account dashboard or our privacy portal

**Request Processing:**
– We will respond to your request within 45 days (or as required by applicable law)
– We may extend the response time by an additional 45 days if necessary
– We will verify your identity before processing requests
– We may charge a reasonable fee for excessive or repetitive requests
– We will provide information about any fees before processing your request

**Verification Requirements:**
– We may require additional information to verify your identity
– For sensitive requests, we may require additional authentication
– Authorized agents may submit requests on your behalf with proper documentation
– We will not process requests that we cannot verify

## 7. Third-Party Services and Integrations

### 7.1 Plaid Technologies Inc.

**Service Description:**
Plaid provides bank account connectivity and financial data aggregation services that allow us to monitor your bank accounts for R&D tax credit refund deposits and verify account ownership.

**Information Shared:**
– Bank account credentials (encrypted and tokenized)
– Account balances and transaction history
– Account ownership verification data
– Payment processing information

**Plaid’s Privacy Practices:**
– Plaid maintains its own privacy policy available at https://plaid.com/legal/
– Plaid does not sell or rent your personal information
– Plaid uses bank-level security measures to protect your data
– You can revoke Plaid’s access to your accounts at any time

**Your Rights with Plaid:**
– Access your data held by Plaid
– Request deletion of your data from Plaid’s systems
– Opt-out of certain data uses by Plaid
– Contact Plaid directly regarding their privacy practices

### 7.2 Stripe Inc.

**Service Description:**
Stripe provides payment processing services that allow us to collect service fees and process refunds securely.

**Information Shared:**
– Payment method information (credit cards, bank accounts)
– Transaction amounts and dates
– Billing address and contact information
– Merchant account and business information

**Stripe’s Privacy Practices:**
– Stripe maintains its own privacy policy available at https://stripe.com/privacy
– Stripe complies with PCI DSS standards for payment security
– Stripe may use your information for fraud prevention and compliance
– Stripe does not sell your personal information to third parties

**Payment Security:**
– All payment information is encrypted and tokenized
– We do not store complete payment method information
– Stripe maintains SOC 1 and SOC 2 compliance
– Regular security audits and assessments are conducted

### 7.3 Other Third-Party Services

**Analytics and Performance:**
– Google Analytics for website usage analysis (with anonymized IP addresses)
– Performance monitoring tools for service optimization
– Customer support platforms for service delivery
– Communication tools for client interaction

**Professional Services:**
– Legal counsel for regulatory compliance and contract review
– Accounting firms for financial reporting and tax compliance
– Technology consultants for system development and maintenance
– Security firms for cybersecurity assessments and monitoring

**Data Processing Agreements:**
– All third-party service providers sign data processing agreements
– Agreements include confidentiality and security requirements
– Regular audits ensure compliance with our privacy standards
– Providers are required to notify us of any security incidents

## 8. International Data Transfers

### 8.1 Cross-Border Transfers

**Transfer Mechanisms:**
– We may transfer your information to service providers located outside the United States
– All international transfers are protected by appropriate safeguards
– We use Standard Contractual Clauses approved by regulatory authorities
– Adequacy decisions and certification programs provide additional protection

**Countries and Regions:**
– European Union (for cloud storage and backup services)
– Canada (for customer support and technical services)
– Other countries with adequate privacy protections as determined by law
– We maintain a list of all countries where your data may be processed

### 8.2 Safeguards for International Transfers

**Legal Protections:**
– Binding corporate rules for intra-group transfers
– Standard Contractual Clauses for third-party transfers
– Adequacy decisions by regulatory authorities
– Certification programs and codes of conduct

**Technical Protections:**
– Encryption of data in transit and at rest
– Access controls and authentication requirements
– Regular security assessments and audits
– Incident response and breach notification procedures

## 9. Children’s Privacy

### 9.1 Age Restrictions

**Service Limitations:**
– Our services are not intended for individuals under 18 years of age
– We do not knowingly collect personal information from children
– Business owners must be at least 18 years old to use our services
– Parents and guardians may not create accounts on behalf of minors

**COPPA Compliance:**
– We comply with the Children’s Online Privacy Protection Act (COPPA)
– If we learn that we have collected information from a child under 13, we will delete it
– Parents may contact us to review, delete, or refuse further collection of their child’s information
– We do not condition participation in activities on disclosure of more information than necessary

### 9.2 Verification Procedures

**Age Verification:**
– We verify the age of account holders during registration
– Government-issued identification may be required
– Business registration documents must show adult ownership
– We may refuse service to individuals who cannot verify their age

## 10. Changes to This Privacy Policy

### 10.1 Policy Updates

**Notification of Changes:**
– We will notify you of material changes to this Privacy Policy
– Notice will be provided at least 30 days before changes take effect
– We will post updated policies on our website with the effective date
– Continued use of our services constitutes acceptance of changes

**Types of Changes:**
– Changes required by law or regulation
– Changes to improve privacy protections
– Changes related to new services or features
– Changes based on customer feedback and industry best practices

### 10.2 Your Options

**Response to Changes:**
– You may opt-out of new uses of your information
– You may close your account if you disagree with changes
– You may contact us with questions or concerns about changes
– We will work with you to address any privacy concerns

## 11. Contact Information

### 11.1 Privacy Officer

**Visualize One Inc**
**Privacy Officer**
**Email:** privacy@bbbpayouts.com
**Phone:** 1-800-BBB-PAYOUT (1-800-222-7296)
**Mail:** [Physical address to be provided]

**Business Hours:**
– Monday – Friday: 9:00 AM – 6:00 PM EST
– Saturday: 10:00 AM – 2:00 PM EST
– Sunday: Closed
– Emergency contact available 24/7 for security incidents

### 11.2 Regulatory Contacts

**For complaints or concerns about our privacy practices:**

**Federal Trade Commission**
Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
Phone: 1-877-FTC-HELP (1-877-382-4357)
Website: https://www.ftc.gov/

**Florida Attorney General**
Office of the Attorney General
Consumer Protection Division
Tallahassee, FL 32399
Phone: 1-866-9-NO-SCAM (1-866-966-7226)
Website: https://www.myfloridalegal.com/

**California Attorney General** (for California residents)
Privacy Enforcement and Protection Unit
1300 I Street
Sacramento, CA 95814
Phone: 1-916-210-6276
Website: https://oag.ca.gov/privacy

## 12. Effective Date and Acknowledgment

This Privacy Policy is effective as of January 1, 2025. By using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Use.

**Annual Notice Requirement:** In compliance with the Gramm-Leach-Bliley Act, we will provide you with an updated copy of this Privacy Policy annually and whenever we make material changes to our privacy practices.

**Document Version:** 1.0
**Last Reviewed:** January 1, 2025
**Next Review Date:** January 1, 2026

*This Privacy Policy has been prepared in compliance with applicable federal and state privacy laws, including the Gramm-Leach-Bliley Act, Fair Credit Reporting Act, California Consumer Privacy Act, Florida Digital Bill of Rights, and General Data Protection Regulation. For questions about this policy or our privacy practices, please contact our Privacy Officer using the information provided above.*

E-mail
Password
Confirm Password