Last modified: August 4, 2025

Blue Cross and Blue Shield of North Carolina (“Blue Cross NC,” "Company," "We," “Our” or “Us”) respects your privacy and is committed to protecting it. 

This policy describes the types of information we may collect from you or that you may provide when you visit or use our Website, including any subdomains (“Website”), our Blue Connect^℠ Member Portal (“Member Portal”), our Blue Cross NC mobile application (“Application”) and any other online interfaces and digital tools, collectively referred to as our “Digital Services.” This policy also describes our practices for collecting, using, disclosing and protecting that information.

This policy applies to information we collect:

• Through our Digital Services.
• In email and other electronic messages between you and our Digital Services.
• When you interact with our advertising and applications on third-party websites if those applications or advertising include links to this policy.

This policy does not apply to information collected by:

• Us offline or through any other means, including on any other website operated by Blue Cross NC or any third party (including our affiliates and subsidiaries); or
• Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on our Digital Services.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Digital Services. By accessing or using our Digital Services, you agree to this privacy policy. This policy may change from time to time (see Changes to our privacy policy). Your continued use of these Digital Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Although parents and guardians may use these Digital Services on behalf of their children, our Digital Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a child under 13 years of age, do not send any information about yourself to us through our Digital Services. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.

We collect several types of information from and about users of our Digital Services, including information:

• By which you may be personally identified, such as name, postal address, email address, and telephone number ("personal information");
• That is about you but individually does not identify you.

We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through our Digital Services. 
• From third parties you may interact with.

The information we collect from you on or through our Digital Services may include:

• Information that you provide by filling in forms on our Digital Services. This includes information provided at the time of registering to use Blue Connect. We may also ask you for information when you report a problem with our Digital Services.
• Records and copies of your correspondence (including email addresses) if you contact us through our Digital Services.
• Your responses to surveys that we might ask you to complete for research purposes.
• Your interactions and search queries on our Digital Services.

As you navigate through and interact with our Digital Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:

Details of your visits to our Digital Services, including date and time of your visit, pages you visited, time spent on each page, scroll depth and other communication data and the resources that you access and use on the Digital Services. Information about your computer and internet connection, including your IP address, domain from which you accessed the internet, operating system, browser type, approximate geographic location and other information collected through cookies, web beacons and other tracking technologies. Additionally, both our Member Portal and Application collect screen images to resolve service issues, conduct analytics, and ensure performance to enable a better experience. 

The information may be collected by our systems, by our third-party providers, or by cookies, pixels, or similar technologies (collectively “Cookies”) that we place or that third-party partners place on the Digital Services.  We may maintain it or associate it with personal information we collect in other ways or receive from third parties. 

This information can be used for any purpose described in this Privacy Policy, including to help us  improve our Digital Services and to deliver a better and more personalized service, such as by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Digital Services according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Digital Services.

The Cookies used on our Digital Services generally include the following categories:

• Essential Cookies - These cookies are essential to provide you with services available through our Digital Services and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
• Functionality Cookies - These cookies allow our Digital Services to remember choices you make, such as remembering your login details. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Digital Services. 
• Analytics and Performance Cookies - These cookies are used to collect information about traffic to our Digital Services and how users are using it. In addition to other information described in this Section, the information gathered may include the number of visitors to the Service, the websites that referred them to our Digital Services, the pages they visited on our Digital Services, what time of day they visited our Digital Services, whether they have visited our Digital Services before and other similar information.  
• Targeting and Advertising Cookies - These cookies enable us to show advertising that is more likely to be of interest to you. These cookies use information about your browsing and activities to show advertisements that may be relevant to your interests while you are on third-party websites.

Some content, technologies, or applications on the Digital Services are served by third-parties, including advertisers, ad networks and servers, content providers and application providers. As discussed above, these third parties may use Cookies to collect information about you when you use our Digital Services. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices about how we use and disclose your information.

Our Digital Services may contain links to other websites or platforms. These websites operate independently from us, and their privacy practices are subject to their own privacy notices or policies, which we strongly encourage you to review to understand their procedures for collecting, using and disclosing personally identifiable information. We are not responsible for the content of the linked websites, any use of these sites, or the privacy practices of these sites.

We use information that we collect about you or that you provide to us, including any personal information:

• To present our Digital Services and its contents to you.
• To provide you with information, products or services that you request from us, including care recommendations in specific geographic locations.
• To fulfill any other purpose for which you provide it.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Digital Services or any products or services we offer or provide though it.
• To analyze, evaluate, and / or improve the Digital Services, our products and services, and our business; develop new products and services; and conduct research; 
• To market to you and others, including by sending you direct marketing or by delivering targeted or interest-based advertising.  
• To personalize your experience on our Digital Services; 
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.
• The above excludes text messaging originator opt-in data and consent; this information will not be shared with third parties.

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates.
• To contractors, service providers and other third parties we use to support our business.
• In connection with a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of the Company’s assets in which personal information about our Digital Services users may be among the assets transferred.
• To fulfill the purpose for which you provide it. 
• For any other purpose disclosed by us when you provide the information.
• After providing notice to you and / or with your consent.
• The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We may also disclose your personal information:

• To comply with any court order, law or legal process, including to respond to any government or regulatory request.
• To enforce or apply our terms of use and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property or safety of Blue Cross NC, our customers or others.

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information: 

• Tracking technologies and advertising. You can set your browser to refuse all or some Cookies, or to alert you when Cookies are being set. If you disable or refuse Cookies, please note that some parts of this site may then be inaccessible or not function properly. You can opt-out of certain interest-based advertising facilitated by Cookies by visiting the websites of the Digital Advertising Alliance and the Network Advertising Initiative.
• Promotional offers from the Company. If you do not wish to have your email address used by the Company to promote our own or third parties' products or services, you can opt out by logging in to Blue Connect and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes, or you may contact us to make that request. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions or you may click the unsubscribe link in the email.

We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

You can review and change your personal information by logging in to Blue Connect and visiting your account profile page.

You may contact us to request access to, correct or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure servers behind firewalls. The chat feature and all online forms that include information captured from our users are secured using Transfer Layer Security (TLS), which encrypts the information as it travels from a desktop to our server.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Digital Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. For your protection, please don't send email to us that contains your personal information. We cannot guarantee the security of these emails before they reach us, in contrast to the security precautions in place when you send us personal information through an online form on our Digital Services. If you're a member, we suggest you use the Blue Connect Inbox to send secure messages and receive secure messages from us. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Digital Services.

We and our service providers and third-party partners may monitor any use of or activity on our Digital Services and may capture, record, and retain records reflecting your activity on our Digital Services for our business purposes. This may include records reflecting actions you take while using our sites and Services (such as clicks on pages or links, items viewed, scrolling, time spent on pages, and other activities), records of parts or all of your sessions on our sites or Services (such as screen images), information you submit on or via our Digital Services, or communications or information sent through or using our Digital Services. The Cookies described in this Privacy Policy may also collect the foregoing information reflecting your use of and activity on our Digital Services, may enable our third-party partners to collect such information, or may share such information with our third-party partners. If you do not consent to the monitoring described here, you should not use our Digital Services.

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Digital Services home page. If we make material changes to how we treat our users' personal information, we will notify you through a notice on the Digital Services home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date, active and deliverable email address for you, and for periodically visiting our Digital Services and this privacy policy to check for any changes.

To ask questions or comment about this privacy policy and our privacy practices, contact us.