Last Updated: June 25, 2026
This California Privacy Policy describes how Sharecase™, Inc. (“Company,” “we,” or “us”) collect and process personal information about our consumers who reside in California. The California Consumer Privacy Act (“CCPA”) requires us to provide our California consumers with a privacy policy that contains a comprehensive description of our online and offline practices regarding our collection, use, sale, sharing, and retention of their personal information, along with a description of the rights they have regarding their personal information. This Privacy Policy provides the information the CCPA requires, together with other useful information regarding our collection and use of personal information. Any terms defined in the CCPA have the same meaning when used in this policy.
Personal Information Collected
We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). Personal information does not include:
· Publicly available information, including from government records, through widely distributed media, or that the consumer made publicly available without restricting it to a specific audience;
· Lawfully obtained, truthful information that is a matter of public concern;
· Deidentified or aggregated consumer information;
· Information excluded from the CCPA’s scope, like:
· health or medical information covered by the Health Insurance Portability and Accountability Act (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data; or
· personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act.
Personal Information Categories Chart
The chart below identifies the categories of personal information we collected from our consumers within the last 12 months and the expected retention period.
A. Identifiers
Examples: Name, alias, postal address, IP address, email, account name, or similar identifiers.
Collected: Yes
Retention period: For the duration of your active account, plus up to 36 months after account closure for legal, compliance, and dispute-resolution purposes.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e)) (“California Customer Records”)
Examples: Name, signature, contact details, education, employment history, professional credentials, and financial account information. May overlap with other categories.
Collected: Yes
Retention period: For the duration of your active account, plus up to 36 months after account closure (up to 7 years for financial records to comply with tax and accounting obligations).
C. Protected classification characteristics under California or federal law (“Protected Classes”)
Examples: Age, race, color, ancestry, national origin, citizenship, religion, marital status, medical condition, disability, sex (including gender, gender identity/expression, pregnancy), sexual orientation, reproductive health decisions, military status, or genetic information.
Collected: Yes
Retention period: For the duration of your active account, plus up to 36 months after account closure for legal and compliance purposes.
D. Commercial information
Examples: Records of purchases, products/services obtained or considered, or consumer histories and tendencies.
Collected: Yes
Retention period: For the duration of your active account, plus up to 7 years for transaction records to comply with tax and accounting obligations.
E. Internet or other similar network activity
Examples: Activity on our websites and apps — browsing history, search history, system usage, communications, social postings.
Collected: Yes
Retention period: For up to 24 months from collection.
F. Geolocation data
Examples: Physical location or movements — zip code, location at time of website or app use, or locations visited.
Collected: Yes
Retention period: For up to 24 months from collection.
G. Sensory data
Examples: Audio, electronic, visual, or similar information.
Collected: Yes
Retention period: For the duration of your active account for content posted to the Services; for up to 12 months from upload for content uploaded but not posted.
H. Professional or employment-related information
Examples: Current or past job history or performance evaluations.
Collected: Yes
Retention period: For the duration of your active account, plus up to 36 months after account closure for legal and compliance purposes.
I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) (“FERPA Information”)
Examples: Education records maintained by a school or its representatives — grades, transcripts, schedules, student IDs, financial or disciplinary records.
Collected: Yes
Retention period: For the duration of your active account, plus up to 36 months after account closure for legal and compliance purposes.
J. Inferences drawn from other personal information
Examples: Profile reflecting preferences, psychological trends, behavior, attitudes, or abilities.
Collected: Yes
Retention period: For up to 24 months from generation.
K. Sensitive personal information
Examples: Further identified in the chart below.
Collected: Yes
Retention period: See L.1 through L.7 below.
Sensitive Personal Information Categories Chart
Sensitive personal information is a subtype of personal information consisting of the specific information categories listed in the chart below. Importantly, the CCPA only treats this information as sensitive personal information when we collect or use it to infer characteristics about a consumer.
The chart below identifies which sensitive personal information categories, if any, we have collected from consumers to infer characteristics about them in the last 12 months.
