Privacy Policy

Effective Date: July 21, 2023

This privacy policy (this “Privacy Policy”) describes how Public Holdings, Inc. and its affiliates (collectively, “Public,” “we,” “our,” and “us”) collect, secure, use, retain, disclose, and otherwise process your personal information when you access and use our website and mobile app and when you otherwise engage with us (for example, by applying for our services or contacting our customer service team) (collectively, our “Services”). This Privacy Policy also describes the choices you can make with respect to the personal information we collect and process about you. In this Privacy Policy, we use “customer” and “you” to refer to anyone who accesses and uses our Services.

If you have applied for or opened an investing account with Public, then you can also refer to our U.S. Consumer Privacy Notice for a summary of how we use personal information collected from you as covered by the Gramm-Leach-Bliley Act.

Click on the links below to jump to a specific section.

  1. Personal Information We Collect

    1. Personal Information You Provide to Us
    2. Personal Information We Collect Automatically When You Use Our Services
    3. Personal Information We Create or Generate
    4. Personal Information We Receive from Other Sources
  2. How We Use Your Personal Information
  3. Personal Information We Disclose
  4. Information from Cookies and Similar Technologies
  5. How We Protect Personal Information
  6. Your Personal Information Choices
  7. Your Data Protection and Privacy Rights

    1. United Kingdom and European Union privacy rights
    2. California privacy rights
    3. Privacy rights under other U.S. state laws (excluding California)
    4. Exercising your rights over your data
    5. U.S. exemptions
  8. How We Retain Personal Information
  9. Links to Third-Party Websites and Services
  10. Children’s Privacy
  11. Location of Personal Information
  12. Changes to this Privacy Policy
  13. Contact Information
  1. Personal Information We Collect

    The personal information we collect depends on how you interact with us, the Services you sign-up for or use, and the choices you make.

    We collect information about you from different sources and in various ways when you use our Services, including information you provide directly, information collected automatically, information from third-party data sources, and data we infer or generate from other data.

    When you are asked to provide personal information, you may decline to do so. You may also use web browser or operating system controls to prevent certain types of automatic data collection. However, if you choose not to provide or allow information that is necessary for our Services, then the Services or particular features may not be available or fully functional to you.

    1. Personal Information You Provide to Us

      We collect personal information you may provide to us, such as:

      • Contact Information. Such as name, email address, home address, and phone number.
      • Demographic Information. Such as date of birth and marital status.
      • Investment Profile. Such as tax status, investment goals, and investing experience.
      • Employment Information. Such as employment status, job title, employer information, and salary information.
      • Financial Account Information. Such as bank account number, brokerage account number, routing numbers, and credit or debit card information.
      • Transactions Information. When you submit or complete a transaction using our Services, we collect information about that transaction, such as the notional value, the asset you are buying or selling, and time and date of the transaction.
      • Your Contacts. With your permission, we may access and store names and contact information from your address book.
      • Public Account and Profile Information. When you open an account with Public and create a Public profile page, you provide us with your account access information (described under “sensitive personal information” below), and an optional profile picture and profile bio.
      • Audio or Electronic Information. Records of your communications with us (for example, we keep copies of the contents of your correspondence with us on our website, app, chat features, and other channels).
      • Community Engagement Information. Our Services allow you to participate in a vibrant online community of investors. You may provide us with personal information should you choose to participate in the Public community. For example, you provide us with personal information when you send and receive messages on our platform, when you share content or react to content posted by others, and when you follow other Public customers or companies on the platform.
      • Communications and Content Information. Such as your survey responses, information you provide to us during contests and other promotional events, and correspondence with our customer service team.
      • Sensitive Personal Information.

        • Government ID. Such as government-issued identifiers like your driver’s license, passport number, and social security number.
        • Sensitive Demographic Information. Such as citizenship and visa information, some of which may be protected classifications.
        • Account Access Information. Such as a username or account number in combination with a password.
        • Biometric Information. Such as facial images from your identification card or selfie photographs.

      Certain Services require us to perform a “know your customer” check by law. To perform this check, we collect personal information, including sensitive personal information, such as your full name, date of birth, home address, and government-issued identification with photo.

