Privacy Policy


Protecting your privacy and maintaining your trust is important to us.

This Privacy Policy covers the privacy practices of the Roofstock companies, including Roofstock, Inc., Roofstock One, Inc., Roofstock Advisors, LLC, Roofstock Realty, Inc., Roofstock Realty, LLC, NoHo Services, Inc. d/b/a Great Jones, Stessa Inc., and Streetlane PM, LLC, d/b/a Streetlane Homes, and any additional subsidiary, affiliate, or branch that we have or may subsequently form (collectively “Roofstock”, “we”, or “us”).

Our Privacy Policy is meant to help you understand how we collect, use, and share your personal information, and to assist you in exercising privacy rights available to you by law.

CONTENTS:

1. SCOPE AND EFFECTIVE DATE

This Privacy Policy applies to personal information handled or otherwise processed by us in our business, including on our websites, mobile applications, and other online or offline offerings provided by Roofstock (collectively, the "Services"), and applies to you whether you are accessing the Services for personal purposes or for business purposes and whether you are a buyer, seller, investor, owner, property manager, tenant, service provider with respect to any real estate properties, or if you are using our Services or visiting our website(s).

Notwithstanding the above, if you use the Service known as “Roofstock One,” then the terms of our Roofstock One Privacy Notice, Attachment A herein, shall apply to you in addition to this Privacy Policy. In the event of any conflicts between the Roofstock One Privacy Notice and this Privacy Policy, the terms of the Roofstock One Privacy Notice shall take precedence. This Privacy Policy does not apply to any third-party websites, services, or applications, even if they are accessible through our Services.

For new users, this Privacy Policy is effective upon posting. For existing users, this Privacy Policy will go into effect automatically on January 22, 2022. By continuing to use our Services, you are agreeing to this Privacy Policy.

2. PERSONAL INFORMATION WE COLLECT

A. Information you provide to us

The information we collect from you depends on the type of account you set up with us, or the Services you use. We may collect the following types of information:

  • Account Information. If you create an account, we may collect certain personal information that can be used to identify you, such as your full name, email address, password, and optional postal address, investment property address, phone number, and referral information. If you create an Investor Profile, we may also collect additional information about you, including information about your income, investment goals, locations where you are looking to invest, and preferred investment strategy.
  • Accredited investors status information. If you purchase or inquire into the purchase of a Roofstock One investment, you may be required to provide financial information to document your status as an Accredited Investor. We may collect or store such information to comply with federal law.
  • Company profile. You also have the option to share information about your company, including the company name, address, and phone number, and the names, titles, phone numbers, and email addresses of your business, financial, and operational contacts. As noted in our Roofstock Terms and Conditions and our Roofstock One User Agreement, please ensure you have the necessary consents from any individual whose personal information you upload to our platform.
  • Conferences, trade shows, and other events. We may collect personal information concerning individuals from both online and offline sources, such as when we attend conferences, trade shows, and other events or when we host webinars or training programs.
  • Financial information. In connection with a financial transaction via the Services, or if you enroll in our banking services, our third-party payment service providers may collect your credit or debit card information or other financial and payment information. We may directly collect or store payment card or financial information entered through our Services including the last four digits of your payment card or financial information and may receive other information associated with your payment card information (e.g., your billing details). For banking services, including any banking as a service, cash back, or rewards program, we or our third-party service providers may collect your transaction and purchase history details.
  • Information you import, share, or upload. As part of the Services, you may also elect to import, share, or upload documents, information, or records including but not limited to financial information, about your investment activities or the rental properties you buy, sell, own, or lease. This information may include, at your discretion, account balance information, payee details, payment amounts; educational materials or references; personal or professional contact information; property addresses, details, descriptions, listings, photos or videos; rent applications, background or credit checks, leases, and payment records or receipts; maintenance requests, invoices, and payment records; income and expenses; service provider or vendor contact information and contracts; tax-related information, including 1099s, assessments, property tax appeals; or records relating to landlord-tenant disputes or litigation.
  • Interactive features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, community forums, blogs, or social media pages). Any content you provide using the public sharing features of the Services will be considered "public," unless otherwise required by applicable law, and is not subject to privacy protections referenced herein.
  • Job applications. We may post job openings and opportunities on our Services. If you reply to one of these postings by submitting your application, resume and/or cover letter to us, we will collect and use your information to assess your qualifications.
  • Property management information. When you use the Services to manage real property, either directly or through a professional property manager, we may collect information related to the property being managed, including the property address, property characteristics, and personal information of those involved in the transaction.
  • Real estate information. When you use the Services to buy, sell, or lease real property, or to attempt to buy, sell, or lease real property, we may collect information related to that transaction, including but not limited to photographs, listing details, offer, sales or lease prices, inspection reports, title, closing, financing documents, and personal information of those involved in the transaction.
  • Registration for sweepstakes or contests. We may run sweepstakes and contests. Contact information you provide may be used to reach you about the sweepstakes or contest and for other promotional, marketing, and business purposes, if permitted by law. In some jurisdictions, we are required to publicly share information of winners.
  • Tenant information. When you use the Services to lease or to inquire into leasing real property, we may collect information from you, including information about the types of properties and amenities that you express interest in and information regarding your application and tenancy.
  • Transaction related information. When you use the Services to track or record your property management transactions, we may collect personal information related to your property revenues and expenditures.
  • Your communications with us. We collect personal information from you such as your full name, email address, phone number, or mailing address when you request information about our Services, request customer or technical support, including messages you submit through support conversations, apply for a job, or otherwise communicate with us.We may also contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information, which may include personal information.