L.1. Account credentials: usernames, account logins, account or card numbers with required password or security code.
Collected to infer characteristics about consumers: Yes
Retention period: For the duration of your active account; credentials may be retained for fraud-prevention purposes for up to 12 months after account closure.
L.2. Precise geolocation: GPS data from a consumer's mobile device, accurate within ~1,850 feet.
Collected to infer characteristics about consumers: Yes
Retention period: For up to 12 months from collection.
L.3. Racial or ethnic origin.
Collected to infer characteristics about consumers: Yes
Retention period: For the duration of your active account, plus up to 36 months after account closure for legal and compliance purposes.
L.4. Citizenship or immigration status.
Collected to infer characteristics about consumers: Yes
Retention period: For the duration of your active account, plus up to 36 months after account closure for legal and compliance purposes.
L.5. Religious or philosophical beliefs.
Collected to infer characteristics about consumers: Yes
Retention period: For the duration of your active account, plus up to 36 months after account closure for legal and compliance purposes.
L.6. Mail, email, or text messages not directed to the Company.
Collected to infer characteristics about consumers: Yes
Retention period: For the duration of your active account, plus up to 12 months after account closure.
L.7. Children's personal information (under age 16).
Collected to infer characteristics about consumers: Yes
Retention period: For users aged 13–15: For the duration of the user's active account, plus up to 12 months thereafter for safety and compliance purposes. Sharecase™ does not knowingly collect personal information from users under age 13.
Parental Consent for Users Under 18
As described in our Terms of Use, Sharecase™ requires verifiable parental or legal guardian consent before activating an account for any Student user under 18, regardless of state of residence. To facilitate this consent, Sharecase™ processes limited personal information of the parent or legal guardian, including their name, contact information (email and/or phone number), the timestamp and IP address of the consent submission, and the version of these Terms of Use and Privacy Policy they accepted on behalf of the Student. This information is retained by Sharecase™™ as an audit record of consent for the duration of the Student user’s account plus a reasonable period thereafter to comply with applicable laws and resolve disputes. A parent or legal guardian may revoke consent at any time, solely by following the unique revocation link Sharecase™ provides in the original consent communications (email and/or SMS); Sharecase™ does not provide an in-app, account, or dashboard mechanism for parents or legal guardians to revoke consent. A parent or legal guardian may also request access to or correction of their information, or otherwise exercise rights described in this Privacy Policy and our Terms of Use. The processing of parent or guardian information described in this section is governed by this Privacy Policy.
Sources of Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
· Directly from you, such as from the forms or other information you provide to the Company;
· Indirectly from you, such as from your interactions with the Company’s websites, mobile applications, and social media platforms; or
· From our service providers, such as data analytics providers.
How We Use Personal Information
Personal Information Collection, Use, and Disclosure Purposes
We may use and disclose the personal information, including sensitive personal information, we collect to advance the Company’s business and commercial purposes, specifically to:
· Develop, offer, and provide you with our products and services;
· Meet our obligations and enforce our rights arising from any contracts with you, including for billing or collections, or to comply with legal requirements;
· Fulfill the purposes for which you provided your personal information or that were described to you at collection, and as the CCPA otherwise permits;
· Improve our products or services, marketing, or customer relationships and experiences;
· Notify you about changes to our products or services;
· Administer our systems and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical, and survey purposes;
· Enable your participation in our websites’ or mobile apps’ interactive, social media, or other similar features;
· Protect our Company, employees, or operations;
· Measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you;
· Make suggestions and recommendations to you and other consumers about our goods or services that may interest you or them;
· Manage your consumer relationship with us, including for:
· online account creation, maintenance, and security; and
· reaching you, when needed, about your account;
· Perform data analytics and benchmarking;
· Administer and maintain the Company’s systems and operations, including for safety purposes;
· Engage in corporate transactions requiring review of consumer records, such as for evaluating potential Company mergers and acquisitions;
· Comply with all applicable laws and regulations;
· Exercise or defend the legal rights of the Company and its employees, affiliates, customers, contractors, and agents; and
· Respond to law enforcement requests and as required by applicable law or court order.