    2. Personal Information We Collect Automatically When You Use Our Services

      As is typical of many online platforms, we may automatically collect personal information based on your Internet or other electronic network activity when you use our Services. For example:

      • Usage Information. Information about your engagement with our Services, like the pages you view, the features or buttons you use, the notifications you see, the dates and times of your visits, and other similar information. We also use tools to record and analyze your interaction with our Services to help us improve your experience.
      • Location Information. We may infer your general geographic location (such as city, state, and country) by using your internet protocol (IP) address.
      • Device Information. We receive information about the device and software you use to access our Services, such as IP address, web browser type, operating system version, phone carrier and manufacturer, application installations, device identifiers, mobile advertising identifiers, and push notification tokens.
    3. Personal Information We Create or Generate

      We may infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we may infer your general geographic location (such as city, state, and country) based on your IP address.

    4. Personal Information We Receive from Other Sources

      We may receive information about you from other sources, such as:

      • Data Brokers. Data brokers and aggregators from which we obtain information to supplement the data we collect.
      • Marketing Partners. Partners with which we engage in joint-marketing activities or co-sponsor events.
      • Third-Party Partners. We obtain information about you from third-parties that we work with to operate and maintain the Services. For example, we receive information about you from our identity verification and fraud prevention partners in order to verify your identity, prevent fraud, comply with our legal obligations (such as anti-money laundering laws) and protect the safety and security of our Services, business, and customers.
      • Service Providers. Service providers that collect or provide information in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address.
      • Financial-Account Linking and Payment Processing. We partner with third parties, like Plaid, Inc. (“Plaid”) and Stripe, Inc. (“Stripe”), to link your account to our Services and process payments. In order to confirm identity and provide their services, companies like Plaid and Stripe may provide us with data about you from your banking institutions. By using our Services, you acknowledge and agree that the privacy policies of the third parties used for financial-account linking and payment processing will govern the use of any information collected for this purpose. We encourage you to review any such companies’ privacy policies. You can view Plaid’s privacy policy here. and Stripe’s privacy policy here.
  2. How We Use Your Personal Information

    We use the personal information we collect for the purposes described in this Privacy Policy or as otherwise disclosed to you. For example, we use personal information for the following purposes:

    Purposes of Use Categories of Personal Information Legal Bases (UK, EU)

    Service delivery. To provide, maintain, and deliver our Services, including troubleshooting, and supporting those Services, for example, to facilitate transactions and payment, maintain the safety and security of our Services, enable purchases, transactions, and communications, perform identity verification, including verification for “Know Your Customer” protocols and anti-money laundering detection

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, your contacts, Public account and profile information, audio or electronic information, community engagement information, communications and content information, government ID, account access information, biometric information, sensitive demographic information, usage information, location information, device information, inferences

    Contract: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

    Substantial public interest: Biometric information and sensitive demographic information is necessary for the prevention of fraud, complying with regulatory requirements and preventing or detecting unlawful acts such as money laundering or terrorist financing.

    Business operations.
    To operate our business, such as billing and accounting

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, Public account and profile information, audio or electronic information, community engagement information, communications and content information, government ID, account access information, usage information, location information, device information, inferences

    Contract: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract

    Maintain and enhance the safety and security of our Services, for purposes such as securing our systems and user accounts, detecting and preventing misuse of our Services, including fraudulent, deceptive, or illegal activity

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, Public account and profile information, audio or electronic information, community engagement information, communications and content information, government ID, account access information, usage information, location information, device information, inferences

    Legitimate Interest: Processing is necessary for the purposes of our legitimate interests (or by a third party), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information

    Maintain and enhance the safety and security of our Services, for purposes such as meeting our legal obligations, including responding to legal inquiries and claims, complying with and enforcing applicable legal requirements, relevant industry standards and our own policies

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, Public account and profile information, audio or electronic information, community engagement information, communications and content information, government ID, account access information, usage information, location information, device information, inferences

