(c) 2022 The Buy Nothing Project, Inc.
Privacy Policy
Last updated: March 2, 2022

We help empower you and other participants of The Buy Nothing Project to communicate with your communities and share gifts. To do these things, you will sometimes need to share personal data—like your name and email address—with us and select third parties. We are grateful you entrust us with this data and take our responsibility to protect it very seriously.

Please learn more about how we collect, use, and share your personal data by reading this Privacy Policy. Contact us if you have any questions.

Personal Data and The Buy Nothing Project
The Buy Nothing Project supports communities around the planet and we think a right to privacy is an important, global right. For this reason, we treat any data that relates to an identified or identifiable individual or that is linked or linkable to them by us as “personal data,” and we treat this personal data the same no matter where you live. This means data that directly identifies you–like your personal name—or data that could reasonably identify you—like your email address—is personal data. Conversely, aggregated or anonymized data is not personal data.

To enrich our services and better serve our communities, The Buy Nothing Project may link to third parties or integrate their services on our platform (for example, to allow log-in through your favorite social network). This Privacy Policy does not apply to how third parties define or use personal data. We encourage you to read their privacy policies and know your privacy rights.


Personal Data Collected
As you know, The Buy Nothing Project is passionate about gifting, but we don’t believe you should have to gift your personal data. This means we strive to only collect the personal data we need. The type of personal data we collect depends on how you use our services. Listed below are the data categories we collect directly from you.
  • Personal information. Your name, email address, location or address, and date of birth (if signing up with email/password).
  • Device information. Data about your device or from which your device could be identified, such as your IP address or device serial number.
  • Contact information. Data such as your real name, email address, and physical address/location.
  • Payment information. Data about your billing address and method of payment, which is collected by our payment processor, Stripe.
  • Transaction information. Data about the in-app transactions that we help facilitate through our services.
  • Photos and personal data you voluntarily post. Photos and personal data you voluntarily post on The Buy Nothing Project.

How The Buy Nothing Project Uses Personal Data
The Buy Nothing Project uses personal data to help you facilitate your gifting, to operate and improve our services, to communicate with you, for security and fraud prevention, and to comply with laws and regulations.

To expand on the above, we use personal data for the following purposes:
  • To meet or fulfill the reason you provided the information to us, including to help facilitate your delivery or receipt of a gift.
  • To communicate with you about our services, including updates or new offers.
  • To provide you with support and assistance.
  • To create and manage your account or other user profiles.
  • To personalize the services based on your preferences.
  • To respond to user inquiries and fulfill user requests.
  • To improve and develop the services, including testing, research, analysis and product development.
  • To protect against or deter fraudulent, illegal or harmful actions and maintain the safety, security and integrity of our services.
  • To comply with our legal or contractual obligations, resolve disputes, and enforce our Terms of Use.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • For any other business purpose stated when collecting your personal data or as otherwise set forth in applicable data privacy laws.
Unless we give you prior notice, we will not collect additional categories of personal data or use personal data we collect except as described in this Privacy Policy.

As noted in the list above, we may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you informational offers or important product updates. If you do not want to receive these communications from us, you may unsubscribe from them.

How The Buy Nothing Project Shares Personal Data
Not only do we strive to collect only personal data we need, but we only disclose personal data to third parties as described below.

  • To select recipients. These are third parties we share personal data with at your direction, including the public (where you choose to post information publicly), other users (as necessary to facilitate a gifting transaction on our services), or social media services (if you intentionally interact with them through your use of our services).
  • Service providers. These are third parties that help us provide our services, including payment processors, security and fraud prevention providers, hosting and other technology and communications providers, analytics providers, and staff augmentation and contract personnel.
  • To acquirers. These are parties who acquire your personal data through an acquisition or other change of control. Personal data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
  • To our affiliated entities. These are our wholly owned entities subject to this Privacy Policy.

