ethos

Ethos Privacy Policy

Last Updated: 8 July 2026

Introduction

At Ethos Artificial Intelligence Limited (“Ethos”, “we”, “us”, or “our”), we value your privacy and are committed to protecting your Personal Data, which is information that identifies or can, in combination with other information, reasonably identify you (“Personal Data”). This Privacy Policy explains how we collect, use, transfer, retain, disclose, and safeguard your Personal Data when you interact with us, whether through our website, mobile applications, the Ethos platform (including the Platform Agents and other AI Tools, as defined in our Expert Terms and Conditions), products, or services (collectively, “Services”), or if your Personal Data has been obtained through publicly available sources or other third parties.

This Privacy Policy applies to:

  • Visitors to our website located at askethos.com (including all subdomains thereunder), and any related websites operated by Ethos and any applications available on or through such websites (collectively, the “Website”).
  • Experts, Clients, and other users of the Services (each as defined in our Expert Terms and Conditions).
  • Individuals who communicate or interact with us in any capacity.
  • Individuals whose Personal Data has been obtained from publicly available sources or other third parties.

The purpose of this Privacy Policy is to:

  1. Clearly explain how and why we process your Personal Data.
  2. Inform you of your rights under applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (“EU GDPR”), the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), and other applicable U.S. state privacy laws.

This Privacy Policy does not apply to third-party websites, platform, add-on, services, products, integrations, or applications not provided by us and that we do not control, even if they link to or from our Services, that you choose to integrate or enable for use with our Website or Services (“Third-Party Services”).

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms outlined here, please discontinue use of our Services.

Our Role in Handling Your Personal Data

The role we play in processing your Personal Data depends on the nature of our relationship with you and the services we provide.

A. When We Act as a Data Controller

We are a data controller when we determine the purposes and means of processing your Personal Data (“data controller”, or, under applicable U.S. state privacy laws, a“business”). This typically applies in scenarios where:

  • We collect your data directly, such as when you use our Website, create an account, or contact us.
  • We decide how your data is used, such as for marketing, account management, or service improvements.

As a data controller, we are responsible for ensuring compliance with applicable data protection laws, including the UK GDPR and the EU GDPR.

B. When We Act as a Data Processor

We are a data processor when we process Personal Data on behalf of another organisation (or under applicable U.S. state privacy laws, that organisation is a “business” and we are a “service provider” or “contractor”). This typically applies in scenarios where:

  • We provide services to a business customer, and that customer determines the purposes and means of the data processing.
  • We handle data only according to the instructions provided by the data controller.

As a data processor, we adhere to the instructions of the data controller and implement appropriate safeguards to protect the data.

1. Who We Are

We are Ethos Artificial Intelligence Limited. Our registered office is located at Office 3.01, MYO, 42-50 York Way, Kings Cross, London, N1 9AB, United Kingdom.

For privacy-related matters, you can contact us at:
Email: support@askethos.com

2. What Personal Data We Collect

We may collect the following categories of Personal Data, including, but not limited to, the specific pieces of Personal Data described in each of them:

