Sponserd · Sponserd

Sponserd Privacy Policy

Last Updated: August 18, 2025

Introduction

Sponserd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Sponserd platform or any related services. It is designed to meet the requirements of global data protection laws in the jurisdictions where our customers and partners may operate, including the United States, the United Kingdom, the European Union (EEA), Canada (including Québec), and Mexico. By using Sponserd, you agree to the practices described in this Policy. If you do not agree, please discontinue use of our platform.

Scope: This Policy applies to personal data collected from users of the Sponserd platform, and services. It covers how we handle personal information under laws such as the EU General Data Protection Regulation (GDPR) and UK GDPR, the California Consumer Privacy Act as amended by the CPRA (collectively "CCPA"), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Québec's Law 25, and Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP). We do not cover any services or websites that are not operated by Sponserd, even if linked from our platform.

Information We Collect

We collect personal information (also referred to as personal data) that you provide to us, that is collected automatically through your use of our services, or obtained from third parties. The types of data we collect include:

Account and Contact Information: When you register or use Sponserd, you may provide personal identifiers such as your name, email address, telephone number, username, password, and other contact details. This also includes any profile information or preferences you choose to add to your account.
Transactional and Payment Data: If our services involve financial transactions (for example, if you sponsor content or make purchases), we collect payment information such as credit/debit card numbers or payment service details and transaction history. Note: We rely on Stripe as our payment processor and do not store your financial account numbers on our systems.
User Content and Communications: We collect any content you upload or post on the platform, such as profile information, photos, videos, comments, messages, or feedback. This includes communications you send to us (like support inquiries) or communications between users on the platform. Please be mindful that content you share publicly may be visible to others.
Device and Usage Information: We automatically collect certain data about your device and how you interact with Sponserd. This includes technical information like your IP address, device identifiers, browser type, operating system, and platform. We also collect usage data such as the pages or screens you view, features you use, access times, and referring websites. This information helps us understand and improve the performance of our services.
Cookies and Tracking Technologies: Like most online services, Sponserd uses cookies, web beacons, and similar tracking technologies to personalize your experience and analyze usage of our platform. Cookies are small text files stored on your browser. They help us remember your preferences, keep you logged in, and serve relevant content. We also allow certain third-party analytics providers (such as Google Analytics) to set cookies or similar technologies to collect usage information and measure the effectiveness of our platform. You have choices to manage cookies as described in the "Your Rights and Choices" section below.
Information from Third Parties: We may receive personal data about you from other sources. For example, if you link or sign in to Sponserd through a third-party account (such as Google, or other SSO), we will receive information like your name or email from those services as permitted by their terms. We might also obtain marketing leads or demographic information from business partners, or verify your identity through service providers for security and compliance purposes. We protect and handle any third-party-sourced data according to this Policy and applicable law.

We do not collect any sensitive categories of personal data about you or your business (for instance, we do not ask for social security numbers, government IDs, or precise geolocation). In the event we ever need to handle sensitive personal information, we will do so in compliance with applicable requirements, including obtaining your explicit consent where required by law.

How We Use Your Information

We use personal information for the following purposes, in accordance with applicable laws and only as necessary for those purposes:

To Provide and Operate the Service: We process your information to create and maintain your account, authenticate you when you log in, and enable core platform features. This includes displaying your profile and content to other users as appropriate, facilitating connections, and providing the services and functionality you expect from Sponserd. We also use your data to monitor the technical functioning of the platform, address performance issues, and troubleshoot errors.
To Communicate with You: We use contact information (like your email) to send service-related communications. This may include confirmations of actions you take, important announcements about the platform, responses to your inquiries, customer support messages, and updates to terms or policies. We may also send you marketing communications about new features or promotions, but only in accordance with your preferences and applicable law (for example, we will seek your consent for marketing emails where required). You can opt out of marketing messages at any time.
To Personalize Content and Improve User Experience: We analyze usage data and employ cookies to remember your preferences and tailor the content you see. This personalization can include suggesting relevant sponsored content, recommending users or opportunities you might be interested in, and customizing the platform's interface (such as language or region settings). We also use data analytics to understand user engagement and improve our services – for example, by testing interface changes, fixing bugs, and making the user experience more intuitive.
For Advertising and Analytics Purposes: Where permitted, we may use information about you to show you targeted promotions or sponsored messages that we believe may interest you. This may involve the use of cookies and tracking technologies to collect information about your browsing activities over time. We do not use sensitive personal information for targeted advertising without consent. If required by law, we will obtain your opt-in consent before using or sharing your data for advertising personalization. We also generate aggregate or de-identified data (which cannot reasonably identify you) to develop insights and benchmarks for our business.
To Ensure Security and Prevent Fraud: We are dedicated to keeping Sponserd safe. We process personal data (especially usage and device information) to detect, investigate, and prevent fraudulent transactions, spam, abuse, security incidents, and other malicious or illegal activities on the platform. This includes verifying accounts, monitoring login attempts, enforcing our terms of service, and using automated systems to flag suspicious behavior. If we discover content or behavior that violates our policies or may be unlawful, we may take appropriate action, which could include content removal or contacting authorities as required by law.
To Comply with Legal Obligations: We process and retain personal information as necessary to fulfill our legal and regulatory obligations. For instance, we may need to keep certain transaction records for financial reporting or respond to valid requests from government authorities. If we receive a lawful subpoena or court order, we may process and disclose data as required. We also use personal data to exercise or defend legal claims and rights, and to conduct audits and compliance checks (such as ensuring we meet obligations under privacy laws).
For Any Other Purpose With Your Consent: In cases where we need to use your personal information for a purpose not described above, we will explain it to you at the time of collection and, if required, obtain your consent. For example, if we ever seek to use your testimonial or profile in promotional materials, we would ask for your permission. You have the right to withdraw such consent at any time.

