Privacy Policy
Last updated: May 31, 2026
Document owner: Chief Privacy Officer (DPO delegate) Review cadence: Quarterly; ad hoc upon material product, vendor, or regulatory change Effective date: 2026-05-31 Controller / Legal entity: EthicPages, Inc. Registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ Primary contact: ethicpages+contact@invictosoft.com
Overview
EthicPages, Inc. ("EthicPages," "we," "us," or "our") provides a B2B SaaS platform that helps organizations generate, publish, and maintain procurement-ready Trust Centers — including privacy policies, security overviews, subprocessors lists, DPAs, and related compliance documentation. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal data when you visit ethicpages.com, create an account, subscribe to paid plans, use our AI-assisted document generation, or interact with our support and marketing channels.
This policy applies to personal data for which EthicPages acts as data controller. When we process personal data on behalf of our customers as part of hosted Trust Center or document generation services, our Data Processing Agreement and customer instructions govern. See also our Cookie Policy, Subprocessor List, and Data Retention Schedule.
We do not sell personal data. We do not use personal data for cross-context behavioral advertising.
Roles and scope
EthicPages operates in distinct processing roles depending on context:
| Role | Context | Examples | Governing document |
|---|---|---|---|
| Controller | Account, billing, website, marketing, security | Admin name, email, Stripe customer ID, analytics | This Privacy Policy |
| Processor | Customer-directed Trust Center content and hosted pages | End-user data described in customer documents | DPA |
| Processor | AI document generation from onboarding profiles | Company name, industry, compliance posture | DPA; AI Usage Policy |
Who this policy covers
| Audience | Description |
|---|---|
| Account holders | Users who register, subscribe, or administer EthicPages workspaces |
| Authorized users | Team members invited to a customer workspace |
| Website visitors | Individuals who browse ethicpages.com without an account |
| Prospects | Individuals who submit contact forms or request demos |
| Job applicants | Individuals applying via Careers channels |
Categories of personal data we collect
| Category | Examples | Source | Required? |
|---|---|---|---|
| Account & identity | Name, work email, password hash, job title | You | Yes, for account creation |
| Organization profile | Company name, industry, size, compliance frameworks | You (onboarding) | Yes, for document generation |
| Billing & subscription | Stripe customer ID, plan tier, invoice history, tax identifiers | You; Stripe | Yes, for paid plans |
| Authentication & security | Session tokens, MFA metadata, login timestamps, IP address | Automatic | Yes, for secure access |
| Usage & product analytics | Pages viewed, feature usage, device type, referrer | Automatic; cookies | No (non-essential analytics require consent where required) |
| Generated content | Trust Center documents, markdown exports, hosted page content | You; AI generation | Service delivery |
| Support & communications | Ticket content, email threads, call notes | You | Optional |
| Marketing preferences | Newsletter opt-in, campaign engagement | You; cookies | Optional |
We instruct customers not to include unnecessary personal data in free-text onboarding fields. Our AI Usage Policy describes how profile data is sent to model providers.
Purposes and lawful bases (EEA/UK GDPR)
| Purpose | Data used | Lawful basis (GDPR Art. 6) |
|---|---|---|
| Provide and operate the Service | Account, profile, generated content, usage | Contract (Art. 6(1)(b)) |
| Process subscriptions and invoices | Billing, identity | Contract; Legal obligation (tax) |
| Authenticate users and prevent fraud | Auth, security logs, IP | Legitimate interests (security); Contract |
| Improve product quality (aggregated) | Usage analytics | Legitimate interests; consent where required |
| Send service and transactional email | Email, name | Contract; Legitimate interests |
| Send marketing (where permitted) | Email, preferences | Consent (Art. 6(1)(a)) or soft opt-in where permitted |
| Comply with law and respond to authorities | Any relevant data | Legal obligation (Art. 6(1)(c)) |
| Establish, exercise, or defend legal claims | Relevant account and billing data | Legitimate interests |
Where we rely on legitimate interests, we balance our interests against your rights and provide objection rights as described below.
How we use personal data
Service delivery
We use account and onboarding data to generate Trust Center documents calibrated to your industry and compliance posture. Hosted Trust Centers (on eligible plans) display content you approve. We process this data solely to provide the service described in our Terms of Service.
Billing and account management
We use Stripe for payment processing. EthicPages does not store full payment card numbers. We retain billing metadata for subscription management, dunning, refunds (per our Refund Policy), and tax compliance. See Billing Terms.
Security and abuse prevention
We process security logs, IP addresses, and device signals to detect unauthorized access, enforce our Acceptable Use Policy, and protect the platform. See our Security Overview for technical controls.
Communications
We send transactional emails (account verification, password reset, billing receipts) via Resend. Marketing emails are sent only where permitted by law and your preferences. You may unsubscribe from marketing at any time.
Cookies and similar technologies
We use cookies and similar technologies as described in our Cookie Policy. Non-essential cookies require consent in the EEA, UK, and similar jurisdictions. Essential cookies are required for authentication and checkout.
Sharing and subprocessors
We share personal data with:
| Recipient type | Purpose | Safeguards |
|---|---|---|
| Subprocessors | Hosting, database, email, payments, AI inference | DPAs; see Subprocessor List |
| Professional advisors | Legal, accounting, audit | Confidentiality agreements |
| Authorities | Lawful requests | Verified per Law Enforcement Guidelines |
| Business transferees | Merger, acquisition, asset sale | Notice where required by law |
We maintain data processing agreements with subprocessors that handle personal data. Material subprocessor changes are notified to active customers per our DPA.
International transfers
EthicPages is operated by EthicPages, Inc. with infrastructure primarily in the United States. Personal data may be transferred to the US and other countries where subprocessors operate.
| Transfer mechanism | Applicability |
|---|---|
| EU Standard Contractual Clauses (2021 modules) | EEA transfers to third countries |
| UK International Data Transfer Addendum | UK transfers |
| Supplementary measures | Encryption in transit and at rest; access controls; transfer impact assessments |
Copies of transfer mechanisms are available upon request to ethicpages+contact@invictosoft.com with subject line "Transfer Mechanisms."
Retention
Detailed retention periods are in our Data Retention Schedule. Summary:
| Data type | Retention period | Deletion trigger |
|---|---|---|
| Active account & profile | Duration of subscription | Account closure request |
| Generated Trust Center content | Until deleted by you or account closure | User deletion or termination |
| Billing & tax records | 7 years after last transaction | Legal retention requirement |
| Application logs | 90 days | Automated purge |
| Security logs | 12 months (then archived 24 months) | Automated lifecycle |
| Marketing preferences | Until opt-out + 30 days | Unsubscribe |
| Support tickets | 3 years after resolution | Automated purge |
Upon account termination, we delete or anonymize personal data within 30 days except where retention is required by law or legitimate business need (e.g., billing disputes).
Your privacy rights
Depending on your jurisdiction, you may have the following rights:
| Right | Description | How to exercise |
|---|---|---|
| Access | Obtain a copy of your personal data | Email ethicpages+contact@invictosoft.com |
| Rectification | Correct inaccurate data | Account settings or email us |
| Erasure | Request deletion | Account closure or email us |
| Restriction | Limit processing in certain cases | Email us |
| Portability | Receive data in machine-readable format | Email us |
| Objection | Object to legitimate-interest processing | Email us |
| Withdraw consent | Where processing is consent-based | Unsubscribe or email us |
We respond to verified requests within 30 days (45 days for complex requests with notice). We may request identity verification. You may lodge a complaint with your supervisory authority.
California (CCPA/CPRA) notice
California residents have rights to know, delete, correct, and opt out of "sale" or "sharing." EthicPages does not sell or share personal data for cross-context behavioral advertising. To exercise rights, contact ethicpages+contact@invictosoft.com. We do not discriminate against consumers exercising privacy rights.
Children's privacy
EthicPages is a B2B service not directed to individuals under 18. We do not knowingly collect personal data from children. Contact us to request deletion if you believe we have collected a child's data.
Security
We implement administrative, technical, and organizational measures described in our Security Overview. No method of transmission or storage is 100% secure. Report suspected vulnerabilities via our Responsible Disclosure Policy.
Changes to this policy
We update this Privacy Policy when our practices, products, or legal requirements change. Material changes are communicated via email or in-app notice at least 14 days before effective date where required. The "Last updated" date at the top of this page reflects the latest revision.
Contact and data protection inquiries
| Inquiry type | Contact |
|---|---|
| Privacy & data subject requests | ethicpages+contact@invictosoft.com (subject: Privacy) |
| DPA & processor questions | ethicpages+contact@invictosoft.com (subject: DPA) |
| Security incidents | ethicpages+contact@invictosoft.com (subject: Security) |
| Postal | EthicPages, Inc., 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ |
Related documents: Terms of Service · Cookie Policy · DPA · Subprocessors · Data Retention · AI Usage Policy