Privacy policy

Effective Date: February 2, 2025

This Privacy Policy describes how Cobblestone Labs, Inc. handles personal information that we collect on you (“you” or “user”) through our website, application, and any other sites or services that link to this Privacy Policy (collectively, the “Services”).

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time (see Changes to This Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Personal Information We Collect

Information users submit to us:

Contact and account information, such as your first and last name, phone number, mailing address, email address, and password.

Identification information, such as your government-issued photo ID and selfie.

Financial information, such as your bank account information, transaction history, and income information

Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.

Usage information, such as information about how you use the Services and interact with us, including information associated with any content you upload to the Services or otherwise submit, and information you provide when you use any interactive features of the Services.

Marketing information, such as your preferences for receiving communications about our Services, and details about how you engage with our communications.

Other information that we may collect, which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Information we obtain from third parties:

Social media information. We may maintain pages on social media platforms, such as Facebook, TikTok, Instagram, LinkedIn, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information.

Third-party login information. When you link, connect, or login to the Services with a third party service (e.g. Google, Facebook, or Apple), we may receive information from that third party service according to the third party service’s terms and/or privacy policy; this Privacy Policy does not control the sharing of such information.

Other sources. We may obtain your personal information from other third parties, such as marketing partners, publicly-available sources, consumer reporting agencies, and data providers.

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interactions over time with our Services, our communications and other online services, such as:

Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.

Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you have opened our marketing emails or clicked links within them.

We use the following tools for automatic data collection:

Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns. Our site includes third-party cookies, by which third parties may directly collect personal information on your activities on this site and other sites across time.

Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.

Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.

Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked

We may also collect information that does not identify you but is either deidentified or aggregated.

How we use your personal information

To operate our services:

Provide, operate, maintain, secure and improve our Services, including verifying user identity and preventing and detecting fraud.
Provide our users with customer service.

Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages.

Understand your needs and interests, and personalize your experience with our Services and our communications.

Respond to your requests, questions and feedback.

For research and development. We may use your personal information for research and development purposes, including to analyze and improve our Services and our business. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services and promote our business.

Direct marketing. We may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via email and in-app notifications. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.

Compliance and protection. We may use personal information to:

Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims).

Audit our internal processes for compliance with legal and contractual requirements and internal policies.

Enforce the terms and conditions that govern our Services.

Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

Identity verification, fraud prevention, and security purposes. We use technology from Incode Technologies, Inc. (“Incode”) for identity verification, fraud prevention, and security purposes, (for purposes of this paragraph, “Services”). Company and/or Incode may collect biometric identifiers and biometric information, such as your faceprint (“Biometric Data”), a selfie image, and, where applicable, information from your government-issued identification (collectively with Biometric Data, “Personal Data”) for the Services, and may disclose such data to service providers or government entities that facilitate the Services, and as required by law.

Account Verification. Cobblestone uses third party vendors to enable consumer payment account information sharing for identity, income, and asset verification. The information may be shared with landlords and third-party software and identity verification vendors for the purpose of completing a rental transaction initiated by the consumer. information is retained with appropriate data safeguards for up to one year. Consumers may modify account permissions directly in the vendor application.

Biometric Information Privacy Policy

Purpose for Collection of Biometric Data

To the extent that such Biometric Data or Personal Data may constitute “biometric identifiers” or “biometric information” covered by applicable law, such as the Illinois Biometric Information Privacy Act, 740 ILCS § 14/1, et seq.,(“Covered Biometric Data”) Company uses and stores Covered Biometric Data solely for applicant consumer identification, fraud prevention, and legal and contractual compliance purposes.

Disclosure and Authorization

To the extent that Company collects Covered Biometric Data relating to a consumer applicant, the Company and its vendor first informs the employee in writing that the Company and its vendor are collecting and storing the consumer’s biometric data, and obtains written authorization from the consumer applicant to do so. The Company stores Covered Biometric Data for the purpose of consumer applicant identification and legal compliance for no more than 3 years from the date of application. Consumer may separately authorize the sharing of its Covered Biometric Data directly with Vendor, for which Vendor by contractual agreement is controller of such information.

The Company and its Vendor will not sell, lease, or trade employees’ Covered Biometric Data; provided, however, that the Vendors may use such Covered Biometric Data for product improvement, such as improvement of applicant consumer fraud prevention tools.

Disclosure

The Company will not disclose or disseminate any Covered Biometric Data to anyone other than its Vendors unless applicant has first authorized such disclosure or dissemination, the disclosed data completes a financial transaction requested or authorized by the employee, or disclosure is required by applicable law or a valid warrant or subpoena issued by a court of competent jurisdiction.

Retention Schedule

The Company shall retain Covered Biometric Data only until the initial purpose for collecting or obtaining such data has been satisfied, such as the identification of a consumer in the application and maintenance of such identification for Company to meet statutory and contractual obligations to reply to an applicant fraud dispute or inquiry, for up to 3 years from the consumer’s last interaction with Company.

Applicant can exercise their privacy rights, including a request to withdraw consent, by contacting Company at [email protected] or Vendor at [email protected]

Data Storage

The Company shall use a reasonable standard of care to store, transmit and protect from disclosure any Covered Biometric Data collected. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same as or more protective than the manner in which the Company stores, transmits and protects from disclosure other confidential and sensitive information, such as driver’s license numbers and social security numbers.

How we share your personal information

Landlords and property management companies. We may share your personal information with the entities that own and rent the properties for which you’re submitting a rental application.

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our Services (such as lawyers, bankers, auditors, insurers, customer support, hosting, analytics, email delivery, marketing, and database management).

Authorities and others. We may disclose your personal information to law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Your choices

Access or update your information. You may update your personal information in your account by logging in and editing your information.

Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.

Online tracking opt-out.There are a number of ways to limit online tracking, which we have summarized below:

Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit https://www.allaboutcookies.org/

Using privacy plug-ins or browsers. You can block our websites from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

California Personal Information Disclosure: United States or Overseas

Per Calif. Civ. Code 1786.20 (d), personal information may be transferred to third parties outside the United States or its territories.

Company representatives can assist a consumer with additional information regarding the company’s privacy practices or policies, in the event of a compromise of the consumer’s information. The representatives may be reached at:

Cobblestone – Consumer Support
32 W 28th Street, Floor 5, New York, NY, 10001
[email protected]
856-390-7870

Other sites, mobile applications and services

Our Services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Security

We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect from accidental loss and from unauthorized access, use, alteration, and disclosure. We limit access to your personal information to those that need it, and we securely dispose of your personal information when we dispose of it. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

We maintain the confidentiality and security of your Social Security Number when it is provided to us, and we prohibit the unlawful disclosure of Social Security Numbers.

Children

Our Services are not intended for use by children under 13 years of age. If you are under 13, you are not permitted to use our Services, so please do not use or provide any information to or through our Services.

We do not knowingly collect personal information from children under 13. If you believe that we may have collected or received personal information on a child under 13, please contact us at [email protected]. If we learn that we have collected personal information through the Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

How to contact us

Please direct any questions or comments about this Policy or our privacy practices to [email protected]