Privacy Policy
Endow (“we”, “our”, “us”) operates a financial platform for creators, freelancers, and gig workers. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect about you, how we use and share it, and your rights regarding that information. It covers users in Africa, the U.S., the EU/UK, and internationally and complies with applicable laws including the GDPR, CCPA/CPRA, and other state privacy laws.

Information We Collect
We collect the following categories of personal information to operate our services:

Identity and Contact Information: Name, username, email address, postal address, telephone number, date of birth, and similar identifiers. We may also collect government identifiers such as tax ID or social security number for identity verification and tax compliance.

Financial Information: Bank account details (e.g. account number, routing number, IBAN), credit/debit card information, billing and payment information, and transaction history (payments made or received through Endow). This includes records of purchases or sales and details of any fees or charges.

Account and Profile Data: Account login credentials (username, password), security questions, profile photo, and other profile information you provide.

Usage and Technical Data: Information about how you use our website and services, including IP address, device type, browser type, operating system, and usage logs (pages viewed, features used, access times, log-in history). We may also collect location data if you enable location services or if it is inferred from your IP address.

Communications: The content of any communications you send us (for example, customer support requests or feedback) and any information contained in those communications.

Cookies and Tracking Data: Data collected through cookies, web beacons, and similar technologies, including analytics data (such as browsing patterns, preferences, and aggregated usage statistics). We use Google Analytics, Mixpanel, and similar third-party analytics services, which may set cookies on your device.

We collect this information directly from you when you sign up for an account, fill out forms, make transactions, communicate with us, or otherwise interact with our services. We may also receive information from third parties, such as identity verification providers or payment processors, to the extent you use those services. In all cases, we collect only the information necessary to provide our services, comply with legal requirements, and improve user experience.

How We Use Your Information
We use the personal information we collect for the following purposes:

To Provide and Operate the Service: We use your information to create and manage your account, verify your identity and tax status (for example, to comply with KYC/AML requirements), process transactions and payouts, and otherwise deliver the services you request. We use your banking and payment information to facilitate payments to and from your Endow account. We use your profile and account data to customize and manage your user experience.

To Communicate with You: We use your contact information to send you important notices, updates, and communications about your account and transactions (for example, payment confirmations or notices of suspicious activity). With your consent, we may also send you marketing communications about new features or promotions. You can opt out of marketing emails at any time by following the unsubscribe instructions in the email.

For Analytics and Improvements: We use analytics tools (like Google Analytics and Mixpanel) to understand how our users use the platform. This includes analyzing usage patterns, tracking feature adoption, and measuring the effectiveness of our site. We use this information to improve and develop our services. Analytics data is aggregated or de-identified whenever possible; however, service providers may process it on our behalf.

For Fraud Prevention and Security: We use your information to protect against, identify, and prevent fraudulent or illegal activity on the platform. This includes verifying your identity, screening for fraud, and complying with legal and regulatory requirements (such as anti-money-laundering regulations). For example, we may analyze transaction patterns and use third-party fraud detection services to minimize unauthorized or suspicious activity.

For Compliance and Legal Obligations: We use your data to comply with applicable laws and regulations (for example, tax laws, financial reporting, and court orders). This may involve retaining records for specific periods of time (for example, as required by financial regulators) and disclosing information to law enforcement or government agencies if required by law.

For Other Legitimate Business Purposes: We may use personal data to prevent abuse of our services, to enforce our Terms of Service, to resolve disputes, and for other legitimate business purposes such as auditing, data analysis, and improving our platform’s performance and security.

Sharing Information with Third Parties
We do not sell your personal information. We only share your information with third parties in limited circumstances and for specific purposes necessary to operate the Endow platform. These third parties include:

Identity Verification Providers: To verify your identity and ensure tax compliance, we share personal information (such as your name, address, date of birth, and tax ID) with third-party identity verification and know-your-customer (KYC) services. These providers help confirm that you are who you claim to be and that your information is accurate.

Payment Processors and Financial Institutions: When you make or receive payments, we share payment and banking information with our payment processors and banking partners (for example, banks, credit card networks, or payment services like Stripe or Dwolla). This allows us to complete your transactions, issue refunds, and maintain your account balance. We require all payment service providers to comply with industry security standards and privacy laws.

Analytics and Advertising Services: We share usage data and cookies with third-party analytics providers (such as Google Analytics and Mixpanel) to help us understand how our service is used. These analytics services may also use tracking cookies to improve their analytics or advertising services. We do not share personally identifying information (like your name or email) with these analytics tools, only usage and cookie data. If we engage in targeted advertising or remarketing, we may use advertising partners or networks; any personal data shared for those purposes will be done under strict agreements limiting its use.

Service Providers and Vendors: We use a variety of third-party vendors to support our platform’s operations (for example, email service providers, customer support tools, data hosting services, and marketing platforms). We share personal data with these vendors as needed for them to perform services on our behalf. For example, we might share your contact information with an email service to send you a transactional message, or share your usage data with a hosting provider. All vendors are contractually obligated to protect your information and use it only for the purposes we specify.

Fraud Detection and Legal Compliance: We may share personal data with fraud prevention or compliance partners to help detect and prevent fraud or to comply with legal obligations. This might include sharing data with credit reference agencies, fraud detection networks, or government authorities when required by law. We also share information when necessary to respond to lawful requests by public authorities (e.g., courts, law enforcement).

Affiliates and Business Partners: If Endow enters into a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor organization. We will seek to ensure that any such transfer is subject to privacy obligations consistent with this Policy.

In all cases, we limit the information shared to what is reasonably necessary for the third party’s role and require that they handle your personal data securely and in accordance with this Privacy Policy and applicable law.

Cookies and Tracking Technologies
We and our third-party partners use cookies and similar tracking technologies on our website and apps:

What We Use Them For: Cookies and similar technologies allow us to recognize you, remember your preferences, maintain your session, and protect your account. We use analytics cookies (e.g., from Google Analytics, Mixpanel) to collect information about how users interact with our site (such as pages visited, actions taken, and browser type). These cookies help us improve our services and user experience. We may also use tracking pixels or web beacons in emails to understand if messages are opened or clicked.

Types of Cookies: We use strictly necessary cookies required for the basic functioning of the site (for example, to keep you logged in or remember your language preference). We also use performance and analytics cookies to gather usage statistics. If we implement advertising or marketing cookies (for example, to serve targeted ads), those will be used to show relevant promotions on other sites you visit.

Your Choices: Most web browsers allow you to control cookies through settings. You can set your browser to refuse cookies or delete cookies after using our site. You can also opt out of Google Analytics cookies specifically by installing the Google Analytics Opt-out Browser Add-on provided by Google or by disabling cookies in your browser settings. If you block or delete cookies, some features of our site may not work properly.

Third-Party Tracking: Our site may include links to or embed content from other sites or services. We do not control the cookies or tracking technologies used by third parties, and this Privacy Policy does not cover third-party practices. We encourage you to review the privacy policies of any third-party sites.

By using our website and services, you consent to our use of cookies and the collection of analytics data as described above.

Data Retention and Security

Data Retention: We retain your personal data only as long as necessary to provide our services and as required to comply with legal obligations. For example, we may keep account and transaction records for a period required by financial regulations or tax laws (often 5–7 years after account closure) to fulfill reporting obligations and to resolve any disputes or liability claims. If you request deletion of your account, we will erase or anonymize your personal data unless we need to retain it to comply with a legal obligation (such as fulfilling outstanding transactions or maintaining records for tax purposes). Once data is no longer needed for any legitimate purpose, we securely delete or anonymize it.

Data Security: We use commercially reasonable technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. This includes encryption of data in transit (using HTTPS/TLS) and at rest, firewalls, access controls, regular security audits, and secure data storage. Only authorized personnel and third-party service providers with a need to know have access to personal data, and they are bound by confidentiality obligations. While we strive to protect your data, no security system is impenetrable. We encourage you to keep your password secure and to notify us immediately if you suspect any unauthorized access to your account.

International Data Transfers
Endow operates globally and may store or process your personal information in countries other than your residence. For example, we may use servers or service providers located in the United States, European Union, or other regions. These countries may have different data protection laws. When we transfer your data internationally, we ensure that the transfer complies with applicable legal requirements and that adequate protections are in place:

Standard Contractual Clauses and Frameworks: For data transfers from the European Economic Area (EEA) or UK to countries like the US, we use safeguards such as the Standard Contractual Clauses (SCCs) approved by the EU and UK data protection authorities. We also rely on other approved transfer mechanisms, such as the EU-US Data Privacy Framework, when applicable. These measures legally require recipients to protect your data to EU/UK standards.

Adequacy Decisions: In some cases, we may transfer data to countries that the EU or UK has deemed to have adequate data protection laws. When such an adequacy decision is in place, data transfers do not require additional safeguards.

Other Safeguards: In addition to contractual clauses, we may use other lawful transfer mechanisms allowed under applicable law (for example, binding corporate rules if we had affiliated entities, or compliance with global privacy programs). We also require our international service providers to implement security measures consistent with this policy.

By using Endow’s services, you acknowledge that your personal data may be transferred, stored, or processed outside your country. We will always handle such transfers in accordance with this Privacy Policy and applicable law.

Your Privacy Rights
Depending on where you live, you have certain rights regarding your personal information. Below is a summary of the key rights under the GDPR (for EU/UK residents) and the CCPA/CPRA (for California residents), as well as similar rights under other laws:

• Access and Portability

• Correction/Rectification

• Deletion (Erasure)

• Restriction of Processing

• Objection

• Withdrawal of Consent

• Opt-Out of Sale/Sharing (California residents)

• Right to Know (California)

• Right to Correct (California)

• Limit Use of Sensitive Personal Information (California)

• Right to Non-Discrimination

To exercise any of these rights, please contact us as described below. We may need to verify your identity before fulfilling your request. We will respond to requests consistent with applicable law. If you are not satisfied with our response, you have the right to lodge a complaint with a data protection authority or the California Attorney General.

Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make significant changes, we will revise the “Last Updated” date at the top of this policy and post the new version on our website. If the changes are material, we will notify you (for example, via email or a notice on our website) and obtain consent if required by law. We encourage you to review this policy periodically to stay informed about how we collect, use, and protect your information