Privacy Policy
Effective Date: March 12, 2026
Last Updated: March 10, 2026
Introduction
Ethikal Inc. (“Ethikal,” “we,” “us,” or “our”) is a Texas-based software development company committed to building a future where everyone has access to their own personal advisory platform–where individuals and businesses engage with expert-level guidance across law, accounting, finance, marketing, technology, and other professional domains — in plain language, through natural conversation. This platform offers AI agents trained not just on general knowledge, but on a curated, structured Body of Knowledge (BOK) assembled and maintained by qualified human experts (“Advisor”). Each Advisor specializes in a domain — an Accountant Advisor, a Lawyer Advisor, a Marketing Advisor — and answers users’ questions by drawing directly from that BOK. Our Ethikal Advisors integrate several leading third-party AI models, while applying our own specifications and a security-first philosophy, to deliver intelligent advisory capabilities to our customers (“Customers”) and, where applicable, their authorized end users (“End Users”).
This Privacy Policy (“Policy”) explains how we collect, use, protect, and share information when you visit our website, access our Ethikal Advisors platform, and engage with the Advisors on that platform (collectively, “Service”). Where a statement in this policy applies specifically to activity on the Ethikal Advisors platform, we will refer to the “Platform.” We maintain built-in compliance processes for the European Union General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Texas Data Privacy and Security Act (“TDPSA”), and other applicable U.S. state privacy laws.
By using our Service, you agree to the practices described in this Policy.
1. Scope and Applicability
This Policy applies to the personal information that Ethikal collects in connection with our Service. It does not apply to third-party websites, products, or services, even if they are linked to or from our Service. We encourage you to review the privacy policies of any third parties you interact with before providing them with your personal information.
2. Information We Collect
Ethikal collects only the information necessary to deliver a meaningful, safe, and personalized advisory experience. We practice data minimization: we do not collect more than we need, and we do not retain what we no longer use.
2.1 Account and Registration Data
Account registration details: name, email address, and chosen password (stored in hashed form)
For Customers who are business entities: business contact information including names, job titles, business email addresses, phone numbers, and company information necessary to establish and administer the business account
Profile information you choose to share, such as the areas of domain expertise where you seek guidance from our Advisors
Authentication data if you choose to sign in via an approved third-party identity provider
2.2 Customer Input Data (Prompts and AI Interactions)
Through the use of our Service, you and authorized End Users may submit text prompts, queries, documents, and other content (“Input Data”) to the Platform for processing by the Advisors. We do not use your Input Data as training data for our purposes. Your Input Data supports your training of your own Advisor for your own purposes within our Terms of Service.
2.3 AI-Generated Output Data
Our Platform generates responses, analyses, and other content (“Output Data”) based on Input Data submitted through the Platform. Output Data is treated as the Customer’s information and processed in accordance with any applicable DPA.
2.4 Billing and Transaction Data
We collect billing information necessary to process payments for our Service, including billing addresses and payment method details. Payment processing is handled by our PCI-compliant third-party payment processors. We do not store full payment card numbers or sensitive billing data on our own systems.
2.5 Usage and Log Data
We automatically collect technical and usage information when you interact with our Service, including:
Device and access information: browser type, IP address, operating system, and session identifiers
Platform usage data: pages visited, features used, session duration, and navigation patterns
Error logs, and performance metrics
Cookies and similar tracking technologies (see Section 12)
2.6 Communications Data
We collect information about your sessions conducted through the Platform when you provide or submit a support request.
3. How We Use Your Information
We use your information only for the purposes described below. We do not use your data for purposes that conflict with the reason you shared it with us.
3.1 Service Delivery and Contract Performance
Facilitating secure, private sessions with the Advisors that you choose to engage with
Processing payments and managing your subscription or service access
Maintaining your account and personalizing your Platform experience
Provisioning accounts, authenticating users, routing prompts according to how we have structured how and when to access certain AI models to process your Inputs, and returning generated outputs
Providing technical support
Once the Platform incorporates identity validation processes, which requires your use of a third-party provider to perform the verification, the data you share during that process will be subject to the identity provider’s terms of service including its privacy policy. Ethikal does not keep or retain any of the information involved in the identity verification process.