  • Customer Content. Messages, text, files, audio or video content, or any other content submitted through the Services (the “Customer Content”).
  • Services Data. Personal Data that is not Customer Content and is provided, received, obtained or generated by and in connection with our providing the Services (the “Services Data”):
    • Account Information. To create or update an account, you must supply Ethos with an email address, phone number, password, domain, and/or similar account details. We may also receive your email address and name from other organisations with whom our platform has integrations (e.g., Slack).
    • Professional Information. You may provide or Ethos may obtain information about your job title or work history, employer, and other work details.
    • Expert Data. If you register as an Expert on the Services, Ethos additionally processes Personal Data used to identify, evaluate, screen, match, and select you for Projects (“Expert Data”), including your profile information (work and education history, skills, expertise areas), availability, project participation history, Client and Project feedback, interview responses and recordings, payout recipient name, and outputs generated by AI Tools about you (such as match scores, screening evaluations, conversation summaries, and ranking signals). Expert Data may overlap with Customer Content and Services Data.
    • Billing Information.
      • When you purchase a paid version of the Services, you provide payment-card details directly to our payment processor, Stripe, through interfaces operated by Stripe. Ethos does not receive or store your full card number, security code, or expiry date; we store only reference identifiers (such as a Stripe customer ID) and your subscription status.
      • If you are an expert who receives payments from Ethos, we use Revolut as our payout processor by default. Ethos initiates each payout in Revolut and sends you a Revolut-hosted payout link by email; you provide your payout-destination details (such as bank account or card) directly to Revolut when you claim the link. Ethos stores your payout country, legal name, currency preference, payout amounts, and the status of each payout, but does not receive or store your bank account or card details.
    • Marketing and Communications Data. Ethos may obtain marketing information, including your preferences in receiving marketing from us and our third parties, and your communication preferences.
    • Cookie Data. Ethos may use a variety of cookies and similar technologies on our Websites and Services to help us collect Services Data. For more details about how we use these technologies, as well as your options and opt-out opportunities, please see our Cookie Policy below.
    • Log Data and Metadata. Our servers automatically collect information when you access or use our Websites or Services and record this information in log files. Further, metadata is generated by your use of the Websites or Services to provide additional context about your use thereof. Such data may include but is not limited to:
      • Internet Protocol (IP) addresses
      • The address of any web page you visited before using the Website or Services
      • Browser type, settings, plugins used and language preferences
      • The content, users, features, and links you view or interact with on the Websites and Services
      • Types of files shared and any Third-Party Services that you use.
    • Device Data. We also collect information about the devices used to access the Services, including the type of device, operating system, device settings, application IDs, unique device identifiers, and crash data.
    • Location Data. We receive information from you to approximate your location, including any addresses you submit or your IP address.
    • Third-Party Data. We may receive data from affiliates, partners, or other third parties and use it to improve the usefulness of the Services and Website. These third parties include data-enrichment vendors that supply professional profile information sourced from publicly available data, and business-contact-data vendors whose data we use to send our own outreach. We do not license, resell, or otherwise transfer this data to other organisations. Such data may be aggregated to generate insights and resources, such as marketing performance or databases of contacts and customers.
    • Email Performance Data. Ethos may use a ‘clear image’ in email communications in order to track engagement and performance metrics. If you wish to disable this tracking, you can do so by turning off images in the email within your email client.
    • Third-Party Services Data. You may choose to use Third-Party Services in connection with the Websites or Services. We may access and exchange Customer Content and Services Data with such Third-Party Services in accordance with our agreements with the relevant Third-Party Services and any permissions granted by you.
    • Contact Data. In accordance with the relevant consents provided, we process any contact information that you upload or input into the Services.
    • Additional Data Provided to Ethos. Services Data also includes data input, uploaded, or provided by you or otherwise associated with your interaction with the Websites, Services, including your use of any artificial intelligence tools, communications with our customer support team, or interactions with our social media accounts.
    • Voice and AI-Derived Data. If you use our voice features, we record your microphone audio for the duration of the call and create a written transcript of what was said. We use AI tools to generate conversation summaries and digests, follow-up questions, and transcript-based summaries and evaluations of your interviews. Where calls require consent, we record the time at which you provided it.
    • Other Sources Data. Ethos may receive information about you from public sources, organisations, partners and potential partners, and our affiliates.
  • Publicly Available Data. Personal Data that is available from publicly available sources, including but not limited to publicly available websites, official registries or records, professional networking platforms (where settings are set to ‘public’), and media announcements or other similar public announcements (the “Publicly Available Data”). We may also obtain Personal Data from data-enrichment vendors and business-contact-data providers who compile information from public sources. Categories of Publicly Available Data we collect include professional profile information, employment history, contact details, company affiliations, and publicly stated areas of expertise.
  • Notice for Indirectly Collected Data (Article 14 GDPR). Where we collect your Personal Data from sources other than you (such as publicly available sources, enrichment vendors, or third parties), we will provide you with notice of such collection within a reasonable period, and no later than one month after obtaining the data, or at the time of first communication if we use the data to contact you. In limited circumstances, we may rely on the disproportionate-effort exemption under Article 14(5)(b) of the GDPR where: (i) we hold only publicly available professional contact information; (ii) providing individual notice would be impossible or involve disproportionate effort given the volume of data subjects; and (iii) we have implemented appropriate safeguards, including making this Privacy Policy publicly available. Where we rely on this exemption, you may still exercise your rights by contacting us at support@askethos.com.
  • Opt-Out for Enrichment-Based Processing and Outreach. If your Personal Data was obtained from publicly available sources or enrichment vendors and you do not wish to receive outreach from us, or you wish to object to our processing of your data for profiling, AI matching, or marketing purposes, you may opt out at any time by contacting us at support@askethos.com or by using the unsubscribe mechanism in any communication you receive. Upon receipt of a valid opt-out request, we will cease processing your data for these purposes and suppress your contact information from future outreach.
  • Sensitive Personal Data / Special Categories of Data. Ethos does not seek to collect special categories of Personal Data within the meaning of Article 9 of the GDPR (such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation) or “sensitive personal information” within the meaning of the CCPA. However, such data may be incidentally included in Customer Content, Expert Data, or Publicly Available Data. Where we knowingly process such data, we do so only on the basis of your explicit consent, the establishment, exercise, or defence of legal claims, substantial public interest pursuant to applicable law, or another condition permitted by Article 9(2) of the GDPR or applicable U.S. state law.

