Headquarters: (312) 940-1700

support center
contact
Facebook-f Linkedin-in Twitter Google

Privacy Policy

privacy policy

Blu Oak Group LLC Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) describes how Blu Oak Group LLC (a Wyoming limited liability company, referred to as “Blu Oak,” “we,” “our,” or “us”) and its parent company XCIX Holdings LLC collect, use, store, share, and protect personal information of individuals who visit our websites (including bluoakgroup.com and any other sites that link to this Policy), contact us by e‑mail, phone, or text message, or use our services. The principal office of Blu Oak is located at 5830 E 2nd St. #6100, Casper, WY 82609 and our operations office is at 228 S. Wabash Ave., Chicago, IL. This Policy applies to our activities in the United States and is intended to meet the requirements of federal law, Wyoming law, the Illinois Consumer Fraud and Deceptive Business Practices Act, the Telephone Consumer Protection Act (TCPA) and related Federal Communications Commission (FCC) rules, the Federal Trade Commission (FTC) guidance on unfair or deceptive practices, the CTIA Messaging Principles & Best Practices, the Illinois Biometric Information Privacy Act (BIPA), the Children’s Online Privacy Protection Act (COPPA), and other applicable laws.

The effective date of this Policy is October 24th, 2025. Please review this Policy carefully. By using our services or providing us with personal information, you consent to the practices described below. If you do not agree with our policies and practices, please do not use our services or provide us with your information.

2. Information We Collect

We collect information you provide directly to us, information we automatically collect, and information we obtain from third parties. The categories of information we collect may include:

  1. Identifiers and contact information. This includes your name, mailing address, e‑mail address, telephone number, and other identifiers you provide when you contact us or register for services.
  2. Account and transaction information. When you open an account, register for a service, or make a payment, we may collect usernames and passwords, purchase history, payment card information (processed through a PCI‑compliant provider), and related records necessary to provide the service.
  3. Communications. We collect the content of messages you send to us (including e‑mails, text messages and other communications) and your contact preferences. Under the TCPA, businesses must provide a clear and easy way to opt out of receiving future SMS messages and must process opt‑out requests within ten business days.
  4. Internet or device information. We automatically collect technical data when you visit our websites or interact with our e‑mails, such as your IP address, browser type, operating system, device identifiers, pages viewed, links clicked, and cookie data. Cookies help websites remember user preferences, enhance security, and collect analytics; they may be used for personalization, advertising, session management, and analytics.
  5. Geolocation data. We may infer an approximate location from your IP address or other information to provide localized services. We do not collect precise GPS‑based location unless you choose to share it.
  6. Biometric information (if provided). If you participate in a program that uses biometric identifiers (such as fingerprint, voiceprint, facial image, or other biometric identifier), we will collect this information only after providing written notice and obtaining a written release. Under BIPA Section 15(a), any private entity in possession of biometric identifiers must develop a written policy, made available to the public, that sets a retention schedule and guidelines for permanently destroying biometric identifiers when the initial purpose for collecting them has been satisfied or within three years of the individual’s last interaction, whichever occurs first. Section 15(b) further requires notice of the purpose and length of time for which biometric data will be collected, stored, and used, and a written release from the data subject.

We do not knowingly collect personal information from children under 13. COPPA requires operators of websites directed to children under 13, or who have actual knowledge they are collecting personal information from children, to include a detailed privacy policy, obtain verifiable parental consent, give parents access to and a right to delete their children’s data, limit information collection, and protect the confidentiality and security of children’s data. If we learn we have collected personal information from a child under 13 without parental consent, we will delete it as required by law.