Cookies and Other Technologies
Cookies are small pieces of data (usually text files) placed on your computer, tablet, phone, or other device used to access our services. Like many other websites, our services use cookies and similar technologies (such as web beacons) to make our services better and best serve our communities. These cookies enable our servers to analyze trends, recognize your web browser and tell us how and when you visit and use our services, and operate and improve our services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own cookies on your devices. Please note that because of our use of cookies, the services do not support “Do Not Track” requests sent from a browser at this time.

Although there are many different types of cookies (including cookies used to retarget and advertise), we only use performance/analytical cookies, which allow us to understand how our visitors use our services. For example, Google, uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to The Buy Nothing app is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.

Of course, we want our users to feel empowered to interact with our services however they determine best. To that end, you can decide whether to accept or delete cookies through your internet browser’s settings.

Data Security and Retention
Protecting your personal data is extremely important to us and so we seek to protect it from unauthorized access, use and disclosure by using appropriate physical, technical, organizational, and administrative security measures based on the type of personal data we collect and the way we process it. For example, our services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal data you provide to us.

We retain personal data about you for as long as you have an open account with us or as otherwise necessary to provide you with our services. In some cases, we retain personal data for longer if doing so is necessary to comply with our legal obligations, resolve disputes, or is otherwise permitted or required by applicable law, rule, or regulation.

Children and Personal Data
As noted in our Terms of Use, we do not knowingly collect or solicit personal data about children under 17 years of age. If you are a child under the age of 16, please do not attempt to register for use our services or send us any personal data. If we learn we have collected personal data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided us personal data, please contact us.

Further Information
This Privacy Policy applies to all services offered by Sharething, Inc. (dba The Buy Nothing Project) and its affiliated entities.

We are constantly improving our services and so we may need to change this Privacy Policy from time to time. When we make material changes, we will notify you by placing a notice on The Buy Nothing Project website and/or by sending you an email if we have your address on file. Our use of personal data we collect is subject to the Privacy Policy in effect at the time such information is collected so that you control what you’d like to share.

If you have any questions or comments about this Privacy Policy or the ways in which we collect and use your personal data, please do not hesitate to contact us at [email protected]

State Specific Privacy Rights and Disclosures


California Residents
If you are a California resident, you have the rights set forth in this section. If you are a California resident and there are any conflicts between this section and any other provision of The Buy Nothing Project Privacy Policy, the portion that is more protective of personal data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at [email protected]

Access
You have the right to request certain information about our collection and use of your personal data over the past 12 months. In response, we will provide you with the following information:
  • The categories of personal data that we have collected about you.
  • The categories of sources from which that personal data was collected.
  • The business or commercial purpose for collecting or selling your personal data.
  • The categories of third parties with whom we have shared your personal data.
  • The specific pieces of personal data that we have collected about you.
If we have disclosed your personal data to any third parties for a business purpose over the past 12 months, we will identify the categories of personal data shared with each category of third-party recipient. If we have sold your personal data over the past 12 months, we will identify the categories of personal data sold to each category of third-party recipient.

Deletion
You have the right to request that we delete the personal data that we have collected about you. Under the California Consumer Privacy Act, this right is subject to certain exceptions: for example, we may need to retain your personal data to provide you with the services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.

Exercising Your Rights
To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use personal data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

You may submit a Valid Request by emailing us at [email protected]

You may also authorize an agent to exercise your rights on your behalf. To do this, you must provide your authorized agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your authorized agent when they make a request on your behalf.

Personal Data Sales Opt-Out and Opt-In
We will not sell your personal data and have not done so over the last 12 months.

No Discrimination
We will not discriminate against you for exercising your rights under the California Consumer Privacy Act. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the California Consumer Privacy Act. However, we may offer different tiers of our services as allowed by applicable data privacy laws (including the California Consumer Privacy Act) with varying prices, rates or levels of quality of the goods or services you receive related to the value of personal data that we receive from you.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of personal data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at [email protected]

Nevada Residents
We do not sell your personal data as sales are defined in Nevada Revised Statutes Chapter 603A.