Effective date: 5th August 2021

At Stonks, we recognize that you need to trust us if you invest with us, and so we take your privacy seriously. Trust is gained in drops but lost in buckets, so we will never stop striving to earn your trust.

In this Policy, we want to transparently lay out how (and why) we collect, use, and disclose your information when you use Stonks (the "Services"), and inform you of your privacy rights and how the law protects you. You can read the full policy below the fold, but here are the high-level points:

• Using Stonks means you consent to this Policy (and agree to our Terms). 🤝
• This Policy may change from time to time, and amended versions will be posted here (for major updates we will also email you). Continued use of Stonks means you continue to consent to this Policy. 🤝 🤝
• We collect and use some Personal Data about you in order to operate the Services. If you live in certain countries, you can opt out of some of this, but it may not be possible for us to provide you some or any of the Services if you do. 😢
• We do not collect special categories of personal data, and we do not sell your data. 👍
• To provide the full range of Stonks Services, we will sometimes have to share your data with partners and service providers (for example, sending information to a banking partner to process your investment or an SPV administrator to make sure you are included). This will be done pursuant to contracts so they will have to respect your data. 👊
• You have certain rights under this Policy (and by law in some jurisdictions). You also have responsibilities: if you share information publicly or let someone else use your account, we cannot guarantee the privacy of your data. 🔓
• Stonks is based in the US and stores data here. The data privacy laws here may be different than what you have at home. 🇺🇸
• We use certain common types of tracking technologies to enhance the Services (such as 🍪)

This Privacy & Cookies Policy is intended to meet our duties of transparency under relevant laws, including the General Data Protection Regulation ("GDPR") and the California Consumer Protection Act ("CCPA").

Introduction

We are Stonks, a platform to better connect Founders, Investors, and Viewers, and other users through the magic of livestreaming. This Policy may refer to "Stonks", "we", "us" or "our:” all of that is shorthand for Stonks, Inc.

For purposes of GDPR, we are the Controller of your Personal Data (referred to as either in this Policy). If you have any questions about this Policy, please contact us at privacy@stonks.com.

Our EU Representative. As we do not have an establishment in the European Union ("EU"), we have appointed a representative based in the European Union, who you may address if you are located in the EU to raise any issues or queries you may have relating to our processing of your Personal Data. Our EU representative is:

Collecting Your Data

First off: while Stonks does collect some personal data, we do not collect any "Special Categories of Personal Data" about you, such as details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, or genetic/biometric data.

That being said, in order to provide the Services, we do collect a few different types of Personal Data, spelled out in greater detail below.

Data You Provide Us

In order to use the services, you may be asked to provide us with information that may enable us to identify you personally ("Personal Data"). These categories are outlined below.

Identity Data

Examples: your name, username, marital status, title, date of birth, gender, photo, signature, social security number and/or tax identification number, password, copies of identification documents.

Contact Data

Examples: mailing addresses, email addresses, and telephone numbers.

Professional Background Data

Examples: educational and professional history, interests, and accomplishments.

Online Presence Data

Examples: links to your public account pages on social media websites, links to personal websites, and other online materials related to you.

Financial Data

Examples: your bank account and/or payment card details and statements about your financial situation.

Transaction Data

Examples: details about payments or investments to and from you and other details of subscriptions and services you have purchased from us.

Investment Data

Examples: information about your investment objectives, investment experience, investment amounts, and information from subscription documents for deals closed via Stonks. This also includes information about your investment entities and their beneficial owners, and tax related information regarding your investments through Stonks.

Marketing and Communications Data

Examples: your preferences in receiving marketing and other communications from us and our third parties. If you correspond with us by email or messaging through the Services, we may retain those communications.

Behavioral Data

Examples: inferred or assumed information relating to your behavior and interests, based on your online activity. This is most often collated and grouped into "segments."

Technical Data

Examples: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or use our services.

Content Data (in case we missed something)

Examples: any content you post to the Services (such as profiles, comments, participation in live events. etc.), as well as metadata about them (such as when you posted them) ( "Content").

Data We Get From Third Parties

In addition to the Personal Data that we collect directly from you, we may also collect some Personal Data from third party sources, some of which may not be publicly available.

