Privacy Policy

Protecting your privacy and maintaining your trust is important to us.

This Privacy Policy covers the privacy practices of the Roofstock companies, including Roofstock, Inc., Roofstock One, Inc., Roofstock Advisors, LLC, Roofstock Realty, Inc., Roofstock Realty, LLC, NoHo Services, Inc. d/b/a Great Jones, Stessa Inc., and Streetlane PM, LLC, d/b/a Streetlane Homes, and any additional subsidiary, affiliate, or branch that we have or may subsequently form (collectively “Roofstock”, “we”, or “us”).

Our Privacy Policy is meant to help you understand how we collect, use, and share your personal information, and to assist you in exercising privacy rights available to you by law.

CONTENTS:

  1. SCOPE AND EFFECTIVE DATE
  2. PERSONAL INFORMATION WE COLLECT
  3. HOW WE USE YOUR INFORMATION
  4. DISCLOSING YOUR INFORMATION TO THIRD PARTIES
  5. YOUR PRIVACY CHOICES AND RIGHTS
  6. INTERNATIONAL DATA TRANSFERS
  7. DATA RETENTION
  8. SECURITY OF YOUR INFORMATION
  9. CHILDREN’S INFORMATION
  10. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS
  11. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
  12. OTHER PROVISIONS
  13. CONTACT US
  1. SCOPE AND EFFECTIVE DATE

    This Privacy Policy applies to personal information handled or otherwise processed by us in our business, including on our websites, mobile applications, and other online or offline offerings provided by Roofstock (collectively, the “Services“), and applies to you whether you are accessing the Services for personal purposes or for business purposes and whether you are a buyer, seller, investor, owner, property manager, tenant, service provider with respect to any real estate properties, or if you are using our Services or visiting our website(s).

    Notwithstanding the above, if you use the Service known as “Roofstock One,” then the terms of our Roofstock One Privacy Notice, Attachment A herein, shall apply to you in addition to this Privacy Policy. In the event of any conflicts between the Roofstock One Privacy Notice and this Privacy Policy, the terms of the Roofstock One Privacy Notice shall take precedence. This Privacy Policy does not apply to any third-party websites, services, or applications, even if they are accessible through our Services.

    For new users, this Privacy Policy is effective upon posting. For existing users, this Privacy Policy will go into effect automatically on January 22, 2022. By continuing to use our Services, you are agreeing to this Privacy Policy.

  2. PERSONAL INFORMATION WE COLLECT

    1. Information you provide to us

      The information we collect from you depends on the type of account you set up with us, or the Services you use. We may collect the following types of information:

      • Account information. If you create an account, we may collect certain personal information that can be used to identify you, such as your full name, email address, password, and optional postal address, investment property address, phone number, and referral information. If you create an Investor Profile, we may also collect additional information about you, including information about your income, investment goals, locations where you are looking to invest, and preferred investment strategy.
      • Accredited investors status information. If you purchase or inquire into the purchase of a Roofstock One investment, you may be required to provide financial information to document your status as an Accredited Investor. We may collect or store such information to comply with federal law.
      • Company profile. You also have the option to share information about your company, including the company name, address, and phone number, and the names, titles, phone numbers, and email addresses of your business, financial, and operational contacts. As noted in our Roofstock Terms and Conditions and our Roofstock One User Agreement, please ensure you have the necessary consents from any individual whose personal information you upload to our platform.
      • Conferences, trade shows, and other events. We may collect personal information concerning individuals from both online and offline sources, such as when we attend conferences, trade shows, and other events or when we host webinars or training programs.
      • Financial information. In connection with a financial transaction via the Services, or if you enroll in our banking services, our third-party payment service providers may collect your credit or debit card information or other financial and payment information. We may directly collect or store payment card or financial information entered through our Services including the last four digits of your payment card or financial information and may receive other information associated with your payment card information (e.g., your billing details). For banking services, including any banking as a service, cash back, or rewards program, we or our third-party service providers may collect your transaction and purchase history details.
      • Information you import, share, or upload. As part of the Services, you may also elect to import, share, or upload documents, information, or records including but not limited to financial information, about your investment activities or the rental properties you buy, sell, own, or lease. This information may include, at your discretion, account balance information, payee details, payment amounts; educational materials or references; personal or professional contact information; property addresses, details, descriptions, listings, photos or videos; rent applications, background or credit checks, leases, and payment records or receipts; maintenance requests, invoices, and payment records; income and expenses; service provider or vendor contact information and contracts; tax-related information, including 1099s, assessments, property tax appeals; or records relating to landlord-tenant disputes or litigation.
      • Interactive features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, community forums, blogs, or social media pages). Any content you provide using the public sharing features of the Services will be considered “public,” unless otherwise required by applicable law, and is not subject to privacy protections referenced herein.
      • Job applications. We may post job openings and opportunities on our Services. If you reply to one of these postings by submitting your application, resume and/or cover letter to us, we will collect and use your information to assess your qualifications.
      • Property management information. When you use the Services to manage real property, either directly or through a professional property manager, we may collect information related to the property being managed, including the property address, property characteristics, and personal information of those involved in the transaction.
      • Real estate information. When you use the Services to buy, sell, or lease real property, or to attempt to buy, sell, or lease real property, we may collect information related to that transaction, including but not limited to photographs, listing details, offer, sales or lease prices, inspection reports, title, closing, financing documents, and personal information of those involved in the transaction.
      • Registration for sweepstakes or contests. We may run sweepstakes and contests. Contact information you provide may be used to reach you about the sweepstakes or contest and for other promotional, marketing, and business purposes, if permitted by law. In some jurisdictions, we are required to publicly share information of winners.
      • Tenant information. When you use the Services to lease or to inquire into leasing real property, we may collect information from you, including information about the types of properties and amenities that you express interest in and information regarding your application and tenancy.
      • Transaction related information. When you use the Services to track or record your property management transactions, we may collect personal information related to your property revenues and expenditures.
      • Your communications with us. We collect personal information from you such as your full name, email address, phone number, or mailing address when you request information about our Services, request customer or technical support, including messages you submit through support conversations, apply for a job, or otherwise communicate with us.We may also contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information, which may include personal information.
    2. Information collected automatically or from others

      We may collect personal information automatically when you use our Services:

      • Automatic data collection. We, as well as third parties that provide content, advertising, or other functionality on the Services, may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, media access control address (MAC address), cookie identifiers, mobile carrier, mobile advertising identifier, and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during, and after using the Services, information about the links you click, and other information about how you use the Services. Information we collect may be associated with accounts and other devices.In addition, we may automatically collect data regarding your use of our Services, such as the types of content you interact with and the frequency and duration of your activities. We may combine your information with information that other people provide when they use our Services, including information about you when they tag you.
      • Cookies, pixel tags/web beacons, analytics information, and interest-based advertising technologies.
        We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies“) to automatically collect information from your devices through the Services. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.

      Our uses of these Technologies fall into the following general categories:

      • Operationally necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity, and improve security or that allow you to make use of our functionality.
      • Performance related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services (see Analytics below).
      • Functionality related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed.
      • Advertising or targeting related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party sites.See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
      • Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. Some of our analytics partners include:
        • Amplitude. Amplitude is a product analytics platform that helps businesses to track visitors with the help of collaborative analytics. The platform uses behavioral reports to understand users’ interactions with products. See their Privacy Policy and Terms of Service for more information. To opt out, email privacy@amplitude.com.
        • AB Tasty. AB Tasty assists us in comparing user engagement and response to two versions of a web page or application to see which performs better. For more information, please see AB Tasty’s Terms of Use. To opt out, please click here.
        • Facebook Connect. We use Facebook Connect to provide a single sign-on application which allows users to interact on our websites using their Facebook account. For more information, please visit Facebook’s Facebook’s Data Usage Policy. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address while logged into your Facebook account: https://www.facebook.com/settings?tab=ads.
        • FullStory. We use FullStory to track user website behavior, including mouse movements. For more information, see FullStory’s Privacy Policy. To opt out, please click here.
        • Google Analytics. Google Analytics provides statistics and analytical tools to assist with search engine optimization and marketing purposes. For more information, please visit https://policies.google.com/technologies/partner-sites. You can opt out of Google’s collection and processing of data generated by your use of the Services here.
        • HubSpot. We use Hubspot to manage interactions with customers and to analyze the success of marketing campaigns and track user behavior. For more information or to opt out, visit HubSpot’s Privacy Policy.
        • Intercom. Intercom is a customer communications platform that provides information about who is using a company’s product or website and makes it easy to personally communicate with them with targeted content, behavior-driven messages, and conversational support. See Intercom’s Privacy Policy and, opt out, click here.
        • LinkedIn Analytics. LinkedIn Analytics measures metrics of our LinkedIn company page, including followers, clicks, shares, and comments. For more information, please visit LinkedIn Analytics’ Privacy Policy. To learn more about how to opt out of LinkedIn’s use of your information, please click here.
        • Mixpanel. Mixpanel is a user analytics tool that allows us to track how users interact with our Internet-connected applications. For more information about Mixpanel, please visit Mixpanel’s Privacy Policy.
        • Smartlook. Smartlook is a visitor recording tool that allows a company to see its website through the viewpoint of its visitors. View Smartlook’s Privacy Policy for instructions on how to opt out of their processing or use of your information.
      • Social Media Platforms. Our Services may include publicly accessible blogs, forums, social media pages, and private messaging features. By using such Services, you assume the risk that the personal information provided by you may be viewed and used by third parties for any number of purposes. In addition, social media buttons (such as Facebook of LinkedIn that might include widgets such as the “share this” button or other interactive mini-programs) may be on our site. These features may collect your IP address, which page you are visiting on our site, may set a cookie to enable the feature to function properly, and may allow the social media provider to link information collected on our Service with information they already possess about you. These social media features are either hosted by a third party or hosted directly on our site. Your interactions with these features apart from your visit to our site are governed by the privacy policy of the company providing it, and we encourage you to read their policies.
    3. Information from other sources

      We may obtain information about you from other sources, including through third-party services and organizations to supplement information provided by you. For example:

      • Business development and strategic partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
      • Bank partners. If you enroll in our banking services, we may receive information from you from our bank partner, including your transaction and purchase history. We use this information to facilitate our provision of online banking services, cash back programs, and rewards programs.
      • KYC providers. If you enroll in our banking services or purchase an investment from Roofstock One, we may receive information from third-party Know Your Customer (KYC) verification services to authenticate your identity and the information you provide us.
      • Third-party social networks. If you create an account using your login credentials from one of your social network accounts (“SNS Accounts“), we may be able to access and collect your name, email address, and other personal information that your privacy settings on the SNS Account permit us to access. If you create an account through the Site or one of your SNS Accounts, we may also collect your gender, date of birth and other personal information, as well as non-personal information relating to you.
      • Widely available or public data. We may also collect widely available or publicly available data, such as tax, assessment, or demographic information about you or your property from local, state, or federal governments or agencies.
  3. HOW WE USE YOUR INFORMATION

    We use your information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market products and services that may be of interest to you, whether from Roofstock or nonaffiliated third parties, as described below.

    1. Provide our Services

      We use your information to fulfill our contract with you and provide you with our Services, such as:

      • Managing your information and accounts
      • Providing access to certain areas, functionalities, and features of our Services
      • Answering requests for customer or technical support
      • Communicating with you about your account, activities on our Services and policy changes
      • Processing your financial information and other payment methods for products or Services purchased
      • Providing advertising, analytics, and marketing services
      • Processing applications for goods or services and completing requested transactions
      • Allowing you to register for events
      • Furnishing you with customized materials about offers, products, and services that may be of interest, including new content or services from Roofstock or nonaffiliated third parties
      • Providing you the means to perform activities or transact with third party goods or services providers.