Sensitive Personal Information Use and Disclosure Purposes
We may use or disclose sensitive personal information for the following statutorily approved reasons (“Permitted SPI Purposes”):
· Performing actions that are necessary for our consumer relationship and that an average consumer in a relationship with us would reasonably expect;
· Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information;
· Defending against and prosecuting those responsible for malicious, deceptive, fraudulent, or illegal actions directed at the Company;
· Ensuring physical safety;
· Short-term, transient use, such as non-personalized advertising shown as part of your current interactions with us, where we do not:
· disclose the sensitive personal information to another third party; or
· use it to build a profile about you or otherwise alter your experience outside your current interaction with the Company;
· Services performed for the Company, including maintaining or servicing accounts, processing or fulfilling transactions, verifying consumer information, processing payments, or providing financing, analytic services, storage, or similar services for the Company;
· Activities required to:
· verify or maintain the quality or safety of a product, service, or device that we own, manufacture, had manufactured, or control; or
· improve, upgrade, or enhance the service or device that we own, manufacture, had manufactured, or controlled; and
· Collecting or processing sensitive personal information that we do not use for the purpose of inferring characteristics about a consumer.
We do not use or disclose sensitive personal information for purposes other than the Permitted SPI Purposes.
Additional Categories or Other Purposes
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. We will also seek your consent before using your personal information for a new or unrelated purpose if required by law.
We may collect, process, and disclose aggregated or deidentified consumer information for any purpose. We maintain such information in deidentified form and will not attempt to reidentify it, except to verify our deidentification processes meet legal requirements.
Use of Artificial Intelligence Service Providers
Some features of the Services — including AI-assisted resume and portfolio generation, AI-enabled career guidance, and AI-enabled career matching — use third-party artificial intelligence service providers. We currently use OpenAI as our AI service provider for these features. When you use an AI-powered feature, we may share limited personal information from your profile (such as achievements, experiences, and biographical details you have entered) with OpenAI for the sole purpose of generating the requested content back to you. Under our contractual agreement, OpenAI is prohibited from using your personal information to train its models or for any purpose outside of providing the AI service to us. Disclosing personal information to a service provider for a business purpose under a written contract is not a “sale” or “sharing” of personal information under the CCPA. Processing by OpenAI occurs in data centers located in the United States.
SMS, Email, and Other Communications
We may use SMS or text messages to communicate with you for account authentication (including sending one-time passcodes for login or password reset), service-related notifications (such as account, security, or transactional alerts), and, where you have consented, marketing or promotional communications.
By providing your mobile telephone number to us, you consent to receive text messages from us at that number for the purposes described above. Message frequency varies. Message and data rates may apply; your wireless carrier may charge you for sending or receiving text messages, and Sharecase™ is not responsible for any such charges.
You may opt out of marketing text messages at any time by replying STOP. You may receive a one-time confirmation. Transactional and account-related messages (such as authentication codes) will continue as necessary to provide the Services.
For help with text messaging, reply HELP to any text message we send you, or contact us at legal@sharecase.app.
Mobile telephone numbers will not be shared, sold, or rented to third parties for marketing purposes. Sharecase™ may share mobile telephone numbers with our text messaging service providers (such as SMS gateway operators) solely as necessary to deliver text messages on our behalf.
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
As an alternative to SMS, Sharecase™ also offers account authentication and account-related communications via email. At signup and for subsequent authentication needs (such as login or password reset), you may choose to receive one-time passcodes either by SMS to your mobile telephone number or by email to your email address. By providing your email address to Sharecase™ and selecting email-based authentication, you consent to receive emails from Sharecase™™ at that address for authentication, security-related communications, transactional notifications, and, with your separate consent, service updates and marketing communications. You may opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email or by adjusting your communication preferences in your account settings. Transactional and account-related emails (such as authentication codes, security alerts, and account confirmations) will continue to be sent as necessary to provide the Services. Email addresses will not be shared, sold, or rented to third parties for marketing purposes.