Credit Reporting Agencies

Categories of Personal Data: Identity Data, Contact Data, Financial Data, Transaction Data

Example: running a credit report to verify your net worth for accreditation purposes.

Social Media Sites

Categories of Personal Data: Identity Data, Contact Data, Online Presence Data

Example: reviewing your public LinkedIn profile to determine your professional background in the world of startups.

Affiliates and Service Providers

Categories of Personal Data: Identity Data, Contact Data, Marketing and Communications Data, Behavioral Data,Investment Data, Transaction Data, Financial Data, Content Data

Example: obtaining reports of your investments from our banking or SPV administration partners.

Advertisers and Analytics Providers

Categories of Personal Data: Behavioral Data, Technical Data

Example: learning what device you use to access Stonks so we can improve the Services.

Aggregated Data

We may also collect, use, and share "Aggregated Data'' (such as statistical or demographic data) for any purpose. Aggregated Data does not constitute Personal Data for the purposes of data protection laws as it can not be used to identify you. If we connect Aggregated Data with your Personal Data so that it can identify you, we treat that as Personal Data in accordance with this Policy.

Using Your Data

Now that you know what we are collecting, you probably want to know what we do with it. Well, you have come to the right place! We generally use your Personal Data for the following reasons:

• To deliver and improve our Services;
• To personalize content and help you efficiently access your account;
• To manage your account and provide you with customer support;
• To perform research and analysis about your use of the Services;
• To use Content as part of our advertising and marketing campaigns to promote the Platform;
• To run analytics on our website or mobile application;
• To diagnose or fix technology problems;
• To automatically update the Services on your device;
• To maintain the security of the Services;
• To verify your identify and prevent fraud or other unauthorized or illegal activity; and
• To enforce or exercise any rights in our Terms of Service;

For each of the reasons for which we use your Personal Data, data protection laws in some jurisdictions require us to have a legal basis for that use. The legal bases depend on the Services you use and how you use them. This means we collect and use your Personal Data only where:

• You have consented to the processing of your Personal Data (and have not withdrawn that consent);
• We need to process your Personal Data to perform a contract to which you are a party;
• We need to process your Personal Data to comply with a legal obligation;
• We need to process your Personal Data to protect someone’s vital interests;
• We need to process your Personal Data to perform a task carried out in the public interest;
• We need to process your Personal Data for a legitimate interest that is not overridden by your interests (such as for R&D, marketing, and protecting our legal rights and interests).

While you are under no obligation to share any data with Stonks, if we need to process your Personal Data and you fail to provide that data when requested, we may not be able to perform the contract we have with you. In this case, we may have to stop you from using our Services. For example, if you are trying to invest on the platform but do not provide the information needed for us to perform Know Your Customer (“KYC”) due diligence as required by law or by our partners, we will be unable to accept your investment.

Sharing Your Data

In general, your data is your data, and we want you to have control over it. There are some cases, however, where we may need to share your Personal Data in order to provide the Services to you. We may share your Personal with third parties in the following ways:

With our Affiliates

Our affiliates may access your Personal Data to help us develop, maintain, and provide our Services and help manage our customer relationships.

With Service Providers

Our service providers may have to access Personal Data about you in order to provide us support for our Services, including website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis, identity verification, background and compliance reviews, fund administration, and banking services.

With Authorities

Stonks may disclose your Personal Data with legal authorities, regulators and participants in judicial proceedings if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization, or audit; to protect the safety of any person; to address fraud, security or technical issues; or to protect our own or another’s legal rights or interests.

Other

If you add Personal Data to your profile, that information may be available for public viewing on the Site. You may request that we limit disclosure of this information to certain Users, but we can not guarantee that no one else will be able to view the Personal Data included in your profile. Remember that even if you do not specifically include certain information on your profile, Users may be able to infer certain facts about you: for example, if you are an Investor on the platform, Users may be able to infer that you have a certain income or net worth.

In the event of any corporate sale, merger, reorganization, dissolution, or similar event, we may also transfer your Personal Data as part of the transferred assets without your consent or notice to you.

We may also share non-Personal Data with interested third parties.

If you request that we remove your Personal Data as described in Your Rights Relating to Your Personal Data, we will also forward that request to any third party with whom we have shared your data, but we are not responsible for recovering your Personal Data from any third party who previously received your information from us in accordance with this Policy.