3.2 Platform Operations, Safety, and Trust
Monitoring for policy violations, abuse, or fraudulent activity to protect our community
Responding to reports, resolving disputes, and administering our dispute resolution process
Maintaining, monitoring, and improving the security, stability, and performance of our Service
Detecting and preventing fraud, abuse, and unauthorized access
3.3 Service Improvement and Analytics
Analyzing anonymized and aggregated usage patterns to improve Platform features and performance
Conducting privacy impact assessments when introducing new product capabilities
Developing new features and improving our Platform
We do not use identifiable Customer Input Data or Output Data to train or fine-tune AI models unless a Customer has provided explicit, separate written consent.
3.4 Communications and Customer Support
Responding to inquiries and providing technical support
Sending service-related notifications such as maintenance alerts, security updates, and billing information
3.5 Legal and Regulatory Compliance
We process personal data as necessary to comply with applicable laws, regulations, and lawful governmental or regulatory requests, including:
Court Orders and Legal Processes: producing records in response to valid subpoenas; disclosing information pursuant to court orders; responding to search warrants from law enforcement.
Regulatory Reporting: reporting data breaches to the Texas Attorney General as required under Texas Business & Commerce Code Section 521; complying with industry-specific regulations applicable to our agentic technologies.
Government Investigations: responding to civil investigative demands from state attorneys general; providing information to federal agencies conducting authorized investigations; cooperating with consumer protection inquiries.
Public Safety: disclosing information when legally required to prevent imminent harm; responding to valid emergency requests from law enforcement.
Data Protection Assessments: conducting assessments as required by the Texas Data Privacy & Security Act, and other applicable state laws prior to commencing high-risk processing activities.
3.6 Marketing Communications
As part of our privacy-first philosophy, we will never send marketing material unless you have specifically requested it. With appropriate consent from you, or where otherwise permitted by law, we may use business contact information to send marketing communications about our Service. You may opt out of marketing communications at any time using the unsubscribe mechanism in each communication or by contacting us.
3.7 What We Do Not Do
Ethikal does not sell your personal information to third parties.
We do not use your personal data to serve third-party advertising.
We do not use the content of your Advisor sessions to train AI models.
We do not use session content for purposes other than delivering and improving the Service, except as required by law or with your explicit consent.
4. How We Use Artificial Intelligence
The Platform uses various AI models to deliver the Ethikal Advisors, each of which has been trained on publicly available resources geared toward their specialized domain expertise, help members find the right Advisor, enhance Platform safety, and improve the quality of our Service. Every AI feature we deploy is governed by the same data ethics principles that guide the rest of this policy.
Your personally identifiable data is never used to train AI models. |
4.1 AI Infrastructure
The AI features on Ethikal Advisors are powered by several AI companies, as subprocessors, which we list in Section 7. We have designed our Platform based on those features to our specifications such that our Platform meets strict security and compliance standards, including:
SOC 2 Type II compliant
GDPR-ready: data processing complies with GDPR requirements for EU members, supported by Google Cloud’s Data Processing Addendum
Private hosting: AI models run in a private, isolated environment — not shared public APIs
No third-party data sharing: your content is never shared with third parties or used outside your specific request
Encrypted in transit and at rest: all data sent and received uses industry-standard encryption protocols
4.2 AI Guardrails and Content Safety
Our Platform includes our design for built-in safety controls: EU AI Act risk blocking via Cerbos, three-stage authorization, and the ZKP governance layer. These are described as the Platform's own compliance mechanisms, independent of any cloud AI provider's safety features.
The Platform also includes built-in safety controls and model governance features that ensure AI-generated outputs are appropriate, accurate, and consistent with our community standards:
Content moderation: built-in filters prevent generation of harmful or inappropriate content
Safety boundaries: automated reasoning enforces robust limits on all AI responses
Policy compliance: guardrails ensure outputs align with our security protocols and regulatory obligations
These protections run automatically on every AI request. You do not need to configure anything.
4.3 What Data AI Features Process
When AI features used to process your Inputs are active, only the minimum data necessary for that specific function is processed: Metadata such as payment information, device identifiers, and full session recordings are never sent to AI services unless you have explicitly opted into a feature that requires it, such as AI-assisted session summaries.
4.4 AI Features Are Opt-In
If an AI feature involves processing your session content, we will always ask for your explicit consent before activation. Such features include your Advisor’s ability to (i) remember your preferences and past context across sessions, (ii) tailor individualized responses for you over time, and (iii) adapt to what works best for you in terms of engagement with your Advisor. You may change this setting at any time in the Privacy section of the Platform’s Settings; or you may choose to continue without consenting to this feature (“Continue without consent”). You may continue to engage with your Advisor without consent for this functionality, but please note that memory and learning features will be disabled.
4.5 No Use of Customer Data for Model Training
We do not use Customer Input Data or Output Data to train, retrain, or fine-tune any Ethikal Advisor. Each Customer’s instance of an Ethikal Advisor is their own — whether using our own models or those of third-party providers — unless the Customer has provided explicit, documented, written consent.
4.6 Automated Decision-Making
Our Platform provides AI-powered tools that Customers and End Users may use as part of their own decision-making processes. We do not make automated decisions that produce legal or similarly significant effects on individuals without meaningful human involvement. Please see our Terms of Service regarding the constraints we place on using Ethikal Advisors for tasks or advice that require a licensed professional.
Customers are responsible for ensuring their use of Ethikal Advisors complies with applicable laws regarding automated decision-making. Our Platform includes features that support human-in-the-loop workflows, and we recommend and contractually encourage Customers to maintain meaningful human review of AI outputs before making consequential decisions.
Under GDPR Article 22, individuals have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. Individuals who believe they have been subject to such a decision made by one of our Customers should contact that Customer directly.
Under the CCPA/CPRA, Customers who use our Service as automated decision-making technology (“ADMT”) for decisions that produce legal or similarly significant effects are responsible for providing required pre-use notices to affected individuals and for complying with applicable opt-out requirements.
4.7 AI Data Retention
Input Data and Output Data are retained only for the duration necessary to deliver the requested Service and in accordance with the retention periods specified in any DPA.
4.8 AI Content Disclosure
Output Data generated by our Platform is produced by AI models and should not be treated as human-authored content. Customers and End Users are responsible for disclosing AI involvement in generated content as required by applicable laws, regulations, or industry standards, including Federal Trade Commission guidance on AI-generated content.
5. Legal Basis for Processing
Where applicable under laws such as the GDPR and the CCPA/CPRA, we rely on the following legal bases to process your personal information:
Contract performance: processing necessary to deliver the services you have engaged.
Legitimate interests: improving platform safety, preventing fraud, and operating our business responsibly, where not overridden by your rights.
Legal obligation: processing required to comply with applicable law or regulation.
Consent: where we rely on consent, such as for optional AI features or marketing communications, you may withdraw at any time without affecting the lawfulness of prior processing.
6. Sharing Your Information
We share personal information only as described below. We do not share information in ways you would not reasonably expect given the nature of our service.
6.1 The Ethikal Advisor (AI Agent)
When you engage with one of our AI agents (“Advisor), on the Platform, the Advisor receives only the information necessary to conduct the session.
6.2 Sub-Processors and Service Providers
We engage trusted third-party vendors to support our operations, including cloud hosting, AI infrastructure vendors, payment processing, identity verification, and customer support tooling. These providers are contractually required to process your data only on our behalf, in accordance with our instructions, and we review their policies to make our use of their services to ensure they comply with this Privacy Policy. See Section 7 for our sub-processor list.
6.3 AI Model Providers
Customer Input Data is transmitted to third-party AI model providers for processing as described in Section 4. These providers are contractually bound as sub-processors and are prohibited from using Customer data for their own purposes, including model training, except as may be separately agreed in writing by the Customer.
6.4 Our Professional Advisors
We may share personal data with our attorneys, auditors, accountants, and other professional advisors in connection with the provision of their professional services to us.
6.5 Legal and Regulatory Requirements
We may disclose information if required by law, court order, or to protect the rights, safety, or property of Ethikal, our users, or the public. Where permitted, we will notify affected users of such requests.
6.6 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a materially different privacy policy.
6.7 With Customer Authorization
We may share personal data as directed or authorized by the applicable Customer in writing.
We do not sell personal data. We do not share personal data for cross-context behavioral advertising purposes. We do not engage in “sharing” of personal data as defined under the CCPA/CPRA.
7. Sub-Processors
Sub-processors are entities that process personal data on our behalf. This list includes the identity of each sub-processor, the nature of the processing performed, and the location(s) where processing occurs.
Key sub-processors include:
Sub-Processor | Purpose | Location |
Anthropic, PBC | AI model inference (processing Input Data, generating Output Data) | United States |
OpenAI | AI model inference (processing Input Data, generating Output Data) | United States |
Google Cloud (Vertex AI) | AI infrastructure hosting; private AI model deployment | United States |
Cohere, Inc. | AI model inference (processing Input Data, generating Output Data) | United States |
Zenauth Ltd (Cerbos product) | Authorization processes to support security | England |
Ollama (Local/On-Premise LLM) | AI model local/offline inference (processing Input Data, generating Output Data) | United States |
Stripe | Payment processing | United States |
We notify Customers of any intended changes to our sub-processor list at least 30 days in advance, providing Customers with the opportunity to object to new sub-processors as set forth in the applicable DPA.
