Contact
Contact

ESTHER.AI PRIVACY POLICY

Effective Date: April 8, 2016
Last Updated: April 8, 2026

Esther.ai (“Esther.ai”, “we”, “us”, or “our”) is committed to protecting your privacy and handling data in a transparent, secure, and responsible manner.

This Privacy Policy describes how we collect, use, disclose, store, and protect information when you visit our website https://www.esther.ai (the “Site”) or engage with our services.

1. Who We Are

Esther.ai is a Digital Risk Governance platform that provides ADA Title III Exposure Analysis and Oversight for organizations.

We operate as a data intelligence infrastructure, delivering governance-layer insights—not remediation, compliance certification, or legal advice.

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website
  • Individuals interacting with us via forms, email, or referrals
  • Prospective customers and partners
  • Channel partners and advisors

This policy does NOT apply to:

  • Data processed within customer environments beyond agreed scope
  • Legal evidence workflows handled by third parties
  • Customer-controlled remediation systems

3. Information We Collect

3.1 Information You Provide

We may collect:

  • Name
  • Email address
  • Company name
  • Job title
  • Phone number
  • Any information submitted through forms, emails, or meetings

3.2 Automatically Collected Data

When you use our Site, we may collect:

  • IP address
  • Browser type and version
  • Device identifiers
  • Pages visited and interaction data
  • Referring URLs

3.3 Limited Technical Data (Service Context)

In delivering our services: 

  • We analyze public-facing digital properties

We may process:

  • URLs
  • page structures
  • accessibility-related signals

We do NOT intentionally collect:

  • Personal user data from your systems
  • Authentication credentials
  • Sensitive personal data (as defined under GDPR)

This is consistent with your current positioning that scanning is limited to public-facing environments and avoids retention of sensitive data.

4. How We Use Information

We use data to:

  • Provide and improve our services
  • Generate ADA Title III Exposure Analysis reports
  • Deliver governance-level insights and oversight
  • Communicate with you
  • Manage partnerships and referrals
  • Ensure security and prevent abuse

Comply with legal obligations

5. Legal Bases for Processing (GDPR / UK GDPR)

Where applicable, we rely on:

  • Legitimate Interest – for business communications and service improvement
  • Contractual Necessity – to deliver requested services
  • Consent – for marketing communications
  • Legal Obligation – where required

6. Data Sharing and Disclosure

We do NOT sell personal data.

We may share data with:

  • Trusted service providers (hosting, analytics, communication tools)
  • Professional advisors (legal, accounting)
  • Channel partners (only within referral context and with appropriate controls)
  • Authorities where required by law
  • All third parties are required to maintain appropriate confidentiality and security.

7. Data Retention

We apply strict data minimization and retention controls:

  • Website analytics: typically retained for 12–26 months
  • Contact and inquiry data: retained as long as necessary for business purposes
  • Customer engagement data: retained per contractual terms
  • Exposure analysis data:
  • Free reports: short-term retention or no retention
  • Paid reports: retained per plan (e.g., ~31–90 days or contract-defined)
  • Oversight subscriptions: retained for duration of engagement
  • Retention is aligned with your commercial architecture and controlled by backend systems.
  • We may retain limited data longer where required for:
  • Legal obligations
  • Dispute resolution
  • Enforcement of agreements

8. Data Storage and Security

We implement enterprise-grade security controls, including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (where applicable)
  • Access controls and role-based permissions
  • Secure infrastructure environments
  • Monitoring and logging
  • We follow industry practices consistent with modern SaaS governance platforms.

9. International Data Transfers

Esther.ai operates globally, including in:

  • United States
  • United Kingdom
  • European Economic Area (EEA)
  • Australia
  • New Zealand

Where data is transferred internationally, we use appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Addendum
  • Equivalent lawful transfer mechanisms

10. Your Rights

Depending on your location, you may have rights to:

  • Access your data
  • Correct inaccurate data
  • Delete your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent

To exercise your rights, contact: info@esther.ai

11. Cookies and Tracking

Technologies

We use cookies and similar technologies to:

  • Enable website functionality
  • Analyze usage
  • Improve performance
  • You can control cookies through your browser settings.

12. Third-Party Content

Our Site may include embedded content (e.g., videos, articles).

These third parties may collect data independently under their own privacy policies.

13. Children’s Privacy

Our services are not directed to individuals under 18, and we do not knowingly collect data from children.

14. Data Boundaries and Platform Responsibility

Esther.ai provides:

  • Exposure intelligence
  • Governance-layer documentation

Esther.ai does NOT provide:

  • Legal advice
  • Compliance certification
  • Remediation services

This distinction is critical to how data is processed and interpreted within the platform.

15. Changes to This Policy

We may update this Privacy Policy periodically.

Updates will be posted on this page with a revised “Last Updated” date.

16. Contact Us

For privacy-related inquiries:

Esther.ai
Email: info@esther.ai
Website: https://www.esther.ai

17. Non-Discrimination Statement

Esther.ai is committed to equal opportunity and does not discriminate based on race, color, religion, sex, national origin, age, disability, or other protected status.