Storing Your Data

In general, we will retain your Personal Data for as long as your Stonks account is active or we need it for the purposes set out in this Policy. If you request that we remove your Personal Data, we will remove it unless we need it for a continuing purpose as described in this Policy. We will only retain your Personal Data for so long as we reasonably need it, unless a longer retention period is required by law. We may keep some of your Personal Data after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with legal obligations, resolve disputes, and enforce agreements. For example, if you have active investments with Stonks, we will retain the information required to service the life of your investments.

As the Services are based and maintained in the United States, your Personal Data may be transferred to and maintained on servers or databases located outside your home jurisdiction. The privacy laws in the United States may not be the same as those in yours. If you are located outside of the United States, please be advised that we transfer all information to the United States for storage and processing, and your consent to this Policy represents your consent to this transfer, storage, and processing.

Protecting Your Data

Stonks uses industry-standard safeguards to protect your Personal Data. Only people who need to access your data to perform job-specific duties will have access to your Personal Data. We will periodically review our policies and procedures to make sure they stay effective and up to date. In spite of our best efforts, however, we cannot 100% guarantee the security of any information you transmit to Stonks.

We have procedures in place to respond to any actual or suspected Personal Data breach, and will promptly notify you of any compromise of your Personal Data. You may have a legal right to receive this notice in writing.

If you share your login and password with any third party, Stonks cannot protect your Personal Data. Keep your credentials secure, and enable two-factor authentication.

Your Data Rights

This Policy (and laws in certain jurisdictions) grants you the following rights:

Right of Access

In certain jurisdictions, you can request a copy of any Personal Data we hold about you, and to check that we are lawfully processing it.

Right of Correction

You can ask us to correct any incomplete or inaccurate information we hold about you.

Right of Erasure

You can ask us to delete any Personal Data that we hold about you, provided there is no legitimate reason for us to continue processing it (e.g., if you have active investments on the platform, we need to keep some data in order to fulfill our obligations to you). In certain jurisdictions, you can ask us to delete your Personal Data where you have exercised your right to object to processing (see below).

Right to Object to/Restrict Processing

If we are relying on a legitimate interest as the legal basis for our processing, but there is something about your particular situation which makes you want to object to the processing of your Personal Data on this basis, you can object to this processing. You also have the right to object where we are processing your Personal Data for direct marketing purposes.

You can also ask us to suspend the processing of your Personal Data in certain scenarios (e.g., if you want us to establish accuracy of your Personal Data or our reason for processing it).

Right to Transfer

In certain jurisdictions, you can ask us to provide you with your Personal Data in a structured, commonly used, machine-readable format. This right only applies to information which you initially provided consent for us to use, or where we used the information to perform a service for you.

Right to Withdraw Consent

Where we rely on your consent to process your Personal Data, you have the right to withdraw that consent. If you do, we may not be able to provide you with access to certain specific functionalities of the Services: we will advise you if this is the case at the time you withdraw your consent.

If you want to exercise any of the rights described here, please contact us (see Introduction above).

Typically, you will not have to pay to exercise these rights; however, if your request is clearly unfounded or excessive, we may charge a reasonable fee or refuse to comply with your request.

We may need to request some specific information from you to confirm your identity and ensure you can exercise these rights: this is a security measure to ensure that your Personal Data is not disclosed to anyone but you (or your designated third party).

We try to respond to all legitimate requests within one month, although it may take us longer if your request is particularly complex or you have made a number of requests. In any case, we will notify you and keep you updated.

Complaints

If you would like to submit a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us at: privacy@stonks.com. We will reply to your complaint as soon as we can.

If you feel that your complaint has not been adequately resolved, in the EU the GDPR gives you the right to contact your local data protection authority. You can find information on your country’s data protection authority here.

Marketing Communications Preferences

You can ask us to stop sending you marketing messages or modify your email preferences at any time through any of the following methods:

• by following the opt-out links on any marketing message sent to you; or
• through your account settings;
• by contacting us at any time using the contact details in Who We Are and How to Reach Us.

Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of emails relating to investments using the Services or consent to direct marketing communications.