      In addition, we may analyze any User Content (as described and defined in our Roofstock Terms and Conditions and Roofstock One User Agreement) that you provide via the Services, and make the results of such analysis, including, without limitation, valuation, and asset management information about Properties, available to other Users of the Services.

    2. Administrative Purposes

      We use your information for various administrative purposes, such as:

      • Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention
      • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
      • Measuring interest and engagement in our Services
      • Short-term, transient use, such as contextual customization of ads
      • Researching and developing products, services, marketing, or security procedures to improve their performance, resilience, reliability, or efficiency
      • Improving, upgrading, or enhancing our Services
      • Developing new products and Services
      • Ensuring internal quality control and safety
      • Authenticating and verifying your identities, including requests to exercise your rights under this Privacy Policy
      • Debugging to identify and repair errors with our Services
      • Auditing relating to interactions, transactions, and other compliance activities
      • Enforcing our Roofstock Terms & Conditions and Roofstock One User Agreement and other policies
      • Complying with our legal obligations, protecting your vital interest, or as may be required for the public good.
    3. Marketing and advertising products and Services from Roofstock or nonaffiliated third parties

      We may use personal information to tailor and provide you with content and advertisements from our affiliates or from nonaffiliated third parties that may be of interest to you. We may provide you with these materials as permitted by applicable law.

      Some of the ways we market to you include email campaigns, custom audiences advertising, and “interest-based” or “personalized advertising,” including through cross-device tracking. For example, when you use the Services to add information about your real estate holdings, including property address, building details, rent roll, income, and expense information), we may use this personal information for the purposes of making an offer to acquire any of your real estate holdings. When you import or use our banking services, we may use your transaction or payment history to identify relevant goods or services providers to offer you, directly or through non-affiliated third parties.

      If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes as permitted by law, you may contact us at any time as set forth in Section 5 below, entitled “Your Privacy Choices and Rights.”

    4. Other purposes

      We also use your information for other purposes as requested by you or as permitted by applicable law.

      • Automated decision making. We may engage in automated decision making by analyzing your online behavior and interests to recommend certain products or services to you. The processing of your personal information will not result in a decision based solely on automated processing that significantly affects you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.
      • Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
      • Use de-identified and aggregated information. We may use personal information and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create. For example, we may also analyze general characteristics such as record types and volumes, in order to price, audit, and improve the Services. We may also use this de-identified and aggregated information to support our Services generally, such as creating and selling aggregate market insights to third parties.
    5. Share content with friends or colleagues

      Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.

  4. DISCLOSING YOUR INFORMATION TO THIRD PARTIES

    We disclose your information to third parties for a variety of business purposes, as described below.

    1. Disclosures to provide Services

      The categories of third parties with whom we may share your information are described below.

      • Advertising partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.”
      • Affiliates. We may share personal information between our affiliated companies, including Roofstock, Inc., Roofstock One, Inc., Roofstock Advisors, LLC, Roofstock Realty, Inc., Roofstock Realty, LLC, NoHo Services, Inc. d/b/a Great Jones, Stessa Inc., and Streetlane PM, LLC, d/b/a Streetlane Homes, and any additional subsidiary, affiliate, or branch that we have or may subsequently form to manage our business, develop, improve, and/or offer products and Services, and for other business purposes.
      • APIs/SDKs. We may use third-party Application Program Interfaces (“APIs”) and Software Development Kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below.
      • Business partners. We may share your personal information with business partners to provide you with a product or service that may be of interest to you. We may also share your personal information to business partners with whom we jointly offer products or services. These partners may also use the information we provide them to customize real estate services and other offers and services for you, or for their own marketing purposes.
      • Other users/website visitors. As described above in “Personal Information We Collect,” our Services allow you to share your profile and/or User Content with other Users/publicly, including to those who do not use our Services.
      • Service providers. We may share your personal information with our vendors and third-party service providers who use that information to help us provide our Services. This includes service providers that provide us with IT support, hosting, payment processing, customer service, and related services.
    2. Disclosures to protect us or others

      We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement, national security requests, or legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

    3. Disclosure in the event of merger, sale, or other asset transfers

      If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

  5. YOUR PRIVACY CHOICES AND RIGHTS

    1. Your privacy choices

      We provide you with the following privacy choices regarding your personal information as required by applicable law and which are described below.

