Login or Pay Now
REQUEST A DEMO

Privacy Policy

LAST UPDATED: July 2025

 

1. Introduction & Scope

This Privacy Policy explains how re:Members LLC (“re:Members”, “Company,” “we,” “our,” or “us”) collects, uses, discloses, and protects your personal information when you use our websites (e.g., www.remembers.com), applications, attend events, interact with us online or offline, or otherwise use our services (“Services”).

This Policy applies globally to all personal data processed by re:Members, including that of users, clients, and business partners. We act primarily as a data processor on behalf of clients (data controllers) and in limited cases as a data controller (e.g., for internal HR, legal compliance, or marketing).

Although we contract directly with U.S.-based clients, we may process personal information of individuals from the EU, UK, Switzerland, and Canada on behalf of those clients in our role as a data processor. Such processing is conducted in compliance with applicable data protection frameworks, including the DPF, GDPR, FADP, and PIPEDA.

We comply with all applicable privacy laws, including:

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Other U.S. state privacy laws
  • Canada’s PIPEDA and Quebec’s Law 25
  • EU and UK General Data Protection Regulation (GDPR)
  • Swiss Federal Act on Data Protection (FADP)
  • EU-U.S., UK, and Swiss-U.S. Data Privacy Frameworks (DPF)

 

2. Information We Collect

We may collect the following categories of personal information:

  • Identifiers: Name, email, address, phone number, IP address
  • Account Information: Username, password, preferences
  • Financial Information: Payment data (e.g., tokenized card details, bank account info)
  • Commercial Information: Records of transactions and interactions
  • Internet Activity: Browsing data, search history, usage interactions
  • Geolocation Data: Derived from your IP address
  • Professional/Employment Data: For organizational/business accounts
  • Sensitive Personal Information: Racial/ethnic origin or precise geolocation (where permitted and applicable)
  • Cookies and Tracking Technologies: See our Cookie Notice

 

3. How We Collect Information

We collect personal data in the following ways:

  • Directly from you: When you complete forms, register, contact us, or engage with services
  • Automatically: Through cookies, web beacons, and similar tech
  • From Third Parties: Including service providers, analytics vendors, and business partners

 

4. How We Use Your Information

We only process personal information when we have a lawful basis, such as consent, contract necessity, legal obligation, or legitimate interests. Uses include:

  • Operating and improving our Services
  • Processing payments and managing accounts
  • Communicating with users
  • Sending marketing (with opt-out options)
  • Preventing fraud and ensuring security
  • Complying with legal and regulatory obligations
  • Supporting audits and service enhancements

 

5. Legal Bases for Processing (GDPR, FADP)

For residents of the EU, UK, or Switzerland, when we act as a data controller or where applicable, we rely on the following legal bases:

  • Consent
  • Performance of a Contract
  • Legal Obligation
  • Legitimate Interests, provided these are not overridden by your rights

 

6. Disclosure of Personal Information

We do not sell personal information or share it for cross-context behavioral advertising as defined under the California Privacy Rights Act (CPRA). We disclose personal information only as permitted by applicable data protection laws, and only for lawful, specific, and legitimate purposes. Disclosures may include:

  • Service Providers and Processors:
    We share information with third-party service providers and processors who perform services on our behalf—such as cloud hosting, payment processing, identity verification, fraud detection, analytics, and customer support. These providers are contractually bound to process personal information only as instructed by us and in compliance with applicable privacy laws (e.g., GDPR Article 28).
  • Governmental, Regulatory, or Law Enforcement Authorities:
    We may disclose personal information where required to do so by applicable law, regulation, legal process, or enforceable governmental request (e.g., GDPR Article 6(1)(c), PIPEDA s.7(3), CPRA).
  • Affiliates and Business Partners:
    We may share information with affiliates or trusted business partners for internal administrative purposes, or where necessary to provide our services and consistent with this Privacy Policy. Where required by law, such sharing will be based on a valid legal basis and with appropriate safeguards.
  • Corporate Transactions:
    In the event of a merger, acquisition, bankruptcy, or sale of assets, we may disclose or transfer personal information to the relevant third parties as part of the transaction, subject to confidentiality requirements and applicable legal obligations.
  • With Consent or as Otherwise Permitted by Law:
    In limited situations, we may share personal information with third parties when we have obtained your explicit consent (e.g., GDPR Article 6(1)(a), PIPEDA) or where otherwise permitted or required by applicable law.

We ensure that any such disclosures are limited to the minimum necessary, and that appropriate contractual, organizational, and technical safeguards are in place to protect personal information in line with international data protection laws, including the GDPR, UK GDPR, Swiss FADP, Canada’s PIPEDA, and relevant U.S. state and federal laws (e.g., CPRA, GLBA).

Onward Transfers and Liability under the Data Privacy Framework

In compliance with the Data Privacy Framework (DPF) Principles, we may transfer personal data to third-party service providers (agents) to perform tasks on our behalf, such as cloud hosting or analytics. These providers are contractually obligated to process such information only for authorized purposes and in accordance with applicable privacy laws and DPF Principles.

We remain liable under the DPF Principles if our agent processes such personal information in a manner inconsistent with those Principles, unless we can prove that we are not responsible for the event, giving rise to the damage.

While we do not currently transfer personal information to third parties acting as independent controllers, if such transfers occur in the future, we will comply with the DPF Notice and Choice Principles and ensure adequate protections through appropriate contracts and safeguards.

