Carta Privacy Policy
Effective date: September 17, 2025
This Privacy Policy (“Privacy Policy”) applies to eShares, Inc. DBA Carta, Inc.’s, and its related and/or affiliated companies, including subsidiaries located worldwide (collectively, “Carta,” “we,” “our,” or “us”), with respect to our online tools and platform(s), including but not limited to carta.com and the associated Carta mobile applications, and other Carta websites (the "Sites") and the provision of Carta services related to equity management, compensation, venture capital, and liquidity (together with the Sites, the “Services”). Except as otherwise indicated, this Privacy Policy describes how Carta collects, uses, and discloses your personal information and your choices with respect to your personal information.
Individual end users located within the United States, including California: Please refer to the information in our Additional Notice for U.S. Residents.
Individuals end users located in jurisdictions outside the United States: Please see our Additional Notice for Users Outside the United States.
1. Personal information we collect
We may collect your personal information when you use or interact with the Services, including directly from you; from your employer, fiduciary or relevant investment entity; automatically when you visit our Sites; or from our service providers, vendors, or other parties. We may collect the following categories of personal information about you, depending on how you interact with us, our products, and our services, including:
Identifiers, such as real name, alias, postal address, telephone number, unique personal identifier, online identifier, IP address, email address, account name, social security number or other tax identification number, driver’s license number, passport number, or other similar identifiers.
Financial information, such as tax ID number, income, account balances, account transactions, transaction history, credit history, assets, information from your employer when they issue you options or shares, bank account number, credit card number, debit card number, or other similar information.
Characteristics of protected classifications, such as age and date of birth.
Internet or other electronic network activity information,
such as browsing history, search history, and information regarding interaction with an internet website application or advertisement.
Geolocation data, such as location data inferred from your device IP address.
Professional or employment-related information, such as occupation, compensation, title, hire and termination date and company.
2. Personal Information Use and Disclosure
We may use, process, and/or disclose the categories of personal information above for the following purposes:
Operate, maintain, and improve the Services, such as supporting delivery of our services, assisting with service requests, monitoring for errors, remedying security or technical issues, analyzing website and application performances, responding to comments and questions, verifying permission access, and providing customer service.
Send information, such as confirmations, invoices and billing, technical notices, updates, security alerts, and administrative messages.
Communicate upcoming events and other news about products and services offered by us.
Communicate with and inform you about system updates and important services-related notices, such as privacy and policy update notices or changes in our terms of service. These communications are administrative and you may not opt out of them.
Send marketing emails related to the Services, which you may opt out of using provided unsubscribe links or the opt-out mechanism in those communications.
Link or combine user information with other personal information, such as when we combine the information a company, fiduciary or investment entity has provided about their stakeholders with the information entered by relevant stakeholders in their end user accounts to improve the user experience.
Protect, investigate, and deter against fraudulent, unauthorized, or illegal activity, such as validating your identity, preventing fraud on your account, and complying with KYC rules and regulations.
Provide and deliver products and services to our business customers with respect to their employees or investors, such as when an employee exercises their employee stock options and we provide that information to their employer to facilitate the employer’s compliance with tax laws.
Facilitate online advertising, such as enabling third-party advertising companies and social media companies to use cookies, pixels, and similar technologies to collect information about your interaction over time across the Services, our communications and other online services, and use that information to serve online ads that they think will interest you.
We may also disclose personal information:
To our business customers’ equity administrators, authorized users and other designated representatives who can access information that we hold about the equity information of their employees,investors or other stakeholders.
With vendors, suppliers, and service providers to process information and support our business and services, such as providers of cloud hosting and storage services, analytics, services, email delivery services and customer support services.
With our lawyers, accountants and other professional advisors in the course of the services they render to us.
To comply with laws, lawful requests and legal or regulatory processes.
To protect the rights, safety, and property of Carta, our agents, users, customers, and others. This includes enforcing our agreements, policies, and terms of use, reporting on security breaches, or assisting with investigating and preventing fraud or security issues.
For instant verification of your bank account information
with features you’re utilizing on Carta. We use Plaid Technologies, Inc. (“
Plaid”) to gather customer data from financial institutions. By using these features, you grant us and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the
We may share personal information with acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Carta (including, in connection with a bankruptcy or similar proceedings).
