APPFOLIO, INC. PRIVACY POLICY

LAST UPDATED: June 12, 2020

TABLE OF CONTENTS:

1. About Us and This Policy
2. Information We Collect
3. How We Use Your Information
4. Who We Share Your Information With
5. Security
6. Communication Matters
7. External Links
8. Jurisdictional Specific Privacy Regulations
9. Miscellaneous Items

1. ABOUT US AND THIS POLICY

Welcome, and thank you for visiting our website or using our services! When you visit our websites or use our services, you provide and entrust us with personal information that can be used to identify you (which we refer to herein as “your information”).

We understand that your information is important to you, and we take your privacy and data protection concerns seriously. As such, we have created policies that govern and guide our use and protection of your information. Such policies are summarized in this Privacy Policy (this “Policy”).

This Policy describes, among other things, what information we collect from you, how we use and disclose your information, and your rights regarding your information. This Policy is applicable to all of our websites and services that link to it.

We update this Policy from time to time. We will indicate the date the last changes were made above. If we determine, in our discretion, changes are significant, we will provide a more detailed notice and may also notify you of such changes via email.

When this Policy mentions “AppFolio,” “we,” “us,” or “our” it refers to AppFolio, Inc. or the AppFolio, Inc. wholly owned subsidiary that is responsible for your information under this Policy.

We hope this Policy answers all of your questions about our treatment and protection of your information, but to the extent you have further questions regarding this Policy, we invite you to email us anytime at privacy@appfolio.com or otherwise contact us as provided for herein.

2. INFORMATION WE COLLECT

We create and sell industry-specific, cloud based business software solutions, services and data analytics. As such, we collect many different types of information in connection with your use of our websites and services, including the following.

2.1 Information You Provide Us

• Information for use of Our Services. When you create an account or profile in one of our services, or otherwise use certain services, you may provide personal identifiers, such as your first name, last name, email address, date of birth, phone number, picture, login password, job title and function, address or geographical location, and other similar personal information.
• Information for Identity Verification. In connection with (a) creating and maintaining the security of our services, (b) providing background and screening services, (c) fulfilling “know your customer” processes, required for certain payment services, (d) enabling you to make and receive payments, and (e) complying with other various regulatory requirements, you may be required to provide us with information that can be used to verify your identity, such as your social security number, tax identification number, images of your driver's license, government issued ID, passport, national ID card, birthdate, and other authentication information.
• Information for Purposes of Payment Services. To use certain of our payment services, or to make payments to us, you may be required to provide us with financial information, such as your bank account number, online bank account login, and credit card information. We may also capture additional information when you make payments, such as card type, transaction type, and payee information.
• Information Revealed in Our Communities. When you participate in our communities (help centers, blogs, forums, etc.), you may choose to disclose and provide many different types of personal information that can be used to identify you, your location, your job function, and more.
• Information Provided when You Otherwise Interact with Us. You may provide us with personal information when you fill in forms, respond to surveys, participate in promotions or research opportunities, communicate with our customer service teams, or use other features of our services.
• Your Business Data. While it may not constitute personal information, if you use our services, we likely host data you provide us related to your business and obtain other information related to your business, such as your bank account balance and transaction history (“Business Data”). We understand your Business Data is sensitive (and in some instances confidential). As such, we do not access, use or disclose your Business Data except as set forth in Sections 3 and 4 of this Policy.

2.2 Information Collected When Using Our Websites and Services

• Device Information. When you access our websites or services we collect device information that can be used to identify you or your device. These identifiers may include IP address, hardware and software information, browser type, device event information, crash data, cookie data, and the pages you have viewed or engaged with before or after accessing our websites or services.
• Activity Information. We may collect details about how you use our websites or services, such as content accessed, time viewed, and links clicked.
• Geo-location Information. When you use certain of our services, we may collect information about your precise or approximate location as determined through your IP address, GPS, or nearby devices (Wi-Fi access points, cell towers, etc.).
• Cookies and Similar Technologies. When you visit our websites or services, we use common technology tools to collect and store information, such as cookies, pixel tags, local storage (such as browser web storage or application data caches, databases, and server logs).

2.3 Information Collected from Third Parties

• Background Information. We may receive information about you, such as demographic data and criminal and credit history, from our trusted background screening and fraud prevention partners. We collect this information only in accordance with applicable law and, when required, with your consent.
• Public Information. We may collect information about you from publicly accessible sources, such as information posted about you on the internet, news stories, and information available from governmental entities.
• Marketing Information. We may collect information about you from our trusted marketing partners who provide us with information about potential customers and partners.

Information we receive from third parties is often combined with information we collect ourselves for the purposes set forth in Section 3 of this Policy.

