Privacy Policy — Etlworks

About this policy

Etlworks LLC ("Etlworks," "we," "us") respects your privacy. This policy covers personal data we collect through:

Our marketing website at etlworks.com — public pages, the blog, signup forms, sales inquiries.
Our platform at app.etlworks.com and on-premise deployments — the product itself.

These two contexts have different data and different rules. We call them out separately throughout this policy.

This policy doesn't cover data you process through the platform — that data belongs to you, governed by your account and our Terms of Service. See Section 4 for the short version.

Data we collect from website visitors

When you visit etlworks.com, fill out a form, or download a resource, we collect:

Information you give us: name, work email, company name, job title (when you submit a form, request a demo, or sign up for a trial).
Information your browser sends: IP address, device type, browser type, pages visited, referring URL, time on page. This is standard web traffic data.
Information from cookies and analytics: see Section 11.

We use this data to respond to your inquiries, understand which pages help (and which don't), prevent abuse, and — if you've opted in — send occasional product updates.

Data we collect from platform users

When you sign up for Etlworks and use the platform, we collect:

Account data: name, email, company, role, password (hashed — we can't see it).
Billing data: company billing details, invoices, payment history. We don't store credit card numbers; payment processing is handled by Stripe.
Usage data: which features you use, when, how often, error logs, performance metrics. This is aggregate operational data, not the contents of your flows.
Support data: the contents of support tickets you open and the conversations that follow.

We use this data to provide and improve the service, bill you correctly, debug issues you report, and meet our legal obligations.

Customer data on the platform

The data you process through Etlworks — the records in your flows, the contents of your databases, the files you move from source to destination — is your data. We process it only as needed to provide the service.

Specifically, we don't sell your data, train AI models on it (including our own AI agent), share it with third parties beyond our published sub-processors, or access it without your permission.

The agent operates on your data only within your account, only when you ask it to. If you're an enterprise customer, see our Data Processing Addendum (DPA), or request a counter-signed copy at legal@etlworks.com.

How we use the data we collect

We use the data described in Sections 2 and 3 to:

Provide the service. Run the platform, process your payments, deliver support.
Improve the service. Aggregate usage data tells us which features matter and which don't.
Communicate with you. Service emails (billing, security, downtime), and — if you've opted in — product updates and newsletters. You can unsubscribe from marketing emails anytime; service emails are required while your account is active.
Stay secure. Detect fraud, prevent abuse, investigate security incidents.
Meet legal obligations. Tax records, regulatory requests, court orders.

We don't use your data for any purpose not listed here without telling you first.

Sub-processors

We use a small set of trusted third parties to deliver the service. The current list:

Sub-processor	Purpose	Region
Amazon Web Services	Cloud hosting (default region)	US, with regional options for enterprise
Microsoft Azure	Cloud hosting (alternative region)	Multiple regions
Google Cloud	Cloud hosting (alternative region)	Multiple regions
Oracle Cloud	Cloud hosting (alternative region)	Multiple regions
IBM Cloud	Cloud hosting (alternative region)	Multiple regions
Stripe	Payment processing	US
Paywhirl	Subscription management	US
Zendesk	Customer support tickets	US

Sub-processors are bound by contractual obligations to handle your data with the same care we do. We update this list when sub-processors change. Material changes are communicated to enterprise customers in advance.

For dedicated enterprise instances, you can choose your hosting region from any of the cloud providers above. Most regions globally are supported on request — contact sales@etlworks.com for specifics.

Where your data is stored

Marketing website data is stored in the US.

Platform data location depends on your plan:

Starter and Business plans run on shared infrastructure in the US.
Enterprise plans run on a dedicated instance in the region you choose. We support most regions across AWS, Azure, GCP, Oracle Cloud, and IBM Cloud.
On-premise deployments keep data entirely within your own infrastructure. We never have access to it.

If you have specific data residency requirements (HIPAA, GDPR data localization, government mandates), contact us — we likely already support what you need.

