Etta

Legal · etta.ai

Privacy Policy

Effective: [EFFECTIVE DATE]

Template for legal review

This document is a template. Replace [ENTITY NAME], [JURISDICTION], [PHYSICAL ADDRESS], and [EFFECTIVE DATE] placeholders, and have qualified legal counsel review before relying on these terms.

This Privacy Policy describes how [ENTITY NAME] ("etta.ai," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with our website at etta.ai and any mobile applications, products, or services we offer (collectively, the "Services"). By using the Services, you agree to the practices described in this policy.

1. Information We Collect

We collect the following categories of information:

  • Contact information you provide directly: name, email address, phone number (if provided), company, and the contents of messages you send us.
  • Communication preferences, including which channels you have consented to and opt-in or opt-out status for marketing communications.
  • Account information for any apps you create an account in: username, password (hashed), profile data, and authentication identifiers.
  • Device and technical information: device model, operating system, unique device identifiers, advertising identifiers (where permitted), push notification tokens, IP address, language, time zone, app version, crash logs, and diagnostic data.
  • Usage information: pages and features viewed, actions taken, session duration, referring URLs, and similar analytics data.
  • Inferred data: characteristics or preferences derived from your use of the Services to personalize content and improve product quality.
  • Information from third parties: analytics providers, app stores (Apple, Google), and authentication providers, when you choose to connect them.

We do not knowingly collect more information than necessary to provide the Services. We do not collect Sensitive Personal Information unless you choose to provide it.

2. How We Use Information

  • To provide, operate, maintain, and improve the Services.
  • To respond to your inquiries and provide customer support.
  • To send transactional communications (account, security, service updates).
  • To send marketing communications, only where we have a lawful basis (such as your consent or, where permitted, legitimate interest).
  • To personalize features, content, and recommendations.
  • To detect, prevent, and address fraud, abuse, and security incidents.
  • To comply with legal obligations and enforce our Terms.

3. How We Communicate With You

We communicate across multiple channels, and we follow distinct rules for each. You always have a way to opt out — see Section 4.

3.1 Email (CAN-SPAM Act)

  • Transactional emails (such as account verifications, password resets, purchase receipts, security alerts, and direct replies to your inquiries) are sent in response to your actions and are not considered marketing.
  • Marketing emails include our valid physical postal address, are clearly identified as advertising, and never use deceptive subject lines or "From" information.
  • Every marketing email contains a working unsubscribe mechanism. We honor unsubscribe requests within ten (10) business days, as required by the CAN-SPAM Act.
  • We do not sell, rent, or transfer email lists to third parties for their own marketing use.

3.2 SMS / MMS Messages (TCPA & CTIA)

  • We will not send marketing or promotional SMS/MMS messages without your prior express written consent, obtained through a clear, unchecked opt-in not bundled with any other agreement.
  • When you opt in, we disclose: the program name, message frequency, "Message and data rates may apply," and instructions for HELP and STOP keywords.
  • You can opt out at any time by replying STOP to any message. We honor STOP requests immediately.
  • Reply HELP for assistance, or contact us using the details in Section 12.
  • Consent to receive marketing SMS is not a condition of purchasing any goods or services.
  • Autodialed or prerecorded calls (where applicable) are made only with separate prior express written consent and during permitted calling hours.

3.3 Push Notifications

  • Mobile apps request push notification permission via the standard operating-system prompt; you may decline or revoke at any time in your device settings.
  • Most apps also include in-app controls to turn specific notification categories on or off (e.g., transactional vs. tips & updates).

3.4 Phone Calls (TCPA)

  • We do not place marketing calls using autodialers or prerecorded voices without your prior express written consent.
  • We honor the National Do-Not-Call Registry and applicable state DNC lists.
  • We restrict outbound calls to the times permitted by applicable law (typically 8 a.m. – 9 p.m. local time of the recipient).

3.5 In-App Messages

We may surface in-app messages relevant to your use of the Services. You can manage these through in-app preferences where available.

4. Your Communication Choices

  • Email: Click the unsubscribe link in any marketing email, or contact us using Section 12.
  • SMS: Reply STOP to any message.
  • Push: Disable notifications in your device's operating-system settings or in the app's notification preferences.
  • Phone: Tell us during the call or contact us using Section 12.
  • All channels: Email privacy@etta.ai to request a global communications opt-out.

Even if you opt out of marketing, we may still send transactional and service-related messages necessary to operate the Services (e.g., security alerts, account notices).

5. How We Share Information

  • Service providers who help us operate the Services (hosting, analytics, email/SMS delivery, customer support, payments) under written contracts limiting their use of the data.
  • App stores and platforms (Apple, Google) for distribution, in-app purchases, and crash reporting.
  • Compliance and protection: when required by law, court order, or to protect rights, safety, and property.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets.
  • With your consent: any other sharing you specifically authorize.

We do not sell personal information for monetary value. To the extent any data practice qualifies as a "sale" or "share" under California or other state law, we provide opt-out controls described in Section 6.

6. Your Privacy Rights

6.1 California (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we have collected about you in the past 12 months and the categories of sources, purposes, and recipients.
  • Delete personal information we have collected, subject to legal exceptions.
  • Correct inaccurate personal information.
  • Opt out of sale or sharing of personal information. To exercise this right, email privacy@etta.ai with the subject line "Do Not Sell or Share My Personal Information."
  • Limit the use of Sensitive Personal Information to the purposes permitted by law.
  • Non-discrimination: we will not deny services, charge different prices, or provide a different level of quality because you exercised your rights.
  • Authorized agents: you may designate an authorized agent to make requests on your behalf with proper verification.

6.2 EEA, UK, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, UK, or Switzerland, you have the right to:

  • Access, rectify, erase, restrict, and port your personal data.
  • Object to processing based on legitimate interests, and to withdraw consent at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint with your local data protection authority.

Our legal bases for processing include: consent (for marketing communications), performance of a contract (to provide Services you request), legitimate interests (to improve and secure the Services), and compliance with legal obligations. International transfers are protected by appropriate safeguards, including Standard Contractual Clauses where required. Contact our data protection contact at privacy@etta.ai.

6.3 Canada (CASL & PIPEDA)

  • We send commercial electronic messages to Canadian residents only with express consent (or an applicable implied-consent exception).
  • Every commercial electronic message identifies the sender, includes valid contact information, and provides an unsubscribe mechanism that remains valid for at least 60 days.
  • We honor unsubscribe requests within 10 business days.

6.4 Other US State Laws

We extend access, correction, deletion, and opt-out rights to residents of states with applicable comprehensive privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas, Oregon, and others as such laws come into effect.

6.5 How to Exercise Your Rights

Email privacy@etta.ai from the address associated with your account or include sufficient information for us to verify your identity. We respond within the timeframes required by applicable law.

7. Children's Privacy (COPPA)

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it. Apps we publish that are directed to children will comply separately with the Children's Online Privacy Protection Act (COPPA) and Apple and Google child-directed app policies.

8. Data Retention

We retain personal information only as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and purpose; contact us for specifics.

9. Security

We use administrative, technical, and physical safeguards to protect personal information, including encryption in transit, access controls, and least-privilege principles. No system is perfectly secure; please use strong, unique credentials.

10. International Transfers

Your information may be processed in countries other than your own. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) to protect personal data.

11. Third-Party Services

The Services may link to or integrate with third-party sites and services that have their own privacy practices. We are not responsible for the privacy practices of those third parties.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the most recent version. Material changes will be highlighted on the Services or communicated to you directly.

13. Contact Us

For privacy questions or to exercise your rights, contact:
[ENTITY NAME]
Attn: Privacy
[PHYSICAL ADDRESS]
Email: privacy@etta.ai
General: hello@etta.ai