B. Information collected automatically or from others

We may collect personal information automatically when you use our Services:

  • Automatic data collection. We, as well as third parties that provide content, advertising, or other functionality on the Services, may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, media access control address (MAC address), cookie identifiers, mobile carrier, mobile advertising identifier, and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during, and after using the Services, information about the links you click, and other information about how you use the Services. Information we collect may be associated with accounts and other devices.In addition, we may automatically collect data regarding your use of our Services, such as the types of content you interact with and the frequency and duration of your activities. We may combine your information with information that other people provide when they use our Services, including information about you when they tag you.
  • Cookies, pixel tags/web beacons, analytics information, and interest-based advertising technologies. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies ("Technologies") to automatically collect information from your devices through the Services. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.

Our uses of these Technologies fall into the following general categories:

  • Operationally necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity, and improve security or that allow you to make use of our functionality.
  • Performance related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services (see Analytics below).
  • Functionality related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed.
  • Advertising or targeting related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party sites.

See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

  • Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. Some of our analytics partners include:
    • Amplitude. Amplitude is a product analytics platform that helps businesses to track visitors with the help of collaborative analytics. The platform uses behavioral reports to understand users' interactions with products. See their Privacy Policy and Terms of Service for more information. To opt out, email [email protected]
    • AB Tasty. AB Tasty assists us in comparing user engagement and response to two versions of a web page or application to see which performs better. For more information, please see AB Tasty’s Terms of Use. To opt out, please click here.
    • Facebook Connect. We use Facebook Connect to provide a single sign-on application which allows users to interact on our websites using their Facebook account. For more information, please visit Facebook’s Facebook’s Data Usage Policy. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address while logged into your Facebook account: https://www.facebook.com/settings?tab=ads.
    • FullStory. We use FullStory to track user website behavior, including mouse movements. For more information, see FullStory’s Privacy Policy. To opt out, please click here.
    • Google Analytics. Google Analytics provides statistics and analytical tools to assist with search engine optimization and marketing purposes. For more information, please visit https://policies.google.com/technologies/partner-sites. You can opt out of Google's collection and processing of data generated by your use of the Services here.
    • HubSpot. We use Hubspot to manage interactions with customers and to analyze the success of marketing campaigns and track user behavior. For more information or to opt out, visit HubSpot’s Privacy Policy.
    • Intercom. Intercom is a customer communications platform that provides information about who is using a company’s product or website and makes it easy to personally communicate with them with targeted content, behavior-driven messages, and conversational support. See Intercom’s Privacy Policy and, opt out, click here.
    • LinkedIn Analytics. LinkedIn Analytics measures metrics of our LinkedIn company page, including followers, clicks, shares, and comments. For more information, please visit LinkedIn Analytics’ Privacy Policy. To learn more about how to opt out of LinkedIn’s use of your information, please click here.
    • Mixpanel. Mixpanel is a user analytics tool that allows us to track how users interact with our Internet-connected applications. For more information about Mixpanel, please visit Mixpanel’s Privacy Policy.
    • Smartlook. Smartlook is a visitor recording tool that allows a company to see its website through the viewpoint of its visitors. View Smartlook’s Privacy Policy for instructions on how to opt out of their processing or use of your information.
  • Social Media Platforms. Our Services may include publicly accessible blogs, forums, social media pages, and private messaging features. By using such Services, you assume the risk that the personal information provided by you may be viewed and used by third parties for any number of purposes. In addition, social media buttons (such as Facebook of LinkedIn that might include widgets such as the "share this" button or other interactive mini-programs) may be on our site. These features may collect your IP address, which page you are visiting on our site, may set a cookie to enable the feature to function properly, and may allow the social media provider to link information collected on our Service with information they already possess about you. These social media features are either hosted by a third party or hosted directly on our site. Your interactions with these features apart from your visit to our site are governed by the privacy policy of the company providing it, and we encourage you to read their policies.