3. How We Use Information

We use the information we collect for the following purposes:

  1. Providing services. To operate, maintain, and provide the features and functionality of our websites and services, including creating and managing user accounts, processing transactions, providing customer support, and delivering the products or services you request.
  2. Communications. To send administrative messages, transactional notices, appointment reminders, and service updates. We may also send marketing and promotional messages only with your prior express written consent. Under the TCPA, promotional text messages require prior express written consent; the consent must be clear, unambiguous, and not a condition of purchase.
  3. SMS/Text messaging. To provide informational text messages under our SMS program (see Section 12). Message frequency varies and message and data rates may apply.
  4. Improving and personalizing services. To understand how users interact with our services, develop new products or features, and personalize your experience. Cookies are used for personalization, security, analytics, advertising, and session management.
  5. Security and fraud prevention. To maintain the security of our services, prevent fraud, protect our rights or the rights of others, and comply with legal obligations.
  6. Legal compliance and protection. To comply with applicable laws and regulations, respond to law enforcement requests, enforce our agreements, and protect against legal liability.

4. Data Storage and Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. Measures may include encryption of sensitive information, access controls, secure servers, regular security assessments, and staff training. However, no method of transmission over the Internet or electronic storage is completely secure; we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

We store personal information only for as long as reasonably necessary for the purposes described in this Policy, to comply with legal obligations, resolve disputes, and enforce our agreements. For biometric data, BIPA requires that we permanently destroy identifiers when the initial purpose for collecting them has been satisfied or within three years of the individual’s last interaction, whichever comes first. We will maintain proof of consent and opt‑in records for SMS communications to satisfy TCPA requirements and may retain such records for at least four years, as recommended by industry practice.

5. Sharing Information

We may share your information as follows:

  1. With our parent company and affiliates. Blu Oak is wholly owned by XCIX Holdings LLC; we may share information internally for administrative and operational purposes consistent with this Policy.
  2. Service providers. We engage third‑party vendors to perform services on our behalf, such as website hosting, data storage, payment processing, analytics, SMS delivery, and customer support. These providers may access personal information only to the extent necessary to perform their functions and are contractually obligated to protect it.
  3. Legal and regulatory authorities. We may disclose information if required to do so by law or legal process, for example in response to a subpoena, court order, or government request, or to protect the rights and safety of Blu Oak, our customers, or others.
  4. Business transfers. If we undertake or are involved in any merger, acquisition, reorganization, sale of assets, or bankruptcy, we may transfer personal information to the successor entity. We will notify you of any such transaction and any choices you may have regarding your information.
  5. With your consent. We may share information with third parties when you give us your consent to do so. We do not sell personal information nor share SMS opt‑in data with third parties for marketing purposes, in compliance with CTIA guidelines and state laws.

6. Cookies and Tracking Technologies

We and our partners use cookies and similar technologies (e.g., web beacons, pixels) to collect information automatically when you visit our websites or open our e‑mails. Cookies are small text files stored on your device that allow our websites to remember your preferences, enhance security, manage sessions, and improve user experience.

Cookies may be first‑party (set by Blu Oak) or third‑party (set by our service providers). They may be session cookies that expire when you close your browser or persistent cookies that remain on your device until they expire or you delete them. We use cookies for several purposes, including:

  • Personalization: remembering your preferences, such as language or theme, to provide a consistent experience.
  • Security: identifying you during sessions and preventing unauthorized access.
  • Analytics: collecting data about how users interact with our site to improve functionality.
  • Advertising: delivering relevant advertisements based on your interests.
  • Session management: maintaining your logged‑in status as you navigate our site.

You can control and manage cookies in your browser settings. Most browsers allow you to refuse or delete cookies; however, refusing cookies may affect the functionality of our services.

Our websites may contain links to third‑party websites or services that are not owned or controlled by Blu Oak. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information. Our services may also include features from third‑party platforms (such as social media plugins), which may collect information about you when you interact with them. Any information collected by these third parties is governed by their privacy policies and practices.