    Contract: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract

    Service improvement, analysis, development, and research. To develop new services or features, analyze and measure our Services, including your access to and use of our Services, and conduct research and improve our internal operations

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, Public account and profile information, audio or electronic information, community engagement information, communications and content information, account access information, usage information, location information, device information, inferences

    Legitimate Interest: Processing is necessary for the purposes of our legitimate interests (or by a third party), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information

    Personalization. To understand you and your preferences, to enhance your experience and enjoyment using our Services, such as by providing tailored information, content, and recommendations

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, your contacts, Public account and profile information, audio or electronic information, community engagement information, communications and content information, usage information, location information, device information, inferences

    Legitimate Interest: Processing is necessary for the purposes of our legitimate interests (or by a third party), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information

    Customer support. To provide customer support and respond to your questions (such as by email, online or live chat, push notification, or messages on third party platforms)

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, your contacts, Public account and profile information, audio or electronic information, community engagement information, communications and content information, government ID, account access information, usage information, location information, device information, inferences

    Contract: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

    Communications. To send you information, including confirmations, technical notices, updates, security alerts, and support and administrative messages (such as by text message, email, online or live chat, push notification, or messages on third party platforms)

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, your contacts, Public account and profile information, audio or electronic information, community engagement information, communications and content information, account access information, usage information, location information, device information, inferences

    Contract: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

    Marketing. To communicate with you (including via email, mail, phone, SMS or push notification) about new services, offers, promotions, rewards, contests, upcoming events, and other information about our Services (see the “Your Personal Information Choices” section of this Privacy Policy for information about how to change your preferences for marketing communications)

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, your contacts, Public account and profile information, audio or electronic information, community engagement information, communications and content information, usage information, location information, device information, inferences

    Consent: the data subject has given consent to the processing of their personal information for one or more specific purposes

    Advertising. To display advertising to you (see the “Information from Cookies and Similar Technologies” section of this Privacy Policy for information about personalized advertising and your advertising choices)

    Contact information, demographic information, investment profile, employment information, financial account information, transactions information, your contacts, Public account and profile information, audio or electronic information, community engagement information, usage information, location information, device information, inferences

    Consent: the data subject has given consent to the processing of their personal information for one or more specific purposes

     

    We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.

  3. Personal Information We Disclose

    We disclose personal information as necessary to complete your transactions, provide the Services, or with your consent (where required by applicable law). In addition, we disclose personal information described in this Privacy Policy to the categories of recipients described below, for the business purposes detailed below:

    • Service providers. We provide personal information to vendors or agents working on our behalf for the purposes described in this Privacy Policy. For example, data cloud providers, information technology, customer support, marketing, and website analytics.
    • Financial service companies & payment processors. When you provide payment data, for example to make a purchase, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.
    • Affiliates. We enable access to certain personal information across our affiliates, for example, where we share common data systems or where access helps us to provide our Services and operate our business.
    • Parties to corporate transactions. We may disclose personal information as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
    • Legal and law enforcement. We will access, disclose, and preserve personal information when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
    • Third parties as necessary for security, safety, and protecting rights. We will disclose personal information if we believe it is necessary to:

      • protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
      • operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks; or
      • protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.
    • Analytics and Advertising Providers. Analytics and advertising companies also collect personal information through our website and app, including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in the “Information from Cookies and Similar Technologies” section of this Privacy Policy. In some cases, these providers may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners. Some of the data disclosures to these providers may be considered a “sale” or “sharing” of personal information as defined under the laws of California and other U.S. states. Please see the “Your Personal Information Choices” and “California Privacy Rights” sections below for more details.

      Please note that some of our Services also include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal information to any of those third parties, or allow us to disclose personal information to them, then such data is governed by their privacy statements.

