early access · request a demo · talk to us
10+ connectors live · uk-hosted · changelog
privacy notice · last updated 30 April 2026

Privacy notice. Plain English.

This notice tells you what we collect, why, where it lives, how long we keep it, and how to exercise your rights under UK GDPR. If anything is unclear, write to dsr@ethersight.app.

Who we are

EtherSight is a product of Ether-X Ltd., a company registered in England & Wales (company no. 17123706). Our registered office is 3rd Floor, 86-90 Paul Street, London, EC2A 4NE, United Kingdom. We are registered with the UK Information Commissioner's Office under reference ZC138203. The data controller for the marketing site and customer accounts is Ether-X Ltd. Our Data Protection Contact is reachable at dsr@ethersight.app.

What we collect, and why

Things you tell us

If you fill in the contact form or email us, we receive your name, email, company, the topic of your enquiry and the body of your message. Lawful basis: legitimate interests in responding to a business enquiry. We use it for one purpose: replying to you.

If you become a customer, we receive billing information via Stripe (we never see card numbers), the credentials you configure for connectors (sealed with AES-256-GCM at rest), and the asset metadata that flows in from those connectors. Lawful basis: contract.

Things we collect automatically

Server access logs (HTTP requests with IP and user-agent) are retained for 30 days for security and operational reasons, then discarded. We do not run third-party analytics, fingerprinting or cross-site tracking on this site.

Things we don't collect

We don't run third-party advertising or behavioural tracking on this site. We don't share marketing data with anyone. We don't sell anything. We don't use customer asset data to train models.

How we use your data

Three things, no others:

  • To run the service you've signed up for (or to evaluate signing you up).
  • To respond to enquiries, support requests, vulnerability reports, and DSR requests.
  • To meet our legal obligations — tax records, anti-fraud checks, lawful disclosure orders.

We don't sell your data. We don't share it for marketing. We don't use it to train models.

Where your data lives

Default tenancy is the United Kingdom, with PostgreSQL HA. EU and US dedicated tenancy is on the roadmap for Enterprise customers. Some sub-processors transfer data outside the UK / EEA — see the sub-processors list for details, including the transfer mechanism (UK GDPR / SCCs / IDTA) for each.

How long we keep your data

  • Contact form submissions: 24 months from the last interaction, then archived for 12 more, then deleted.
  • Customer accounts: for the lifetime of your subscription, plus 90 days for cancellation handling, plus statutory retention for billing records (6 years under UK tax law).
  • Connector credentials: until you delete them or close the account. We never read them in plaintext after the initial validation; they're sealed at rest.
  • Asset metadata: until you delete it or close the account. CSV / JSON export available at any time.
  • Server access logs: 30 days, then discarded.
  • Audit logs: per the retention setting on your tier (see pricing).

Sub-processors

We use a small number of well-vetted sub-processors for infrastructure, payments, transactional email, and DNS. Each is listed on the security page with their purpose, region, and the transfer mechanism. Material changes to that list are notified 30 days in advance.

Your rights under UK GDPR

You have the right to access the personal data we hold about you (Article 15), to rectify inaccuracies (Article 16), to erase data we no longer have a basis to hold (Article 17), to restrict processing (Article 18), to data portability (Article 20), and to object to processing based on legitimate interests (Article 21). Exercise any of these by emailing dsr@ethersight.app.

We respond within one calendar month, and will tell you in advance if we need an extension under Article 12(3). If you're unhappy with our response, you have the right to complain to the Information Commissioner's Office at ico.org.uk.

Cookies

This site sets no analytics or marketing cookies. There is no cookie banner because we have no consent-required cookies. PECR-compliant.

Changes to this notice

If we change this notice in a way that affects your rights or how we process your data, we'll notify customers by email and post the change here at least 30 days before it takes effect. The "last updated" date at the top of this page reflects the most recent change.

Get in touch

For data protection queries: dsr@ethersight.app. For everything else, see the contact page.