You are not under any statutory or contractual obligation to provide any Personal Data. However, certain Personal Data is collected automatically through your use of the Websites and Services. In addition, if certain Personal Data, such as account setup details, is not provided, we may be unable to provide the Services.

3. How We Collect Your Personal Data

We collect your Personal Data through:

  1. Direct Interactions: When you fill out forms, contact us, or use our Services, we collect Personal Data you voluntarily provide. This includes voice interactions captured through our platform’s audio infrastructure (powered by LiveKit and Pipecat), which are transcribed by Deepgram; the resulting transcripts are stored as part of your account records.
  2. Automated Technologies: We use cookies, server logs, and other tracking technologies to collect information automatically. In addition, our AI-powered tools generate inferred and derived data from your use of the Services, including conversation digests, screening evaluations, and match scores.
  3. Third Parties: We obtain data about individuals from various third-party companies and public sources, and we may combine that data with Personal Data or other data we collect. This includes information drawn from public web sources through enrichment vendors, such as LinkedIn profile identifiers and company data obtained via services like EnrichLayer, Apollo, and Bright Data.
  4. Voice and AI interactions: When you participate in a voice call or chat with our AI agent, we collect the audio, transcripts, and messages you generate during the interaction.

4. Legal Bases for Processing Your Personal Data

We process your Personal Data under the following lawful bases:

  • Consent: For certain processing activities, we rely on your freely given, specific, informed, and unambiguous consent. Where consent is required, we obtain it through clear affirmative action, such as checking a box, clicking an “I agree” button, or providing verbal confirmation during a recorded call. You may withdraw your consent at any time by contacting us at support@askethos.com, adjusting your account settings, or using the unsubscribe mechanism in any marketing communication. Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal. Processing activities that may require consent include: receiving marketing communications; participating in recorded voice calls (where required by applicable law); and, in certain jurisdictions, the use of non-essential cookies.
  • Contractual Necessity: To perform our contract with you or to take steps at your request before entering into a contract. This includes providing the Services, managing your account, processing payments, and facilitating Expert-Client engagements.
  • Legal Obligation: To comply with applicable laws.
  • Legitimate Interests: Where we (or a third party) have a legitimate interest that is not overridden by your interests, rights, or freedoms, including operating, securing, improving, and developing the Services and our AI Tools (including the matching, ranking, and selection functionality described in Section 6); preventing fraud, abuse, and security incidents; conducting market and user research; protecting our legal rights; and pursuing direct marketing consistent with applicable law.