Legal Bases for Processing (EEA/UK visitors): If you are in the European Economic Area or United Kingdom, we only process your personal data when we have a valid legal basis to do so under GDPR/UK GDPR. The legal bases we rely on are typically: (i) Performance of a contract – we need to process your data to provide the services you requested (for example, to maintain your account); (ii) Consent – where you have given us consent, such as for optional marketing or certain cookie uses (you can withdraw consent at any time); (iii) Legitimate interests – we use your data for our legitimate business interests in maintaining and improving our platform, personalizing content, and securing our services, in a manner that does not override your privacy rights; and (iv) Compliance with laws – when processing is necessary to meet our legal obligations (such as retaining records for tax purposes or responding to legal process). If you have questions about the specific legal basis for any processing of your data, please contact us at the details provided below.

How We Share and Disclose Information

We do not sell your personal information to data brokers or third parties for monetary compensation. We only share your information in the following circumstances, and always with appropriate safeguards and only to the extent necessary:

Service Providers (Processors): We share personal data with trusted third-party vendors who perform services on our behalf and under our instructions. This includes companies that provide us with infrastructure and hosting (cloud storage providers), payment processing, email communications, customer support software, analytics services, marketing and advertising partners (to the extent they process data on our behalf), and security services. These service providers are contractually bound to handle personal information only for the purposes we specify, to keep it confidential, and to meet adequate data protection standards. For example, our analytics providers help us understand how users interact with Sponserd, and our cloud providers store our database information; they are not permitted to use your data for their own unrelated purposes.
Properties and Brands (Users): The nature of Sponserd involves connecting brands with properties (or similar relationships on our platform), we will share certain information between the relevant parties as needed to facilitate those relationships. For example, if you are a property seeking sponsorship, information from your profile (such as your name, property information, and listings content) may be shared with prospective brands using our platform. Likewise, if a brand adds campaign information, the necessary contact and campaign details will be shared between the brand user and the property user to carry out the agreement. In such cases, we will make clear to you what information will be shared and with whom, and we will only proceed with your knowledge or at your direction (which is part of the platform's functionality when you choose to participate in sponsorship deals).
Analytics Partners: As noted, we may allow third-party analytics companies to collect information about your device and online activities through cookies and similar tools on our site. These partners may receive identifiers and usage data (such as your IP address, cookie ID, device info, and browsing behavior) so that they can measure ad performance, provide us with aggregate analytics, and help serve more relevant content on our behalf. For example, we might share a user identifier (in hashed form) with a social media advertising platform to reach you (or others with similar interests) with ads on that platform – but we will do this only in accordance with applicable law (obtaining consent where required). Important: We do not permit third parties to use this data for their own independent marketing, and if any sharing of data would legally be considered a "sale" or "sharing" of personal information (as defined by U.S. state laws), we will provide you with the right to opt out (see "Your Rights and Choices" below).
Affiliates: We may share your information with our corporate affiliates (entities that are under common ownership or control with Sponserd) for purposes consistent with this Policy. For instance, if Sponserd, Inc. has a subsidiary or parent company involved in operating the platform or providing services (e.g., a UK or EU branch to serve those regions), your data may be transferred within our corporate family. All our affiliates will be required to honor the commitments in this Privacy Policy.
Business Transfers: In the event that Sponserd is involved in a prospective or actual merger, acquisition, financing, restructuring, bankruptcy, or sale of company assets, personal information held by us may be disclosed to or transferred to the other organization(s) as part of that transaction. We will ensure any such disclosure is subject to appropriate confidentiality protections, and if the transaction is completed, the successor organization will assume the rights and obligations regarding your personal information as described in this Policy. We will notify you (for example, via email or a prominent notice on our service) of any change in ownership or use of your personal data in such a scenario, as well as any choices you may have.
Legal Compliance and Protection: We may disclose personal information to third parties (such as attorneys, auditors, law enforcement agencies, courts, or regulators) if we believe in good faith that such disclosure is necessary to (i) comply with any applicable law, regulation, legal process, or enforceable governmental request (for example, to respond to a subpoena or court order); (ii) enforce our Terms of Service or other agreements, or investigate potential violations thereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; or (iv) protect the rights, property, or safety of Sponserd, our users, or the public. This kind of disclosure will only be done in strict compliance with applicable laws. If we receive law enforcement requests for user data, we scrutinize them carefully and only provide data within the scope of such requests when required. Where permitted and feasible, we may notify affected users of any requests for their information before disclosing it.
With Your Consent or At Your Direction: Apart from the situations above, we will share your personal information with others only if you have provided consent or explicitly directed us to do so. For example, if you choose to integrate Sponserd with a third-party service or ask us to share your details with a partner for a specific program, we will do so with your permission. You may also authorize us to share some of your information publicly (for instance, by posting content to a public area of Sponserd or connecting your Sponserd account with a social media account). In those cases, anyone with access to the public content or the linked social account will see the information you have made available.