Profile Visibility (Public and Private)
Student users may control the visibility of their profile and content (including profile information, posted achievements, and other content) by setting their profile to Public or Private through the Services, subject to default settings and limitations described in our Terms of Use. When a profile is set to Public, profile information and content may be viewable by other Sharecase™ users, by visitors to the public-facing portions of the Services who are not logged in, and (where applicable) by Recruiters using the Services for talent discovery and opportunity matching; may appear in internal search results or be indexed by third-party search engines; and may be accessed through a Public profile URL (such as sharecase.app/username) that may be shared by the Student and by Sharecase™ in connection with these purposes. When a profile is set to Private, the Student remains discoverable in internal search and discovery features of the Services, and other users may see only a limited preview of the Private Student (such as name or username, profile image, role, headline, and general identifying information like school, city, or graduation year) and may use such limited preview to send the Student a connection request; full profile content (such as detailed achievements, posts, articles, endorsements, and connections) is intended to be viewable only by users to whom the Student has granted access (such as connected Supporters, Mentors, or other approved users). Sharecase™ may modify the specific fields included in a limited preview of a Private profile from time to time. Private profile content is not indexed by third-party search engines and Private profile pages are not generally accessible to visitors to the Services who are not logged in. Sharecase™ uses commercially reasonable measures to limit visibility in accordance with the Private setting but cannot guarantee against viewing, copying, screenshotting, or other access by users with permitted access. Default visibility settings for Student users under 18 may be set to Private, and Sharecase™ may apply additional protections to such users at its discretion. Changing a profile from Public to Private limits new visibility but does not reverse viewing, copies, or other access that occurred while the profile was Public. Students may also choose to generate a Resume or similar document from their profile content and transmit it to third parties (such as colleges, universities, scholarship providers, employers, recruiters, or third-party college application services), either through the cross-platform sharing features of the Services or by downloading and distributing the document outside the Services; any such transmission is at the Student’s election and is subject to the Terms of Use. For additional information, please review the Profile Visibility section of our Terms of Use.
Cross-Platform Sharing
The Services include features that allow you to share your own content from Sharecase™™ (such as your own achievements, articles you have authored, posts you have created, or other content you have personally generated or are authorized to share) to third-party platforms, applications, services, and transmission methods, including (without limitation) Instagram, Facebook, Snapchat, X (formerly Twitter), TikTok, LinkedIn, YouTube, Reddit, Discord, WhatsApp, Messenger, SMS or text message, email, AirDrop, your device’s native share menu (including the iOS Share Sheet and Android share menu), copy-link or QR-code-based transmission, and any other social media, messaging, file-sharing, content distribution, or transmission method (collectively, “Third-Party Platforms”).
When you use these sharing features, information about you and the content you share (which may include your name or username, profile image, the content of the achievement or post being shared, any associated visual preview or thumbnail, and metadata about the share) will be transmitted to the Third-Party Platform you select and will be subject to that platform’s privacy policy and terms of service. Once shared, the receiving Third-Party Platform controls how the shared information is processed, displayed, retained, and redistributed; Sharecase™ has limited or no control over the Third-Party Platform’s handling of the information.
Third-Party Platforms may collect additional information about you when you interact with their sharing tools or pages (such as device information, IP address, cookies, or your activity on the Third-Party Platform), and any such collection is governed by the Third-Party Platform’s privacy practices, not by this Privacy Policy. We encourage you to review the privacy policy of any Third-Party Platform before sharing content to it.
