Privacy Policy

At Ethos Systems we are committed to safeguarding your personal information. ThisPrivacy Policy describes the ways we process and protect personal information that you provide or we collect in connection with your use of our electronic services, including www.ethossystems.com and related web-based or downloadable software or applications   (collectively,   the   “Services”).   The   scope   of   this   Policy   is   limited   to information collected or received by us through your use of the Services.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and may provide information relating to substantive changes via email or other prominent notice. Changes to this Privacy Policy are effective as of the effective date listed above. Please periodically review this Privacy Policy for any changes; you acknowledge that your continued use of any of the Services after any change in this Privacy Policy will constitute your acceptance of such change.

1. Definitions: 

1. “Affiliates” means the legal entities owned directly or indirectly by Ethos Systems, Inc. or that are otherwise in Ethos Systems, Inc.’s corporate family.
2. “CCPA” means the California Consumer Protection Act. If you are a California resident, you should read this Privacy Policy together with its Additional Privacy Details for California Residents section, which provides additional information about our California information practices, including a description of CCPA rights available to some Californians.
3. “Controller” means the entity that has certain legal rights to determine the purposes for which Personal Data will be Processed and the means by which that Processing will happen.
4. “Customer” means the entity that has contracted with Ethos Systems to receive a free, trial, or paid Subscription Plan or other Service Offerings. For example: When a business purchases a Subscription Plan and sets up accounts under that Subscription Plan for employees, the business is the Customer, and each individual using the Mobile Applications under the Subscription Plan is a User. If a one-person business signs up for its own Subscription Plan, that person is both the Customer and the User. If that person invites others to set up accounts under that Plan, those other people will be Users as well.
5. “GDPR” means the EU General Data Protection Regulation.
6. “Mobile Applications” means the mobile applications related to the Hosted Services to be provided to Customers’ Users under this Agreement
7. “Personal Data” means any information about an identified or identifiable individual, such as their name or contact information.
8. “Process,” “Processed,” and “Processing” refer to any operation or set of operations that can be performed on Personal Data or on sets of Personal Data. This includes, for example, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure and destruction.
9. “Processor” means an entity that Processes Personal Data on behalf of a Controller.
10. “Service Data” is Personal Data or other information that Users: input directly into the Mobile Applications or Web App; create within the Mobile Applications or Web App; send to the Mobile Applications or Web App through other apps and integrations; or provide to Ethos Systems through authorized methods as part of other Service Offerings.
11. “Service Offerings” means the Mobile Applications, Web App,  and Ethos Systems’ related support and professional services.
12. “Subscription Plan” means a Customer’s subscription to receive Services.
13. “User” means an individual who uses a Service Offering.
14. “Ethos Systems” means Ethos Systems, Inc., whose contact information is at the end of this Privacy Policy.
15. “Web App” means Ethos Systems’ hosted web Software-as-a-Service platform.

2. Scope of this Privacy Policy, and a Note Regarding Service Data

Where indicated, this Privacy Policy applies to Service Data. We do not control the content of Service Data. Under the GDPR and similar laws, Ethos Systems is considered the Customer’s Processor of any Personal Data in the Service Data.
‍
Ethos Systems Processes Personal Data in the Service Data under the instructions of the relevant Customer or as required by applicable law, as described in the Ethos Systems Terms of Service at www.ethossystems.com/terms/ or the alternative agreement (if applicable) signed by Ethos Systems and that Customer for the Service Offerings.
‍
Ethos Systems may disclose any Service Data, including certain deleted Service Data, or data previously received from deactivated Users, to the relevant Customer, and Ethos Systems provides the Customer with certain tools for modifying, deleting or taking other steps with Service Data. Accordingly, Users and other individuals should contact the relevant Customer account administrator with any requests relating to Personal Data about them that may appear in that Customer’s Service Data. If Ethos Systems receives a request from a User to exercise rights in Service Data, we will refer the User’s request to the relevant Customer and cooperate with that Customer’s handling of the request, subject to any special contractual arrangement with that Customer. For requests from Customer account administrators relating to their own Personal Data, Ethos Systems may handle the request directly.
‍
The Privacy Policy also applies to our handling of Personal Data that is not Service Data, such as Personal Data about: (a) Visitors to our Mobile Applications, Web App, websites and events; (b) Prospective Customers and their personnel; (c) People who sign up for our newsletters or other marketing; and (d) Current Customers and their Users, in relation to their procurement of Service Offerings and management of the relationship with Ethos Systems.
‍
However, this Privacy Policy does not cover any data we Process in the context of our own recruiting and human resources management activities.

3. Types of Personal Data We Collect

Customers and Users may provide us with any kind of Personal Data in the Service Data.
‍
In addition to Service Data, we collect contact details, professional details such as title and name of company, information about the browsers and devices that individuals use to interact with us, information about an individual’s interactions with Ethos Systems or our partners, payment information, and inferences drawn from other Personal Data.
‍
We obtain much of this data directly from the relevant individuals, including in some cases with the technology described in the “Cookies and Automated Data Collection” section further below. We also obtain Personal Data directly from our current or prospective Customers and from other third-party sources such as resellers, distributors, partners and marketing companies, as well as from publicly available sources such as prospective Customer websites and third-party sites like LinkedIn.