C. Information from other sources

We may obtain information about you from other sources, including through third-party services and organizations to supplement information provided by you. For example:

  • Business development and strategic partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
  • Bank partners. If you enroll in our banking services, we may receive information from you from our bank partner, including your transaction and purchase history. We use this information to facilitate our provision of online banking services, cash back programs, and rewards programs.
  • KYC providers. If you enroll in our banking services or purchase an investment from Roofstock One, we may receive information from third-party Know Your Customer (KYC) verification services to authenticate your identity and the information you provide us.
  • Third-party social networks. If you create an account using your login credentials from one of your social network accounts ("SNS Accounts"), we may be able to access and collect your name, email address, and other personal information that your privacy settings on the SNS Account permit us to access. If you create an account through the Site or one of your SNS Accounts, we may also collect your gender, date of birth and other personal information, as well as non-personal information relating to you.
  • Widely available or public data. We may also collect widely available or publicly available data, such as tax, assessment, or demographic information about you or your property from local, state, or federal governments or agencies.

3. HOW WE USE YOUR INFORMATION

We use your information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market products and services that may be of interest to you, whether from Roofstock or nonaffiliated third parties, as described below.

A. Provide our Services

We use your information to fulfill our contract with you and provide you with our Services, such as:

  • Managing your information and accounts
  • Providing access to certain areas, functionalities, and features of our Services
  • Answering requests for customer or technical support
  • Communicating with you about your account, activities on our Services and policy changes
  • Processing your financial information and other payment methods for products or Services purchased
  • Providing advertising, analytics, and marketing services
  • Processing applications for goods or services and completing requested transactions
  • Allowing you to register for events
  • Furnishing you with customized materials about offers, products, and services that may be of interest, including new content or services from Roofstock or nonaffiliated third parties
  • Providing you the means to perform activities or transact with third party goods or services providers.

In addition, we may analyze any User Content (as described and defined in our Roofstock Terms and Conditions and Roofstock One User Agreement) that you provide via the Services, and make the results of such analysis, including, without limitation, valuation, and asset management information about Properties, available to other Users of the Services.

B. Administrative Purposes

We use your information for various administrative purposes, such as:

  • Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
  • Measuring interest and engagement in our Services
  • Short-term, transient use, such as contextual customization of ads
  • Researching and developing products, services, marketing, or security procedures to improve their performance, resilience, reliability, or efficiency
  • Improving, upgrading, or enhancing our Services
  • Developing new products and Services
  • Ensuring internal quality control and safety
  • Authenticating and verifying your identities, including requests to exercise your rights under this Privacy Policy
  • Debugging to identify and repair errors with our Services
  • Auditing relating to interactions, transactions, and other compliance activities
  • Enforcing our Roofstock Terms & Conditions and Roofstock One User Agreement and other policies
  • Complying with our legal obligations, protecting your vital interest, or as may be required for the public good.

C. Marketing and advertising products and Services from Roofstock or nonaffiliated third parties

We may use personal information to tailor and provide you with content and advertisements from our affiliates or from nonaffiliated third parties that may be of interest to you. We may provide you with these materials as permitted by applicable law.

Some of the ways we market to you include email campaigns, custom audiences advertising, and “interest-based” or “personalized advertising,” including through cross-device tracking. For example, when you use the Services to add information about your real estate holdings, including property address, building details, rent roll, income, and expense information), we may use this personal information for the purposes of making an offer to acquire any of your real estate holdings. When you import or use our banking services, we may use your transaction or payment history to identify relevant goods or services providers to offer you, directly or through non-affiliated third parties.

If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes as permitted by law, you may contact us at any time as set forth in Section 5 below, entitled “Your Privacy Choices and Rights.

