iBuyPoints
Home
Resources How It Works Reviews About Contact
(516) 888-9600

Legal

Privacy Policy

Last updated: May 26, 2026

This Privacy Policy explains how iBuyPoints ("we," "us," or "our") collects, uses, shares, and protects information about you when you visit our website, request a quote, sell loyalty points or miles to us, or otherwise communicate with us. By using our website or services, you agree to the practices described here. If you do not agree, do not use our website or services.

iBuyPoints is operated from Cedarhurst, NY, United States. We are an independent broker. We are not affiliated with, endorsed by, or sponsored by any airline, hotel, credit card issuer, or loyalty program referenced on this website.

1. Information we collect

We collect information in three categories:

a. Information you provide to us

  • Identity and contact information: name, email address, phone number, country, mailing address.
  • Transaction information: loyalty program, points or miles balance, account identifiers needed to verify ownership, and other details required to complete a sale.
  • Identity verification information: government-issued identification, selfie or liveness images, date of birth, and other documentation collected through our identity-verification provider for know-your-customer (KYC) and anti-money-laundering (AML) compliance.
  • Payment information: your PayPal email or account identifier used to receive funds.
  • Communications: messages you send to us by email, phone, chat, or form submission, including recordings and transcripts of phone calls where permitted by law.

b. Information collected automatically

  • Device and connection data: IP address, browser type and version, operating system, device type, referring URL, pages viewed, and timestamps.
  • Cookies and similar technologies: small data files placed on your device for session management, analytics, attribution, fraud detection, and limited advertising measurement. You can control cookies through your browser settings.
  • Marketing-attribution parameters: UTM codes, click identifiers, and similar parameters that travel with your visit.

c. Information from third parties

  • Identity-verification providers (for example, Sumsub) returning verification outcomes and risk signals.
  • Fraud-prevention and risk-scoring vendors.
  • Loyalty program partners or their authorized service providers, where confirmation of account ownership or balance is required to complete a sale.
  • Public records, sanctions and watchlist databases, and other compliance sources.

2. How we use information

We use the information we collect to:

  • Provide quotes, process sales of points or miles, and deliver payment via PayPal.
  • Verify your identity, confirm account ownership, and prevent fraud, money laundering, and other unlawful activity.
  • Communicate with you about your quote, your sale, customer service requests, and operational matters.
  • Send promotional emails about our services. You can opt out at any time by following the unsubscribe instructions in any marketing email.
  • Comply with applicable law, respond to legal process, enforce our Terms of Service, and protect our rights, property, and users.
  • Operate, secure, and improve our website and services, including analytics, debugging, and product development.

3. How we share information

We share information in the following limited circumstances:

  • Service providers. We share information with vendors that help us operate our business, including hosting and infrastructure (Cloudflare), database and storage (Supabase), email delivery (Resend), identity verification (Sumsub), payment processing (PayPal), and analytics and advertising measurement (including Google). For advertising measurement, a limited set of identifiers, such as an irreversibly hashed version of your email address or phone number, may be shared with Google solely to attribute and measure the performance of our ads; this is not used to identify you to third parties. These vendors are bound by contract to use information only to provide services to us.
  • Loyalty program partners. Information necessary to complete a points or miles transfer may be shared with the relevant loyalty program or its authorized partners. We do not control how those entities use information; their privacy policies govern their use.
  • Legal and compliance. We may disclose information to government authorities, regulators, law enforcement, or other third parties when we believe in good faith that disclosure is required by law, necessary to comply with legal process, or appropriate to investigate or prevent fraud, security incidents, or harm to any person or property.
  • Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.
  • With your consent. We may share information for any other purpose disclosed to you with your consent.

We do not sell your personal information to third parties for their own marketing purposes.

4. Cookies, analytics, and advertising

We and our service providers use cookies, pixels, local storage, device and online identifiers, and similar technologies to operate the site, remember your preferences, measure traffic and conversion, and support advertising. Our measurement may associate your activity across different pages, sessions, and devices, and may include actions that take place after you leave the site, so we can understand which marketing brought you to us and how well it performs. You can disable cookies through your browser settings, but parts of the site may not function correctly. Many browsers offer a "Do Not Track" signal; because there is no industry-standard interpretation of this signal, we do not respond to it.

5. Data retention

We retain information for as long as necessary to provide our services, comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. Transaction records and identity-verification records are typically retained for at least seven (7) years after a sale to satisfy financial-recordkeeping and AML requirements. Some information may be retained longer if required by law.

6. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect information, including encryption in transit, restricted access controls, and vetted service providers. No method of transmission or storage is perfectly secure. We cannot guarantee absolute security, and you use our services at your own risk. If we learn of a security incident affecting your information, we will notify you and any regulator as required by applicable law.

7. Your choices and rights

Depending on where you live, you may have the right to:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your information, subject to limitations and our legal-retention obligations.
  • Object to or restrict certain processing, or request data portability.
  • Opt out of marketing communications at any time.
  • Withdraw consent where processing is based on consent (without affecting prior processing).

To exercise any of these rights, contact us at sales@ibuypoints.com. We may need to verify your identity before responding. We will respond within the time required by applicable law. We reserve the right to refuse requests that are unreasonable, repetitive, or otherwise excessive, or where retention is required for legal, security, or compliance reasons.

California residents. If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the rights described above and the right to non-discrimination for exercising your rights. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under California law.

Other US states. Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws have similar rights. Contact us at the email above to submit a request.

8. International users

iBuyPoints is operated in the United States. If you access our services from outside the United States, your information will be transferred to, stored in, and processed in the United States or other countries where our service providers operate. By using the services, you consent to that transfer and to processing under United States law, which may not provide the same protections as the laws of your country.

9. Children

Our services are not directed to and are not intended for children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

10. Third-party websites

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party website you visit.

11. Changes to this policy

We may update this Privacy Policy at any time. The "Last updated" date at the top of this page reflects when the most recent changes took effect. Material changes may also be communicated through the website or by email. Your continued use of our services after a change becomes effective constitutes acceptance of the updated policy.

12. How to contact us

Questions, requests, and concerns about this Privacy Policy or our handling of your information can be sent to:

iBuyPoints

124 Cedarhurst Ave Suite 200

Cedarhurst, NY 11516

sales@ibuypoints.com

(516) 888-9600

Call Now Get a Quote