Institutional Verification of Achievements and Third-Party Integrations
As described in our Terms of Use, Sharecase™ may offer features that allow a broad range of institutions to verify Student users’ claimed achievements, milestones, credentials, volunteer service, internships, and other experiences. Verifying institutions may include schools, colleges and universities, teachers, coaches, athletic teams and leagues, clubs, extracurricular organizations, service and honor societies (such as the National Charity League and similar organizations), nonprofits and charitable organizations, religious and cultural organizations, volunteer programs, internship host organizations, summer programs and camps, awards or competition administrators, employers, and other institutions or organizations with which a Student has had a relevant relationship. Where you (as a Student) participate in institutional verification, information about you, the content being verified, and (in some cases) the Verifying Institution’s identity may be processed by Sharecase™™ and shared with the Verifying Institution to facilitate verification. Certain Student information processed in connection with verifications by a school or other educational institution may constitute an educational record under the Family Educational Rights and Privacy Act (“FERPA”) or similar laws; Verifying Institutions that are subject to FERPA are responsible for their own compliance with such laws.
Sharecase™ may also offer integrations with third-party platforms such as college application services, scholarship platforms, recruiting platforms, or similar evaluating parties. Where you elect to transmit your information (including verified achievement information) to a third-party integration partner through the Services, the receiving third party’s use of the transmitted information will be governed by that party’s terms of service and privacy practices, not by this Privacy Policy. Sharecase™ does not transmit your information to a third-party integration partner without your election to do so.
Organization Accounts
As described in our Terms of Use, Sharecase™ may from time to time offer Organization Accounts for institutions and organizations (such as schools, colleges, nonprofits, companies, employers, scholarship providers, awards programs, athletic organizations, and similar organizations). Where you (as a Student or other individual user) interact with content posted by an Organization Account, follow or connect with an Organization Account, participate in a program administered through an Organization Account, or otherwise engage with one, information about you and your interactions may be processed by Sharecase™™ and may be made available to the organization in accordance with the additional terms applicable to Organization Accounts and any separate data use or program agreement between Sharecase™ and the organization. Where applicable, Sharecase™ will inform you of the specific information available to an Organization Account through the Services or by notice at or before the time of your interaction.
Resume Generation
As described in our Terms of Use, the Services may offer features that allow Student users to generate a resume, portfolio, or similar document (a “Resume”) from content in the Student’s profile. Where you (as a Student) use these features, Sharecase™ processes the information you have selected for inclusion (which may include achievements, credentials, verifications, endorsements, and other profile content) to assemble and format the Resume. The Resume generation feature may incorporate AI-assisted functionality (such as formatting, summarization, or content suggestions) provided by our AI service provider; the AI-related disclosures in this Privacy Policy apply equally to AI-assisted Resume generation. Once a Resume is generated and downloaded, saved, or transmitted outside the Services, Sharecase™ no longer controls the Resume; the recipient’s use of the Resume is governed by the recipient’s terms and practices, not by this Privacy Policy.
Disclosing, Selling, or Sharing Personal Information
Business Purpose Disclosures
We may disclose the personal information we collect, including sensitive personal information, to third parties for the business purposes described in the “Personal Information Collection, Use, and Disclosure Purposes” section above and in the table below, such as to engage service providers to support our business functions. For example, we may disclose information from your visits to the Company’s website to a cybersecurity consultant to help secure the website.
We make these business purpose disclosures only under written contracts that describe the purposes, require the recipient to keep the personal information confidential, prohibit using the disclosed information for any purpose except performing the contract, and meet the CCPA’s other contract requirements for engaging service providers or contractors.
The list below identifies the personal information categories we disclosed to service providers or contractors for a business purpose over the preceding 12 months and the specific business or commercial purpose for disclosing that information.
Business Purposes Disclosure Personal Information Category and Purposes List
· See the Infrastructure and Service Provider Disclosure section below for the categories of recipients that receive personal information for business purposes.
Selling or Sharing Personal Information
We do not sell your personal information, including sensitive personal information, to third parties and have not sold it in the preceding 12 months. We do not share your personal information with third parties for cross-context behavioral advertising purposes and have not shared your personal information in the preceding 12 months.
Your Rights and Choices
If you are a California resident, the CCPA grants you the following rights regarding your personal information:
Right to Know and Data Portability Requests
You have the right to request that we disclose certain information to you about our collection and use of your personal information (the “right to know”), including the specific pieces of personal information we have collected about you (a “data portability request”). You may exercise your right to know twice in any 12-month period. Once we receive your request and confirm your identity (see the “How to Exercise Your Rights” section below), we will disclose to you:
· The categories of:
· personal information we collected about you; and
· sources from which we collected your personal information.