8. Your Privacy Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information. We extend the following rights to all individuals, regardless of their place of residence, subject to applicable law:

  1. Right to know and access. You may request that we disclose the categories and/or specific pieces of personal information we have collected about you, the categories of sources from which we collected that information, the purposes for collecting it, the categories of third parties with whom we share it, and the categories of information disclosed.
  2. Right to delete. You may request that we delete personal information we have collected from you, subject to exceptions (such as when we must retain it to comply with law, complete a transaction, detect security incidents, or protect against illegal activities).
  3. Right to opt‑out of sales and sharing. You may direct us not to sell or share your personal information; Blu Oak does not sell personal information and does not share SMS opt‑in data with third parties for marketing.
  4. Right to correct. You may request that we correct inaccurate personal information we hold about you.
  5. Right to limit use of sensitive information. You may direct us to limit our use and disclosure of sensitive personal information (such as government identifiers, financial account numbers, precise geolocation, biometric data) to purposes necessary to provide services.
  6. Right to withdraw consent. Where we rely on consent to process your information, you may withdraw that consent at any time, including withdrawing consent to receive SMS messages by replying STOP.
  7. Right to non‑discrimination. We will not discriminate against you for exercising any of your privacy rights.

To exercise these rights, please contact us using the information in Section 15. We may need to verify your identity before processing your request. We will respond within the timeframe required by applicable law (generally within 45 days) and may extend the response period with notice when permitted. You may also authorize an agent to make requests on your behalf; we may require proof of authorization and identity.

9. Data Retention

We retain personal information for as long as necessary to achieve the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Factors we consider when determining retention periods include the nature of the information, the purposes for which it is collected, legal obligations, potential disputes, and our need to comply with record‑keeping obligations.

For biometric identifiers and information, BIPA requires a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers when the initial purpose for collection has been satisfied or within three years of the individual’s last interaction, whichever occurs first. We will provide notice and obtain a written release before collecting biometric data and will destroy such data in accordance with our published schedule.

10. Biometric Information (BIPA Compliance)

If Blu Oak collects biometric identifiers or biometric information (for example, fingerprints, voiceprints, or other unique biological characteristics) from employees, customers, or other individuals, we will comply with the Illinois Biometric Information Privacy Act. This includes:

  1. Written policy. Maintaining a publicly available written policy that establishes a retention schedule and guidelines for permanently destroying biometric identifiers when the purpose for collection has been satisfied or within three years of the individual’s last interaction, whichever occurs first.
  2. Notice and consent. Providing written notice before collecting biometric data, informing the individual of the purpose and length of term for which the data will be collected, stored, and used, and obtaining a written release authorizing collection.
  3. Prohibition on sale. We will not sell, lease, trade, or otherwise profit from biometric data.
  4. Restricted disclosure. We will only disclose biometric data when permitted by law, with the individual’s consent, to complete a requested transaction, or pursuant to a court order.
  5. Security. Biometric data will be stored, transmitted, and destroyed using reasonable standards of care, at least as protective as the manner in which we safeguard other confidential and sensitive information.

11. Children’s Privacy (COPPA)

Our services are not directed to children under 13 years of age. COPPA requires operators of websites and online services directed to children under 13 to include a detailed privacy policy, obtain verifiable parental consent before collecting personal information, disclose to parents the information collected, provide a right to revoke consent and have information deleted, limit collection of personal information, and protect the confidentiality and security of children’s data. Blu Oak does not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information without parental consent, we will take steps to remove such information and terminate the child’s account. Parents or guardians who believe that their child has provided us with personal information may contact us at info@bluoakgroup.com.

12. SMS/Text Messaging Program

12.1 Program Description and Purpose

Blu Oak offers an optional text messaging program (the “Blu Oak SMS Program”) to facilitate communication with existing or prospective customers regarding customer service matters, appointment reminders, service updates, and other non‑telemarketing, informational, or transactional messages. No unsolicited marketing text messages will be sent. Opting in to receive SMS messages is not a condition of purchasing any goods or services.

Participation in the Blu Oak SMS Program requires prior express written consent, as required by the TCPA. Our opt‑in process includes clear and conspicuous disclosure that you will receive automated SMS messages, that your consent is voluntary and not a condition of purchase, the expected message frequency, and that message and data rates may apply. An example of compliant opt‑in language is: “By providing your phone number and clicking ‘Submit,’ you agree to receive automated text messages from Blu Oak for customer service purposes.  Consent is not a condition of purchase.  Message frequency varies; message and data rates may apply.  Reply STOP to cancel.” You must confirm your consent by responding to a confirmation message.