How long we keep your data

Data type	Retention period
Marketing website analytics	14 months (Google Analytics default), then aggregated
Sales inquiry data	24 months from last contact, then deleted unless you become a customer
Marketing email subscriber lists	Until you unsubscribe
Customer account data	Active for the life of the account; deleted 30 days after account closure
Customer data on the platform	Active for the life of the account; deleted 30 days after account closure
Support tickets	36 months from ticket close
Billing records	7 years (legal requirement)
Backup snapshots	30 days rolling

You can request earlier deletion of your data at any time — see Section 10.

International transfers

If you're outside the US, your data may be transferred to and processed in the US (or in another region you've chosen for an Enterprise instance). For transfers from the EU, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, available as part of our DPA.

If you're a US-based customer with international subsidiaries, we can help you design flows that keep data within specific regions. Talk to us.

Your rights

All users

You can:

Access the data we hold about you.
Correct data that's inaccurate.
Delete your data (subject to legal retention requirements like billing records).
Export your data in a portable format.
Object to our processing of your data.
Withdraw consent for any optional processing (like marketing emails).
Complain to a data protection authority in your jurisdiction.

Email legal@etlworks.com to exercise any of these rights. We respond within 30 days.

EU, UK, and Swiss residents (GDPR)

In addition to the rights above, you have the right to:

Restrict our processing of your data in certain circumstances.
Data portability — receive your data in a machine-readable format.
Lodge a complaint with your local supervisory authority.

Our legal basis for processing is one of: your consent, performing a contract with you, complying with legal obligations, or our legitimate interests (running and improving our business in ways that don't override your rights).

California residents (CCPA / CPRA)

In addition to the rights above, California residents have the right to:

Know what categories of personal information we collect, the sources, and the business purposes.
Know whether we sell or share your personal information (we don't, to either).
Opt out of sale or sharing — though as noted, we don't do either.
Limit the use of sensitive personal information — we don't use sensitive PI for purposes beyond providing the service.
Non-discrimination for exercising your rights.

We don't sell or share personal information for cross-context behavioral advertising, and we don't process sensitive personal information for purposes that would require an opt-out under California law.

Children

Etlworks is a B2B platform. We don't knowingly collect personal data from anyone under 18. If you believe we have, contact legal@etlworks.com and we'll delete it.

Cookies and analytics

We use cookies and similar technologies on etlworks.com:

Essential cookies — required for the website to function (session, security, load balancing). Can't be disabled.
Analytics cookies — Google Analytics, used to understand which pages help visitors. We don't use Google Analytics on the platform itself.
Functional cookies — remember your preferences (e.g., dismissed banners).

We don't use advertising cookies. We don't run remarketing or behavioral ad campaigns.

You can refuse non-essential cookies through your browser settings or our cookie banner. Essential cookies are required for the website to work.

Security

We protect your data with:

Encryption in transit — all connections use TLS 1.2 or higher.
Encryption at rest — customer data is encrypted on disk in our cloud infrastructure.
Access controls — internal access to production systems is limited to staff who need it, logged, and reviewed.
SOC 2 Type II audits — completed annually. Reports available to enterprise customers under NDA.
HIPAA-eligible deployments — available for healthcare customers under signed BAA.
Vulnerability management — regular penetration testing, dependency scanning, and security patches.

If you discover a security issue, report it to security@etlworks.com. We respond within 24 hours.

Changes to this policy

We may update this policy from time to time. Material changes are communicated to existing customers by email and take effect 30 days after notification. Non-material changes (clarifications, formatting fixes) take effect immediately and are noted in the "Last updated" date at the top.

Past versions of this policy are available on request at legal@etlworks.com.

Contact

For privacy questions, data subject requests, or anything related to this policy: legal@etlworks.com

For security issues: security@etlworks.com

For everything else: support@etlworks.com

Etlworks LLC
18 Rosemont Lane
Pittsburgh, PA 15217
United States

Privacy Policy.