D. Other purposes

We also use your information for other purposes as requested by you or as permitted by applicable law.

  • Automated decision making. We may engage in automated decision making by analyzing your online behavior and interests to recommend certain products or services to you. The processing of your personal information will not result in a decision based solely on automated processing that significantly affects you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.
  • Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
  • Use de-identified and aggregated information. We may use personal information and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create. For example, we may also analyze general characteristics such as record types and volumes, in order to price, audit, and improve the Services. We may also use this de-identified and aggregated information to support our Services generally, such as creating and selling aggregate market insights to third parties.

E. Share content with friends or colleagues

Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.

4. DISCLOSING YOUR INFORMATION TO THIRD PARTIES

We disclose your information to third parties for a variety of business purposes, as described below.

A. Disclosures to provide Services

The categories of third parties with whom we may share your information are described below.

  • Advertising partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.”
  • Affiliates. We may share personal information between our affiliated companies, including Roofstock, Inc., Roofstock One, Inc., Roofstock Advisors, LLC, Roofstock Realty, Inc., Roofstock Realty, LLC, NoHo Services, Inc. d/b/a Great Jones, Stessa Inc., and Streetlane PM, LLC, d/b/a Streetlane Homes, and any additional subsidiary, affiliate, or branch that we have or may subsequently form to manage our business, develop, improve, and/or offer products and Services, and for other business purposes.
  • APIs/SDKs. We may use third-party Application Program Interfaces (“APIs”) and Software Development Kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below.
  • Business partners. We may share your personal information with business partners to provide you with a product or service that may be of interest to you. We may also share your personal information to business partners with whom we jointly offer products or services. These partners may also use the information we provide them to customize real estate services and other offers and services for you, or for their own marketing purposes.
  • Other users/website visitors. As described above in “Personal Information We Collect,” our Services allow you to share your profile and/or User Content with other Users/publicly, including to those who do not use our Services.
  • Service providers. We may share your personal information with our vendors and third-party service providers who use that information to help us provide our Services. This includes service providers that provide us with IT support, hosting, payment processing, customer service, and related services.

B. Disclosures to protect us or others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement, national security requests, or legal process, such as a court order or subpoena; protect your, our or others' rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the event of merger, sale, or other asset transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

5. YOUR PRIVACY CHOICES AND RIGHTS

A. Your privacy choices

We provide you with the following privacy choices regarding your personal information as required by applicable law and which are described below.

  • Cookies and interest-based advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. If you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.
  • "Do Not Track." Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
  • Email and telephone communications. If you receive an unwanted marketing email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future marketing emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms or this Privacy Policy). You also have the right to opt out of receiving unwanted marketing telephone calls and may ask to be placed on our entity-specific do-not-call list by contacting us as set forth in “Contact Us” below.
  • General. You have certain choices about your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described above.
  • Mobile devices. We may send you push notifications through our mobile application. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
  • Text messages. You may opt out of receiving text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.

The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting theNetwork Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada. To separately make choices for mobile apps on a mobile device, you can download DAA's AppChoices application from your device's app store. Alternatively, for some devices you may use your device's platform controls in your settings to exercise choice. Please see https://www.networkadvertising.org/mobile-choice/ for more information on how to opt-out on mobile devices.

Please note you must separately opt out in each browser and on each device.

Advertisements on third-party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners' use of this information for interest-based advertising purposes.

B. Your Privacy Rights

To the extent required by applicable law, you may have the right to:

  • Access to/port information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information in a structured, commonly used, and machine readable format; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (the “right of data portability”).
  • Request correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information, or we may refer you to the controller of your personal information who is able to make the correction.
  • Request deletion of your personal information, subject to certain exceptions prescribed by law.
  • Request restriction of or object to processing of your personal information.
  • Withdraw your consent to our processing of your personal information.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

6. INTERNATIONAL DATA TRANSFERS

You acknowledge that all information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.

If we transfer personal information to countries outside the European Economic Area, United Kingdom or Switzerland, we will put in place appropriate safeguards as required by applicable law to ensure that this transfer complies with the applicable laws and regulations and require our third-party service providers and partners to have appropriate safeguards as well. Further details can be provided upon request, please contact us as set forth in “Contact Us” below.

7. DATA RETENTION

We store the personal information we collect as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

8. SECURITY OF YOUR INFORMATION

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.

By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system's breach, we may attempt to notify you electronically by posting a notice on the Services, by mail, or by sending an e-mail to you.