· The business or commercial purpose for collecting your personal information and, if applicable, selling or sharing your personal information.
· If applicable, the categories of persons, including third parties, to whom we disclosed your personal information, including separate disclosures identifying the categories of your personal information that we:
· disclosed for a business purpose to each category of persons; and
· sold or shared to each category of third parties.
· When your right to know submission includes a data portability request, a copy of your personal information, subject to any permitted redactions.
Right to Delete and Right to Correct
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions and limitations (the “right to delete”). Once we receive your request and confirm your identity, we will delete your personal information from our systems unless an exception allows us to retain it. We will also notify our service providers, contractors, and other recipients to take appropriate action.
You also have the right to request correction of personal information we maintain about you that you believe is inaccurate (the “right to correct”). We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify our service providers, contractors, and other recipients to take appropriate action.
Right to Limit Sensitive Personal Information Use and Disclosure to Permitted SPI Purposes
You have a right to ask businesses that use or disclose your sensitive personal information to limit those actions to just the CCPA’s Permitted SPI Purposes (the “right to limit”). As we do not use or disclose sensitive personal information beyond the CCPA’s Permitted SPI Purposes, we do not currently provide this consumer right.
Personal Information Sales or Sharing Opt-Out and Opt-In Rights
You have the right to request that businesses stop selling or sharing your personal information at any time (the “right to opt-out”), including through a user-enabled opt-out preference signal. Similarly, the CCPA prohibits businesses from selling or sharing the personal information of consumers it actually knows are under 16 years old without first obtaining consent from consumers who are between 13 and 15 years old or the consumer’s parent or guardian for consumers under age 13 (the “right to opt-in”).
As we do not sell or share consumers’ personal data, we do not currently provide these consumer rights.
ADMT Rights
When a business uses automated decision-making technology (“ADMT”) to make significant decisions about you, you may have rights to:
· Obtain certain information about how the business uses ADMT, that is specific to you (the “ADMT access right”).
· Opt-out of the ADMT use (the “ADMT opt-out right”) unless the business provides you with a method to appeal the decision to a human reviewer with the authority to overturn the decision (the “ADMT appeal right”) or another exception applies.
ADMTs are technologies that process personal information and use computation to execute a decision and either replace or substantially replace human decision-making, resulting in decisions made without human involvement. Decisions are significant when they result in the provision or denial of financial or lending services, housing, education enrollment or opportunities, employment or independent contracting opportunities or compensation, or healthcare services. Advertising is not a significant decision.
We do not currently use ADMT to make significant decisions about consumers, so we do not provide ADMT access, opt-out, or appeal rights.
Right to Non-Discrimination
You have the right not to be discriminated or retaliated against for exercising any of your privacy rights under the CCPA.
How to Exercise Your Rights
Exercising the Rights to Know, Delete, or Correct
To exercise the right to know (including data portability), delete, or correct described above, please submit a verifiable request to us by emailing us at legal@sharecase.app. Please describe your request with sufficient detail so we can properly understand, evaluate, and respond to it. You or your authorized agent may only submit a request to know, including for data portability, twice in a 12-month period.
Verification Process and Authorized Agents
Only you, or someone legally authorized to act on your behalf, may make a request to know, delete, or correct related to your personal information. If your minor child is our consumer, you may also make a verifiable request on their behalf. We may request specific information from you or your authorized representative to confirm your or their identity before we can process your right to know, delete, or correct your personal information.
We cannot respond to your request to know, delete, or correct if we cannot verify your identity or authority to make the request and confirm the personal information relating to you. We will use personal information provided in the request only to verify the requestor’s identity or authority to make the request.
We consider requests made through your password-protected account with our company sufficiently verified when the request relates to personal information associated with that specific account. However, you do not need to create an account with us to submit a request to know, correct, or delete.