4. How We Use Personal Data

Ethos Systems uses Personal Data as follows: (a) To provide and improve our Service Offerings, including internal analysis of aggregate usage patterns; (b) To respond to questions, concerns, or customer service inquiries, and to otherwise fulfill individuals’ requests; (c) To send information about our current and future Service Offerings, including marketing communications by phone, email, online display advertising, and other channels; (d) To analyze market conditions and use of our Service Offerings; (e) To customize the content and advertising individuals see on our Mobile Applications, Web App, websites, across the Internet, and elsewhere; (f) To enforce the legal terms that govern our business and online properties; (g) To comply with law and legal process and protect Customer rights, safety and property; and (h) For other purposes requested or permitted by our Customers, Users or other relevant individuals, such as website visitors.

5. Disclosures of Personal Data

We share Personal Data as follows: (a) For the uses of information described above, including to make appropriate disclosures in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements; and (b) In connection with an actual or potential business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization.
‍
For those purposes, we may share information with: Our Affiliates; Other entities that help us with any of the above, such as our sub-processors, data storage and backup providers, marketing service providers, customer relationship management providers, accounting providers, technical service providers, our payment processors, and the marketing and analytics companies described in Section 7 below; Courts or other authorities as required by law or valid legal order; or Other entities involved in the significant corporate transactions described above, such as an acquirer of Ethos Systems.

6. Legal Bases for Processing Personal Data

The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to use or disclose your Personal Data. To the extent those laws apply, our legal grounds for Processing Personal Data are as follows:
‍
To honor our contractual commitments to an individual: Some of our Processing of Personal Data is to meet our contractual obligations to the individuals to whom the Personal Data relate, or to take steps at their request in anticipation of entering into a contract with them.
‍
Consent: Where required by law, and in some other cases, we handle Personal Data on the basis of consent. For example, some of our direct marketing activities happen on the basis of opt-in consent, such as sending marketing emails to individuals who have requested them.
‍
Legitimate interests: In many cases, we handle Personal Data on the ground that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals: Customer support; marketing, including, in some cases, direct marketing such as via email; protecting our Customers, Users, personnel and property; analyzing and improving our business and Service Offerings; and managing legal issues. We may also Process Personal Data for the same legitimate interests of our Customers and business partners.

Legal compliance: We may need to use and disclose Personal Data in certain ways to comply with our legal obligations.

7. Cookies and Automated Data Collection

In our websites, Mobile Applications, Web App and emails, we and third parties may collect certain information by automated means such as cookies, Web beacons, JavaScript, mobile device functionality, browser-based or plugin-based local storage such as HTML5 storage or Flash-based storage, and other similar techniques and technologies.
‍
This information includes unique browser identifiers, unique device identifiers such as the Apple Advertising Identifier or Android Advertising ID, IP address, browser and operating system information, geolocation, other device information, Internet connection information, as well as details about individuals’ interactions with our Mobile Applications, Web App, websites and emails. Such details include, for example, the URL of the third-party website from which you came, the pages that you visit on our websites, and the links you click.
‍
As part of this, we and third parties may use automated means to read or write information on your device, such as in various types of cookies and other local storage. Cookies and local storage are files that can contain data, such as unique identifiers or other information, that we or a third party may transfer to or read from an individual’s device for the purposes described in this Privacy Policy.
‍
The cookies and other technologies described here fall into four basic categories:

• Essential: These are strictly necessary to provide you with our online presence, such as access to secure areas that require registration. Users cannot refuse them without impacting functionality.
• Functional: These allow Users to browse or benefit from some of its features, such as setting language preferences. Similar to the essential technology described above, if these are disabled, it could impact your experience to use some functionality.
• Analytics: These allow us or our third-party analytics providers to collect statistics on the use of our Service Offerings and website.
• Advertising: These cookies and other technologies, administered primarily by our third-party advertising partners, track individuals’ online activities over time and use this information to show them ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer or have collected from them. For example, we and these providers may use different types of cookies, other automated technology, and data to (i) recognize individuals and their devices; (ii) inform, optimize and serve ads; and (iii) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services, including how they are related to visits to specific sites or apps.

To learn more about interest-based advertising, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each of your browsers on each of your devices. You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page and installing the Google Analytics Opt-out Browser Add-on from each browser on each device. If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals. Please visit your mobile device manufacturer's website, or the website for its operating system, for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
‍
You may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent.

