Our Privacy Policy

“Services” are the software, web pages, analysis, and any information generally accessible through a website that we host, such as YourStake.org, as well as any updates or modifications we make.

“Companies” are corporations that are publicly traded on stock markets or Asset Managers that manage mutual funds and/or ETFs.

“Financial Advisors” are Registered Investment Advisors, typically carrying Series 65 credentials, who subscribe to YourStake for annual services that help them understand, communicate, and improve the social impact of their portfolios.

“Clients” are clients of Financial Advisors.

“Users” are all users of YourStake’s services, including Financial Advisors.

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, as defined under applicable privacy law (including the California Consumer Privacy Act, as amended).

“Sensitive Personal Information” means the subset of Personal Information that receives heightened protection under applicable privacy laws, such as government identifiers, account credentials, precise geolocation, and financial account information.

“Nonpublic Personal Information” or “NPI” has the meaning given to it by the Gramm-Leach-Bliley Act and SEC Regulation S-P, and generally includes personally identifiable financial information that a consumer provides to a financial institution.

Information you Provide Us

We collect information you voluntarily provide us when you use the Website. This information may include:

• Account Information. To create an account as a Financial Advisor, you must provide an email address and password. Your email and password are not public. We store your user account preferences and settings.
• Content you submit. We collect the content you submit to us. Your content may include text, links, images, and documents. Uploaded content (including documents you provide for analysis) may be processed by enterprise artificial intelligence services as described under “AI and Automated Processing” below.
• Actions you take. We collect information about the actions you take on the Website. This includes pages you visit, and analyses you run.
• When you Communicate with Us. You may choose to provide other information directly to us. For example, when you suggest a feature or report a bug, or otherwise communicate with us.

Financial Advisors may use YourStake’s services without sharing any personal information about clients or prospective clients (“Clients”). However, Financial Advisors may choose to upload client information, use YourStake Questionnaires for clients, or initiate a technology integration with a custodian or service provider to sync current client accounts. In this case, YourStake may receive information about a Client and that Client’s portfolio. YourStake stores only the information necessary for Financial Advisors’ financial planning and investment management needs.

Any personal information about any Client will be visible to that Client’s Financial Advisor, but will not be visible to any User other than the Financial Advisor or an administrator for their firm. Any client information input from a Financial Advisor will not be used by YourStake in any way besides providing services to that Financial Advisor to communicate with their client. Client information that constitutes Nonpublic Personal Information under SEC Regulation S-P is handled consistent with the financial-privacy obligations of the Financial Advisor on whose behalf we process it.

When you use or access the Website, we collect information that includes:

• Log and Usage Data. We may log information when you access and use the Website. This may include your IP address, browser type, operating system, referral URLs, device information, pages visited, links clicked, user interactions, hardware settings, and search terms.
• Information Collected from Cookies. We may receive information from cookies, which are pieces of data your browser stores and sends back to us when making requests. We use this information to improve your experience, understand user activity, and improve the quality of the Website. For example, we store and retrieve information about your preferred language and other settings.
• Information Collected from Integrations. We may receive information about you from third-party websites that integrate with the Website. For example, like many websites, we use Google Analytics to get a better understanding of our audience.

Categories of Personal Information We Collect (California and other state law disclosure)

In the twelve months preceding the date of this Policy, we have collected the following categories of Personal Information for the business and commercial purposes described under “How we Use Information” below: identifiers (such as name, email, IP address); commercial information (subscription and billing details); internet or other electronic network activity information; professional or employment-related information (for Financial Advisor users); financial information regarding Clients (such as account holdings and transactions) provided by Financial Advisors or sourced from custodian integrations; and inferences drawn from the foregoing. We do not knowingly collect Sensitive Personal Information beyond account credentials and the financial account information described above.

Sources of this information include: directly from Financial Advisors and other Users; from custodians, portfolio accounting providers, and other service providers with which a Financial Advisor has authorized an integration; and automatically from devices used to access the Website.

We do not sell Personal Information, and we do not share Personal Information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act.

We use information about Users, including you, the Financial Advisor, and any Clients whose information you may sync with YourStake, to:

• Provide, maintain, and improve the Website
• Personalize your experience because your information helps us to better respond to your individual needs
• Research and develop new services
• Help protect the safety of the Website and our users, which includes blocking suspected spammers, addressing abuse, and enforcing the Terms of Service
• Send you technical notices, updates, security alerts, and other support and administrative messages or to otherwise communicate with you about the use of the Website
• Monitor and analyze trends, usage, and activities in connection with our Services
• Address any claim or dispute related to your use of the Website, or as otherwise allowed by applicable law

YourStake uses enterprise large-language-model (LLM) services to support certain product features such as document extraction, summarization, and drafting assistance. When you upload content or use AI-assisted features, that content may be transmitted to these enterprise LLM services for processing. Under the terms of our enterprise agreement, these services do not store user input or model output, do not use prompts or completions to train any underlying models, and do not share that information with third-party model providers. We do not make automated decisions about you that produce legal or similarly significant effects. Additional detail is set out in our AI Security Policy, available on request and in our Vanta Trust Center, as well as list of data subprocessors, our vendor management and diligence procedures, and more.