9. CHILDREN'S INFORMATION

The Services are not directed to children under 13 (or other age as required by local law), and we do not permit end users under age 16 or knowingly collect personal information from children under age 16. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth in “Contact Us” below. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child's account.

10. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS

This supplemental notice for California residents (“Privacy Notice”) only applies to our processing of Personal Information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”) and applies solely to individuals, who are residents of the State of California ("consumer" or "you") in our role as a business. Any terms defined in the CCPA have the same meaning when used in this Privacy Notice.

A. Information we collect

In providing our Services, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("Personal Information").

Personal Information does not include:

  • Publicly available information from government records
  • Deidentified or aggregated consumer information
  • Information excluded from the CCPA's scope, like health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

We may have collected the following categories of Personal Information from our consumers in our role as a business within the last twelve (12) months):

Category of Personal Information Collected by Roofstock Category of Third Parties Information is Disclosed to for a Business Purpose

Identifiers.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers.

  • Advertising networks (excluding Social Security Number)
  • Data analytics providers
  • Providers of other goods and services
  • Service providers

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, signature, Social Security number, address, telephone number, driver's license or state identification card number, passport number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information

  • Data analytics providers
  • Providers of other goods and services
  • Service providers

Protected classification characteristics under California or federal law
Age (40 years or older), marital status, sex, veteran or military status.

  • Data analytics providers
  • Providers of other goods and services
  • Service providers

Commercial information
Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

  • Advertising networks
  • Data analytics providers
  • Providers of other goods and services
  • Service providers

Internet or other electronic network activity
Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement.

  • Advertising networks
  • Data analytics providers
  • Providers of other goods and services
  • Service providers

Sensory data
Audio, electronic, visual, or similar information.

  • Advertising networks
  • Data analytics providers
  • Providers of other goods and services
  • Service providers

Professional or employment-related information
Current or past job history or performance evaluations.

  • Service providers
  • Providers of other goods and services

Inferences drawn from other personal information to create a profile about a consumer
Inferences drawn from other personal information to create a profile about a consumer

  • Advertising networks
  • Data analytics providers
  • Providers of other goods and services
  • Service providers

The categories of sources from which we collect Personal Information and our business and commercial purposes for using Personal Information are set forth in “Personal Information We Collect” and “How We Use Your Personal Information” above, respectively.

B. Sales of Personal Information

For purposes of the CCPA, we may “sell” Personal Information to nonaffiliated third parties for marketing purposes. If we do, you may opt out of such selling by completing the “Do Not Sell My Personal Info” link on the homepage of our webpage or contacting us through one of the methods as described in the "Contact Us" section below. We do not collect and do not have actual knowledge of any “sale” of Personal Information of minors under 16 years of age.

C. Your rights and choices

The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in “Contact Us” below and provide written authorization signed by you and your designated agent. To protect your privacy, we will take steps the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include asking you to answer questions regarding your account and use of our Services.

D. Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights. Note that we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer, will reasonably relate to your Personal Information's value to us and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

E. California's "Shine the Light" law

Civil Code Section § 1798.83 permits users of our Sites and Services who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us as set forth in “Contact Us” below.

F. Accessibility

This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.

G. Refer-a-Friend and Similar Incentive Programs

As described above in “How We Use Your Personal Information” (“Share Content with Friends or Colleagues”), we may offer referral programs or other incentivized data collection programs. For example, we may offer incentives to you such as discounts or promotional items or credit in connection with these programs, wherein you provide your personal information in exchange for a reward or provide personal information regarding your friends or colleagues (such as their email address) and receive rewards when they sign up to use our Services. (The referred party may also receive rewards for signing up via your referral.) These referral programs are entirely voluntary and allow us to grow our business and provide additional benefits to you. The value of your data to us depends on how you ultimately use our Services, whereas the value of the referred party’s data to us depends on whether the referred party ultimately becomes a User and uses our Services. Said value will be reflected in the incentive offered for each referral in connection with each program.

11. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties. You can exercise this right by contacting us as set forth in “Contact Us” below with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in “Contact Us” below.

12. OTHER PROVISIONS

A. Third-party websites

The Services may contain links to other websites, and other websites may reference or link to our website or other Services. These other websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

B. Supervisory authority

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

C. Changes to our Privacy Policy

We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.

13. CONTACT US

If you have any questions about our privacy practices or this Privacy Policy, or if you wish to submit a request to exercise your rights as detailed in this Privacy Policy, please contact us.

