Last Revised 5/27/2020
This Privacy and Data Security Policy will help you understand what
information we collect and use at Ethena, and the choices you have
associated with that information. When we refer to “Ethena,”
“we,” “our,” or “us” in this policy,
we are referring to Ethena, Inc., and its subsidiaries and affiliates, which provides services to
you pursuant to the Service Agreement between you and Ethena. The use of
information collected by Ethena shall be limited to the purpose of
providing the services for our customers and as specified herein. Ethena
follows generally accepted standards to protect any information
submitted to us, both during transmission and once it is received,
however, no security measure is perfect. One of the easiest ways you can
manage the security of your own account is with the use of strong
passwords. Your use of Ethena’s services constitutes agreement to
the following policy.
Data We Collect
There are three types of data we collect.
Administrator generated data:
Employee information excluding protected demographic information
(e.g. race, gender, age).
- Uploaded company policies.
Note that we do not directly collect payment information; see the Data Storage
section below for more information on this.
Optionally self-reported protected demographic information (e.g.
race, gender, age).
Training response data. This includes employee answers to
check-on-learning exercises and employee answers to culture pulse
Note that we do not directly collect `entication information (i.e. passwords); see
the Data Storage section below for more information on this.
Tracking (via browser-based cookies) and monitoring data generated
while interacting with Ethena’s browser-based application.
Tracking (via pixel tracking) data generated while interacting with
emails sent by Ethena.
How We Collect Data
We collect the data you provide to us.
We use "cookies" and other technologies to collect data
that enable us to better understand and improve the usability,
performance and effectiveness of our services. Cookies are files sent
general information about your use of Ethena’s browser-based
application, the configuration of your computer and your
computer’s interaction with Ethena’s browser-based
application, and store this data in log files. We use this data
to improve our service, provide the best online experience possible,
and improve our customer service. We use the following types of
cookies on our site:
Strictly necessary cookies - These cookies are essential in order to
enable you to navigate and use our services.
Performance cookies - These cookies collect data about how you use
the services. These cookies don’t collect personal data and are
only used to improve how the services work.
Functionality cookies - These cookies allow the Services to remember
choices you make, such your preferences, to provide enhanced, more
Other Technologies - We may also use other Internet technologies,
such as web beacons or pixel tags and other similar technologies, to
deliver or communicate with cookies and analyze your use of the
services. We also include web beacons in e-mail messages so that we
know when you have opened or interacted with an email message received
You may disable cookies by changing the settings on your browser, phone
and/or devices. Check your browser’s or device’s help or
support menu for further information. Remember that if you disable
cookies it is likely to affect how the Ethena’s browser-based
application works and you may not be able to access or use certain
features. Unless you have adjusted your settings so that it will refuse
cookies, we will place cookies when you use Ethena’s browser-based
Do Not Track (DNT) is a privacy preference that users can set in some
web browsers, allowing users to opt out of tracking by websites and
online services. We do not recognize DNT.
How We Use Data
We use data for the following purposes:
To provide you with the Ethena services.
We collect data through unique identifiers (such as IP
To administer your account.
To communicate with you about your account or interactions with us
and send you details or updates about our services or changes to our
- To process payments.
To create anonymized and aggregated data sets that may be used for a
variety of purposes, including research, internal analysis, analytics,
or other functions.
To ensure consistency with local law and choices and controls that
may be available to you.
To detect, investigate and prevent activities that may violate our
policies or be illegal.
To detect errors, monitor usage, improve the quality of our product
and otherwise measure the effectiveness of our product.
How We Share Data
Employees’ self-reported protected demographic information is
not shared with company administrators except in anonymized, aggregate
Employees’ check-on-learning training data may be shared with
Employees’ answers to culture pulse surveys are not shared with
company administrators except in anonymized, aggregate
Ethena only makes money through what our customers pay us; we do not
sell any data to third parties.
We do not share any of our data with third parties, except in the
following limited circumstances:
When we contract or partner with a third party to provide services on
our behalf, such as our cloud service provider (Amazon) and our
application hosting service (Heroku). We require all third parties to
For anonymized derivative works of the training response data
mentioned above. When doing this, we do not disclose any data in a
manner that identifies a client or the individual training
In connection with the sale of a business (including merger,
acquisition, or sale of all or a material portion of its assets or
change in corporate control.)
To enforce our Terms of Service or rules, to ensure the safety and
security of our users and third parties, to protect our rights and
property and the rights and property of our users and third parties,
to comply with legal process, including judicial warrant, rule, order
or subpoena or in other cases if we believe in good faith that
disclosure is required by law or regulation.
Ethena stores data in a database provided by Amazon, and encrypted
data moves between this database and our application hosted on Heroku.
Ethena does not store any payment information; payment information is
encrypted and transmitted directly from the client to our third party
payment provider. Our third party payment provider, Stripe, makes
their privacy and security policies available on their site.
Ethena does not store any authentication information (i.e.
passwords); passwords are encrypted and transmitted directly from the
client to our third party authentication provider. Our third party
provider, Auth0, makes their privacy and security policies available on their site.
Ethena does not grant employees access to any systems which they do
not need to perform their duties.
Ethena mandates that employees use a password manager, do not use the
same password across systems, and enable multi-factor authentication
Notice to European Union users
Ethena’s operations are located primarily in the United States.
If you provide information to us, the information will be transferred
out of the European Union (EU) to the United States which does not offer
an equivalent level of protection to that required in the European
Union. By providing personal information to us, you are consenting to
its storage and use as described herein.
Information collected from children
Ethena’s website and services are not intended for children under
the age of 13. Ethena does not knowingly collect or solicit information
from anyone under the age of 13, or allow anyone under the age of 13 to
sign up for its services.
California Privacy Rights
If you are a California resident, California law may provide you with
additional rights regarding our use of your personal information. To
learn more about your California privacy rights, visit https://oag.ca.gov/privacy/privacy-laws.
Changes to this Statement/Contact Us
We may update this Policy to reflect changes to our data privacy
practices. If we make any material changes, we will provide notice on
goethena.com, and we may notify you by email (sent to the email address
specified in your Service Agreement), prior to the change becoming
effective. We encourage you to periodically review this page for the
latest information on our privacy practices. If you continue to use the
Services after those changes are in effect, you agree to the revised
If you have any other questions about this policy please contact