Privacy Policy

Effective as of October 1, 2025.

Please click to view the previous version of our Privacy Policy Effective as of December 29 2019.

California Notice at Collection: See “Your California privacy rights” section below for important information about your rights under California’s privacy law.

This Privacy Policy describes how BXP, Inc. and Boston Properties Limited Partnership and their affiliates and subsidiaries (collectively, “BXP”, “we”, “us”, or “our”) collect, use, and share your personal information in connection with the following (collectively, the “Services”):

  • our websites, online services, and social media properties to which we post this Privacy Policy;
  • our direct marketing communications;
  • our recruiting activities;
  • the real estate properties that we operate; and
  • our events and in certain other offline activities where we have posted or linked to this Privacy Policy.

On occasion, we may inform you that our use of your personal information is subject to a different privacy policy or different terms, in which case the different privacy policy or terms will apply instead of this Privacy Policy.

How to reach us.  If you have any questions or concerns about our Privacy Policy, please contact us at privacypolicy@bxp.com.

Table of contents

Personal information we collect

Information you provide to us.  Depending on how you interact with the Services, the personal information you provide to us through the Services or otherwise may include:

  • Contact data, such as your first and last name, email and mailing addresses, zip code, phone number, professional title and company name.
  • Your content, such as text, images, audio, and video, along with the metadata associated with the files you choose to upload to or provide through the Services. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
  • Demographic data, such as your city, state, country of residence, postal code, and age.
  • Profile data, such as your photograph, interests, preferences or other information you include in an online account profile.
  • Registration data, such as your Contact data and any other information that may be related to a service, an account, or an event you register for.
  • Communications data, based on our exchanges with you, including when you contact us through the Service, social media, or otherwise.
  • Employment data, such as professional credentials and skills, educational and work history, personal website, authorization to work in the U.S., immigration status, criminal history, and other information that may be included on a resume or curriculum vitae as well as in a cover letter. This may also include diversity information that you voluntarily provide.
  • Identification data, such as numbers or scans of your driver’s license or other government-issued identification.
  • Transaction data, such as information about payments to and from you and other details of products or services you have purchased from us.
  • Marketing data, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
  • Other information that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Automatic collection.  We, our service providers and our third-party partners may automatically log information about you, your computer or mobile device, and your activity over time on the Services and other online services, such as:

  • Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, MAC addresses, general location information (such as city or state), and precise geolocation (if you permit our Services to access it from your device settings).
  • Online activity data, such as the website you visited before browsing to our website, pages or screens you viewed on the Services, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
  • Location data, such as when you enter certain retail centers using Wi-Fi technologies with a Wi-Fi enabled mobile device or when you authorize your mobile device to access your location while using the Services.
  • Security data, such as information collected by keycard scanners or security cameras about your use of our offices or facilities.

Cookies and similar technologies.  Some of our automatic data collection is facilitated by the following technologies:

  • Cookies, which are small data files placed on your computer when you visit a site.  We may set cookies when you use the Services to track user trends and patterns, help you navigate between pages efficiently, remember your preferences and generally improve your browsing experience.  Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
  • Communication interaction data, such as your interactions with our email, text or other communications (e.g., whether you open or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.

Data About Others.  Users of the Services may have the opportunity to refer friends or other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.

Third-party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Data providers, such as information services and data licensors.
  • Public sources, such as such as government agencies, public records, social media platforms, and other publicly available sources.
  • Business partners, such as joint marketing partners and event co-sponsors.
  • Service providers that provide services on our behalf or help us operate the Service or our business.
  • Business transaction partners. We may receive personal information in connection with an actual or prospective business transaction. For example, we may receive your personal information from an entity we acquire or are acquired by, a successor, or assignee or any party involved in a business transaction such as a merger, acquisition, sale of assets, or similar transaction, and/or in the context of an insolvency, bankruptcy, or receivership.

How we use your personal information

We use your personal information for the following purposes:

Services Delivery and operations.  We use your personal information to:

  • provide, operate and improve the Services;
  • establish and maintain your user profile on the Services;
  • facilitate your invitations to friends or contacts who you invite to join the Services;
  • enable security features of the Services, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
  • facilitate social features of the Services, such as by identifying and suggesting connections with other users of the Services and providing chat or messaging functionality;
  • communicate with you about the Services, including by sending you announcements, updates, security alerts, and support and administrative messages;
  • provide support and maintenance for the Services;
  • communicate with you about events or contests in which you participate; and
  • to respond to your requests, questions and feedback

Service personalization, which may include using your personal information to:

  • understand your needs and interests;
  • personalize your experience with the Service and our Services-related communications; and
  • remember your selections and preferences as you navigate webpages.

Service improvement and analytics. We may use your personal information to analyze your usage of the Services, improve the Services, improve the rest of our business, help us understand user activity on the Services, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

To create aggregated, de-identified and/or anonymized data.  We may create aggregated, de-identified or other anonymous data from personal information we collect.  We make personal information into anonymous data by removing information that makes the data personally identifiable to you.  We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.

Marketing.  We and our third-party partners may send you BXP-related or other direct marketing communications as permitted by law.  You may opt-out of our marketing communications as described in the Opt-out of marketing section below.  

To manage our recruiting and process employment applications. We may use personal information, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.

Data sharing in the context of corporate events.  We may share certain personal information in the context of actual or prospective corporate events.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:

  • Technical operation. To allow the technical operation of the Services, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
  • Functionality. To enhance the performance and functionality of our services.
  • Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

Compliance and operations.  We may use your personal information to:

  • operate our business;
  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • enforce the terms and conditions that govern the Services; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

For other purposes.  We may also use your personal information for other purposes described in this Privacy Policy or at the time we collect the information.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, or at the time of collection:

Affiliates.  Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers.  Unrelated companies and individuals that provide services on our behalf or help us operate the Services or our business (such as customer support, partner and investor support, hosting, payment processing, analytics, email delivery, marketing, and database management services). These third parties may use your personal information only as authorized under our contracts with them.

Partners. Third-party partners who offer products and services that may be of interest to you. We may sometimes share your personal information with partners or enable partners to collect information directly via our Services, including when you have indicated your interest in certain products or services.

Other users. Other users of the Services or the public when you chose to make your profile or other personal information available to them through the Services, such as when you provide comments, reviews, survey responses, or other content.  We do not control how other users or third parties use any personal information that you make available to such users or the public. Please be aware that any information you post publicly can be cached, copied, screen captured or stored elsewhere by others (e.g., search engines) before you have a chance to edit or remove it, and we are not responsible for any such use of this information.

Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so.

Professional advisors. Professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, when we believe in good faith it is necessary or appropriate for the compliance and operations purposes described above.

Business transferees.  We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in BXP, financing of BXP, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of BXP as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

For other purposes.  We may also share your personal information for other purposes described in this Privacy Policy or with your consent.

Your Choices

You have the following choices with respect to your personal information:

Opt-out of marketing communications.  You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at privacypolicy@bxp.com.  You may continue to receive service-related and other non-marketing emails.

Disable Cookies.  Most browsers let you remove or reject cookies.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  Please note that if you set your browser to disable cookies, the Services may not work properly.  For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Do Not Track.  Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track”.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Blocking images/clear GIFs: Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

Disable Wi-Fi/Location Information.  We employ Wi-Fi technologies across our locations.  When you enter one of our locations with a Wi-Fi enabled mobile device, we and/or our vendors may collect the MAC address, Internet Protocol address, OS device name of Wi-Fi enabled devices, the login date and time, and number of bytes sent and/or received during your session.  This information is automatically collected if your device’s Wi-Fi is enabled, even if you are not connected to a Wi-Fi network.  We may also collect your email address if you give explicit permission upon logging into the location’s Wi-Fi network.

Choose not to share your personal information. If you do not provide information that we need to provide the Services, we may not be able to provide you with the Services or certain features.  We will tell you what information you must provide to receive the Services when we request it.

Other sites and services

The Services may contain links to websites and other online services operated by third parties.  These links are not an endorsement of, or representation that we are affiliated with, any third party.  In addition, our content may be included on web pages or other online services that are not associated with us. We do not control websites or other online services operated by third parties, and we are not responsible for their actions.  Other websites and online services follow different rules regarding the collection, use and sharing of your personal information.  We encourage you to read the privacy policies of the other websites and online services you use.