    • Public Information. By using the social features of our Services, you may also choose to disclose your personal information to others. For example:

      • Your Profile, Portfolio and Transactions. WWhen you open an account with Public, you create a Public profile page. You provide us with your username, account password, and an optional profile picture and profile description. Your username, profile picture and profile description are viewable by other customers of the Services. Your Public investment portfolio and trades are also viewable by other customers of the Services; for instructions on how to make your portfolio and trades private, see the “Your Personal Information Choices” section of this Privacy Policy.
      • Your Posts. Our Services support a vibrant community of investors where you can find, enjoy and share content. When you post content to the Public feed, any customer of our Services will be able to see that content, the username associated with the content, and the date and time you submitted the content.
      • Social Networks and Other Online Services. Our Services allow you to, upon your direction, post to other social networking services, such as Twitter and Instagram. You understand and agree that the use of your information by any social networking websites will be governed by the privacy policies of these third-party platforms and your settings on that platform. We encourage you to review such companies’ privacy policies. You can learn more about Twitter’s practices here and Instagram’s practices here.
    • De-identified information. Finally, we may disclose de-identified information in accordance with applicable law. When we do so, we have processes in place designed to ensure such information cannot be reassociated with you. Further, we obligate recipients of de-identified information to maintain and use such de-identified information in accordance with applicable law.
  4. Information from Cookies and Similar Technologies

    We use cookies, web beacons, mobile analytics and advertising IDs, and similar technologies to operate our Services and to help collect data, including usage data, identifiers, and device information for the purposes described below.

    What are cookies and similar technologies?

    Cookies are small text files placed by a website and stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.

    Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third-party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We also include web beacons in our email messages or newsletters to tell us if you open and act on them.

    Mobile analytics and advertising IDs are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies. Our apps contain software that enables us and our analytics and advertising providers to access these mobile IDs.

    How do we and our providers use cookies and similar technologies?

    We, and our analytics and advertising providers, use these technologies to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our Services, including personal information about your online activities over time and across different websites or online services. This personal information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, detect, prevent, and combat illegal, fraudulent, and deceptive activity, and fulfill other legitimate purposes. We and/or our providers also share the information we collect or infer with third parties for these purposes. For more information about the third-party analytics and advertising providers that collect personal information on our Services, please see the “Personal Information We Disclose” section of this Privacy Policy.

    What controls are available?

    There are a range of cookie and related controls available through browsers, mobile operating systems, and elsewhere. See the “Your Personal Information Choices” section below for details.

  5. How We Protect Personal Information

    We take reasonable and appropriate steps to help protect personal information from unauthorized access, use, disclosure, alteration, and destruction.

    To help us protect your personal information, please use a strong password and never share your password with anyone or use the same password with other sites or accounts.

  6. Your Personal Information Choices

    We provide a variety of ways for you to manage the personal information we hold about you, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.

    • Account controls:

      • Your Profile. You can edit your name, username, picture, bio, email, and phone number by visiting the “Edit Profile” section of the Public mobile app or website.
      • Account Information. You can update your password, username, email, phone number, investment objective, and trusted contact by visiting the “Account Settings” page of the Public website or mobile app.
      • Your Portfolio and Trades. By default, your Public investment portfolio and trades are publicly visible to other customers of the Services who visit your Public profile page. You can change these to “private” using the “Account Settings” page of the Public website or mobile app.
      • Contacts. Using your device’s settings, you can withdraw permission for Public to access your contacts stored on your device.
      • Close Your Account. You can close your account by visiting the “Account Settings” page of the Public website or mobile app. Even after you close your account, we retain certain personal information as required for legal, regulatory, and security purposes. For more information, visit our FAQ page on closing your account.
    • Communications preferences. You can choose whether to receive promotional communications from us by email, push notification, and/or SMS. Using your device’s settings, you can unsubscribe from push notifications by choosing the “Notification Settings” button in “Account Settings.” If you receive promotional email or SMS messages from us and would like to stop, you can do so by following the directions in that message or by contacting us at support@public.com. These choices do not apply to certain informational communications including important information and documentation relating to your account.
    • Targeted advertising. To opt-out from or otherwise control targeted advertising, you have several options.

      These choices are specific to the device or browser you are using. If you access our Services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems. Some privacy laws define “sale” or “sharing” broadly to include some of the disclosures described in the “Personal Information We Disclose” section above. To opt-out from such data “sales” or “sharing” please use one of the options described above.

