Privacy Policy
Last updated: July 2, 2026
1. Who we are
Ethos provides AI content generation for websites you connect. This policy explains what personal data we process, why, and your rights under the GDPR. Contact: adulis2014@gmail.com.
2. Data we process
- Account data — your email address and hashed password, managed by our authentication provider (Supabase).
- Connected-site content — the public pages of websites you connect: URLs, titles, headings, and body text, plus vector embeddings derived from that text.
- Generated content — the pages, posts, and metadata the Service creates for you, stored so you can edit and export them.
- Usage data — API key usage timestamps and job status records needed to run the queue and prevent abuse.
We do not sell personal data and we do not run third-party advertising trackers.
3. Why we process it (legal bases)
- To provide the Service you signed up for (performance of contract, Art. 6(1)(b)).
- To secure the Service and prevent abuse (legitimate interest, Art. 6(1)(f)).
- To comply with legal obligations (Art. 6(1)(c)).
4. Processors we use
- Supabase — database, authentication, and storage (hosted in the EU, Ireland region).
- Anthropic — connected-site excerpts and generation instructions are sent to Anthropic's API to generate content. Anthropic does not train on API data by default.
- Voyage AI — connected-site text is sent to Voyage's API to compute embeddings for retrieval.
- Vercel — application hosting and request logs.
5. Cookies
We use only strictly necessary cookies: authentication session cookies set when you sign in. There are no analytics or marketing cookies, which is why there is no cookie banner.
6. Retention
Your data is kept while your account is active. Deleting a brand profile deletes its crawled pages, embeddings, jobs, and generated content. Deleting your account removes all associated data within 30 days, except records we must keep by law.
7. Your rights
Under the GDPR you can request access, correction, deletion, restriction, portability, or object to processing. Email adulis2014@gmail.com and we will respond within one month. You may also lodge a complaint with your local supervisory authority (in Latvia: Datu valsts inspekcija).
8. Security
Data is encrypted in transit, API keys are stored only as SHA-256 hashes, and database access is protected by row-level security so accounts can only read their own data.
9. Changes
We will announce material changes to this policy in the app before they take effect.