So my org uses BILL/Bill+Spend (aka Divvy) for our company credit cards.
Because of ease of use +setup, more nonprofits have been coming onto the BILL platform.
I just learned that BILL is quietly rolling out Persona (a Palantir company) within BILL/Bill+Spend to force users to use biometric and ID verification to update or change user info. Account admins can't revert back to MFA and users are being locked out of their access.
There was zero notification to acct admins and I only know this because I'm on a listserv with other nonprofit finance teams.
This paired with that nonprofit Exec Memo from September 2025 makes me wave all the red flags in the world for the nonprofit sector.