Tracking and Profiling

Stonks may collect non-personally identifiable information regarding your usage of the Services. Like most online services, we employ technologies such as cookies, log files, clear GIFs, tracking pixels, web beacons, and other technologies that may collect Personal Data.

Cookies

Being a bunch of :gorilla: :gorilla: :gorilla:, at Stonks we generally prefer :banana: :banana: :banana:, but the internet only lets us have :cookie: :cookie: :cookie:. A cookie is a small data file sent to your browser by a website you visit that helps the site remember information about your visit, which can make it easier to visit the site again and make the site more useful to you. Lots of websites use cookies for a variety of reasons: in our case, cookies may provide us with anonymous information about how you use the Services so we can provide you with a more personalized experience.

Most browsers allow you to refuse or delete cookies; you can learn more here:

• Chrome
• Firefox
• Safari
• Edge

Our Site uses the following types of cookies for the purposes set out below:

Essential Cookies

These cookies are necessary to provide you with the Services, and are only used to provide you with the Services. Without them, you may not be able to use some aspects of the Services.

Functionality Cookies

These cookies allow our Site to remember choices you make when you use the Services (for example, remembering your login details). Without them, you can still use the Services, but functionality may be somewhat limited.

Analytics and Performance Cookies

These cookies are used to monitor the performance of our Site and collect anonymous data on usage of our Site in order to help improve how our Site works.

We use this information to help operate our Site more efficiently, to gather demographic information, and to monitor the level of activity on our Site. We may use a number of different tools for this purpose.

Targeting and advertising cookies

These cookies are used to make advertising messages more relevant to you, such as by preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interest.

Social Media Cookies

These cookies are used to enable you to share (non-confidential) pages and content from our website through third party social networking and other websites. The other sites will record this. These cookies may also be used for advertising purposes.

Log Files

Log file information is automatically reported by your browser each time you access a web page. When you use the Services, our servers automatically record certain information your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information.

Web Beacons

When you use the Services, we may employ web beacons (aka clear GIFs or tracking pixels) to anonymously track online usage patterns. No Personally Identifiable Information from your Stonks account is collected using these clear GIFs. In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened by recipients. The information collected is used to enable more accurate reporting and make Stonks better for our users.

Third Party Services

Stonks may use third-party services to help understand use of the Services. These services collect the information sent by your browser as part of a web page request, including cookies and your IP address. They receive this information and their use of it is governed by their respective privacy policies.

Use of Google User Data

If you choose to connect a Google profile to your account, we will access certain information obtained from Google regarding your account. In particular we may store your name and email address as well as information on the particular profile you connect, including your contacts. This data will only be used by us to provide you with the service you expect and will not be shared with any third parties.

Do Not Track

We do not currently respond to web browsers' "do not track" signals that provide a method to opt out of the collection of information about users' activities on the Services and on other websites. If we do so in the future, we will provide relevant information in this Privacy & Cookies Policy.

Privacy of Minors

The Stonks Services are not intended for children below the age of 18: we do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register with the Services. If you are under the age of 18, please do not submit any personal information through the Site. If we become aware that we have collected personal information from a child under age 18, we will take steps to remove that information.

Other Websites and Applications

This Policy applies only to our Services: any links to other websites not controlled by Stonks are responsible for their own content, and they may have their own privacy policies which differ from this one.

If you choose to use third-party apps, websites, or other services that use, or are integrated with, our Services, those third parties may be able to receive information about your activity within those apps, as well as information on your public profile on our Site. If you decide to use third-party apps linked through the Services, your use of these third-party apps is governed solely by their ToS and privacy policies.You should read the privacy policies of all third-party apps you decide to use. In some cases, you may have to register for or log into such third-party apps on their respective websites. By enabling the use and integration of your selected third-party apps, you expressly permit Stonks to disclose your login as well as your data to such third-party apps as necessary to facilitate your use of such apps in connection with the Services.

Amendments

We reserve the right, in our sole discretion, to amend this Policy at any time. Any changes or updates will be effective immediately upon posting to this page. You should review this Privacy Policy regularly for changes: you can determine if changes have been made by checking the Effective Date. Your continued use of our Site following the posting of any changes to this Policy means you consent to such changes.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes.