What is Ethyca and how does it work?

What is Ethyca?

Ethyca is cloud software that lets organizations easily manage all their data privacy requirements. With Ethyca, your team can rapidly execute privacy tasks which would otherwise take many hours to complete. Ethyca's automation power removes all human error from the execution of these tasks — and people reviewing database tables row by row are very prone to mistakes!

In short: following the world's privacy laws is much quicker and simpler with Ethyca.

The software includes a front-end Privacy Center where your customers can file privacy requests to fulfill the rights granted to them by data privacy law. This includes options to opt-out of data sales and make requests to download or delete their data.


On the back-end, Ethyca has a number of features that help you create a powerful data management strategy. These include:

  • Data integrations that link into all the 3rd party applications in your business's tech stack
  • Ethyca Atlas, which allows you to fulfill subjects' data rights by querying against data stored on your owned infrastructure
  • A seamless Data Subject Request management system that can be fully automated
  • Data mapping capabilities that clearly outline your entire business's data supply chain and help you comply with data privacy

How Ethyca Works

  1. Your customer (a "Data Subject") puts in a request to download or erase their data in your Privacy Center (privacy.<yourdomain>.com).
  2. Ethyca stores all the Data Subject Requests (DSRs) that come into your Privacy Center
  3. Ethyca's Atlas, deployed in your infrastructure, polls Ethyca's web services to retrieve the queue of DSRs for your organization.
  4. When complete, Ethyca's Atlas returns an object of aggregated data to Ethyca's web services
  5. Ethyca fetches data for each DSR from each of your configured 3rd party SaaS Data Integrations.
  6. For an access request, Ethyca aggregates the responses from each of your Data Integrations and Atlas and sends this to Ethyca's DSR-S (Data Subject Request Storage).
  7. Ethyca then sends the final, downloadable package to be stored in your desired cloud storage system (e.g., AWS S3, GCP Cloud Storage, Azure Cloud Storage). There is no action taken in the event of a deletion request.
  8. For access requests, the Data Subject is notified that their DSR package is ready via an email containing a link to a downloadable ZIP file. For a deletion request, Ethyca will send an email to the Data Subject confirming that their data has been deleted.
  9. Using the URL provided, which Ethyca (download.ethyca.com) proxies to your storage system, the Data Subject can download their access request data package to to save locally on their desktop.

How Does Ethyca Make Data Privacy Management Easier?

Your organization's data privacy responsibilities need to be taken seriously, so you'll need a robust and trustworthy system in place to get the job done right. Ethyca gives you the tools to automate as much privacy management as possible. This lets you save valuable team hours and focus on the bigger privacy picture. Let's take a deeper look at some of the functions that it automates for you.

Data Mapping

Ethyca creates a data inventory, or map, of your business's data flow. Data mapping with Ethyca makes addressing your customer's privacy concerns simple, as it creates a full picture of all of the personal data that your organization holds. It also empowers you to easily craft reports that are vital for regulatory compliance.


Data Subject Request Management

Data Subject Requests are one of the most important parts of modern privacy management. These are requests that your customers make to access their data and erase their data. You can view and respond to all of the Data Subject Requests that your business receives from a single control panel within Ethyca.

When a download request (Subject Access Request) or deletion request (Right to Forget) comes from a customer, Ethyca scans all your internal and external data systems to surface data related to the customer. Once that discovery is done, Ethyca automatically identifies all data for the given user and generates a comprehensive response to any Subject Request.

Record Keeping and Reporting

In line with CCPA regulation, a business shall maintain records of consumer requests and how it responded to the requests for at least 24 months (see: 999.317. Training; Record-Keeping). Similarly, GDPR requires audit trails and logging to demonstrate that personal data is being managed and handled properly. With Ethyca, the necessary components for record keeping are all logged in your reports.


"Do Not Sell" Request Processing

A "Do Not Sell" (or "Do Not Sell My Personal Information") request is an action that can be taken by a person whose data is being processed by your business. Put simply, it gives customers the right to opt-out of the sharing of their personal data. It places an obligation upon your business to not sell or otherwise transfer any of their personal information to another business for monetary or other valuable consideration. Ethyca helps manage these requests for you: when a customer visits your Privacy Center's Consent Management page and opts-out of data sales, their information will not be sold to third parties during future visits to your site.

Have Questions?

An effective privacy management strategy is fundamental for any modern business, and having the right tools to address your customer's data privacy concerns efficiently is crucial. If you have any questions about data privacy management or about using Ethyca's data privacy platform, please feel free to reach out — we'd be happy to help!