For requests to limit or opt-out, we ask for the information necessary to complete the request, which may include, for example, the consumer’s name, email address, or account username.
Responding to Your Requests to Know, Delete, or Correct
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the ten-day timeframe, please contact legal@sharecase.app.
We endeavor to substantively respond to a verifiable request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response to your verified email address or your account with us. Our substantive response will tell you whether or not we have complied with your request. If we cannot comply with your request in whole or in part, we will explain the reason, subject to any legal or regulatory restrictions. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, deleted, or made your personal information anonymous in compliance with our record retention policies and obligations.
Any disclosures we provide will cover information for the 12-month period preceding the request’s receipt date. We will consider requests to provide a longer disclosure period, unless providing the longer timeframe would be impossible or involves disproportionate effort.
For data portability requests, we will provide your personal information in a readily useable format you can transmit between entities.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Mental Health, Well-Being, and Crisis Resources
Sharecase™ does not knowingly collect mental health, emotional, or psychological information from you unless you affirmatively choose to provide it as part of your interactions with the Services. Some information you choose to post on the Services (for example, content describing your emotional state, content related to mental health, or content shared with mental-health-related Mentors or organizations) may be processed by Sharecase™™ in the course of providing the Services and treated with the protections described in this Privacy Policy and applicable law. The Services are not a mental health, counseling, or crisis intervention service. If you are experiencing a mental health crisis, please contact the 988 Suicide and Crisis Lifeline (call or text 988 in the United States), the Crisis Text Line (text HOME to 741741), the SAMHSA National Helpline (1-800-662-HELP), or your local emergency services (911). Additional information about Sharecase™’s approach to user well-being is provided in our Terms of Use.
How We Protect Your Personal Data
We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the Services. In particular, email, texts, and chats sent to or from the Services may not be secure, and you should carefully decide what information you send to us through these communications channels. Any transmission of personal data is at your own risk.
The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access.
Privacy Policy Changes
We reserve the right to update this Privacy Policy at any time, including as we continue to develop our compliance program in response to legal developments of the CCPA. If we make any material changes to this Privacy Policy, we will update the policy’s effective date and post the updated policy on the Services. We encourage you to check the Services to review the current Privacy Policy in effect.
Contact Information
If you have any questions or comments about this policy, the ways in which we collect and use your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Email: legal@sharecase.app
If you need to access this Privacy Policy in an alternative format due to a disability, please contact legal@sharecase.app.
Mandatory Reporting of Child Sexual Abuse Material (CSAM)
Sharecase™ complies with all applicable federal and state laws related to the protection of minors, including the obligation to report apparent child sexual abuse material (CSAM) to the National Center for Missing & Exploited Children (NCMEC) under 18 U.S.C. § 2258A. Sharecase™ will report CSAM and other child exploitation content to NCMEC within statutory timeframes and may cooperate with law enforcement investigations as required by law. Users can report concerning content, including any content involving minors that may violate Sharecase's policies or applicable law, by using in-app reporting tools or by contacting safety@sharecase.app. Sharecase reviews and acts on reports promptly.
Data Breach Notification
In the event of a security incident or data breach involving personal information that we reasonably believe may pose a risk to affected users, we will notify those users without undue delay, generally within 30 to 60 days of discovery, depending on the nature of the incident and applicable law. Notification will be provided via the email address or phone number associated with the affected account and, where appropriate, by in-app notification. Notifications will describe the nature of the incident, the categories of personal information involved, the steps we have taken in response, and recommended actions for affected users. We will also notify applicable regulators and law enforcement as required by law.
Parental Verification Mechanism
For Student users who are under 18, Sharecase™ requires verifiable parental consent before activating the account. This section describes the mechanism Sharecase uses to obtain and document parental consent.