      • Cookies and interest-based advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. If you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.
      • Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
      • Email and telephone communications. If you receive an unwanted marketing email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future marketing emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms or this Privacy Policy). You also have the right to opt out of receiving unwanted marketing telephone calls and may ask to be placed on our entity-specific do-not-call list by contacting us as set forth in “Contact Us” below.
      • General. You have certain choices about your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described above.
      • Mobile devices. We may send you push notifications through our mobile application. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
      • Text messages. You may opt out of receiving text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.

      The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada. To separately make choices for mobile apps on a mobile device, you can download DAA’s AppChoices application from your device’s app store. Alternatively, for some devices you may use your device’s platform controls in your settings to exercise choice. Please see https://www.networkadvertising.org/mobile-choice/ for more information on how to opt-out on mobile devices.

      Please note you must separately opt out in each browser and on each device.

      Advertisements on third-party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.

    2. Your Privacy Rights

      To the extent required by applicable law, you may have the right to:

      • Access to/port information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information in a structured, commonly used, and machine readable format; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (the “right of data portability”).
      • Request correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information, or we may refer you to the controller of your personal information who is able to make the correction.
      • Request deletion of your personal information, subject to certain exceptions prescribed by law.
      • Request restriction of or object to processing of your personal information.
      • Withdraw your consent to our processing of your personal information.

      If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

  6. INTERNATIONAL DATA TRANSFERS

    You acknowledge that all information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.

    If we transfer personal information to countries outside the European Economic Area, United Kingdom or Switzerland, we will put in place appropriate safeguards as required by applicable law to ensure that this transfer complies with the applicable laws and regulations and require our third-party service providers and partners to have appropriate safeguards as well. Further details can be provided upon request, please contact us as set forth in “Contact Us” below.

  7. DATA RETENTION

    We store the personal information we collect as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

  8. SECURITY OF YOUR INFORMATION

    We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.

    By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail, or by sending an e-mail to you.

  9. CHILDREN’S INFORMATION

    The Services are not directed to children under 13 (or other age as required by local law), and we do not permit end users under age 16 or knowingly collect personal information from children under age 16. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth in “Contact Us” below. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.

  10. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS

    This supplemental notice for California residents (“Privacy Notice”) only applies to our processing of Personal Information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”) and applies solely to individuals, who are residents of the State of California (“consumer” or “you”) in our role as a business. Any terms defined in the CCPA have the same meaning when used in this Privacy Notice.

    1. Information we collect

      In providing our Services, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information“).

      Personal Information does not include:

      • Publicly available information from government records
      • Deidentified or aggregated consumer information
      • Information excluded from the CCPA’s scope, like health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

      We may have collected the following categories of Personal Information from our consumers in our role as a business within the last twelve (12) months):

      Category of Personal Information Collected by Roofstock Category of Third Parties Information is Disclosed to for a Business Purpose
      Identifiers.
      A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers.
      • Advertising networks (excluding Social Security Number)
      • Data analytics providers
      • Providers of other goods and services
      • Service providers
      Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
      A name, signature, Social Security number, address, telephone number, driver’s license or state identification card number, passport number, employment, employment history, bank account number, credit card number, debit card number, or any other financial information
      • Data analytics providers
      • Providers of other goods and services
      • Service providers
      Protected classification characteristics under California or federal law
      Age (40 years or older), marital status, sex, veteran or military status.
      • Data analytics providers
      • Providers of other goods and services
      • Service providers
      Commercial information
      Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
      • Advertising networks
      • Data analytics providers
      • Providers of other goods and services
      • Service providers
      Internet or other electronic network activity
      Browsing history, search history, information on a consumer’s interaction with an internet website, application, or advertisement.
      • Advertising networks
      • Data analytics providers
      • Providers of other goods and services
      • Service providers
      Sensory data
      Audio, electronic, visual, or similar information.
      • Advertising networks
      • Data analytics providers
      • Providers of other goods and services
      • Service providers
      Professional or employment-related information
      Current or past job history or performance evaluations.
      • Service providers
      • Providers of other goods and services
      Inferences drawn from other personal information to create a profile about a consumer
      Profile reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
      • Advertising networks
      • Data analytics providers
      • Providers of other goods and services
      • Service providers

      The categories of sources from which we collect Personal Information and our business and commercial purposes for using Personal Information are set forth in “Personal Information We Collect” and “How We Use Your Personal Information” above, respectively.

    2. Sales of Personal Information

      For the purposes of the CCPA, we may “sell” Personal Information to nonaffiliated third parties for marketing purposes. If we do, you may opt out of such selling by accessing the “Do Not Sell My Personal Information” link on our homepage and/or contacting us through one of the methods as described in the “Contact Us” section below. We do not collect and do not have actual knowledge of any “sale” of Personal Information of minors under 16 years of age.

    3. Your rights and choices

      The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in “Contact Us” below and provide written authorization signed by you and your designated agent. To protect your privacy, we will take steps the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include asking you to answer questions regarding your account and use of our Services.

    4. Non-discrimination

      We will not discriminate against you for exercising any of your CCPA rights. Note that we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer, will reasonably relate to your Personal Information’s value to us and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

    5. California’s “Shine the Light” law

      Civil Code Section § 1798.83 permits users of our Sites and Services who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us as set forth in “Contact Us” below.

    6. Accessibility

      This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.

    7. Refer-a-Friend and Similar Incentive Programs

      As described above in “How We Use Your Personal Information” (“Share Content with Friends or Colleagues”), we may offer referral programs or other incentivized data collection programs. For example, we may offer incentives to you such as discounts or promotional items or credit in connection with these programs, wherein you provide your personal information in exchange for a reward or provide personal information regarding your friends or colleagues (such as their email address) and receive rewards when they sign up to use our Services. (The referred party may also receive rewards for signing up via your referral.) These referral programs are entirely voluntary and allow us to grow our business and provide additional benefits to you. The value of your data to us depends on how you ultimately use our Services, whereas the value of the referred party’s data to us depends on whether the referred party ultimately becomes a User and uses our Services. Said value will be reflected in the incentive offered for each referral in connection with each program.

  11. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS

    If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties. You can exercise this right by contacting us as set forth in “Contact Us” below with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in “Contact Us” below.

  12. OTHER PROVISIONS

    1. Third-party websites

      The Services may contain links to other websites, and other websites may reference or link to our website or other Services. These other websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

    2. Supervisory authority

      If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

    3. Changes to our Privacy Policy

      We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.

  13. CONTACT US

    If you have any questions about our privacy practices or this Privacy Policy, or if you wish to submit a request to exercise your rights as detailed in this Privacy Policy, please contact us.

    For Roofstock and Roofstock One users: For Great Jones users:
    privacy@Roofstock.com
    C/O Legal and Compliance Department
    2001 Broadway, Suite 400
    Oakland, CA 94612
    privacy@GreatJones.co
    C/O Legal and Compliance Department
    2001 Broadway, Suite 400
    Oakland, CA 94612
    For Stessa users: For Streetlane users:
    privacy@Stessa.com
    C/O Legal and Compliance Department
    2001 Broadway, Suite 400
    Oakland, CA 94612
    privacy@Streetlane.com
    C/O Legal and Compliance Department
    2001 Broadway, Suite 400
    Oakland, CA 94612

Revised: December 22, 2021

ATTACHMENT A: ROOFSTOCK ONE PRIVACY NOTICE

Rev. 09/21

Download Attachment