8. Personal Data Rights and Choices (Including Direct Marketing Opt-Out)

All Users can: (a) Review and update certain User information by logging in to the relevant portions of the Mobile Applications or the Web App.; (b) Deactivate their accounts by contacting us at security@ethossystems.com, subject to any contractual provisions between Ethos Systems and the Customer responsible for the account. Except when the Customer has requested closure of all its User accounts, information in a deactivated User account may be available to the Customer for some time.
‍
Controls related to cookies and other automated data collection are described in the “Cookies and Automated Data Collection” section above. Anybody can unsubscribe from marketing emails by clicking the unsubscribe link they contain.
‍
Residents of the European Economic Area, the UK and many other jurisdictions have certain legal rights to do the following with Personal Data we control: (a) Obtain confirmation of whether we hold Personal Data about them, and to receive information about its Processing; (b) Obtain a copy of the Personal Data, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it transmitted to a third party in such form; (c) Update, correct or delete the information; (d) Object to our Processing of the information for direct marketing purposes; (e) Object to other Processing of the information; and/or (f) Withdraw consent previously provided for the Processing of the information.
‍
To exercise any of those rights with respect to the Personal Data Ethos Systems Processes, individuals should contact us as described at the end of this Privacy Policy.
‍
To exercise any rights relating to Service Data, Users should contact the relevant Customer account administrator associated with the Service Data, not Ethos Systems. If you are a Customer account administrator or Customer account owner and require assistance with this process, such as if you want to make a request with respect to your own User data, you may contact us as described below.
‍
Many of the rights described above are subject to significant limitations and exceptions under applicable law. For example, objections to the Processing of Personal Data, and withdrawals of consent, typically will not have retroactive effect.
‍
Every individual also has a right to lodge a complaint with the relevant supervisory authority.

9. Security

To provide security for Service Data within the Mobile Application, we maintain physical, organizational and technical safeguards, which are subject to periodic changes. Third-party software and services that work with or provide information to our Service Offerings, such as Google Drive, Box, Dropbox and others are handled by such third parties subject to their own privacy and security procedures, which we do not control.
‍
No security method is perfect, and we cannot guarantee that any data will remain secure.

10. Data Retention

We hold Personal Data for as long as necessary to fulfill the purposes set forth in this Privacy Policy. Information  may persist in copies made for backup and business continuity purposes for additional time.

11. Notification of Changes

Ethos Systems may change this Privacy Policy to reflect changes in the law, our data handling practices or the features of our  business.  The updated Privacy Policy will be posted on www.ethossystems.com/privacy/   .

12. Contact Information

If you have questions, requests or complaints relating to a Customer’s handling of your Service Data, please contact the relevant Customer. If you have questions regarding our practices or this Privacy Policy, or to send us requests or complaints relating to Personal Data, please contact us:
‍
Ethos Systems, Inc.
Attention: Legal
security@ethossystems.com
805 VETERANS BLVD
STE 228
REDWOOD CITY, CA
94063

13. Children Under the Age of Thirteen

Our products and services are not intended for children under 13 years of age. No one under age 13 may establish an account or provide any information to us through the Service Offerings. We do not knowingly collect information from or relating to children under 13. If you are under 13, do not use or provide any information on the Mobile Application or on or through any of its features. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at security@ethossystems.com.

14. Additional Privacy Details for California Residents

This Section 14 applies only to “personal information” about California residents (as that term is defined in the CCPA) and supplements the information in the rest of our Privacy Policy above. Data about individuals who are not residents of California is handled differently and is not subject to the same rights described below. This Section 14 does not apply to Service Data (defined above), which is handled as described in Section 2 of our Privacy Policy, even when the Service Data is about a resident of California.

The specific pieces of personal information we collected in the last 12 months generally falls into the following categories under California law, to the extent that any of the following are personally identifiable: identifiers (such as name, address, email address and other contact information); commercial information (such as transaction data, and information about an individual’s interactions with Ethos Systems or our partners); financial data (such as payment card information); audio and visual information (such as recordings of certain calls, meetings, and events); internet or other network or device activity, and other information described in the Cookies and Automated Data Collection section of our Privacy Policy; geolocation information; professional or employment related data (such as title); other information that identifies or can be reasonably associated with you, and inferences drawn from any of the above.

In the twelve months leading up to the effective date of this Privacy Policy, Ethos Systems used the personal information as follows: (a) To provide and improve our Service Offerings, including internal analysis of aggregate usage patterns; (b) To respond to questions, concerns, or customer service inquiries, and to otherwise fulfill individuals’ requests; (c) To send information about our current and future Service Offerings, including marketing communications by phone, email, online display advertising, and other channels; (d) To analyze market conditions and use of our Service Offerings; (e)To customize the content and advertising individuals see on our websites, across the Internet, and elsewhere; (f) To enforce the legal terms that govern our business and online properties; (g) To comply with law and legal process and protect rights, safety and property; and (h) For other purposes requested or permitted by our Customers, Users or other relevant individuals, such as website visitors.
‍
Collection and Disclosure of California Personal Information During Past 12 Months
‍The chart below provides more detail on our disclosures of California personal information during the 12 months leading up to the effective date of this Privacy Policy: