Privacy Policy

Last Updated: October 14, 2022

This Privacy Policy (“Policy”) describes how Overflow App Inc. (“Overflow,” “we,” “us,” or “our”) collects, uses, protects, and shares your personal information on our website, online platforms, and any other websites that link to this Privacy Policy (collectively, “the Services”).

This Policy does not apply to the personal information processed, maintained, or otherwise managed by Overflow solely for the benefit of, on the behalf of, or under the exclusive direction or control of our business customers in Overflow’s capacity as a service provider in the context of our Overflow for Corporations service. We have no direct relationship with the individuals whose personal information we process on behalf of our business customers. To learn more about the processing of your personal information in that context, please consult the relevant business customer’s privacy policy.

Personal Information We Collect

Information you provide to us:

Account information. When you register for our Services, we collect your first and last name, password, email address, billing address, phone number, and any additional information you provide in order to create an Overflow account.
Organization Account Creation. If you create an account on behalf of a non-profit, we will collect your name, email, telephone number, job title, and certain additional information applicable to the non-profit for which you are creating the account, like the employer or tax identification number, the organization’s data brokerage account and financial information, ZIP code, size, mission of the non-profit and any information you provide in order to create an Overflow account.
Donor Information. As a donor or a financial advisor on behalf of a donor, you may provide us various information related to the contributions that the donor may make to third parties through Overflow, including but not limited to details regarding your contributions, tax documentation, and other related information.
Financial Information. When you submit a non-cash contribution through Overflow, you provide us and our service providers with your name, email address, physical address, phone number, brokerage, brokerage number (which we encrypt when storing in our database), securities portfolio information for any brokerage accounts you link to the Services, the amounts and recipients of your contributions, date of settlements, and any other personal information and financial details required to initiate a stock contribution. To process certain contributions we may need to help you create accounts with third party brokerages. Doing so may require us to collect additional information like your social security number, Government-issued photo ID, date of birth & questions about your sources of income, including name of employer and employment status. Please note, however, that we collect that information solely to help establish your account with the third party brokerage.

For cash contributions, our payment processors will collect the financial information necessary to process your payments, such as your financial account information, payment card number, and authentication details. We do not maintain payment card information on our servers.
For contributions made by cryptocurrencies, we will collect the information necessary to process your contribution, including the amount and recipient of your contribution.

Communications with Overflow. When you contact us via a contact form, email, text message, helpdesk, or by any other method, we may collect your name, email address, phone number, mailing address, company, professional title or role, transaction information about your contributions, and the contents and nature of your correspondence with us. We may also solicit details surrounding your specific transaction.
Marketing data. When you sign up to receive notifications or marketing from us, you may provide us with information such as your name, phone number, email address, company and title/role. We may also collect information concerning your preferences for receiving our marketing communications, and details about your engagement with marketing communications that we send to you.

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our website and the Services, such as:

Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type and version, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, and general location information such as city, state or geographic area.
Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the website, navigation paths between pages or screens, information about your activity on a page or screen (including button clicks, hovering over elements, typing into input fields), access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We use the following tools for automatic data collection:

Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies to help us analyze how users use the website and enhance your experience when you use the website. For more information on how Google uses this information, click here.
Local storage technologies handle authentication in a number of our client-side applications. We store a JWT (JSON Web Token), which is an encrypted secret that uniquely identifies a user in the local storage of the browser.
HTTP-only cookies are cookies that are not accessible via client-side scripting and are used for user authentication. They are only accessible via server-side. Note that similar to local storage, we will store a JWT in an HTTP-only cookie.
Session storage technologies, which is used similar to local storage except only stores data for the duration of a user's session. This helps maintain form values if a user refreshes the page, so they don't lose any progress. Note, when a user closes the tab they are on, the session storage of the browser is automatically cleared.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Information we collect from third party sources. We may also collect personal information from non-profit organizations, service providers, social media platforms, and other third party public sources.

How We Use Personal Information

We use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We use your personal information to:

Provide, operate and improve the Services and our business;
Prepare the documentation necessary to facilitate your contributions and send/solicit confirmations relating to your transaction;
Analyze your portfolio;
Communicate with you about the Services, including by sending announcements, updates, security alerts, and support and administrative messages; and
Provide support for the Services, and respond to your requests, questions and feedback.

Research and development. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services, and promote our business.

Marketing. We may collect and use your personal information to send you marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via email, telephone, text message, and other means. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.

Interest-Based Advertising: We engage advertising partners, including third party advertising companies and social media companies, to display ads on the Service and other online services. These companies may use cookies and similar technologies to collect information about your interaction over time across the Service, our communications, and other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to our or similar users (known as a “lookalike audience”) on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Limit Online Tracking section below.

Compliance and protection. We may use and share your personal information with third parties in order to:

Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
Audit our internal processes for compliance with legal and contractual requirements and internal policies;
Enforce the terms and conditions that govern our website and Services; and
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

How We Share Personal Information

Your Sharing. When you use our Services, we may provide means for you to share information about you and your contributions with third parties, including through provision of a custom link.