8. Data Processing Agreements
For Customers whose data we process as a data processor or service provider, we enter into Data Processing Agreements that comply with applicable legal requirements, including GDPR Article 28. Our standard DPA addresses:
The subject matter, duration, nature, and purpose of processing
The types of personal data processed and categories of data subjects
The obligations and rights of the Customer as data controller
Our obligations regarding confidentiality, security, sub-processor management, data subject request assistance, and data return or deletion
Audit rights and compliance demonstration obligations
Notification requirements for personal data breaches
Customers may request a copy of our standard DPA by contacting us at privacy@ethikal.com.
9. Data Security
We implement and maintain technical and organizational measures appropriate to the sensitivity of the data we process and as part of the cryptographic governance that distinguishes our AI processes and Platform from others. These measures include:
Zero-knowledge proof as our cryptographic governance for data
SOC 2 Type II compliant AI infrastructure via Google Cloud Vertex AI
Regular vulnerability assessments and penetration testing
Personnel security awareness training
Logging and monitoring of access to systems containing personal data
Incident response procedures with defined notification timelines
Vendor security reviews as part of our third-party due diligence process
No system is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant authorities in accordance with applicable law.
10. Data Retention
We retain personal information only as long as necessary for the purposes for which it was collected, to fulfill our legal obligations, or to resolve disputes and enforce agreements. Our general retention practices are as follows:
Account and Contact Data: retained for the duration of your membership and for 3 years thereafter for legitimate business and legal purposes, unless a longer period is required by law.
Billing and Transaction Data: retained as required by applicable tax, accounting, and financial reporting laws.
Customer Input Data and Output Data: retained in accordance with any DPA in effect. Upon contract termination, Customer data is deleted or returned within the timeframe specified in the DPA (typically 30–90 days), subject to applicable legal retention obligations.
Advisor Session Records: retained as required to support service quality, dispute resolution, and regulatory compliance, and deleted thereafter for a period of 12 months from session date or pursuant to a DPA in effect.
Usage and Log Data: retained for up to 12 months for operational and security purposes, after which it is aggregated, de-identified, or deleted.
AI-Processed Data: not retained by our Platform infrastructure after each request is completed.
Anonymized and Aggregated Data: derived from usage may be retained indefinitely for Platform improvement.
You may request deletion of your personal data at any time, subject to our legal retention obligations (see Section 13).
11. Children’s Privacy
Ethikal is not intended for individuals under the age of 18, nor do we direct our Service to children under the age of 13.
We comply with the Children’s Online Privacy Protection Act (COPPA) with respect to any inadvertent collection of data from children. If we learn that we have inadvertently collected information from a child under 18, we will delete that information promptly. If you believe we have collected data from a minor, please contact us immediately at privacy@ethikal.com.
12. Cookies and Tracking Technologies
Ethikal uses cookies and similar tracking technologies to operate the platform, maintain your session, and understand how users navigate our service. We do not use third-party advertising trackers.
12.1 Types of Cookies We Use
Strictly Necessary Cookies: required to deliver the Service and for the Platform to function, including authentication and security features. These cookies cannot be disabled.
Functional Cookies: enable enhanced functionality and personalization, such as remembering your preferences and settings.
Analytics Cookies: help us understand how visitors interact with our platform by collecting information in an aggregated and anonymized form. We use these insights to improve our Service.
12.2 Global Privacy Control
We do not engage in any type of marketing or sale of any personal data shared with us. There is therefore nothing to opt out of in terms of opt-out requests. Nevertheless, we will honor Global Privacy Control (“GPC”) signals transmitted by a user’s browser or device as valid opt-out requests, in compliance with the CCPA/CPRA, TDPSA, Colorado CPA, Connecticut CTDPA, and other applicable state laws that require recognition of universal opt-out mechanisms. When we detect a GPC signal, we treat it as a valid opt-out request for the sale or sharing of personal data and for targeted advertising, to the extent applicable.
You can manage cookie preferences through your browser settings or through our cookie preference center in your account settings. Disabling strictly necessary cookies may affect your ability to use the platform.
