Privacy Policy

Last updated January 6, 2022

We at Addepar, Inc. respect your concerns about privacy. This Privacy Policy describes Addepar Inc.’s, and its affiliates and subsidiaries, including Acervus Securities, Inc (collectively, “Addepar”, “we”, “our”, or “us”) collection and use of personal information of users of our website at www.addepar.com and our other services or websites that display this Policy.  This Policy describes the measures we take to safeguard the personal information, the parties with whom we may share the information, and the choices available regarding our use of the information.

If you are a California consumer, for more information about your privacy rights, please see the section of this Privacy Policy called California Consumer Privacy Statement.

Collection of Personal Information

We collect personal information that our users provide to us in a variety of ways through our website and platform services collectively referred to in this Policy as the “Services”. These include the following:

  • Login Credentials. You may be granted login credentials to access our Services.
  • Communications. If you contact us by email, using the inquiry contact form on the Services or by postal mail, fax, or other means, we collect the personal information contained within, and associated with, your communication.
  • Contact Details. With your consent to the extent required by applicable law, we will use your contact details to provide marketing regarding our products and services.
  • Professional information. We may collect information, such as your job title and professional contact information.
  • Other. Any other information you may provide during the course of using our Services.

We collect personal information uploaded to our platform by Addepar customers who are paid subscribers of the Services, for processing on their behalf. This is “Customer Data”. With respect to Customer Data, we act as a data processor and process Customer Data on behalf of our customers, who act as the data controller. This information may include information about a customer's clients, such as name, email address and financial account data, in order to perform wealth management services for those clients via the Services. Addepar customers may electronically submit Customer Data to the Services or may instruct third parties (including custodians) to do so. Addepar may access Customer Data except as prohibited by the license agreement between Addepar and the customer, or as otherwise prohibited by law.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide that information when requested, we may not be able to provide you with our Services. 

Automated Information Collection

When you visit our Services, some information is collected automatically. For example, when you access our Services, we automatically collect your browser’s Internet Protocol (IP) address, your browser type, the nature of the device from which you are visiting the Services such as a personal computer or a mobile device, the identifier for any handheld or mobile device that you may be using, the website that you visited immediately prior to accessing any web-based Services, the actions you take on our Services, and the content, features, and activities in which you participate on our Services.

We may collect this information automatically using technologies such as standard server logs, cookies, and web beacons. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected devices to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server.

We use automatically-collected information to administer, operate, and improve our Services and to improve the effectiveness of our marketing. In addition, these technologies help us (1) remember your information so you do not have to re-enter it; (2) track and understand how you use and interact with the Services; (3) tailor the Services around your preferences; (4) measure the usability of the Services and the effectiveness of our communications; and (5) otherwise manage and enhance our Services, and help ensure they are working properly. You can stop certain types of cookies from being downloaded to your computer by selecting the appropriate settings on your web browser. Most web browsers will tell you how to stop accepting new browser cookies, how to be notified when you receive a new browser cookie and how to disable existing cookies. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu or by visiting www.allaboutcookies.org. The following external links will explain how to manage cookies for the most common browsers:

Please note, however, that certain features of the Services may not work if you delete or disable cookies. Our Services are not designed to respond to “do not track” signals received from browsers.

Third-Party Web Analytics Services

Through our Services, we may obtain personal information about your online activities over time and across third-party apps, websites, devices, and other online services. On our Services, we use third-party online analytics services, such as those of Google Analytics. The service providers that administer these analytics services use automated technologies to collect data (such as email addresses, IP addresses, cookies, and other device identifiers) to evaluate, for example, the use of our Services and to diagnose technical issues. To learn more about Google Analytics, please visit

Information from Other Sources

We may receive personal information about you from third parties, including our affiliates, vendors that provide services on our behalf, business partners, social networks, or publicly available sources (e.g., customer and other third party websites). We may combine this information with other personal information we maintain about you.

USE OF PERSONAL INFORMATION

We use personal information about you to perform our contract with you or to take steps to form a contract with you, such as to:

  • provide our Services and information that you may request; and
  • establish and manage your account with us, and identify and authenticate you so you can access and use our Services. 

We may also process personal information to pursue our legitimate interests in efficiently and securely providing our Services and otherwise managing our business. In doing so, we may process your personal information to:

  • communicate with you about the Services or respond to any other inquiries you may have;
  • enhance, improve, operate, and maintain our Services, programs, website, apps, and other systems and features (including managing the Services, developing new services and offerings; enhancing and improving our Services; managing our communications; analyzing our Services; performing data analytics; market research; and performing accounting, auditing and other internal functions);
  • prevent fraudulent use of our Services and other systems and features;
  • prevent or take action against activities that are, or may be, in violation of our Terms of Use, regulatory requirements, industry standards and applicable law;
  • tailor content and other aspects of your experience on and in connection with the Services;
  • maintain a record of our dealings with you;
  • deliver marketing materials to you; and
  • perform other administrative activities.

In addition, we may use the personal information we obtain when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so to comply with applicable laws or regulations.

Lastly, we may use your personal information for other purposes about which we will notify you when we request the information. Where required by applicable law, we will obtain your consent to process your personal information.

DISCLOSURE OF PERSONAL INFORMATION

We may disclose information to third parties in the following circumstances:

Service Providers

We disclose personal information to third-party service providers such as those used for payment processing, data storage, and processing facilities that assist us in our work. In addition, we may share the information we obtain about you with consultants and professional services organizations (e.g., auditors, and law firms). We limit the personal information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such personal information.

Business Transfers

Personal information about our users may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of Addepar assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

To Protect Our Interests

We also disclose personal information if we believe that doing so is legally required, or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others, or otherwise to help protect the safety or security of our Services, users of the Services or others, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

Other

We may also disclose personal information if we are required to do so by law or legal process (such as a court order or subpoena), or in response to lawful requests by government agencies, such as law enforcement authorities.

YOUR CHOICES

We offer you certain choices in connection with the personal information we obtain about you, such as the ability to request access to, or rectification or deletion of, your personal information. For example, if we offer the ability to create user accounts or profiles on our Services, you may have the ability to access and update many categories of personal information that you provide to us by logging in to your account and accessing your account settings. Subject to applicable law, you may also have the right to request that we restrict our processing of your personal information, or to object to our processing. You may also have the right to receive the personal information you have provided to us in a structured, commonly used and machine-readable format, or to request that we transmit this information to another business. Where we rely on your consent for processing of your personal information, you may withdraw such consent.

If you wish to exercise these rights with respect to the personal information we hold about you, you may contact us at privacy@addepar.com

To the extent the relevant personal information is Customer Data, we will use reasonable efforts to communicate your choices to your wealth management services provider. As noted above, we only act as a data processor with respect to Customer Data, and you should exercise your rights with your wealth management services provider, who acts as the data controller with respect to Customer Data.

If you request that we delete your account on any of our Services (via a user settings page, by email, or otherwise) we will do so within a reasonable period of time, but we may retain some of your personal information in order to satisfy our legal obligations, such as our records retention obligations, or where we reasonably believe that we have a legitimate business reason to do so, such as for the establishment, exercise or defense of legal claims.

You also can unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails (current Addepar customers will continue to receive product alerts).

If you are unsatisfied with the way that Addepar processes your personal information, you have the right to lodge a complaint with the data protection regulator in your jurisdiction. We would, however, appreciate it if you would give us the opportunity to resolve any concerns you may have before doing so.

DATA TRANSFERS

We may transfer the personal information we collect about you to recipients in countries, such as the United States, other than the country in which the information originally was collected.  Those countries may not have the same data protection laws as the country in which you initially provided the information.  When we transfer your information to recipients in other countries (such as the United States), we will protect that information as described in this Privacy Policy and will comply with applicable legal requirements. 

If you are located in the European Economic Area (“EEA”), United Kingdom or Switzerland, we will comply with applicable legal requirements regarding the provision of appropriate safeguards for the transfer of personal information to recipients in countries that are not deemed to provide an adequate level of data protection. These safeguards may include entering into the EU or UK-approved Standard Contractual Clauses with data recipients, as applicable. You may request a copy of these safeguards by contacting us as described in the “Contacting Us” section of this Policy. Addepar Inc. is certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks developed by the U.S. Department of Commerce, and the European Commission and Swiss Federal Data Protection and Information Commissioner, respectively, regarding the transfer of personal information from the EEA, United Kingdom and Switzerland to the United States. Click here to view our EU/Swiss-U.S. Privacy Shield Privacy Policy. As of July 16, 2020, we no longer rely on the EU-U.S. Privacy Shield in support of transfers of personal information to the U.S.

SECURITY 

Addepar maintains administrative, technical and physical safeguards reasonably designed to protect personal information we obtain through the Services against accidental loss, disclosure, misuse, and destruction.

DATA RETENTION

To the extent required by applicable law, we keep the personal information we obtain about you for the period necessary to achieve the purposes described in this Policy, taking into account applicable statute of limitations periods and any legal, regulatory, tax, accounting, or other records retention requirements. We may retain your personal information for a longer period in the event of a complaint or in reasonable anticipation of litigation.

LINKS AND THIRD-PARTY FUNCTIONALITY

The Services may contain links to other websites, products, or services that we do not own or operate. For example, the Services may contain links to third-party sites, such as social networking services or custodial services. If you choose to visit or use any third-party sites or products or services available on or through such third-party sites, please be aware that this Policy will not apply to your activities or any information you share while using those third-party sites or any products or services available on or through such third-party sites. We are not responsible for the privacy practices of these third-party sites or any products or services on or through them. Additionally, please be aware that the Services may contain links to websites and services that we operate but that are governed by different privacy policies.

In addition, by using third-party services to log in to your Addepar account or access our Services, including through our application programming interface (API), you may permit such third-party service to access and use all information related to your Addepar account that may be accessible to such third party service.

We encourage you to carefully review the privacy policies applicable to any website or service you visit other than the Services, or which you integrate into the Services using the API, before providing any personal information to them.

CHILDREN’S PERSONAL INFORMATION

The Services are designed for a general audience and are not directed to children under the age of 13.  The Services do not knowingly collect or solicit personal information from children under the age of 13.  If we learn that we have collected personal information from a child under the age of 13, we will promptly delete that information.  If you believe that a child under the age of 13 may have provided us with personal information, please contact us as specified in the "Contacting Us" section of this Privacy Policy below.

CALIFORNIA CONSUMER PRIVACY STATEMENT

Last Updated: January 1, 2022

This California Consumer Privacy Statement (“Statement”) supplements Addepar’s Privacy Policy.  It applies solely to California consumers and addresses personal information we collect online and offline.  This Statement does not apply to Addepar personnel, information collected about B2B personnel, or information collected, processed or disclosed pursuant to the Gramm-Leach-Bliley Act, its implementing regulations or the California Financial Information Privacy Act. Sections 2 and 3 of this Statement do not apply to job applicants. 

This Statement uses certain terms that have the meanings given to them in the California Consumer Privacy Act of 2018 and its implementing regulations (the “CCPA”).

1. Notice of Collection and Use of Personal Information

We may collect (and may have collected during the 12-month period prior to the effective date of this Statement) the following categories of personal information about you: 

  • Identifiers: These are identifiers such as a real name, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers, and similar technology; customer number, unique pseudonym, or user alias; telephone number and similar), online identifier, internet protocol address, and other similar identifiers
  • Additional Data Subject to Cal. Civ. Code § 1798.80: signature, social security number, education, and medical information. Applicable only for the purpose of managing career opportunities at Addepar
  • Protected Classifications: characteristics of protected classifications under California or federal law, such as race, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, disability, citizenship status, and military and veteran status. Applicable only for the purpose of managing career opportunities at Addepar
  • Online Activity: Internet information, including, but not limited to, information regarding your interaction with Addepar’s websites and applications
  • Employment Information: professional or employment-related information. Applicable only for the purpose of managing career opportunities at Addepar
  • Education Information: education information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99). Applicable only for the purpose of managing career opportunities at Addepar
  • Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, behavior, abilities, and aptitudes. Applicable only for the purpose of managing career opportunities at Addepar.

We may use (and may have used during the 12-month period prior to the effective date of this Statement) the categories of personal information listed above for the purposes described elsewhere in Addepar’s Privacy Policy and for the following business purposes specified in the CCPA.

  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing analytics
    services, or providing similar services.
  • Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, auditing compliance
  • Short-term, transient use
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
  • Debugging to identify and repair errors that impair existing intended functionality
  • Undertaking internal research for technological development and demonstration
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

In addition, we may also use the following categories of personal information for purposes of managing career opportunities with Addepar: Identifiers; Additional Data Subject to Cal. Civ. Code § 1798.80; Protected Classifications; Online Activity; Employment Information; Education Information, and Inferences.

2. Sources of Personal Information

During the 12-month period prior to the effective date of this Statement, we may have obtained personal information about you from the following categories of sources:

  • Directly from you
  • From your devices, such as when you use our Services
  • Our affiliates and subsidiaries
  • Vendors who provide services on our behalf 

3. Sharing of Personal Information

During the 12-month period prior to the effective date of this Statement, we may have shared your personal information with certain categories of third parties, as described below. We may have disclosed the following categories of personal information about you for a business purpose to our affiliates and subsidiaries, vendors who provide services on our behalf and data analytics providers:

  • Identifiers
  • Online Activity

In addition to the categories of third parties identified above, during the 12-month period prior to the effective date of this Statement, we may have shared personal information about you with the following additional categories of third parties: (1) government entities and (2) professional service organizations such as auditors and law firms.

Addepar does not sell personal information and has not sold personal information during the 12-month period prior to the effective date of this Statement.

4. California Consumer Privacy Rights 

You have certain choices regarding your personal information, as described below.

  • Access: You have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you during the past 12 months. 
  • Deletion: You have the right to request that we delete certain personal information we have collected from you. 
  • How to Submit a Request. To submit an access or deletion request, email us at privacy@addepar.com or call us at (855) 464-6268. To submit a request as an authorized agent on behalf of a consumer, please email us at privacy@addepar.com. For questions or concerns about our privacy policies and practices, please contact us as described in the "Contacting Us" section of our Privacy Policy.
  • Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request.  If you have an account with us, we may verify your identity by requiring you to sign in to your account.  If you do not have an account with us and you request access to or deletion of your personal information, we may require you to provide any of the following information: name, email address, date of contact, etc.  In addition, if you do not have an account and you ask us to provide you with specific pieces of personal information, we will require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.  If you designate an authorized agent to make an access, deletion or opt-out of sale request on your behalf (a) we may require you to provide the authorized agent written permission to do so, and (b) for access and deletion requests, we may require you to verify your own identity directly with us (as described above).

Additional Information. If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by us.  To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.  This Statement is available in alternative formats upon request.  Please contact privacy@addepar.com to request this Statement in an alternative format. 

UPDATES TO THIS POLICY

We may occasionally update this Policy to reflect changes in our personal information practices. When we do, we will revise the “last updated” date at the beginning of the Policy. Where required by applicable law, we will notify you of any material changes by, for example, posting a notice of the update on our website and obtaining your consent prior to applying the change to any personal information we collected from you prior to the date the change becomes effective. We encourage you to periodically review this Policy to stay informed about how we collect, use, and disclose personal information.

CONTACTING US

For the purposes of applicable data protection law, Addepar, Inc. acts as the data controller with respect to your personal information, except with respect to Customer Data where Addepar will be a data processor. To update your preferences, update or correct your information, submit a request, or if you have any questions or comments about this Policy, please contact us using the following contact information:

Addepar, Inc.
335 Madison Avenue, 25th Floor
New York, NY 10017
privacy@addepar.com