5. How We Use Your Personal Data

  • Customer Content. When we act as a processor of Customer Content that is Personal Data, we use the Personal Data solely in accordance with the instructions provided in the contract. Otherwise, we use this Personal Data for the legitimate business purposes listed below, unless prohibited or restricted by law.
  • Services Data and Publicly Available Data. Ethos uses Services Data and Publicly Available Data for the purposes of our legitimate interests in operating the Services, Websites, and our business, which are specified below.
  • Expert Data. To identify, evaluate, screen, rank, match, and select Experts for Projects as described, and to identify Project opportunities to present to Experts, using AI Tools as described in Section 6. For more information, please see the Ethos Terms of Use and the Ethos Expert Terms and Conditions.
  • Purposes. Ethos uses Customer Content, Services Data, and Publicly Available Data for the following specific purposes:
    • To provide, update, maintain, and protect our products, Services, Websites, and business, including facilitating Expert and opportunity matching, conducting voice interviews with AI-generated follow-up and screening questions, and performing outbound outreach on behalf of our clients.
    • To develop and improve products, Services, and Websites, including AI features. Ethos may use the following data to develop, train, evaluate, fine-tune, and improve our AI Tools: (i) Services Data that does not include Customer Content (such as usage patterns, feature interactions, and platform metadata); (ii) Publicly Available Data; and (iii) aggregated or de-identified data that is no longer reasonably linked to an identified individual. We do not use Customer Content to train our AI models unless the relevant data controller (such as a Client) has provided explicit authorisation for such use. You may object to the use of your Personal Data for AI training purposes by contacting us at support@askethos.com; upon receipt of a valid objection, we will exclude your data from future training activities to the extent technically feasible.
    • To comply with applicable law, legal process or regulation, or other regulatory purposes.
    • To support and communicate with you.
    • To conduct market and user research.
    • For billing, account management, and other administrative matters.
    • To investigate and prevent security issues and abuse, including fraud prevention.
    • When you express interest in an opportunity, apply to a role, or otherwise opt in to be considered by a client organisation, we share your profile information (such as your name, email, and relevant professional details) with that organisation so they can contact you.

If Personal Data is aggregated, anonymised or pseudonymised so that it can no longer reasonably be associated with an identified or identifiable natural person, Ethos may use it for any purpose permissible under applicable law.

6. AI Tools, Profiling, and Automated Decision-Making

This Section provides the information required by Articles 13(2)(f) and 14(2)(g) of the UK GDPR and the EU GDPR and analogous provisions of U.S. state laws and supplements the terms regarding the use of AI Tools set forth in the Ethos Expert Terms and Conditions.

Use of AI Tools. Ethos uses artificial intelligence, machine learning, and other automated decision-making technologies, including the Platform Agents (collectively, “AI Tools”), to identify, evaluate, screen, rank, match, and select Experts for Projects, and to identify Project opportunities to present to Experts.

Inputs. The AI Tools may process: profile data; Expert Data (including professional and educational history, areas of expertise, prior Project performance and feedback, billing rate, availability, and responsiveness); responses to Project screening; Customer Content; Services Data; Publicly Available Data (including data obtained from enrichment vendors); and other information accessible through or provided to the Services. Publicly Available Data and enrichment data may be used to generate match scores, ranking signals, and other AI-derived outputs about Experts.

General Logic. In general terms, the AI Tools operate by extracting features and signals from the inputs above; generating numerical representations of Experts, Projects, Client requirements, and screening criteria; applying statistical and machine-learning models (including retrieval, ranking, scoring, classification, and large-language-model reasoning) to estimate relevance, fit, suitability, or quality; ranking, filtering, and matching results based on those estimates and on rules configured by Ethos or by Clients; generating conversation summaries and digests, follow-up questions, and transcript-based summaries and evaluations of interviews conducted on the Ethos platform; and surfacing recommendations and decisions to Ethos personnel, Clients, and Experts.

Significance and Envisaged Consequences. Outputs of the AI Tools may influence whether an Expert is invited to apply for, or selected for, a Project; the visibility of an Expert to Clients; the visibility of Project opportunities to an Expert; and other determinations relating to participation in the Services. These outcomes may have significant effects on Experts.

Human Review. Selection decisions made through the Services typically involve a combination of AI Tools output and human review by Ethos personnel, Clients, or both. Ethos designs the Services such that determinations producing legal or similarly significant effects on Experts are not based solely on automated processing within the meaning of Article 22 of the GDPR, except where necessary for entering into or performing a contract with you.

Your Rights. To the extent applicable law confers such rights, you have the right to obtain meaningful information about the logic involved in the AI Tools and the significance and envisaged consequences of such processing for you; to request human intervention in, express your point of view about, and contest, a decision produced by the AI Tools that has a legal or similarly significant effect on you; and to opt out of profiling in furtherance of decisions producing legal or similarly significant effects, where granted under applicable laws. To exercise these rights, contact us at support@askethos.com.

Legal Basis for AI Tools Processing. Our use of AI Tools to identify, evaluate, screen, rank, match, and select Experts is primarily based on: (i) contractual necessity, where such processing is necessary to perform our agreement with you (for example, matching Experts to Projects); and (ii) legitimate interests, where we have a business need to operate, improve, and develop our Services that is not overridden by your rights.

7. Disclosure of Your Personal Data

We do not sell Personal Data and do not share Personal Data for cross-context behavioral advertising, as those terms are defined under applicable U.S. state privacy laws. We also do not disclose Personal Data to third parties for their own direct marketing purposes.

Ethos may share or disclose Personal Data as follows:

  • Third Parties: We share Personal Data as necessary to facilitate agreed-upon communications or other contractual arrangements on our Services.
  • Clients: We share Personal Data when necessary to facilitate communications, transactions, and other contractual arrangements that have been agreed upon between Experts and Clients in connection with their use of our Services. This may include sharing information required to coordinate engagement details, support service delivery, and enable the parties to fulfill their respective obligations.
  • Entities and Authorised Users: Owners, administrators, other Ethos representatives and personnel, and other authorised users may be able to access, modify, or restrict access to Personal Data. This may include, for example, your employer using Service features to export logs of your activity or accessing or modifying your profile details.
  • Subprocessors: We may engage third parties as subprocessors to process Personal Data. These third parties may, for example, provide us necessary services like virtual computing and storage services, IT support, and payment processing. Please see more information on our subprocessors at https://agent.askethos.com/ethos-subprocessors.
  • Third-Party Services: You may choose to enable Third-Party Services. When enabled, Ethos may access and exchange Customer Content with the providers of Third-Party Services on your behalf. Third-Party Services are not owned or controlled by Ethos, and may have their own policies and practices for its collection, use, and sharing of data. You are responsible for reviewing the relevant policies and terms of all Third-Party Services.
  • Third-Party Developers and Partners: We may share Personal Data with developers, partners, and other contractors and external parties to assist in the development and maintenance of the Websites and Services.
  • AI and speech providers. We use third-party AI, speech-to-text, text-to-speech, and real-time-communications providers to deliver voice and chat features. These providers process audio, transcripts, and other personal data only to perform services on our behalf. We select API-based providers whose standard terms do not use customer content to train their foundation models.
  • Corporate Affiliates: Subject to and in compliance with applicable law, Ethos may share Personal Data with its corporate affiliates, parents, and/or subsidiaries for business continuity purposes.
  • Safety and enforcement: We may disclose Personal Data if we believe it is reasonably necessary to increase safety, protect the property or rights of Ethos and its users, or to enforce our rights under contract or prevent illegal activity or harm.
  • Linked Users: Customer Content (including Personal Data) such as your account and profile as well as your usage information may be displayed to other users linked to your account or organisation on the Ethos platform. The level of access depends on the relative access permissions of any organisation you are a part of.
  • Corporate changes: If Ethos engages in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of Ethos’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all Personal Data may be shared or transferred, in accordance with applicable law and agreements.
  • Legal compliance: We may disclose Personal Data if we reasonably believe disclosure is required by any applicable law, regulation, or legal process.

8. International Data Transfers

We may transfer your Personal Data to recipients located outside the United Kingdom (UK) to provide our Services or comply with legal obligations. When we transfer your Personal Data internationally, we are committed to ensuring that it is protected in a manner consistent with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR).

Transfers Within the EEA

For transfers of Personal Data to countries within the European Economic Area (EEA), we rely on the European Commission’s adequacy decisions, confirming that these countries ensure an adequate level of protection for your Personal Data.

Transfers Outside the UK and EEA

For transfers of Personal Data to countries outside the UK and EEA that are not subject to an adequacy decision, we may rely on any of the lawful mechanisms for transfers, including:

  1. Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreement: We may implement the UK Addendum to the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Agreement, ensuring appropriate safeguards for your Personal Data.
  2. Binding Corporate Rules (BCRs): For intra-group data transfers, we may rely on approved Binding Corporate Rules where applicable.
  3. Derogations: In specific circumstances, we may rely on derogations under Article 49 of the UK GDPR, such as where the transfer is necessary for the performance of a contract or with your explicit consent.

Additional Safeguards

To further secure your Personal Data during international transfers, we may do the following:

  • We may conduct transfer impact assessments (TIAs) where necessary to evaluate risks and ensure compliance with data protection laws.
  • We may implement technical and organisational measures, such as encryption, to protect your Personal Data during and after transfer.

9. Data Retention

Ethos will retain Customer Content and Personal Data in accordance with your instructions and as required by applicable law. We may retain Services and Publicly Available Data for as long as necessary for the purposes described in this Privacy Policy, including to pursue legitimate business interests, and for purposes of audits, compliance with legal obligations, and dispute resolution.

Specific retention periods depend on the type of data and the purpose, and are determined by reference to criteria such as: the duration of our relationship with you and your continued use of the Services; the existence of a legal, regulatory, contractual, or tax-related obligation that requires retention; the existence of actual, threatened, or anticipated legal claims; and guidance issued by relevant data-protection authorities.

We keep Personal Data for as long as your account is active or as needed to provide the Services, comply with law, resolve disputes, evidence our handling of your requests and enforce our agreements. When you delete your account, we hard-delete your profile, preferences, conversations, messages, and participations within 30 days, and we queue deletion of your voice-call audio recordings. Some records are retained in anonymised form where we have a legitimate interest, such as payment and audit logs. Email addresses associated with deleted accounts are added to our suppression list. Database backups and third-party analytics or observability systems may retain data for their own retention periods. Aggregated and de-identified data, which is not Personal Data, may be retained indefinitely.

10. Your Privacy Rights

Depending on where you reside and the applicability of the law, you may have certain rights with respect to your Personal Data. Below are some of the rights you may have.

UK/EU GDPR

If you reside in the UK or EU, you may have the following rights, with some limitations:

  • Access: Request a copy of your Personal Data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure (“Right to Be Forgotten”): Request deletion of your data.
  • Restriction: Limit how we process your data.
  • Data Portability: Obtain your data in a portable format.
  • Objection: Object to certain processing, including direct marketing.
  • Withdrawal of Consent: Where processing is based on consent, you may withdraw your consent at any time. To withdraw consent, contact us at support@askethos.com, adjust your preferences in your account settings, or use the unsubscribe link in any marketing communication. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.
  • Automated Decision-Making: Exercise the rights described in Section 6 in connection with the AI Tools, including the right not to be subject to a decision based solely on automated processing where such decision produces legal or similarly significant effects on you.

You also have the right to make a complaint with the supervisory authority in the jurisdiction in which you reside. The contact information for the supervisory authority in the UK is:

casework@ico.org.uk
https://ico.org.uk/make-a-complaint/

A list of EEA national supervisory authorities is maintained by the European Data Protection Board at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise your rights, please contact us at support@askethos.com.

Please note that we may request that you provide us with additional information in order to confirm your identity before you may exercise any of the rights.

U.S. State Privacy Rights

This Section applies to residents of U.S. states that grant statutory privacy rights. Subject to verification and to exceptions provided by law, you may have the right to: (i) know or access the categories and specific pieces of Personal Data we have collected, the sources, the purposes of processing, and the categories of recipients; (ii) delete your Personal Data; (iii) correct inaccurate Personal Data; (iv) obtain a copy of your Personal Data in a portable, readily usable format; (v) opt out of the “sale” or “sharing” of Personal Data, and “profiling” in furtherance of decisions that produce legal or similarly significant effects; (vi) limit the use of “sensitive personal information” to purposes permitted by law; (vii) appeal any denial of your request, where applicable; and (viii) be free from retaliation for exercising your rights. To exercise these rights, contact us at support@askethos.com. We honor universal opt-out mechanisms where required by applicable law.

You may use an authorised agent to submit a request on your behalf. We may require the agent to provide written authorisation signed by you and may verify your identity directly. Appeals of denied requests may be submitted to support@askethos.com; we will respond to appeals within the timeframes required by applicable law.

California “Shine the Light”:

California Civil Code § 1798.83 permits California residents to request information about certain disclosures of personal information to third parties for those third parties’ direct marketing purposes. Ethos does not disclose personal information to third parties for their own direct marketing purposes. California residents may submit questions about this disclosure by contacting us at support@askethos.com.

California residents: Ethos does not “sell” personal information or “share” personal information for cross-context behavioral advertising, as those terms are defined under the CCPA. If our practices change, we will update this Privacy Policy and provide any required opt-out rights.

Exercising Your Rights for Personal Data We Process on Behalf of a Data Controller

In certain circumstances, we process your Personal Data on behalf of another organisation (the “data controller”). In such cases, the data controller determines the purposes and means of the processing and is primarily responsible for addressing your privacy rights.

Steps to Exercise Your Rights

If you wish to access, correct, delete, or otherwise exercise your privacy rights concerning data we process on behalf of a data controller, please follow these steps:

  1. Contact the Data Controller Directly
    • The data controller is the organisation that collected your data or provides the services you use.
    • Please refer to their privacy policy or contact them directly to submit your request.
  2. Inform Us
    • If you are unsure how to reach the data controller, you may contact us at support@askethos.com.
    • If you contact us directly, we will promptly forward your request to the relevant data controller and assist them in responding to your request in accordance with applicable law.

Our Role

As a data processor, we:

  • Process your Personal Data only in accordance with the instructions of the data controller and applicable law.
  • Assist the data controller, when required, in responding to your request (e.g., retrieving or deleting your data).
  • Implement appropriate safeguards to protect your Personal Data.

Important Notes

  • In most cases, the data controller is best positioned to respond to your request. However, if the data controller is unresponsive or you are unable to identify them, please contact us and we will take reasonable steps to assist you.
  • We are committed to cooperating with data controllers and, where required by applicable law, responding directly to your requests.

11. Cookies and Tracking Technologies

We Collect Personal Data Automatically. We automatically collect certain information from you when you access our Website.

Cookies & Other Tracking Technologies.

What types of online tracking mechanisms do we use? We may use cookies, web beacons, pixel tags and other tracking technologies (collectively “Cookies”) on our Website.

What are cookies and web beacons / pixel tags? A cookie is a small text file that our Website saves onto your computer or device when you use the Website that provides us certain information about your activities. Cookies allow the Website to remember your actions and preferences and recognise you or your browser. Web beacons / pixel tags are small graphics on a webpage that monitor your activity when viewing a webpage.

Why do we collect Cookies? We use Cookies to:

  • tailor our interactions with you;
  • help with our marketing efforts;
  • provide us with valuable data and statistics about the usage and effectiveness of our Website and to help us improve our Website; and
  • help us improve our services.

What type of information do Cookies collect? The Cookies on our Website may collect information such as:

  • the IP addresses assigned to the computers and other devices you use;
  • your internet service provider;
  • the device ID number;
  • approximate geographic location;
  • the Website pages visited or clicked on;
  • the date and time you visited the Website, and the amount of time spent on the Website;
  • your operating system, browser type, search requests, and other similar information;
  • the websites you access before and after visiting the Website, and
  • data related to how and when you use the Website.