We may create, use and share aggregated or anonymized data for any lawful purpose, such as marketing, analytics or research purposes permitted by law.
We do not sell, share, or otherwise disclose personal information obtained for text message program consent purposes (opt-in consent data) to any third parties for those third parties’ own marketing purposes.
We may share other information with third parties in other ways not described in this Privacy Policy when we have consent (either from users or business customers) to do so.
3. Online Tracking Technologies
We may use cookies and other online tracking technologies (collectively referred to as “Cookies”) on our Sites. We and our vendors may collect information through Cookies when you interact with the Sites, including IP address; device identifiers; operating system version; location; browsing and search history; internet browser type; areas of the Sites you visit; content you interact with; and other information regarding your interactions with our Sites and your browsing behavior.
We or our vendors may collect personal information about your online activities over time and across different devices and websites. We and our vendors may link the information collected by tracking technologies to other information we obtain about you, which may include data we obtain from third parties.
Ad technology companies and advertisers, including Google and Meta, may obtain Cookie information from our Sites and elsewhere on the internet and use that information to provide advertising services, including interest-based advertising.
We may use certain third-party web analytics services, such Google Analytics, to help us understand and analyze how visitors use our Sites. We use this information to implement Google advertising features such as dynamic remarketing, interest-based advertising, and display advertising.
Some of the vendors we work with offer tools that you can use to learn about, limit, or opt out of their Cookies, such as:
Google: For more information on how Google Analytics uses data, visit policies.google.com/technologies/partner-sites. To opt out of Google Analytics, visit
tools.google.com/dlpage/gaoptout. To adjust your Google advertising settings, visit
Meta: To change your privacy and advertising settings with Meta/Facebook, login to your Facebook account and navigate to your account settings.
Microsoft: For information on how Microsoft collects or receives personal information through tracking technologies to provide Microsoft Advertising, visit privacy.microsoft.com/en-us/privacystatement.
Many advertisers and service providers that perform advertising-related services for us and other parties participate in voluntary programs that provide tools to opt out of such interest-based advertising, such as the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising and the Network Advertising Initiative (“NAI”). To learn more about how you can exercise certain choices regarding interest-based advertising for DAA members, visit youradchoices.com for U.S. websites, aboutads.info/appchoices for U.S. mobile apps, or youradchoices.ca for Canada. To learn more about choices regarding interest-based advertising for NAI members, visit networkadvertising.org/choices for the U.S., youradchoices.ca for Canada, or www.youronlinechoices.com for Europe. Opting out through these services does not mean you will no longer receive advertising from us, or when you use the internet.
Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit the Sites. Like many websites, the Sites are not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, visit allaboutdnt.com.
4. Security
We maintain appropriate administrative, technical, physical, and organizational safeguards to protect personal information obtained through the Services. To protect your personal information from unauthorized access and use, we use security measures that comply with applicable law. These measures include computer safeguards and secured files and buildings. We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of personal information, however, no data transmission or storage system is guaranteed to be entirely secure in all circumstances.
5. Retention
We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements; to establish or defend legal claims; or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of your personal information; the purposes for which we process your personal information and whether we can achieve those purposes through other means; and the applicable legal requirements. Our obligations may continue after we stop providing our services directly to you.
When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not practicable (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
6. Age Limitations
Carta does not allow the use of our Services by anyone younger than 18 years old. If we become aware that anyone younger than 18 has provided us with personal information through the Services, we will take steps to delete such information in accordance with applicable law.
7. Your Preferences
Our marketing emails include an unsubscribe link at the bottom that you can use to opt out of receiving further promotional emails. Please note that we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.
You can manage your Cookie settings at any time by clicking the “Do not share or sell my personal information (cookie preferences)” link in the footer of the Sites or the “Manage Preferences” widget on any page.
You may be able to limit or reject cookies from our website by adjusting your browser settings to automatically or manually delete Cookies, specify that certain Cookies may not be placed, and/or notify you each time a Cookie is placed. For more information about these options, we recommend reviewing your browser settings. Many browsers are set to accept cookies until you change your settings. If you limit or reject cookies, it may affect certain website features.
You can update or correct certain personal information through the account settings in your Carta account, or you may send requests about your personal information to our Contact Information below.
8. External Websites
The Services may contain links to external websites. Please be aware that we cannot control and are not responsible for the information collection practices of such websites, which may differ from our privacy practices. We encourage you to review and understand the privacy policies of these websites before providing any information to them.