12.3 Message Frequency and Cost

The number of messages you receive will vary based on your interactions with us (e.g., when you schedule or change an appointment, request information, or ask for support). We disclose expected message frequency in our opt‑in message (e.g., “Up to 3 messages per week”). Message and data rates may apply.

12.4 Opt‑Out Mechanism

You may opt out of the Blu Oak SMS Program at any time by replying STOP to any SMS message you receive. We will process your opt‑out request promptly, typically within a few minutes, and at most within ten business days. After receiving your opt‑out request, we may send one additional message confirming your decision, as permitted by the TCPA. Once you opt out, we will remove your phone number from our SMS list and you will no longer receive messages unless you opt in again.

12.5 Help Instructions

For assistance with the Blu Oak SMS Program, reply HELP to any message or contact us at sms@bluoakgroup.com or 312.940.1700. Our messages will include a disclosure such as “Reply HELP for help” in compliance with CTIA guidelines.

12.6 Data Collection and Use for SMS

When you participate in the SMS Program, we collect your phone number and any messages you send to us. We use this information solely to manage the program, respond to your inquiries, and deliver service‑related messages. We do not sell or share SMS opt‑in data with third parties for marketing purposes. We retain records of consent and opt‑out requests to comply with legal obligations and may retain such records for four years.

12.7 Carrier and Program Disclaimers

Carriers (such as AT&T, Verizon, and T‑Mobile) are not liable for delayed or undelivered messages. The Blu Oak SMS Program is offered on an “as‑is” basis and may not be available on all networks or devices. You agree that Blu Oak and carriers are not responsible for any delays, delivery failures, or other damage resulting from your use of SMS messaging.

12.8 Compliance with CTIA and FTC/Illinois Requirements

We adhere to the CTIA Messaging Principles & Best Practices by providing a clear program description, disclosing message frequency, identifying costs, and supplying opt‑out and help instructions within our messages. We prohibit the transmission of content that violates CTIA guidelines (including content related to controlled substances, hate speech, violence, sex, alcohol, firearms or tobacco) and reserve the right to terminate the program for any user who abuses our services.

We also comply with the FTC’s prohibition on unfair or deceptive acts or practices. Required disclosures must be clear and conspicuous, meaning they should be placed near the relevant claim, be prominent, unavoidable, and in understandable language. Our SMS consent disclosures are presented plainly and prominently during the opt‑in process to meet these standards.

Under the Illinois Consumer Fraud and Deceptive Business Practices Act, businesses are required to obtain clear consent for text marketing and are liable for fraudulent or misleading campaigns. Blu Oak therefore ensures that our consent language is clear and that we do not engage in deceptive practices. We will not send unsolicited marketing texts, and we will not misrepresent the nature or purpose of our messages.

12.9 Recordkeeping and Retention

We maintain records of each subscriber’s consent, opt‑in date, opt‑out date, and message history as required by the TCPA and state laws. These records are retained for at least four years and may be used to demonstrate compliance with legal requirements, including proof of consent and opt‑out processing.

13. Governing Law and Jurisdiction

This Policy and any disputes arising out of or relating to it are governed by the laws of the State of Wyoming, without regard to its conflict‑of‑law principles. However, your local laws may provide additional rights or obligations. By using our services, you agree that any legal action or proceeding relating to this Policy shall be brought in a state or federal court located in Wyoming, unless another forum is required by applicable law.

14. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we do, we will update the “Effective Date” at the top of this Policy. If the changes are material, we will provide more prominent notice (such as by sending an e‑mail or posting a notice on our website). Your continued use of our services after a revised Policy becomes effective indicates your acceptance of the updated terms.

15. Contact Us

If you have any questions about this Policy, your personal information, or our privacy practices, or if you wish to exercise your rights, please contact us using the following information:

  • E‑mail: info@bluoakgroup.com
  • Mail: 5830 E 2nd St. #6100, Casper, WY 82609, United States
  • Phone: 312.940.1700

You may also reach our operations office at 228 S. Wabash Ave., Chicago, IL, for matters specific to our Illinois operations.

Last updated: October 24th, 2025