For Roofstock and Roofstock One users:

[email protected]
C/O Legal and Compliance Department
2001 Broadway, Suite 400
Oakland, CA 94612

For Great Jones users:

[email protected]
C/O Legal and Compliance Department
2001 Broadway, Suite 400
Oakland, CA 94612

For Stessa users:

[email protected]
C/O Legal and Compliance Department
2001 Broadway, Suite 400
Oakland, CA 94612

For Streetlane users:

[email protected]
C/O Legal and Compliance Department
2001 Broadway, Suite 400
Oakland, CA 94612




Revised: December 22, 2021







ATTACHMENT A: ROOFSTOCK ONE PRIVACY NOTICE

Rev. 09/21
FACTS WHAT DOES ROOFTSTOCK ONE DO WITH YOUR PERSONAL INFORMATION?
WHY? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
WHAT? The types of personal information we collect and share depend on the product or service you have with us. This information can include:
  • Social Security number and income
  • Account balances and transaction history
  • Investment experiences and risk tolerance.
When you are no longer our customer, we continue to share your information as described in this notice.
HOW? All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information, the reasons Roofstock One chooses to share, and whether you can limit this sharing.
Reasons we can share your personal information Does Roofstock One share? Can you limit this sharing?
For our everyday business purposes—
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus YES NO
YES NO
For our marketing purposes—
to offer our products and services to you
YES NO
For joint marketing with other financial companies YES NO
For our affiliates’ everyday business purposes—
information about your transactions and experiences
YES NO
For our affiliates’ everyday business purposes—
Information about your creditworthiness
NO We don’t share
For our affiliates to market to you YES YES
For nonaffiliates to market to you YES YES
To limit our sharing
  • Call (888) 698-2111 – our representative will assist you.
  • Email us at pr[email protected] – please include “Roofstock One Opt Out” in the subject line of the email and include any or all of the following opt-out statements in the body of the email to indicate your choice(s):
    • Do not allow your affiliates to use my personal information to market to me.
    • Do not share my personal information with nonaffiliates to market their products and services to me.
Please note:
If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.
Questions? Call us at (888) 698-2111 or email us at [email protected].
Who we are
Who is providing this notice? Roofstock One, Inc. and Roofstock Advisors, LLC
What we do
How does Roofstock One protect my personal information? To protect your personal information from unauthorized access, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Roofstock One collect my personal information? We collect your personal information, for example, when you
  • Give us your contact information or open an account
  • Give us your income information
  • Buy securities from us or tell us where to send the money
We also collect your personal information from other companies.
Why can’t I limit all sharing? Federal law gives you the right to limit only
  • Sharing for affiliate’s everyday business purposes—information about your creditworthiness
  • Affiliates from using your information to market to you.
  • Sharing for nonaffiliates to market to you.
State laws and individual companies may give you additional rights to limit sharing. [See below for more on your rights under state law.]
What happens when I limit sharing for an account I hold jointly with someone else? Your choice will apply to everyone.
Definitions
Affiliates Companies related by common ownership or control. They can be financial or nonfinancial companies.
Our affiliates include companies with a Roofstock name, including nonfinancial companies such as Roofstock, Inc., Roofstock Realty, Inc., Roofstock Realty, LLC, and other nonfinancial companies, such as Stessa, Inc., Streetlane PM, LLC, and Noho Services, Inc. d/b/a Great Jones.
Nonaffiliates Companies not related under common ownership or control. They can be financial and nonfinancial companies.
Nonaffiliates we share with can include banking, financing, lending, title, or insurance companies; home improvement or property management companies; auditing, real estate, tax, or other professional service providers; and direct marketing companies.
Joint Marketing A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
Our joint marketing partners can include banking, financing, lending, title, or insurance companies.
Other important information:
California residents: Please review our Privacy Policy, available at www.roofstock.com/privacy, for information about your rights.

Nevada residents: Nevada law requires us to disclose that you may be placed on our internal “do-not-call” list at any time by calling (888) 698-2111, that we are providing this notice to you pursuant to state law, and that you main obtain further information by contacting the Nevada Attorney General, 555 East Washington Avenue, Suite 3900, Los Vegas, NV 89101, Telephone (702) 486-3132, Email: [email protected].

Vermont residents: We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures. Please review our Privacy Policy, available at www.roofstock.com/privacy for more information.