    • Profiling and automated decision making. Some privacy laws provide a right to opt-out from profiling and/or automated decision-making that produce a legal or similarly significant effect. We process personal information for targeted advertising purposes. To opt-out from targeted advertising, please use one of the options described in the section above titled “Targeted Advertising.”
    • Browser or platform controls:

      • Cookies controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, then this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
      • Do Not Track. Some browsers include a “Do Not Track” (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. There is not a common understanding of how to interpret the DNT signal; therefore, our website does not respond to browser DNT signals. Instead, you can use a range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
      • Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
    • Email web beacons. Most email clients have settings that allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.
  7. Your Data Protection and Privacy Rights

    1. United Kingdom and European Union privacy rights

      If you are in the European Union or United Kingdom, you may have certain rights with respect to personal information we process about you, including:

      • Right of Access. You have the right to request and receive a copy of your personal data, and other supplementary information.
      • Right to Rectification. You have the right to request that we correct inaccurate or incorrect data we process about you.
      • Right to Erasure (right to be forgotten). In certain circumstances, you may have the right to request that we erase your personal data.
      • Restriction of Processing. In certain circumstances, you may have the right to request that we restrict use of your personal data.
      • Objection to Processing. You have the right to object to us processing your personal data, where the legal basis for processing that information is legitimate interest. You have an absolute right to object to us using your personal information for marketing purposes. Our use of your personal data is set out in our “How We Use Your Personal Information” section above.
      • Right to Data Portability. In certain circumstances, you may have the right to data portability. Data portability allows you to request a machine-readable copy of your personal data where our legal basis for processing is either performance of a contract or consent.
      • Withdrawal of Consent. When we rely on consent to use your personal data, you have the right to withdraw consent at any time.
      • Automated decision-making (including profiling). If we make a solely automated decision (including profiling) about you that produces a legal or other significant effect on you, then you have the right to object to such decision.
      • Complaints. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us at privacy@public.com with any questions or concerns.

      To exercise your rights, please follow the directions in the “Exercising your rights over your data” section below.

    2. California privacy rights

      If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), then you have certain rights with respect to that information.

      In general, the CCPA broadly protects personal information that businesses collect from California consumers. However, as described in the “U.S. exemptions” section below, the personal information you provide to us may be governed by the Gramm Leach Bliley Act (“GLBA”) or the California Financial Information Privacy Act and not the CCPA.

      • Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this Privacy Policy by clicking on the above links.
      • Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this Privacy Policy. You may make such a “request to know” by emailing us at privacy@public.com.
      • Rights to Request Correction or Deletion. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, please email us at privacy@public.com.
      • Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA.

        Note that the CCPA defines “sell,” “share” and “personal information” very broadly, and some of our data sharing described in this Privacy Policy may be considered a “sale” or “sharing” under those definitions.

        In the past 12 months, we have “sold” or “shared” the following categories of personal information: Internet or other electronic network activity. For information about the purposes for which this personal information is used and the categories of recipients with whom this data is shared, see the “Analytics and Advertising Providers” section of this Privacy Policy.

        To opt-out from “sharing” of personal information, please review the options within the “Your Personal Information Choices” section of this Privacy Policy.

        Other than the “sale” or “sharing” of personal information described above, we do not “sell” or “share” personal information as defined by the CCPA and have not done so in the past 12 months. Additionally, we do not knowingly sell or share the personal information of minors under 16 years of age.

      • Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services you request or as otherwise permitted by law.

        Note that we do not use or disclose sensitive personal information for any such additional purposes.

      • Non-discrimination. Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.

      Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes.

      Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law.

      To exercise your rights, please follow the directions in the “Exercising your rights over your data” section below. California Customers may request further information about our compliance with this law by emailing privacy@public.com. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address.