No Selling of Personal Data: We want to reiterate that we do not sell your personal information in the traditional sense of exchanging it for money. We also do not share your personal information with third parties for their own independent marketing or advertising use unless you give us permission. If in the future our practices change such that we engage in any activity that could be deemed a "sale" or "sharing" of personal data under privacy laws (for example, providing certain online identifiers to ad partners in a way that is covered by CCPA), we will implement appropriate opt-out mechanisms and prominently inform you, including honoring "Do Not Sell or Share My Personal Information" requests. We provide more details on how California and other U.S. state residents can exercise this right in the Your Privacy Rights section below.

Cookies and Tracking Choices

Cookies & Tracking Technologies: As noted, Sponserd uses cookies and similar tracking technologies to provide and optimize our services. When you visit our site or use our app, we (and authorized third parties) may set cookies or access cookies stored on your device. These may be session cookies (which expire when you close your browser) or persistent cookies (which remain for a set period or until deleted). We use these for purposes such as: keeping you logged in; remembering your settings and preferences; understanding how users navigate through our content; authenticating your requests; and personalizing content and ads. We may also use web beacons (pixel tags) in emails to know if you open them, which helps us improve our communications to you.

Your Choices: Most web browsers automatically accept cookies, but you can typically modify your browser setting to decline cookies or alert you when a cookie is being placed. Please note that if you disable or delete cookies, some features of our service may not function properly (for example, we may not remember your language preference or login). For mobile apps, you can reset your device's advertising identifiers or limit ad tracking via your device settings. Additionally, there are industry-provided opt-out mechanisms for certain cookies (like Google Analytics opt-out browser add-on) and for interest-based advertising (via the Digital Advertising Alliance and Network Advertising Initiative websites).

Cookie Consent (EEA/UK): If you are in the European Union, United Kingdom, or other jurisdictions that require it, we will display a cookie consent banner or interface when you first use our service, allowing you to accept or reject non-essential cookies. You can adjust your cookie preferences at any time through our Cookie Settings link (if available) or by contacting us. Our use of cookies will comply with applicable law, and any cookies that are not strictly necessary for our service will be used only with your consent.

Do Not Track: Some browsers have a "Do Not Track" (DNT) feature that sends a signal to websites indicating you do not want to be tracked. The web industry is currently not uniform in responding to DNT signals. At this time, Sponserd does not respond to DNT browser signals. However, we treat Global Privacy Control (GPC) signals (which are a mechanism for you to indicate a general opt-out of sale/sharing under U.S. state laws) as a valid opt-out request. If we detect a GPC signal from your browser, we will apply it to opt out of any sale or sharing of your data as described in the Your Privacy Rights section below.

International Data Transfers

Sponserd is a global platform. Your personal information may be stored and processed in countries other than your own, including the United States. For example, if you are located in the EEA, UK, or Canada, your data may be transferred or accessed by our servers in the United States or by our service providers in other countries. These countries may have data protection laws that are different from (and potentially less protective than) the laws of your region.

However, we take steps to ensure that your personal data is given an adequate level of protection in the jurisdictions where it is processed. When we transfer personal data internationally, we implement appropriate safeguards in accordance with applicable data protection laws. These measures may include:

Standard Contractual Clauses: For transfers from the EEA/UK (or other jurisdictions requiring it) to our operations in the U.S. or elsewhere, we utilize the European Commission's Standard Contractual Clauses (SCCs) or the UK's International Data Transfer Agreement/Addendum, as applicable, which contractually oblige the recipient to protect your personal data according to the standards of EU/UK law. We also assess on a case-by-case basis whether additional technical or organizational measures are needed to supplement these clauses (such as encryption in transit and at rest, or commitments around government access) to ensure transferred data remains protected.
Adequacy Decisions: Where applicable, we may rely on official adequacy decisions or regulations that recognize a country as providing an adequate level of data protection. For example, if a future adequacy mechanism is in place between the EU and US (such as an approved privacy framework), we may use that for relevant transfers. Similarly, Canada is considered adequate by the EU for private sector data, so transfers of EU data to Canada may occur under that premise.
Binding Corporate Rules and Consent: Although Sponserd does not currently have Binding Corporate Rules, if we establish any intra-group transfer policies approved by regulators, we will follow them. In certain cases, we may also transfer data with your explicit consent, or where the transfer is necessary to perform a contract with you (e.g., when you are an EU user interacting with a US-based service or sponsor, the transfer of data is necessary to provide the requested service). We will inform you and obtain consent when required by law for any cross-border data transfers not covered by other safeguards.

Regardless of where your data is processed, we will protect it as described in this Policy and in accordance with applicable law. If you have questions about our international data transfer practices, please contact us.

Data Security

We implement a variety of technical and organizational security measures to safeguard your personal information and help protect it from unauthorized access, use, alteration, and destruction. These measures include, for example:

Encryption: We use encryption protocols (such as HTTPS/TLS) to secure data in transit between your device and our servers. Certain sensitive information (like passwords and payment details) is stored in encrypted form.
Access Controls: We limit access to personal data to employees, contractors, and agents who need such access to operate or improve our services. They are bound by confidentiality obligations. We also employ access controls like two-factor authentication for our internal systems and restrict administrative privileges to authorized personnel.
Monitoring and Testing: Our systems are monitored for vulnerabilities and attacks. We regularly update and patch software and conduct security assessments. Where possible, we anonymize or pseudonymize data to reduce the risk to individuals. We also maintain policies and procedures for incident response, so that if a security breach occurs we can act quickly to mitigate harm.
Vendor Due Diligence: When engaging third-party service providers that handle personal data, we vet their security practices and ensure they commit to protecting data through agreements and audits. For example, our cloud infrastructure providers maintain high industry security standards and certifications.

While we strive to protect your information, no security measure is 100% perfect. Therefore, we cannot guarantee absolute security of your data. You should also take steps to protect your account and personal information, such as choosing a strong password and keeping it confidential. If you suspect any unauthorized access to your account or security breach, please notify us immediately.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

Account Data: We keep the personal information associated with your account for as long as your account is active. If you delete your account or it becomes inactive, we will initiate deletion of your data or anonymize it within a reasonable period, except where we need to retain it for legitimate business or legal purposes. For example, we may retain limited information to comply with record keeping laws or to resolve disputes.
Content: Content you have posted on the platform (such as opportunity listings) may remain visible to others even after you delete your account, only if it has been shared or re-posted by others, or if removal is not reasonably feasible. However, we will disassociate such content from your personal identifiers upon account deletion, or otherwise anonymize it at your request if required.
Transactional Records: We may retain certain transactional and financial records for longer periods as required by law (e.g., for tax, audit, anti-fraud, or accounting purposes). Typically, this could be 7 years or as mandated by applicable regulations.
Legal Hold: If we are under a legal obligation to retain data (for example, in connection with litigation or government investigations), or if the data is required to fulfill a contractual obligation to you, we will retain it for the duration of that obligation.
Backups and Residual Copies: Even after we delete data from our active database, it may persist in backup or archival systems for a period of time until those systems are overwritten or refreshed. We maintain backup data securely and limit access to it. We also have retention schedules to eventually purge old data from backups.

We adhere to the principle of data minimization and storage limitation – meaning we do not keep personal data longer than necessary for the purpose it was collected. When personal information is no longer needed, we will securely destroy it or irreversibly anonymize it. For instance, we use secure erasure for electronic records and shredding for physical documents. Additionally, we maintain a data retention schedule and inventory in line with modern privacy regulations, and we periodically review the data we hold, deleting or anonymizing records that are no longer required. If you have specific questions about our data retention practices for any category of data, you can contact us for more detail.

Your Privacy Rights and Choices (By Jurisdiction)

Depending on where you reside, you may have certain rights under privacy laws to access, control, or limit the use of your personal information. Sponserd is committed to honoring these rights. Below, we outline the rights available to individuals in different jurisdictions and how you can exercise them. To make any request regarding your personal data, you can contact us at privacy@sponserd.com or use the self-service tools in your account (where available). We will verify your identity before fulfilling a request and respond within the timeframes required by law.

Rights of Individuals in the European Economic Area (EEA) and United Kingdom

If you are located in an EU member state or the UK, you have comprehensive data protection rights under the GDPR/UK GDPR. These include the right to:

Access Your Data: You can request confirmation of whether we are processing your personal data and obtain a copy of the data we hold about you. This allows you to know and verify the lawfulness of our processing.
Rectification: If any of your personal information is inaccurate or incomplete, you have the right to request that we correct or update it. We encourage you to keep your profile information up-to-date, and you may make certain corrections yourself via account settings.
Erasure: You have the "right to be forgotten." At your request, we will delete your personal data, provided there is no lawful reason for us to continue processing it. This right is not absolute – for example, we may need to retain some information to comply with legal obligations or establish/exercise legal claims – but we will honor it to the fullest extent required. When you delete your Sponserd account, we will remove or anonymize your personal data as described in the Data Retention section.
Restriction of Processing: You can ask us to restrict (pause) the processing of your personal data in certain circumstances. For instance, if you contest the accuracy of your data, you may request we restrict processing until we verify its accuracy. Or if you object to our processing (see below), you may request restriction pending our verification of overriding grounds. When processing is restricted, we will still store your information but not use it further.
Data Portability: You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible In practice, upon request, we will provide you with an electronic file of your basic account data and content that you have provided to us.
Object to Processing: You may object at any time to processing of your personal data that is based on our legitimate interests, including profiling based on those interests. If you make such an objection, we will no longer process your personal information for those purposes unless we demonstrate compelling legitimate grounds for the processing that override your rights, or unless it is needed for legal claims. You also have the right to object to processing of your data for direct marketing purposes at any time – if you do, we will stop using your data for marketing.
Not be Subject to Automated Decisions: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you, unless it is necessary for a contract with you, authorized by law, or based on your explicit consent. Sponserd's general policy is not to make any such purely automated decisions about users without human involvement. In the event we use automated decision-making (for example, an algorithmic scoring that affects your content's reach), we will inform you and ensure you have the right to request human review of the decision.
Withdraw Consent: To the extent we process your personal data based on your consent, you have the right to withdraw that consent at any time. For example, you can opt out of marketing emails by clicking the "unsubscribe" link, or withdraw consent for cookies by adjusting your preferences. Note that withdrawing consent does not affect the lawfulness of processing before withdrawal.
Lodge a Complaint: If you believe we have infringed your data protection rights or GDPR obligations, you have the right to file a complaint with a Supervisory Authority in the EU country where you live or work, or where the alleged infringement occurred. In the UK, you can file with the Information Commissioner's Office (ICO). We would, however, appreciate the chance to address your concerns directly before you approach a regulator, and welcome you to contact us with any issues.

How to Exercise: You (or your authorized agent, where applicable) can exercise these rights by contacting us at privacy@sponserd.com. For certain requests like data access and portability, we may provide self-service tools in your account. We will respond to your request as soon as possible and at latest within one month, unless an extension is permitted. We will inform you if we need additional information to verify your identity. Please note, these rights are subject to some conditions and legal exemptions; if we cannot comply with your request, we will explain why.

Privacy Rights for Residents of the United States (California and Other States)

While the U.S. does not yet have a single federal privacy law, several states have enacted laws giving residents rights over their personal information. If you are a resident of California, or other states with similar laws (such as Colorado, Connecticut, Utah, and Virginia), you may have the following rights regarding your personal data:

Right to Know / Access: You can request that we disclose the specific pieces and/or categories of personal information we have collected about you, as well as information about our handling of that data. This includes the categories of personal information, the categories of sources from which we collected it, the business or commercial purposes for collection, the categories of third parties to whom we disclosed your information, and the categories of information (if any) we have sold or shared. We are required to provide this information for the 12-month period preceding your request (and you may request such information up to twice per 12-month period). We will provide the response in a readily usable format, which may be electronic.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions. Once we receive and confirm a verifiable deletion request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. For example, we may retain data needed to complete a transaction you requested, to detect security incidents, to exercise free speech or another legal right, to comply with a legal obligation, or other uses allowed by law. We will specify in our response if any exception applies.
Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you. Upon verifying your identity and the accuracy of the new information, we will correct the information (taking into account the nature of the personal data and the purposes of processing).
Right to Opt Out of "Sale" or "Sharing": You have the right to direct us not to sell your personal information to third parties, and to opt out of sharing your personal information for cross-context behavioral advertising (targeted advertising purposes). As noted above, Sponserd does not sell data for money. However, if our use of certain analytics or advertising cookies is considered a "sale" or if we share identifiers for advertising, you can opt out. We honor the Global Privacy Control (GPC) signal as a valid opt-out request for your browser/device. Additionally, on our website's footer, you will find a link labeled "Do Not Sell or Share My Personal Information" (for California residents) which you can click to record your preferences. For mobile app users, you can adjust device settings to limit tracking or contact us to opt out. Once you opt out, we will not sell or share your data unless you later provide permission.
Right to Limit Use of Sensitive Personal Information (California): The California Privacy Rights Act (CPRA) gives California residents the right to tell businesses to limit the use or disclosure of sensitive personal information if it is used for inferring characteristics about you. Sponserd does not use sensitive personal information (such as precise geolocation, financial account logins, social security number, etc.) for any purpose other than what is necessary to provide our services or as otherwise permitted by law. Therefore, this right is generally not applicable to our practices. If that changes, we will update our policy and honor requests to limit sensitive data usage.
Right of No Retaliation/Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your privacy rights. This means we will not deny you service, charge you a different price, or provide a different level of quality because you exercised your rights under these laws. If we offer any financial incentive (such as a discount or reward program) that requires the provision of personal data, we will present terms and get your opt-in consent. You can opt out of such programs at any time without penalty.
Additional State Rights: Some states (e.g., Colorado, Connecticut, Virginia) provide a right to opt out of certain profiling activities, a right to data portability similar to above, and a right to appeal our decision if we decline to act on a rights request. If you are a resident of one of these states, we will automatically include those rights in our response and process. For instance, if we refuse a request, our response will include information on how to appeal that decision. If an appeal is denied, you may contact your state's Attorney General. We are also required in some states to obtain consent before processing "sensitive" personal data (such as precise geolocation, racial or ethnic origin, etc.). We generally do not process such data, but if we do, we will seek consent as required.

How to Exercise: To exercise your U.S. privacy rights, you (or an authorized agent) may submit a request to us by email at privacy@sponserd.com with the subject line "Privacy Rights Request" and specifying the nature of your request (access, deletion, correction, opt-out, etc.). For opt-out of sales/sharing, you may also use the "Do Not Sell or Share" link on our site or the GPC signal as described. We will need to verify your identity — this may involve confirming personal details we already have on file, or in the case of sensitive requests, signing a declaration. For certain highly sensitive requests, we may use a two-step process (e.g., you must first request, and then confirm via email). Authorized agents must provide proof of authorization. We aim to confirm receipt of your request within 10 business days and respond substantively within 45 calendar days (or notify you if an extension of up to 45 more days is needed). If we decline any part of your request, we will explain our reasoning. Remember, you can always access and update some information directly by logging into your account as well.

Privacy Rights in Canada (PIPEDA and Québec Law 25)

For individuals in Canada, you have rights under federal and provincial privacy laws regarding your personal information:

Right to Access: You have the right to request access to the personal information that Sponserd holds about you. Upon written request and authentication of identity, we will provide you with information about whether we have personal data about you and an overview of that information, including an explanation of how it is or has been used and the identities of any third parties to which it has been disclosed, subject to any exceptions in law. We will provide this data in a clear format. Under PIPEDA, we will respond to access requests within a reasonable time (generally within 30 days) and at minimal or no cost to you. If we need an extension or cannot fulfill your request, we will inform you in writing with the reasons (for example, if responding threatens another person's privacy or there are legal constraints).
Right to Correct/Rectify: If any of your personal information is incorrect or incomplete, you have the right to request a correction. We rely on you to provide accurate information and will promptly update any inaccuracies you report. If we have shared incorrect information with third parties in the course of providing you services, we will, where possible, forward the corrected information to them. If for some reason we cannot fulfill a correction request, we will explain why (e.g., if the information is an opinion or if it cannot be verified).
Withdrawal of Consent: PIPEDA is primarily a consent-based law. You have the right to withdraw your consent to our continued collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. For example, you can opt out of receiving marketing emails by withdrawing your consent (using the unsubscribe link or contacting us), and we will respect that choice. If you withdraw consent for a service feature that requires your personal data, we will inform you of any consequences (like our inability to provide that feature). Note that even if you withdraw consent, we may still process your data without consent if an exception applies (for instance, to comply with laws, or in the case of certain business transactions or fraud investigations, as permitted by PIPEDA).
Transparency and Information: You have the right to be informed about our privacy practices and policies (hence this Policy, which we strive to make clear and accessible in accordance with PIPEDA's openness principle). If you have questions about how we collect or use your data, we will give you further information upon request. We also will inform you if we experience a data breach that poses a "real risk of significant harm" to you, as required by law – and we report such breaches to the Office of the Privacy Commissioner of Canada (OPC) and relevant provincial regulators when mandated.
Complaint and Redress: If you have concerns about our privacy practices, you have the right to challenge our compliance. You may contact us (our Privacy Officer) to discuss and resolve your question or complaint. We commit to investigate and respond to complaints. If you are not satisfied with our resolution, you may file a complaint with the Office of the Privacy Commissioner of Canada (for PIPEDA matters) or, for Quebec residents, the Commission d'accès à l'information du Québec (CAI) under Law 25. These authorities can investigate our practices and make recommendations or rulings. We will cooperate fully with any such investigation.

Québec (Law 25) Additional Rights: Residents of Québec enjoy the above rights and several enhanced rights under the modernized privacy law (Law 25, previously Bill 64), which are largely aligned with GDPR-style rights. These include:

Data Portability: The right to request that personal information you provided to us be transferred to you or directly to another organization in a structured, commonly used technological format (similar to the portability right described for the EU). This applies when the transfer is technologically feasible.
Automated Decision-Making: You have the right to be informed when we use an automated decision-making system to render a decision based solely on automated processing of your personal information, if that decision produces legal or significant effects for you. In such cases, upon request, we will inform you of what personal information was used to make the decision, the reasons and principal factors that led to the decision, and your right to have the decision reviewed by a human. Law 25 explicitly provides the right to submit observations to someone in our organization who can review and potentially change the automated decision. We currently do not engage in profiling or automated decisions that have significant effects without human oversight, but we will notify you if this changes and ensure compliance with this requirement.
Right to Anonymize or Destroy: Québec Law 25 also reinforces the obligation (and effectively your right) that we anonymize your personal information when the purpose of collection is fulfilled, or else securely destroy it, absent a legal justification to retain it. This is in line with our retention policy explained above.
Consent Requirements: We will obtain your consent in a clear, free, and informed manner for the collection, use, or disclosure of your personal information, especially if it's sensitive. Law 25 emphasizes that consent must be specific to each purpose and requested in plain language. You can withdraw consent as noted above. For minors under 14 in Québec, consent must be given by the parent or guardian. We do not knowingly collect data from children (see the Children's Privacy section).
Privacy Officer: In compliance with Law 25, we have appointed a person in charge of the protection of personal information (Privacy Officer) for Sponserd. You can contact our Privacy Officer using the contact information at the end of this Policy for any questions regarding your rights or our obligations under Québec law.

Exercising Rights in Canada: To make an access or correction request, or to exercise any other right, please contact us (see Contact Us section). We may ask you to fill out a form and provide identification documents so that we can verify your identity before responding. We will respond within 30 days (or notify you of an extension of up to an additional 30 days if needed). In rare cases, we might need to refuse access or deny a request (for example, if it would reveal personal information about another individual who has not consented, or if it is frivolous or vexatious). We will provide the reason for any refusal and information on further recourse. Our goal is to be transparent and cooperative in helping you exercise your rights. There is no fee for making a request, unless the law allows us to charge (in which case it would be a minimal cost and we would inform you in advance, e.g., for excessive or repetitive requests).

Privacy Rights in Mexico

If you are a user in Mexico, the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP, as updated in 2025) provides you with specific rights, commonly known as "ARCO" rights, plus additional protections. We honor the following rights for Mexican residents:

Access: You have the right to access the personal data we hold about you, and to know the origin of that data, the purposes of processing, and the third parties with whom your data has been shared. On request, we will provide you with the personal information in our possession and details about processing, subject to the verification of your identity and any exceptions under law.
Rectification: If your personal data is inaccurate, incomplete, or outdated, you have the right to request rectification. This means we will correct any erroneous data or update it to ensure it is correct. When requesting rectification, please indicate which data is incorrect and the corrections to be made, and provide documentation where appropriate (for example, official documents to correct your name or address).
Cancellation: You have the right to request cancellation (deletion) of your personal data when you believe it is not being processed in accordance with the principles and duties established by law. Upon a valid cancellation request, we will remove your personal information from our records, and it will go into a blocked status in our systems pending deletion. After that, we will suppress the data so that it cannot be further processed. Note that cancellation does not apply in situations where processing is required for legal obligations, contractual fulfillment, public interest, or other exceptions under Mexican law. We will inform you if an exception applies. Once data is canceled, we may keep it only for the period required to determine potential responsibilities regarding its treatment, after which it will be deleted.
Opposition: You have the right to object (opt-out) to the processing of your personal data in certain circumstances. If you have legitimate reasons, related to your particular situation, that justify stopping us from processing your data, you may exercise this right of opposition. For instance, if you object to receiving marketing or if processing is based on our legitimate interest, we will evaluate your request. If granted, we will cease processing your data for that specific purpose. Under the updated 2025 law, your right to object also extends to personal data processing for automated decision-making processes that produce significant effects on you. This means you can object to (and request human intervention in) decisions made solely by algorithms that significantly affect your rights or interests.
Data Portability: The new law in Mexico introduces the right to data portability. This means you can request a copy of the personal data you have provided to us, in a structured, commonly used, and machine-readable format, and (where technically feasible) have us transfer that data directly to another data controller of your choosing. This right is subject to the regulations that will be issued, but we intend to comply by providing you with electronic copies of your data (e.g., in CSV or JSON format) upon request, for the data that falls under this right.

To exercise any of your ARCO rights or data portability in Mexico, please send us a request (see Contact Us below) with the subject "Mexico ARCO Request". According to LFPDPPP procedures, your request should include at least: your name and contact address or email, documents proving your identity (or that of your legal representative, if applicable), a clear description of the personal data and the right you wish to exercise, and any other element that facilitates the location of the data (e.g., the email you used for our service). If you request rectification, please also indicate the modifications to be made and provide documentation supporting the changes. We will acknowledge receipt of your request and respond within the timeframes established by law (which is generally 20 business days to inform you of our determination and, if approved, 15 additional business days to fulfill it). These timeframes may be extended as permitted by law, and we will inform you of any extension. Our response will be delivered via the means you request (email or postal mail, typically). If we deny your request, we will explain the reasons (for example, if an exception applies or if the request was incomplete). You will have the right to initiate a Data Protection Procedure before the Secretaría de Gobernación or competent authority in Mexico if you disagree with our response or lack thereof, under the terms of the applicable law.

Additionally, under Mexico's law we will always provide a clear and easily accessible privacy notice when collecting your data, which is essentially this Privacy Policy. It details the identity of the data controller (Sponserd), the purposes of processing, the options and means to exercise ARCO rights, any transfers to third parties, and the mechanisms for you to express refusal to secondary data uses. We will notify you of any significant changes to this Policy as required.

Authorized Representatives and Minors: If you wish to use an authorized agent (such as a legal representative) to exercise your rights in any jurisdiction, we may require proof of authorization (like a notarized letter or power of attorney) and verification of the agent's identity. Our services are intended for adults; if we process data of minors with parental consent (for example, as part of a sponsorship for a minor athlete with parent oversight), the parent or guardian may exercise the rights on the minor's behalf.

Children's Privacy

Sponserd's services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years old. If you are under 13, please do not use our platform or send us any personal data. If we learn that we have inadvertently collected personal information from a child under 13 without proper consent, we will take steps to delete that information promptly.

For teens above 13 but under the age of majority (minors), we encourage parents or guardians to be aware of and supervise their online activities. If you are a parent or guardian and believe your minor child has provided personal information to Sponserd without your consent, please contact us, and we will delete the data and (if under 13) terminate the child's account.

In certain jurisdictions, such as the EU and UK, if a child is under 16 (or a lower age if defined by local law, but not below 13), consent for processing personal data in the context of online services may need to come from the parent or guardian. Sponserd does not currently offer services to children in those age ranges without parental consent. Québec's Law 25 similarly requires parental authorization for collecting personal information from minors under 14. Our policy is generally to refrain from knowingly collecting data from anyone under 16. If we choose to offer features aimed at younger users in the future, we will implement appropriate parental consent mechanisms and protections in accordance with COPPA and relevant laws.

Updates to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the "Last Updated" date at the top of this Policy. If the changes are significant, we will provide a more prominent notice of the update – for example, by posting a notice on our website's homepage or sending an email notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Any changes will become effective when the revised Policy is posted or as otherwise required by law. If we make a material change that retroactively affects how we handle previously collected personal data, we will seek your consent if required by applicable laws.

By continuing to use Sponserd after any updates come into effect, you agree to the revised Policy. If you do not agree to the updated terms, you should stop using our services and, if you choose, delete your account.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us:

Email: privacy@sponserd.com

Mailing Address: Privacy Officer – Sponserd, Inc.

651 Broad Street, Suite 201

Middletown, DE 19709, USA

Our Data Protection Officer (for GDPR/UK GDPR purposes) and Privacy Officer (for Canadian and other purposes) can be reached at the above email or mailing address. They are responsible for overseeing our compliance with this Policy and data protection laws.

If you contact us with a privacy-related request or question, please allow us time to respond. We will do our best to address your inquiry promptly and thoroughly.

Thank you for trusting Sponserd with your personal information. We value your privacy and are dedicated to safeguarding it in all aspects of our business.