 

7. International Data Transfers

Data Privacy Framework Participation

re:Members complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, as certified by the U.S. Department of Commerce. If there’s any conflict between this policy and the DPF Principles, the Principles govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Cross-Border Data Transfers and Safeguards

We may transfer personal information to countries outside your jurisdiction, including the United States, where data protection laws may differ. Where required, we implement appropriate safeguards to ensure your data remains protected, including:

  • EU/EEA: Standard Contractual Clauses (SCCs) under GDPR Article 46, with supplementary measures as needed.
  • UK: UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs.
  • Switzerland: Swiss-adjusted SCCs under the revised Federal Data Protection Act (FADP).
  • Canada: Contractual and technical safeguards aligned with PIPEDA and Quebec’s Law 25.

Where applicable, we conduct Transfer Impact Assessments (TIAs) and require that recipients provide an equivalent level of protection. While we may process data in countries with different laws, we do not rely solely on consent unless legally appropriate.

By using our services, you acknowledge that your data may be transferred internationally, subject to these safeguards.

 

8. Your Privacy Rights

Depending on your jurisdiction, your rights may include:

  • Access to personal information
  • Correction of inaccurate data
  • Deletion (“Right to be Forgotten”)
  • Data Portability
  • Restriction of sensitive data use (e.g., California)
  • Opt-out of sale/sharing (where applicable)
  • Withdraw consent
  • Non-discrimination for exercising rights
  • Lodge complaints with regulatory authorities

To exercise your rights, contact: privacysupport@billhighway.com. We may need to verify your identity. Appeals may be submitted to JAMS  if you’re unsatisfied with the response.

 

9. Your Choices (Including DPF and CCPA/CPRA)

Under the Data Privacy Framework (DPF), you may opt out of:

  • Disclosures of personal data to third parties (except agents acting on our behalf)
  • Use of your data for purposes materially different from those originally disclosed

Under the California Privacy Rights Act (CPRA), California residents may limit the use and disclosure of sensitive personal information to uses necessary to provide our services or as otherwise permitted by law.

To exercise these rights, contact us by email, phone, or mail (see Section 15).

 

10. Data Retention

We retain data based on:

  • Legal, regulatory, and tax requirements
  • Fulfillment of contractual obligations
  • Audit and dispute resolution
  • Business needs aligned with our Data Retention Policy

Retention periods vary based on data type, processing purpose, and risk.

 

11. Security Measures

We implement technical and organizational security controls, including:

  • Encryption
  • Access control
  • Network security
  • Incident response protocols

We align with PCI DSS and industry standards. No system is perfectly secure; we notify individuals of breaches as required by law.

 

12. Automated Decision-Making & Profiling

We do not currently use automated decision-making or profiling with legal or significant effects. If this changes, we will notify users and update this Policy.

 

13. Children’s Privacy

Our Services are not intended for children under 13 (or 16 in some jurisdictions). We do not knowingly collect data from minors. If we discover or are notified of such data, we will delete it promptly.

 

14. Changes to This Policy

We may revise this Policy periodically. We will update the “Effective Date” and, where appropriate, notify users directly.

 

15. How to Contact Us

re:Members LLC
5435 Corporate Drive
Suite 300
Troy, MI 48098
Email: privacysupport@billhighway.com
Phone: 1.866.245.5499

 

16. Independent Recourse Mechanism (EU, UK, Swiss Users)

If you believe your privacy rights under the DPF were violated, please contact us first. If unresolved, you may contact JAMS . Binding arbitration may be available under specific conditions as described by the U.S. Department of Commerce: https://www.dataprivacyframework.gov.

 

17. Recourse, Enforcement, and Liability (DPF)

re:Members is subject to the enforcement powers of the U.S. Federal Trade Commission. We commit to resolving DPF-related complaints and to cooperate with JAMS in dispute resolution.

We reaffirm our adherence to the DPF Principles and maintain our certification with the U.S. Department of Commerce.

Onward Transfer Liability

As required under the DPF Principles, re:Members acknowledges that it remains responsible and liable for the processing of personal information it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. This liability applies if the agent processes such information in a manner inconsistent with the DPF Principles, unless re:Members can demonstrate it was not responsible for the event giving rise to the damage.

 

18. Our Role Under Global Privacy Laws

As a Data Processor:

For most services, re:Members processes data on behalf of clients (controllers) and follows their instructions under:

  • Data Processing Agreements (DPAs)
  • Standard Contractual Clauses (SCCs)
  • Technical and organizational measures
As a Data Controller:

In limited scenarios (e.g., internal HR, legal compliance, or marketing), we independently determine the purposes of processing and uphold all rights in this policy.

 

19. Data Privacy Framework Notice

re:Members complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  re:Members has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  re:Members has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. 

re:Members is responsible for and has liability in connection with onward transfers, specifically, where we transfer personal data from the UK, EEA, or Switzerland received in the United States pursuant to the DPF to other countries. 

In compliance with the EU-U.S. DPF Principles, we commit to resolve complaints about our collection or use of personal information.  Residents of the UK, EEA or Switzerland with inquiries or complaints regarding our Privacy Policy and DPF commitment may contact us using the information below.

We have further committed to refer unresolved privacy complaints under the EU-U.S. DPF Principles to JAMS, a non-profit alternative dispute resolution provider located in the U.S. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit JAMS  for more information and to file a complaint. The services of JAMS are provided at no cost to you.

Under certain conditions, and as a last resort, it may be possible for you to invoke binding arbitration for complaints regarding DFP compliance not resolved by any other mechanisms.

The United States Federal Trade Commission (FTC) has jurisdiction over our compliance with the DPF.  The FTC has the authority to investigate and enforce re:Members’ compliance with the DPF program.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

TRUSTe