    3. Privacy rights under other U.S. state laws (excluding California)

      If you are a U.S. resident, you may have certain rights with respect to your personal information under applicable state privacy laws (e.g. Colorado, Connecticut, Utah (effective December 31, 2023) and Virginia). Such rights may include (in each case subject to applicable law):

      • Right to confirm we are processing personal information about you and request access to such personal information
      • Right to correct inaccurate information
      • Right to delete personal information provided by or obtained about you
      • Right to obtain a copy of personal information provided by you in a portable (and to the extent technically feasible) format
      • To opt out of the processing of the personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer, in each case as further detailed by the underlying U.S. state law
      • Right to appeal a decision we make with respect to your privacy rights by submitting your request to privacy@public.com

      To exercise your rights, please follow the directions in the “Exercising your rights over your data” section below.

      As further outlined in the “U.S. exemptions” section below, please note that in certain cases personal information may be covered by the GLBA and not your applicable state privacy laws.

    4. Exercising your rights over your data

      In order to process your request, we will need to verify or authenticate your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide other information necessary to verify your account.

      Except for the automated controls described in the “Your Personal Information Choices” section above, if you send us a request to exercise your rights, then to the extent permitted by applicable law, we may charge a fee or decline requests in certain cases.

      For example, we may decline requests where granting the request would be prohibited by law, could adversely affect the privacy or other rights of another person, would reveal a trade secret or other confidential information, or would interfere with a legal, regulatory or business obligation that requires retention or use of the data.

      We may decline a request where we are unable to authenticate you as the person to whom the data relates, the request is unreasonable or excessive, or where otherwise permitted by applicable law.

      Where permitted by applicable law, you may also designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

      Where permitted by applicable law, if you receive a response from us informing you that we have declined your request, in whole or in part, you may appeal that decision by submitting your appeal using the contact method described at the bottom of this Privacy Policy.

    5. U.S. exemptions

      U.S. state privacy laws generally do not apply to personal information that is subject to the Gramm-Leach-Bliley Act (“GLBA”), a federal law that governs nonpublic personal information collected from customers by financial institutions. If you have applied for or opened an account with Public, then the personal information you provide to us may be covered by the GLBA and not your applicable state privacy laws. In that case, your information is governed by this Privacy Policy and the GLBA, and the rights provided under the U.S. privacy rights sections do not apply.

      Similarly, the CCPA does not apply to personal information that is subject to the California Financial Information Privacy Act.

      For a summary of how we use personal information covered by the GLBA, please review this U.S. Consumer Privacy Notice.

  8. How We Retain Personal Information

    We retain personal information for as long as necessary to provide our Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and for other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can differ significantly based on criteria such as customer expectations or consent, the sensitivity of the data, the availability of automated controls that enable customers to delete data, and our legal, regulatory or contractual obligations.

  9. Links to Third-Party Websites and Services

    Our Services may contain links to other websites, products or services that we do not own or operate. We are not responsible for the privacy practices of these non-affiliated third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

  10. Children’s Privacy

    We do not knowingly collect, maintain, or use personal information from children under 18 years of age, and no part of our Services are directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at privacy@public.com with Subject Line: Children’s Privacy.

  11. Location of Personal Information

    The personal information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers process data. Currently, we primarily use data centers in the United States. The storage location(s) are chosen to operate efficiently and improve performance. We take steps with the intent of processing and protecting personal information as described in this Privacy Policy wherever the personal information is located.

    Location of Processing European, UK, and Swiss Personal Information. We may transfer personal information from the European Economic Area (EEA) and United Kingdom (UK) to other countries, some of which have not been determined by the applicable regulator (such as the European Commission) to have an adequate level of data protection. When we do so, we use legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the applicable decisions on the adequacy of personal information protections, please visit:

  12. Changes to this Privacy Policy

    This Privacy Policy will be updated from time to time when necessary to reflect changes in our Services, how we collect, use, or otherwise process personal information, or the applicable law. When we publish such changes, we will revise the “Effective Date” above. To stay informed of our privacy practices, we recommend you review this Privacy Policy on a regular basis as you continue to use our Services. If we make material changes to the Privacy Policy, we will provide additional notice and/or obtain consent regarding such changes where required by law.

  13. Contact Information

    If you have any questions, comments, or concerns about our processing activities, please email us at privacy@public.com or support@public.com.

    Our address is 228 Park Avenue South, Suite 97716, New York, NY 10003.