13. Your Privacy Rights
Depending on your location, you may have the following rights with respect to your personal data. Ethikal honors these rights regardless of geography, as a reflection of our values.
13.1 Rights Under the GDPR (EEA, UK, and Switzerland)
If you are located in the EEA, UK, or Switzerland, you have the following rights:
Right of Access: request confirmation of whether we process your personal data and, if so, obtain a copy.
Right to Rectification: request correction of inaccurate or incomplete personal data.
Right to Erasure: request deletion of your personal data where there is no compelling reason for its continued processing.
Right to Restriction of Processing: request restriction of processing in certain circumstances, such as while we verify the accuracy of your data.
Right to Data Portability: request receipt of your personal data in a structured, commonly used, machine-readable format.
Right to Object: object to processing based on legitimate interests, including profiling based on those interests.
Rights Related to Automated Decision-Making: the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects, and to obtain human intervention, express your point of view, and contest such decisions.
Right to Withdraw Consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise these rights, contact us at privacy@ethikal.com. We will respond to verified requests within one month, with the possibility of a two-month extension for complex or numerous requests. You also have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.
13.2 Rights Under the CCPA/CPRA (California)
If you are a California resident, you have the following rights:
Right to Know: request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share personal information.
Right to Delete: request deletion of personal information we have collected from you, subject to certain exceptions.
Right to Correct: request correction of inaccurate personal information.
Right to Opt Out of Sale/Sharing: you have the right to opt out of the sale or sharing of your personal information. We do not sell or share personal information as defined by the CCPA/CPRA.
Right to Limit Use of Sensitive Personal Information: request that we limit the use and disclosure of sensitive personal information to purposes necessary to perform the Service.
Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights.
To submit a request, contact us at privacy@ethikal.com. We will verify your identity before processing your request and respond within 45 days, with the possibility of a 45-day extension if reasonably necessary.
Authorized Agents: you may designate an authorized agent to submit requests on your behalf. We may require written authorization from you and verification of your identity before processing an agent’s request.
Annual Metrics: we publish annual metrics regarding the number and nature of privacy requests received and our response times, as required by the CCPA/CPRA.
13.3 Rights Under the Texas Data Privacy and Security Act (TDPSA)
If you are a Texas resident, you have the following rights:
Right to Access: confirm whether we are processing your personal data and access that data.
Right to Delete: request deletion of personal data you have provided to us or that we have obtained about you.
Right to Correct: request correction of inaccuracies in your personal data.
Right to Data Portability: obtain a copy of your personal data in a portable and readily usable format.
Right to Opt Out: opt out of (i) the sale of your personal data, (ii) targeted advertising, and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects.
Right to Use Universal Opt-Out Mechanisms: we recognize and honor Global Privacy Control signals and similar universal opt-out mechanisms as valid opt-out requests under the TDPSA.
To exercise these rights, contact us at privacy@ethikal.com. We will respond to verified requests within 45 days, with the possibility of a 45-day extension where reasonably necessary. If we decline a request, you may appeal our decision by contacting us, and we will respond to the appeal within 60 days. If the appeal is denied, you may file a complaint with the Texas Attorney General.
13.4 Rights Under Other U.S. State Privacy Laws
We respect the privacy rights granted to residents of all U.S. states with comprehensive privacy legislation, including but not limited to Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Delaware, Iowa, Minnesota, Nebraska, New Hampshire, New Jersey, Tennessee, Maryland, Indiana, Kentucky, Rhode Island, Montana, and other states as their laws take effect. These laws generally provide rights similar to those described above, including the rights to access, delete, correct, and port personal data, and to opt out of targeted advertising, data sales, and certain profiling activities.
If you are a resident of any of these states and wish to exercise your privacy rights, please contact us at privacy@ethikal.com. We will process your request in accordance with the applicable law and respond within the timeframe required by your state’s legislation. Where applicable, you have the right to appeal a denial of your request, and we will provide instructions for doing so in our response.
13.5 Universal Privacy Rights
Regardless of your location, Ethikal commits to the following:
Right to Non-Discrimination: exercising your privacy rights will never affect your access to the Platform or the Service.
Right to Opt Out of Sale: we do not sell your data, but you may confirm this at any time by contacting us.
Data Subject Access Requests (DSARs): we strive to respond within 15 business days for straightforward requests, and will always notify you of the expected timeline.