2.4 Anonymous Usage Information. We collect certain information provided by different constituencies (you, your customers, your vendors) that interact with our services on an anonymous and aggregated basis. We use industry best practices and state-of-the-art techniques to anonymize and aggregate data.

2.5 Information of Children. Individuals under the age of 18 are not permitted to use our services and we do not intentionally collect information on individuals under 18 years of age, regardless of their residency. Incidental exposure to this information may be possible if, for example, our customers upload this information to one of our services or it is inadvertently captured by our marketing organization.

3. HOW WE USE YOUR INFORMATION

We do not use or reference your information or Business Data except to provide, improve, develop, and market our services. Some specific examples of how we use your information follow.

3.1 Providing Our Services. Our services perform many functions and provide our customers with many tools. Use of your information and Business Data is essential for these functions. For example, we require the use of your information to validate login credentials, process payments, and conduct checks against databases. We may also use your information to provide customer service. For example, we may send you service or support messages, updates, and account notifications or we may let you know about upcoming changes or improvements to our services. To protect you and comply with our legal obligations, we use your information to detect and prevent fraud, abuse, security incidents, and other harmful activity, verify bank account balances and account ownership, resolve disputes, enforce our terms of service and agreements with third parties, and conduct security investigations and risk assessments.

3.2 Improving Our Services. We are constantly improving our services to better serve you. Your information and Business Data is used in connection with such efforts. For example, we may use your information for data analytics and measurement to determine how individuals interact with our services and where we can provide improved or better functionality. We may use your information to assess the capabilities of third party partners. We may also use your information to engage in research either directly with you or with your customers or other business partners.

3.3 Developing New Services. We are always looking for new ways to serve you by offering new products and services. Your information and Business Data helps us identify and build these products and services in various ways. For example, understanding how some of our customers used AppFolio Property Manager in connection with managing larger portfolios helped us develop AppFolio Property Manager PLUS.

3.4. Marketing Our Services. We may also use your information and Business Data to inform you, your users and your clients of available services we offer, to send you marketing, advertising and other information that we think may be of interest to you.

4. WHO WE SHARE YOUR INFORMATION WITH

We do not share your information or Business Data with anyone except as is necessary to provide our services. We do not and will not sell your information or Business Data. Some examples of when and why we share your information or Business Data follow.

4.1 Service Providers. We use a variety of third-party service providers to help us provide our services, and these third parties may require your information or Business Data for such purposes. For example, service providers may help us: (a) verify your identity or authenticate your identification documents, (b) check information against public databases, (c) conduct background checks, fraud prevention, and risk assessment, (d) perform product development, maintenance and debugging, or (e) provide customer service, payments, or insurance services. We have written agreements with all such third parties and they are not permitted to use your information or Business Data for any purpose other than to deliver the relevant services in a professional manner, and consistent with their legal, regulatory and other obligations. For clarity, we do not and will not share any personally identifiable or sensitive business information with third parties for unknown reasons.

4.2 Legal and Regulatory Disclosures. We may disclose your information or Business Data to courts, law enforcement, governmental authorities, tax authorities, or third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (a) to comply with our legal obligations, (b) to comply with a valid legal request or to respond to claims asserted against us, (c) to respond to a valid legal request relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, or (d) to enforce and administer our Terms of Service or other agreements with users. Such disclosures may be necessary to comply with our legal obligations, for the protection of your or another person's interests or for the purposes of keeping our services secure, preventing harm or crime, enforcing or defending legal rights, or facilitating the collection of taxes.

4.3 Sharing With Your Consent. Where you expressly consent or request, we share your information and Business Data when you authorize a third party service or website to access your account with us.

4.4 Sharing between Users. To help facilitate the use of our services among your users, we may need to share certain information with other users that you authorize to access and use your account. For example, account login information and other certain personal information may be visible by all members for purposes of confirming account permissions and users.

4.5 Public Information. Some of our services let you publish information that is visible or available to the public. For example, if you use our website services, you may elect to include certain of your information or Business Data on websites available to the public at large. Similarly, if you use our premium leads product you post your listings, which include your information, to numerous free and paid listings sites.

4.6 Corporate Affiliates. To enable or support us in providing you services, we may share your information and Business Data within our corporate family of companies, which includes AppFolio and its wholly owned subsidiaries.

4.7 Business Transfers. If we are involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your information and Business Data in connection with such transaction or in contemplation of such transaction.

4.8 Anonymized Data. We aggregate and anonymize certain of your information and Business Data to create industry and scholarly reports, trends, and studies (once again, we use industry best practices and state-of-the-art techniques to anonymize and aggregate data). These reports, trends, and studies may be made available or provided to the public.

5. SECURITY

We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. Sensitive data is encrypted and website connections are protected using strong transport layer security. Our websites are hosted in a secure server environment that uses multi-layer perimeter security, including firewalls and other advanced technology to prevent interference or access from outside intruders.

6. COMMUNICATION MATTERS

6.1 Special Offers, Updates and Research. We may occasionally send you information regarding our services, including educational offers and our newsletter. We also may occasionally contact you, your customers or other third parties related to you to inquire how you or such individuals use our services and how we might improve our services. We typically use names, email addresses and telephone numbers to send these communications and make these contacts.

Out of respect for your privacy, if you no longer wish to receive our newsletter and promotional communications, or if you do not wish for us to contact you, your customers or related third parties for our own internal research purposes, you may opt-out of receiving such communications by following the instructions included in each newsletter or communication, or by emailing us at privacy@appfolio.com. You may also contact us by postal mail at: AppFolio, Inc., 50 Castilian Drive, Goleta, CA 93117. Note that there are certain email communications that you cannot opt-out of as a user of our services, as these notices are required for the continued optimal functionality of our services.

6.2 Public Forums. We may provide public forums such as bulletin boards, blogs, or chat rooms on our websites or within our services subject to certain terms of use. These forums are provided as a service to you and other users to help exchange ideas, tips, information and techniques related to our services. As discussed above, we may collect your information revealed in these forums; however, any information you choose to submit may also be read, collected, or used by others and may be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.

7. EXTERNAL LINKS

Our websites and services may contain links to third party websites. These third party websites maintain their own policies regarding the collection and use of your information. We assume no responsibility or liability for the actions of such third parties with respect to their collection or use of your information. We encourage you to read the privacy policies of every website that you visit, including those you may reach through a link on our websites or in our services. We encourage you to be aware when you leave our websites or services and to read the privacy statements of each and every website you visit that collects your information.

8. JURISDICTIONAL SPECIFIC PRIVACY REGULATIONS

8.1 California Consumer Privacy Act. In compliance with the California Consumer Privacy Act, California residents may request that (a) we inform them of what information we collect, use, and disclose about them, and (b) we delete the information we have collected about them (subject to certain statutory exemptions).

If California residents would like to know more or submit a request, please visit us here or email us at privacy@appfolio.com. Be aware that we must verify your identity before responding to certain of your requests. In connection with such verification efforts, you may be required to provide us with certain pieces of your information (which we will match against what we have in our records) and/or provide us a form of government issued identification.

California residents may designate an authorized agent to make a request on their behalf under this Section. To designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney and a form of government issued identification for both the requester and authorized agent.

California residents will not be charged or otherwise discriminated against for exercising their rights under this Section.

As discussed above, we do not and will not sell your information. As such, we do not provide a process to opt-out of the sale of your information.

8.2 European Union General Data Protection Regulation. We exclusively market and sell our services to United States-based organizations and individuals. Even though we do not intentionally collect information about residents of the European Union (“EU”), some EU residents’ data may be inadvertently collected through marketing channels or by virtue of our customers’ legitimate use of our services. Collection and storage of any EU resident’s data by us is minimal and incidental. No such data is used for marketing or any other purpose.

Notwithstanding the foregoing, if you are an EU resident and would like to request that your data be securely removed from our systems, however collected, please send an email with proof of EU residency to privacy@appfolio.com. We will remove all relevant data, so long as that removal is technically feasible, does not impact the legitimate accounting or business practices of our customers, and does not violate other regulatory or legal standards with which we must comply. We will also cooperate with our customers in good faith to address any requests they receive or that may impact them directly.

9. MISCELLANEOUS ITEMS

9.1 Information We Host on Behalf of Our Users. We host on behalf of our customers and enable our customers to store various types of data. Such data may include personal information that is collected by our customers. We generally do not control or actively monitor how our customers store or use the data they upload to our services. Any requests or questions related to data collected by our customers should be directed to the applicable party.

9.2 Limits On Use of Your Google User Data. Certain of our services can be used to access Google data. Notwithstanding anything else in this Policy, if you provide our services access to the following types of your Google data, our services use of such data will be subject to the following restrictions:

• Our services will only use such access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
• Our services will not use Gmail data for serving advertisements.
• Our services will not allow humans to read your Google data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for our service’s internal operations and even then only when the data has been aggregated and anonymized.

9.3 Contact the AppFolio Data Privacy Team. If you have any questions or suggestions regarding this Policy or your personal information, or you would like to correct and/or update any such personal information, please contact the AppFolio Data Privacy Team at privacy@appfolio.com, or send a letter to AppFolio, Inc., 50 Castilian Drive, Goleta, CA 93117, Attn: Data Privacy.