ethrocore.

    Legal

    Privacy Policy

    Last updated: 17 September 2025

    1. Who We Are

    Ethrocore ("Ethrocore," "we," "us," or "our") provides AI software, services, and related support. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our websites, products, and services (the "Services"). Controller: [Ethrocore legal entity name], [registered address]. Privacy Contact: privacy@ethrocore.com Where required under GDPR/UK GDPR, the contact details of our EU/UK representatives will be provided upon request.

    2. Scope

    This Policy applies to personal data we process as a controller via our websites, marketing, support, demos, and account administration. Where we process personal data solely on behalf of a customer within a hosted tenant or managed environment, we act as a processor (or "service provider" under some laws) and the customer's privacy terms govern.

    3. Information We Collect

    Account & Contact Data: name, company, role, email, phone, billing info. Usage & Device Data: IP address, device/browser info, timestamps, pages/features used, diagnostics, crash logs. Support Content: descriptions, attachments, logs you submit. Integration Data: data from systems you connect (e.g., cloud storage, CRM) per your authorization. Cookies/Similar Tech: identifiers for session management, preferences, analytics, and performance. See "Cookies" below. Sensitive data: We do not seek sensitive personal data unless required for the Services and agreed in writing. PHI: If our Services are used with protected health information (PHI), we act as a HIPAA Business Associate under a signed Business Associate Agreement (BAA).

    4. How We Use Data

    Provide, secure, and operate the Services. Configure deployments (GCP/AWS/Azure/on-prem/hybrid) per your instructions. Improve features, quality, and performance. Communicate about updates, security, and support. Comply with law and enforce terms. Legal bases (GDPR/UK GDPR & Saudi PDPL): performance of a contract; legitimate interests (e.g., service security and product improvement, subject to a balancing test and PDPL limits on sensitive data); consent where required (e.g., marketing cookies, optional features); legal obligations; vital interests (where contacting the individual is impracticable); public interest/security where permitted; and scientific/statistical research with safeguards. When we act as a processor, your organization determines the legal basis and we process on its documented instructions.

    5. Sharing

    We share personal data with: Service Providers/Sub-processors (infrastructure, analytics, support) bound by confidentiality, security, and privacy obligations. Professional advisors and auditors. Legal/Compliance authorities when required or to protect rights, safety, and security. Corporate transactions (merger, acquisition, financing), subject to safeguards. We do not sell personal data.

    6. International Transfers

    We operate across regions and clouds. Where transfers occur to countries without equivalent protections, we implement safeguards such as Standard Contractual Clauses (SCCs) and supplementary measures (encryption in transit/at rest, access controls). Saudi PDPL: cross-border transfers follow PDPL requirements (e.g., necessity for performance, adequate protection, or regulatory approval, with appropriate safeguards).

    7. Security

    We maintain administrative, technical, and physical measures aligned to leading frameworks (e.g., SOC 2-aligned controls, ISO-informed practices), including encryption in transit/at rest, RBAC/least privilege, logging/monitoring, vulnerability management, and incident response. No system is 100% secure.

    8. Retention

    We retain personal data only as long as necessary for the purposes above or as required by law/contract. Customer data retention follows the customer agreement and your in-product settings.

    9. Your Rights

    Depending on your location, you may have rights to access, correct, delete, restrict, object, or request portability. For data we process on behalf of a customer, contact that customer; we will assist them as a processor. GDPR/UK GDPR: access, rectification, erasure, restriction, portability, objection; lodge a complaint with a supervisory authority. Saudi PDPL: knowledge, access, correction, and destruction per law. HIPAA (if applicable): individuals exercise rights through the Covered Entity (our customer). To exercise rights: privacy@ethrocore.com.

    10. Cookies & Tracking

    We use necessary cookies to operate the site and, where required, obtain consent for analytics/performance cookies. Manage via your browser and our on-site preferences.

    11. Children

    The Services are not directed to children and we do not knowingly collect data from children.

    12. Changes

    We may update this Policy. Material changes will be posted with a new effective date. Continued use signifies acceptance. Contact: privacy@ethrocore.com