To exercise any of these rights, contact our Privacy Team at privacy@ethikal.com. We may need to verify your identity before processing your request.
14. Sensitive Personal Data
We do not collect sensitive personal data.
If you use our optional identity verification feature (when available), the third-party identity verification provider may collect biometric or citizenship data. All such data is governed exclusively by that provider’s privacy policy; Ethikal does not store or retain any of it.
We do not process sensitive personal data for purposes of inferring characteristics about individuals.
Under the CCPA/CPRA, neural data is classified as sensitive personal information. We do not knowingly collect neural data through our Service.
15. International Data Transfers
Ethikal Inc. operates in the United States. If you access our Service from outside the United States, your information may be transferred to and processed in the U.S. Where such transfers occur, we apply appropriate safeguards consistent with applicable law.
15.1 Transfers from the EEA, UK, and Switzerland
EU-U.S. Data Privacy Framework: We currently rely on Standard Contractual Clauses (SCCs) approved by the European Commission. We intend to pursue certification under the EU-U.S. Data Privacy Framework (“DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. We will update this policy upon certification.
Standard Contractual Clauses: where the DPF does not apply or as a supplementary measure, we execute Standard Contractual Clauses (“SCCs”) approved by the European Commission (and the UK International Data Transfer Agreement or UK Addendum, as applicable) with our Customers and sub-processors.
Transfer Impact Assessments: we conduct transfer impact assessments as necessary to evaluate whether the laws and practices of the destination country ensure an adequate level of protection for personal data.
Google Cloud Vertex AI: our AI infrastructure is GDPR-ready and supports EU data residency options under Google Cloud’s Data Processing Addendum.
16. Your Privacy Choices
In addition to your formal legal rights, Ethikal offers practical controls over how your data is used:
AI Features: all AI features are opt-in and can be enabled or disabled at any time in your account settings.
Email Communications: you may unsubscribe from marketing emails at any time using the link in any email we send.
Profile Visibility: you control what profile information is visible to Advisors and other users.
Account Closure: you may close your account at any time through your account settings.
Data Export: you may request an export of your data at any time through your account dashboard or by contacting us.
17. Data Protection Officer
For any inquiries related to our processing of personal data or the exercise of data subject rights, please contact us using the information provided in Section 20 regarding contacting our Data Protection Officer (privacy@ethikal.com).
18. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational reasons. When we make material changes, we will notify you by email or through a prominent notice on the platform at least 30 days before the change takes effect. We encourage you to review this policy periodically.
The “Last Updated” date at the top of this document reflects the most recent revision. Your continued use of our Service after any change constitutes acceptance of the updated policy.
19. Governing Law
This Privacy Policy is governed by the laws of the State of Texas, without regard to conflict of law principles, except to the extent that the mandatory provisions of applicable data protection laws (including the GDPR, CCPA/CPRA, and other state privacy laws) require otherwise.
20. Contact Us
We welcome your questions, concerns, and requests. Our Privacy Team is committed to responding promptly and transparently.
Mailing Address | Ethikal Inc. Attn: Privacy 1401 Lavaca St. #244 |
Privacy Inquiries | privacy@ethikal.com |
Chief Privacy Officer | Ethikal | privacy@ethikal.com |
Website | www.ethikal.com |
This Privacy Policy is effective as of the date stated above and applies to all users of the Ethikal Advisors platform. If you have a complaint about how we handle your data, you also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. For AI-related concerns, you may contact us directly and we will respond within 10 business days.
For GDPR-related inquiries, you may also contact our privacy officer at privacy@ethikal.com.
Appendix A: CCPA/CPRA Required Disclosures
The following table summarizes the categories of personal information we have collected, the sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom it is shared, as required by the CCPA/CPRA:
Category of Personal Information | Sources | Purpose | Third Parties |
Identifiers (name, email, IP address) | Directly from Customers; automatically collected | Service delivery, account management, communications | Sub-processors, professional advisors |
Commercial information (transaction history, billing records) | Directly from Customers | Billing, contract performance | Payment processors, professional advisors |
Internet/electronic network activity (usage logs, API metadata) | Automatically collected | Service operations, security, analytics | Cloud hosting providers, analytics tools |
Professional/employment information (job title, company) | Directly from Customers | Account management, communications | CRM sub-processors |
Inferences drawn from the above | Derived from usage data | Service improvement | None (internal use only) |
We have not sold or shared (for cross-context behavioral advertising) any personal information in the preceding 12 months.