We may combine information from Cookies with Personal Information, including data obtained from other sources.

How long do Cookies last? A Cookie can either be a “session” Cookie or a “persistent” Cookie. Session Cookies exist only for so long as you are visiting the applicable site and are typically deleted when you exit your web browser. Persistent Cookies exist for a set period of time, for example, up to several months or years. Each time you visit a site that has implemented a persistent Cookie, the persistent Cookie is renewed, and that Cookie will remain active until its predetermined expiration date. You can manually delete persistent Cookies through your browser settings.

First-party versus third-party Cookies. Cookies may either be “first-party” or “third-party” Cookies. A first-party Cookie allows your web browser to talk to the actual site that you are visiting (i.e. our Website). A third-party Cookie allows your web browser to talk to a third-party website, such as the source of an ad that appears on the website you are visiting or a third-party analytics provider. We do not have control over how information gathered by third-party Cookies is used by third parties.

How do you manage Cookies or opt-out? Most browsers automatically accept cookies. You can disable this function by changing your browser settings, but disabling cookies may impact your use and enjoyment of the Website. Not all features or functions of the Website may work properly if you disable Cookies. You cannot disable all Cookies, such as Cookies that are essential to the functioning of the Website.

Cookies, Sale, and Sharing of Personal Data. Ethos does not use Cookies or similar technologies to sell Personal Data or to share Personal Data for cross-context behavioral advertising, as those terms are defined under applicable U.S. state privacy laws. We may use analytics and similar technologies to understand how users interact with our Website and Services, improve performance, and measure the effectiveness of our communications. Where required by law, we obtain consent before using non-essential Cookies and provide choices through our cookie preference manager. Our analytics providers process information on our behalf and are not permitted to use Personal Data collected through our Website or Services for their own advertising or unrelated purposes.

Do Not Track. We do not currently employ a process for automatically responding to “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms. Per industry standards, third parties may be able to collect information, including personal information, about your online activities over time and across different websites or online services when you use the Website.

12. Third-Party Links

Our Services may contain links to websites and services operated by third parties, which we do not own or control. This Privacy Policy does not apply to your use of such third-party websites, and you should read the relevant privacy notices and terms and conditions before using such websites or services. Ethos has no responsibility, makes no representations, and disclaims all warranties and liability for websites and services accessed via third-party links.

13. Security

We take commercially reasonable measures to protect Personal Data from unauthorised access or disclosure. Notwithstanding these measures and efforts, no security protections are perfect and we cannot guarantee any data, including Personal Data and Customer Content will be safe. To the maximum extent allowed by law, you agree and acknowledge that Ethos will not be liable or responsible if any information about you is intercepted, accessed, and/or used by an unintended recipient unless due to Ethos’s negligence.

14. Breach Notification

In the event of a Personal Data breach, we will notify affected individuals, controllers, and regulators where required by applicable law and within the applicable timeframes.

15. Children’s Privacy

Our services are not intended for or directed to individuals under the age of 18. We do not knowingly collect Personal Data from individuals under the age of 18. If we become aware that we have collected Personal Data from a person under 18 without parental/guardian consent (where required), we will delete that data promptly. Parents or guardians who believe their child has provided Personal Data to us may contact us at support@askethos.com.

16. Updates to This Privacy Policy

Ethos may change this Privacy Policy from time to time. Laws, regulations, and industry standards evolve, which may make those changes necessary, or we may make changes to our Services or business. We will post the changes to this page, and we encourage you to review our Privacy Policy to stay informed. If we make material changes to the Privacy Policy, Ethos will take commercially reasonable efforts to notify you and take additional steps as required by law. If you disagree with changes to this Privacy Policy, you should deactivate your account and discontinue your use of the Services. Contact us via email at support@askethos.com if you wish to request the removal of your Personal Data under our control.

17. Contact Us

If you have questions about this Privacy Policy, or regarding your Personal Data, you can contact us via email at support@askethos.com.