We will only use your personal information and your Clients’ personal information as permitted by law. Under most circumstances, we will use your personal information for the following permissible reasons:

• To perform the contract we are about to enter into or have entered into with you (e.g. when we provide you Services)
• To carry out our legitimate interests provided that your interests and fundamental rights do not override those interests (e.g. so YourStake can carry out its mission)
• When you provide consent (e.g. when you request that we receive information from a technology integration partner; you have the right to withdraw that consent at any time by contacting us)
• To comply with a legal or regulatory obligation

When you use the Website, certain information may be shared with other users and the public, as follows. Information about your clients will never be accessible by the public, and can only be viewed by Financial Advisors in your organization that already have access to the information through custodian and/or service provider relationships. Anonymized, aggregated statistics about User activities may be reported to other users or potential users of YourStake. These statistics must not be able to reasonably identify any individual.

We will not share, sell, or give away our Users’ personal information to third parties, unless one of the following circumstances applies:

• To comply with the law. We may share information (and will attempt to provide you with prior notice, to the extent legally permissible) in response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, legal process or governmental request, including, but not limited to, meeting national security or law enforcement requirements
• To enforce our policies and rights. We may share information if we believe your actions are inconsistent with our Terms of Service, YourStake policies, or to protect the rights, property, and safety of ourselves and others
• With other users, with your consent. We share certain information among Financial Advisors. For example, financial advisors who choose to sync with their client accounts are able to view their clients’ holdings so as to generate impact reports.
• With our partners and subprocessors. We may share information with vendors, consultants, subprocessors, and other service providers (but not with advertisers or ad partners) who need access to such information to carry out work for us. The partner’s use of personal data will be subject to appropriate confidentiality and security measures, including written data-processing terms where applicable. A current list of subprocessors is available through our Vanta Trust Center, and we will provide reasonable advance notice of material changes to subprocessors that handle Client information.
• Aggregated or de-identified information. We may share aggregated or de-identified information, which cannot reasonably be used to identify you.

Ads and Analytics Partners

In general, YourStake does not primarily rely on revenue from online display advertising. Nevertheless, we may partner with third parties as marketing affiliates, in the context of providing you a relevant link to sign up for a good or service that enhances your use of the YourStake. If you decide to visit and submit any information to a third party, you are subject to its privacy policy and practices and not this Privacy Policy.

Marketing Partners. We may provide a unique link to a marketing partner, for you to sign up to a product or service relevant to YourStake. We disclose such relationships at the location where you are able to click on the link. We do not share your YourStake account details with these partners. This means that we do not share your individual account browsing habits. YourStake cannot see these partners’ cookies, and marketing partners will not see YourStake cookies.

Analytics Partners. We use analytics partners (such as Google Analytics) to help analyze usage and traffic for our Services. As an example, we may use analytics partners to analyze and measure, in the aggregate, the number of unique visitors to the Website.

You have choices about how to protect and limit the collection, use, and disclosure of information about you.

• Change Your Information. You can change or update your information with us at any time by contacting us, or through the tools we provide you to do so, located on your user dashboard.
• Deleting your Account. You may delete your account information at any time from the user preferences page. When you delete your account, all personal information about your clients will also be deleted, and your profile is no longer visible to anyone.
• Access or Object to Use of Your Information. In addition to the opt-out and edit options, residents of jurisdictions with applicable privacy laws (including the European Economic Area, the United Kingdom, California, and other U.S. states described below) can request access to your information, and object to or seek to restrict our processing of your information in certain circumstances. Please note that you can always ask us to delete your information from all marketing communications or subscriptions at any time. To exercise these rights, please contact privacy@yourstake.org. We will verify your request and respond within the time period required by applicable law (generally 45 days under U.S. state laws and 30 days under GDPR/UK GDPR).

If you are in the European Economic Area or the United Kingdom, you have the right to request access to, rectification of, or erasure of your personal data; to data portability in certain circumstances; to request restriction of processing; to object to processing; and to withdraw consent for processing where you have previously provided consent. These rights can be exercised using the information provided under “Your Options” above. EEA users also have the right to lodge a complaint with their local supervisory authority. UK users have the right to lodge a complaint with the Information Commissioner’s Office.