9. Third-Party Integrations and Social Features
We may engage vendors to provide certain interactive features on the Sites. Your use of these interactive features is voluntary, and we may retain the information that you submit through the features. For example, we may offer an interactive chat feature on our Sites to answer questions and for other customer service purposes. When you participate in the interactive chat, either with a virtual or live agent, the contents of the chat may be captured and kept as a transcript. By using these features, you understand that our vendors may process the information obtained through the feature to provide the service on our behalf.
Note that certain functionalities on our Sites permit interactions that you initiate between the Sites and external services, such as social networks (“Social Features”). Examples of Social Features include features enabling you to “like” or “share” our content and features that otherwise connect the Sites to a third-party service (e.g., to pull or push information to or from the Sites). If you use Social Features, information you post or provide access to may be publicly displayed by the third-party service you use and both Carta and the third party may have access to certain information about you and your use of the Sites and the third-party service.
10. Additional Notice for Financial Product End Users in the United States
This section provides additional disclosures for individuals who seek to obtain, obtain, or have obtained a financial product or service from us that is primarily for personal, family, or household purposes.
As a financial company, we choose how we share your personal information. Federal law gives you the right to limit some but not all sharing of your personal information for financial products and services. When you are no longer our customer, we may continue to share your information as described in this Privacy Policy.
11. Financial Product End Users in the United States: Personal Information Collection
We collect your personal information, for example, when you or your employer, fiduciary or investment entity open an account, provide data required under Carta’s KYC policies, provide employment information, manage your end user account, accept your shares, exercise your options, provide fund transactional data, or deploy or exit an investment.
We also collect your personal information from others, such as vendors, affiliates, or other companies.
12. Financial Product End Users in the United States: Personal Information Sharing
We may need to share customers’ personal information to run our everyday business. In the following chart, we list the reasons financial companies can share their customers’ personal information; the reasons Carta chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information | Does Carta share? | Can you limit this sharing? |
|---|---|---|
For our everyday business purposes—such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus | Yes | No |
For our marketing purposes—to offer our products and services to you | Yes | No |
For joint marketing with other financial companies | No | We don’t share |
For our affiliates’ everyday business purposes—information about your transactions and experiences | Yes | No |
For our affiliates’ everyday business purposes—information about your creditworthiness | No | We don’t share |
For our affiliates to market to you | Yes | Yes |
For nonaffiliates to market to you | No | We don’t share |
Affiliates are companies related by common ownership or control. They can be financial and nonfinancial companies. Our affiliates include companies with the Carta name, as well as financial companies, such as Vauban Capital GP LLC.
13. Financial Product End Users in the United States: Privacy Rights
You can limit the sharing of your personal information as described in the chart above. Financial product end users in the United States have the right to limit: sharing for affiliates’ everyday business purposes—information about your creditworthiness; affiliates from using your information to market to you; and sharing for nonaffiliates to market to you. State laws and individual companies may give you additional rights to limit sharing, as described in this Privacy Policy.
To limit our sharing of your personal information, you may submit requests to exercise your privacy rights here or email privacy@carta.com.
14. Additional Notice for End Users Who are U.S. Residents
This section provides additional disclosures for U.S. residents under applicable state consumer privacy laws.
a. Sales and Sharing for Targeted Advertising
Under applicable state privacy laws, a sale of personal information does not always involve the exchange of money. Selling can also refer to disclosures of personal information to third parties who may use the information for their own purposes, such as Cookie vendors. We do not sell personal information for monetary consideration, but we share personal information with third parties for cross-context behavioral advertising and targeted advertising (collectively, “Targeted Advertising”). In this context we sell and share for Targeted Advertising the following categories of personal information: Identifiers, Personal Records, Internet or Other Electronic Network Activity, Geolocation Data, and Inferences. We have sold personal information and shared personal information for Targeted Advertising to third parties, including our vendors and other third parties for marketing and advertising services that we utilize on our Sites. We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
b. Personal Information Collection, Use, and Disclosure
We may collect the personal information described in the “Personal Information We Collect” section from offline sources as well. In addition, we also collect the following categories of personal information from online and offline sources:
Personal records (including personal information described in Cal. Civ. Code § 1798.80(e)), such as name, signature, social security number, address, telephone number, passport number, driver’s license or state identification card number, employment, bank account number, credit card number, debit card number, or other financial information.