Our Sharing. We may share your personal information with:

Non-Profit Organizations. When you make a contribution, we will share your name and information about your contribution with the organization receiving your donation, which may include the amount of your contribution, your contact information , and any additional data you provide with your contribution. If you make an anonymous contribution, your information will only be shared as needed to allow the receiving organization to provide you with the appropriate documentation to claim any applicable tax deduction.

Service providers. Companies and individuals that provide services on our behalf or help us operate our Services or our business (such as hosting services, financial account aggregation, payment processors, communication providers, information technology, customer support, email delivery, website analytics services).

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transfers. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, investment, sale or other disposition of all or any portion of the business or assets of, or equity interests in Overflow (including, in connection with a bankruptcy or similar proceedings).

Your Choices

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communications we send you, or by contacting us below.

Limit Online Tracking: Here are some of the ways you can limit online tracking:

Block Cookies: Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Use the following links to learn more about how to control cookies and online tracking through your browser:

Firefox; Chrome; Microsoft Edge; Safari

Use Privacy Plug-Ins or Browsers: You can block our Services from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers. You can also install a browser add-on to opt out of Google Analytics.
Advertising Industry Opt-Outs: You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

Digital Advertising Alliance
Network Advertising Initiative

Platform Opt-Outs. The following advertising platforms offer opt-out features that let you opt out of use of your information for interest-based advertising:

Google opt-out
LinkedIn opt-out
Microsoft opt-out
Facebook opt-out
Twitter opt-out

Note that the above opt-out mechanisms are specific to the device or browser on which they are exercised. You will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Retention

We retain your personal information for as long as appropriate to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. For example, we may be required to retain details about your contributions for accounting and tax audit purposes. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Security

As described on our security page, we employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

International Users

By using our Service, you understand and acknowledge that your personal information will be transferred from your location to our facilities and servers in the United States.

Children

The Services are not intended for use by children under 13 years of age. If we learn that we have collected personal information through our Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

Job Applicants

When you visit the “Careers” portion of our website, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to provide improved administration of the website, and as otherwise necessary (a) to comply with relevant laws or to respond to subpoenas or warrants served on Overflow; (b) to protect and defend the rights or property of Overflow or others; (c) in connection with a legal investigation; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or Overflow’s Terms of Use.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to Contact Us

You can reach us by email at support@overflow.co or at the following mailing address:

3790 El Camino Real
Unit #569
Palo Alto, CA 94306

PRIVACY NOTICE

FACTS: WHAT DOES OVERFLOW APP INC. (“OVERFLOW”) DO WITH YOUR PERSONAL INFORMATION?

Why?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?
The types of personal information we collect and share depend on the product or service you have with us. This information can include:

Name and Email Address
Portfolio Information and Donation History

How?
All financial companies need to share Consumers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their Consumers' personal information; the reasons Overflow chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information:

For our everyday business purposes —
such as to process your transactions, maintain
your account(s), respond to court orders and legal investigations, or report to credit bureaus

Does Overflow share? Yes
Can you limit this sharing? No

For our marketing purposes —
to offer our products and services to you

Does Overflow share? Yes
Can you limit this sharing? No

For joint marketing with other ﬁnancial companies

Does Overflow share? No
Can you limit this sharing? We don't share

For our affiliates' everyday business purposes — information about your transactions and experiences

Does Overflow share? No
Can you limit this sharing? We don't share

For our affiliates' everyday business purposes — information about your creditworthiness

Does Overflow share? No
Can you limit this sharing? We don't share

For our afﬁliates to market to you

Does Overflow share? No
Can you limit this sharing? We don't share

For nonafﬁliates to market to you

Does Overflow share? No
Can you limit this sharing? We don't share

Questions?
Go to https://www.overflow.co/

Who is providing this notice?
This notice is being provided on behalf of Overflow App. Inc.

How does Overflow protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured ﬁles and buildings.

How does Overflow collect my personal information?
We collect your personal information, for example, when you

Create an account with us
Give us your contact information or contact us with questions
Use the service

We may also collect your personal information from other companies.

Why can't I limit all sharing?
Federal law gives you the right to limit only

sharing for affiliates' everyday business purposes—information about your creditworthiness
afﬁliates from using your information to market to you
sharing for nonafﬁliates to market to you

State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.

Definitions

Affiliates: Companies related by common ownership or control. They can be ﬁnancial and nonﬁnancial companies.

Overflow has no affiliates.

Nonaffiliates: Companies not related by common ownership or control. They can be ﬁnancial and nonﬁnancial companies.

Overflow does not share with nonaffiliates so they can market to you.

Joint marketing: A formal agreement between nonafﬁliated ﬁnancial companies that together market ﬁnancial products or services to you.

Other important information

California and Vermont Residents: We will not share information we collect about you with nonaffiliates, except as permitted by law, including, for example, with your consent or to provide financial services you have requested.