Controlling Linked Services, Cookies, Analytics, Do Not Track

• Controlling the Use of Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject first- and third-party cookies. Please note that if you choose to remove or reject cookies, the availability and functionality of the Website will become impaired. The cookies we use generally fall into the following categories: strictly necessary cookies (required for sign-in, security, and core site functionality); functional cookies (which remember your preferences and settings); and analytics cookies (used to understand site usage in the aggregate). We do not use cookies for cross-context behavioral advertising.
• Controlling Analytics. Some analytics providers we partner with may provide specific opt-out mechanisms and we may provide, as needed and as available, additional tools and third-party services that allow you to better understand cookies and how you can opt-out. For example, you may manage the use and collection of certain information by Google Analytics.
• Do Not Track and Opt-Out Preference Signals. Most modern web browsers give you the option to send a Do Not Track signal or a Global Privacy Control (GPC) signal indicating that you do not wish your Personal Information to be sold or shared. We honor GPC signals where they apply under California law. Because we do not sell or share Personal Information for cross-context behavioral advertising, our handling of GPC signals does not change our processing of your data, but we treat any such signal as a valid opt-out under applicable law.

Depending on your state of residence, you may have additional rights under state privacy laws including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA); the Virginia Consumer Data Protection Act (VCDPA); the Colorado Privacy Act (CPA); the Connecticut Data Privacy Act (CTDPA); and similar laws in Utah, Texas, Oregon, Montana, Tennessee, Iowa, Indiana, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, Rhode Island, and other states with effective comprehensive privacy laws. Where applicable, these rights may include: the right to know what Personal Information we collect, use, disclose, and (if applicable) sell or share; the right to delete Personal Information; the right to correct inaccurate Personal Information; the right to data portability; the right to opt out of any sale or sharing of Personal Information for cross-context behavioral advertising (as noted above, we do not engage in either); the right to limit our use and disclosure of Sensitive Personal Information; and the right not to receive discriminatory treatment for exercising any of these rights.

To submit a request, contact privacy@yourstake.org. We will require information sufficient to verify your identity and, where applicable, your authority to act on behalf of another person. You may also designate an authorized agent to submit a request on your behalf. We do not currently use a “Do Not Sell or Share My Personal Information” link because we do not sell or share Personal Information in the senses defined by the CCPA; however, we honor opt-out preference signals such as Global Privacy Control (GPC) where they apply.

We take measures to protect information about you from loss, theft, disclosure, alteration, destruction, misuse and unauthorized access. For example, we use HTTPS while information is being transmitted. We also enforce technical and administrative access controls to limit which of our employees have access to non-public information. Our security practices are vetted to be satisfied by a high standard of rigor by our integration partners and accredited third-party auditors. Audit reports are available on request and through our Vanta Trust Center, including our SOC 2 Type 2 report, penetration testing summaries, and our security policies.

In the event of a security incident affecting your Personal Information, we will notify affected Users and, where applicable, Financial Advisors whose Clients are affected, without undue delay and consistent with our Security Incident Response Policy and applicable law. Our standard commitment is to notify affected customers within 72 hours of confirming that an incident is of high severity and involves their data.

We store the information we collect for as long as it is necessary for the purpose(s) for which we originally collected it. We may retain certain information for legitimate business purposes or as required by law. Our specific retention periods are set out in our Data and Record Retention Policy. In summary: application data (including Financial Advisor account records and Client data ingested into our application) is retained for seven years by default, which aligns with the recordkeeping requirements applicable to our customers under SEC Investment Advisers Act Rule 204-2 and SEC/FINRA broker-dealer rules (SEC Rule 17a-4 and FINRA Rule 4511), unless a Customer requests a shorter or longer period; and application, audit, and infrastructure logs are retained in accordance with the retention exhibit to that policy. Backups age out in the ordinary course of business consistent with our disaster-recovery commitments. Retention periods may be configured for specific enterprise customers where required by their own recordkeeping obligations.

The Website is intended for individuals over the age of 18 only. Individuals under the age of 18 may not create an account or otherwise access or use the Website.

We are based in the United States, and we process and store information on servers located in the United States. We may store information on servers and equipment in other countries depending on a variety of factors, including the locations of our users and service providers. Where we transfer Personal Information of EEA, UK, or Swiss data subjects out of those jurisdictions, we rely on appropriate transfer mechanisms, including the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), supplemented by additional technical and organizational safeguards as required.

We may change this Privacy Policy from time to time. If we make material changes, we will provide reasonable advance notice (typically at least 30 days) by email to the contact information you provided when signing up and by posting an updated version of this Policy on the Website with a revised “Last updated” date. Your continued use of the Website following the effective date of any updated Policy constitutes your acceptance of the updated terms.

The goal of this Policy document is to clarify your questions. We are always seeking to be more clear. If you have any questions or suggestions regarding this Privacy Policy, you may contact us via email at privacy@yourstake.org.