Consent Flow. During Student signup, the Student provides the contact information (phone number, email address, or both) for a parent or legal guardian. Sharecase then sends a one-time approval request to the parent or guardian through the chosen channel, containing a unique link to a parental consent landing page. On that page, the parent or guardian reviews a description of Sharecase™, the Student account being created, and what the Student can do on the platform. The parent or guardian provides consent through the following affirmative actions: (a) acknowledgment that they are the parent or legal guardian of the Student; (b) affirmation that they consent to the Student creating a Sharecase account; (c) confirmation that they have reviewed Sharecase's Terms of Use and Privacy Policy; and (d) optional: typed full legal name as a written attestation. The Student's account does not activate until consent is received and recorded.
Failed or Declined Consent. If the parent or guardian declines consent, the Student is notified that consent was not granted and may submit a new consent request to a different parent or guardian. If no response is received within fourteen (14) days, the pending consent record expires and the Student may re-initiate the consent request. If the contact information provided is invalid or undeliverable, the Student may update the parent or guardian contact through the "Edit Parent Contact" flow.
Audit Record Retention. Sharecase™ retains the parental consent verification record for the lifetime of the Student's account plus a reasonable period thereafter, typically seven (7) years following account deletion, to comply with applicable laws and to resolve disputes. The audit record includes: the parent or guardian's name; contact information used; channel used for the consent request; IP address of the consent submission; device user agent; timestamp; version of the Terms of Use accepted; version of the Privacy Policy accepted; optional typed name attestation; and consent status (approved, declined, or revoked).
Disputes Regarding Consent. If a parent or legal guardian believes a consent record was created without their actual authorization, they may contact Sharecase at privacy@sharecase.app. Sharecase™ will review the verification record promptly and may, in its discretion, suspend the affected Student account pending investigation. Resolution may include account suspension, deletion of the Student account, or other appropriate remedial action.
Infrastructure and Service Provider Disclosure. Sharecase relies on the following third-party service providers to operate the platform. Each is contractually limited to processing personal data solely as necessary to deliver their service to Sharecase, and is not permitted to use personal data for their own purposes:
• Supabase, Inc. — Database, authentication, and backend infrastructure provider. Processes user account data, profile information, posts, achievements, and parental consent records.
• Vercel, Inc. — Web hosting and edge compute provider. Processes user web requests, page renders, and edge function executions.
• Railway Corp. — Application hosting and infrastructure provider. Processes user requests and application workloads.
• SendGrid, Inc. (a Twilio company) — Email delivery service provider. Processes recipient email addresses and email content for transactional and notification messages, including parental consent communications.
• Twilio, Inc. — SMS service provider (described above in SMS, Email, and Other Communications).
• OpenAI, L.L.C. — AI service provider (described above in Use of Artificial Intelligence Service Providers).
• Expo (Exponent, Inc.) — Mobile application build and over-the-air update distribution provider. Used to distribute builds of the Sharecase mobile application and to deliver in-app updates.
• Apple Inc. and Google LLC — Mobile application distribution platforms for iOS App Store and Google Play, respectively. May collect device, installation, and crash telemetry per their published policies.
Sharecase™ may update this list from time to time as our infrastructure evolves. Material changes will be reflected in this Privacy Policy.
Material Changes; Re-Verification. If Sharecase materially expands the scope of what Student users under 18 can do on the platform, Sharecase™ will notify consenting parents and guardians of the change. Re-verification of parental consent may be required in some circumstances, as Sharecase determines appropriate or as required by applicable law.
Multiple Parents or Guardians. A Student may have only one parent or guardian designated as the consenting party on the initial consent record. After initial consent is granted, additional parents or guardians may establish a separate "Verified Parent or Guardian" relationship through the Sharecase Supporter onboarding flow, subject to Student confirmation. Either parent or guardian with verified status may revoke consent at any time, solely by following the unique revocation link provided in their consent communications (email and/or SMS), which suspends the Student account until consent is re-established.
Future Verification Methods. Sharecase may, in the future, introduce stronger identity verification methods as part of the parental consent flow, including but not limited to government-issued ID verification, selfie verification, or knowledge-based authentication, through third-party identity verification vendors. Sharecase™ will update these Terms of Use and our Privacy Policy as appropriate when such methods are introduced and will continue to comply with applicable laws governing the verification of parental consent.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.