Audio, electronic, visual, or similar information, such as recordings from video calls.
Inferences used to create a profile reflecting someone’s preferences, characteristics, and behavior.
We use and disclose the above categories of personal information as described in the “Personal Information Use and Disclosure” section above.
c. Consumer Rights
Depending on your state of residence, you may have the following rights related to your personal information:
Right to know, confirm, and access: You may have the right to know the categories of personal information we have collected about you, confirm that we process your personal information, know details about the personal information we process and who we disclose personal information to, and access your personal information.
Right to portability: You may have the right to request a copy of your personal information in a portable format.
Right to correct: You may request that we correct personal information that we maintain about you if you believe such personal information is inaccurate.
Right to request deletion: You may have the right to request that we delete your personal information.
Right to opt out of sales and sharing for Targeted Advertising: You may have the right to opt out of the sale of your personal information or the sharing of your personal information for Targeted Advertising, as described above. To opt out of sales and sharing for Targeted Advertising, please visit our cookie preference manager by clicking the “Do not share or sell my personal information (cookie preferences)” link in our website footer.
Right to opt out of profiling: We do not profile in furtherance of decisions that produce legal or similarly significant effects. For this reason, this right is not applicable.
You may submit requests to exercise your privacy rights here, via email to privacy@carta.com, or toll-free at +1-855-921-2859.We may need to verify your identity to process certain requests and we reserve the right to confirm your state residency. You may designate an authorized agent to make a request on your behalf; however, you may still need to verify your identity directly with us before your request can be processed. In certain circumstances, you may also appeal for reconsideration of your request using our webform or toll-free phone number.
We will not discriminate against you for choosing to exercise any of your privacy rights.
d. Additional California Disclosures and Rights
Unless otherwise noted, the information in this Privacy Policy that describes how and why we collect and use your personal information also describes how we have collected and used your personal information in the preceding twelve (12) months:
Right to limit the use of sensitive personal information: We do not use or disclose sensitive personal information for purposes to which the right to limit use and disclosure applies under California law. For this reason, this right is not applicable.
California’s Shine the Light Law:California residents may ask us to provide them with (i) a list of certain categories of personal information that we have disclosed to other parties, including affiliates, for their direct marketing purposes during the immediately preceding calendar year, and (ii) the identity of those other parties. California residents may make one such request per calendar year. To make a Shine the Light request, you may contact us by email or postal mail using the information provided in the “Contact Information” section. In your request, please state that you are a California resident and provide a current California mailing address for our response.
15. Additional Notice to Users Outside the United States
This section provides additional disclosures for individuals located outside the United States, including in the European Economic Area, United Kingdom, and Switzerland. This section explains our practices regarding personal information that we obtain about you, our legal basis for processing your personal information, and your rights related to our processing of your personal information. References to “personal information” in this Privacy Policy section are equivalent to “personal data” governed by applicable data protection laws.
a. Personal Information
We may collect and process different types of personal information from you, as described in the "Personal Information We Collect, Use, and Disclose" section.
In addition to the personal information described in the "Personal Information We Collect, Use, and Disclose" section, we may also collect audio, electronic, visual, or similar information, such as recordings from video calls. We collect this directly from you, such as when you speak with us on a recorded phone line or engage with us via teleconferencing.
b. Controller or Processor
eShares, Inc. DBA Carta, Inc. may act as either the controller or processor of your personal information covered by this Privacy Policy. We are the controller for certain personal information we obtain to provide the Services. However, we may obtain personal information about you from other sources, such as your employer when they issue you options or shares. In these circumstances, we may be the processor.
c. Legal Basis For Processing
The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below. Details regarding each processing purpose listed below are provided in the “Personal Information We, Collect, Use, and Disclose” section.We use your personal information only as permitted by law.
Our legal bases for processing the personal information described in this Privacy Policy are described in the table below:
Processing Purpose | Legal Basis |
- To provide, operate, maintain, and improve the Services - To respond to comments and questions, verify permission access, and provide customer service - To send information - To communicate - To link or combine user information with other personal information
| Processing is necessary to enter into or perform the contract governing our provision of our Services or to take steps that you request prior to signing up for the Services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Services you access and request. |
- For marketing, analytics, or research purposes - To facilitate online advertising | Processing is based on your consent or on our legitimate interests in operating and improving our business, and/or promoting our Services. |
- To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity - For legal, protection, information security, and safety purposes - To comply with applicable laws, lawful requests, and legal or regulatory processes - To protect the rights and property of Carta, our agents, customers, and others | Processing is necessary to comply with our legal obligations, or based on our legitimate interests in protecting our business and improving the safety and security of our Services. |
- With your consent | Processing is based on your consent. Where we rely on your consent, you have the right to withdraw it any time in the manner indicated when you consent or in the Services. |
Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and provide the applicable legal basis.
d. Your Rights
Based on your country of residence or other locality, you may have the following rights in relation to the personal information we hold about you:
Right of access: You can ask us if we are processing your personal information and to provide you with a copy of it (along with certain details).
Right to rectification: If the personal information we hold about you is inaccurate or incomplete, you may request to have it rectified.
Right to erasure: You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent to our processing of your personal information (where applicable).
Right to restrict processing: You can ask us to “block” or suppress the processing of your personal information in certain circumstances.
Right to data portability: You have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used and machine-readable format) or to ask us to transfer your personal information to a third party of your choice.
Right to object: You can ask us to stop processing your personal information, such as for direct marketing purposes.
Right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Right to lodge a complaint with the supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we have handled your personal information, you can report it to your Supervisory Authority.
You may submit requests to exercise your rights here, by emailing privacy@carta.com, or by writing to our postal address in the “Contact Information” section. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, in whole or in part, we will tell you why, subject to legal restrictions on providing this information. If you believe that we have violated any of your data protection rights, please contact us so that we can engage with you to resolve the situation. You also may file a complaint at any time with your data protection authority.
Cross-border data transfer. If we transfer your personal information to a country not deemed to provide an adequate level of protection for purposes of applicable data protection laws such that additional safeguards are required, the transfer will be performed:
Pursuant to the recipient’s compliance with appropriate contractual provisions, such as the European Standard Contractual Clauses;
Pursuant to the consent of the individual to whom the personal information pertains; or
As otherwise permitted by applicable laws.
You may contact us if you want further information on the specific mechanism used by us when transferring your personal information across borders.
e. EU-U.S. Data Privacy Framework Principles
Carta complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Carta has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal information received from the European Union and the United Kingdom (and Gibraltar) in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Carta has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit dataprivacyframework.gov.
The following Carta subsidiaries also adhere to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF and to the rights of EU and UK individuals and Swiss individuals, as your organization’s DPF submission covers all of the following: the EU-U.S. DPF and the UK Extensionto the EU-U.S. DPF, and the Swiss-U.S. DPF: Carta Securities LLC, Carta Valuations LLC, Carta Investor Services, Inc., Carta Financial Technologies, LLC, Carta Capital Markets LLC, Capdesk ApS and Vauban Technologies Limited.
Carta is responsible for the processing of personal information we receive, and subsequently transfer to a third party acting as an agent on our behalf.
Carta commits to cooperate with EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by such authorities with regard to human resources data transferred from the EU, the UK, and Switzerland in the context of the employment relationship.
Carta is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Carta may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Carta commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Carta at: privacy@carta.com. Please allow a reasonable amount of time to respond to your request. If you do not receive timely acknowledgement of your complaint, if your complaint is not satisfactorily addressed by Carta, or if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at feedback-form.truste.com/watchdog/request.
If these processes do not result in a resolution, you may then contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance.
Under certain circumstances a binding arbitration option is available to you to determine, for residual claims, whether Carta has violated its obligations to you under the EU-U.S. DPF Principles, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes. Please be advised that the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the EU-U.S. DPF Principles with respect to the resident.
Carta may transfer your personal information to countries other than the one in which you live.
16. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Services after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.
17. Contact Information
We welcome your comments or questions about this Privacy Policy. You may contact us at privacy@carta.com or:
Data Protection Officer
eShares, Inc. DBA Carta, Inc.
333 Bush St.
Floor 23, Suite 2300
San Francisco, CA 94104
EU representative. Our EU representative, DataRep’s details can be obtained at datarep.com/data-request.
Versions:
Privacy Policy Version 2 (current)
Privacy Policy Version 1