Security practices

We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect.  However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.

International data transfers

We are headquartered in the United States and may use service providers in other countries.  Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children  

Our sites and online services are not intended for use by children under 16 years of age. If we learn that we have collected personal information from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Policy

We may modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the effective date of this Privacy Policy and posting the modified Privacy Policy on the Services. We may also provide notification of changes via email if we have your email address, through the Services or in another manner that we believe is reasonably likely to reach you.

Any modifications to this Privacy Policy will be effective when posted (or as otherwise indicated at the time of posting). In all cases, your continued use of the Services after the posting of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

INFORMATION FOR CALIFORNIA RESIDENTS

The following sections apply only to California residents.  They describe how we collect, use and share the Personal Information of California residents in operating our business, and the rights these users may have with respect to that Personal Information.  Please note that not all rights listed below may be afforded to all users and that if you are not a resident of California, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

For the purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act (CCPA) but does not include information excluded from the scope of the CCPA.  In some cases, we may provide a different privacy notice to certain categories of residents of California, such as job applicants, in which case that notice will apply instead of this section.

Your California privacy rights

As a California resident, you have the rights listed below.  However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

  • Information.  You can request the following information about how we have collected and used your Personal Information during the past 12 months:
    • The categories of Personal Information that we have collected.
    • The categories of sources from which we collected Personal Information.
    • The business or commercial purpose for collecting and/or selling Personal Information.
    • The categories of third parties to whom we disclose Personal Information.
    • The categories of Personal Information that we sold or disclosed for a business purpose.
    • The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
  • Access.  You can request a copy of the Personal Information that we have collected about you during the past 12 months.
  • Correction. You can ask us to correct inaccurate Personal Information that we have collected about you.
  • Deletion.  You can ask us to delete the Personal Information that we have collected from you.
  • Opt-out. If we “sell” or “share” your Personal Information as defined by the CCPA, you can opt-out of those disclosures.
  • Nondiscrimination. You are entitled to exercise the rights described above free from discrimination in the form of a legally prohibited increase in the price or decreasing in the quality of the Services.

How to exercise your rights

You may exercise your California privacy rights as follows:

Right to information, access, correction and deletion

You may exercise the information, access and deletion rights by submitting a verifiable request to us by:

Verification of identity; authorized agents

We may need to verify your identity in order to process your information/know, access, appeal, correction, or deletion requests and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law.

Under the CCPA, you many enable an authorized agent to make a request on your behalf upon.  However, we may need to verify your authorized agent’s identity and authority to act on your behalf.  We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your State Privacy Laws rights on your behalf, the information we request to verify your identity, or confirmation that you have given the authorized agent permission to submit the request.

Personal information we collect, use and disclose

The following describes our practices currently and during the past 12 months:

  • Sources and purposes. We collect all categories of Personal Information from the sources and use them for the business/commercial purposes described above in the Privacy Policy.
  • Sharing and sales of Personal Information. We do not “sell” or “share” Personal Information as those terms are defined in the CCPA and have no actual knowledge that we have collected, sold or shared the Personal Information of California residents under 16 years of age.
  • Sensitive Personal Information. We do not use or disclose sensitive Personal Information for purposes that California residents have a right to limit under the CCPA.
  • We do not to attempt to reidentify deidentified information derived from Personal Information, except for the purpose of testing whether our deidentification processes comply with applicable law.
  • Profiling/automated decision making. We do not use Personal Information to engage in profiling or to perform automated decision-making as those terms are currently defined in under the CCPA.
  • Retention. The criteria for deciding how long to retain Personal Information is generally based on whether such period is sufficient to fulfill the purposes for which we collected it as described in this notice, including complying with our legal obligations.

The BXP Privacy Policy 2025 Chart summarizes how we collect, use and disclose Personal Information by reference to the categories specified in the CCPA, and describes our practices during the 12 months preceding the effective date of this Privacy Policy.  Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described in the chart.