Privacy Policy

Effective Date: March 10, 2026 · Last Updated: March 10, 2026

Our Commitment to Privacy

Ethical Capital LLC (“Ethical Capital,” “we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of our clients’ personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our client portal, submit information through online forms, or engage our investment advisory services.

This policy is designed to comply with the Gramm-Leach-Bliley Act (GLBA), the FTC Privacy Rule (16 C.F.R. §313), the FTC Safeguards Rule (16 C.F.R. §314), the Investment Advisers Act of 1940, Utah state securities regulations, and applicable federal and state privacy laws.

Information We Collect

Personal Information

When you engage our services, use our website, or interact with our client portal, we may collect:

Identity information: Name, address, phone number, email address, and date of birth. Social Security numbers are entered directly by clients into Altruist Financial LLC (our qualified custodian) for account-opening purposes; Ethical Capital does not collect, receive, or store Social Security numbers.

Financial information: Investment accounts, income, net worth, investment objectives, and risk tolerance.

Professional information: Employment details, employer information, and professional designations.

Communication records: Records of phone calls, emails, meetings, and messages sent through our website or client portal.

Website and portal usage data: IP address, browser type, device information, operating system, pages visited, time spent on site, referring URLs, login timestamps, session duration, and actions taken within the client portal.

Authentication data: Login credentials, multi-factor authentication information, and, if you use social login (such as Google or Apple), the identity information those providers share with us (typically your name, email address, and profile image). We do not receive or store your password from any third-party identity provider.

Form submissions: Information you provide through forms on our website, including contact forms, onboarding questionnaires, and other intake forms.

Community notes: Content you submit as community notes on our research pages, along with associated metadata (submission timestamp, display name).

How We Collect Information

Directly from you: Through forms hosted on our website, through our client portal, through our electronic signature platform, through community note submissions, and through consultations, emails, phone calls, and other ongoing communications.

From identity providers: If you choose to authenticate using a third-party identity provider (such as Google or Apple), we receive limited profile information from that provider to verify your identity and grant portal access. We receive only the information you authorize the provider to share, and we do not request or receive access to your contacts, files, or other account data held by the provider.

From other third parties: With your consent, from custodians, other financial advisors, or service providers.

Automatically: Through cookies, analytics tools, and server logs when you visit our website or use the client portal.

Public sources: Information available in public records or databases.

How We Use Your Information

Primary Uses

Investment management: To provide personalized investment advice and portfolio management services.

Account administration: To open accounts, process transactions, maintain records, and coordinate with custodians.

Client portal operations: To authenticate your identity (including via social login), display relevant account and relationship information, deliver documents, and facilitate secure communication.

Communication: To respond to inquiries, provide ongoing service, and deliver documents electronically (with your consent).

Compliance and recordkeeping: To meet regulatory requirements, maintain required records under SEC Rule 204-2 (as incorporated by the Utah Division of Securities), archive communications, and conduct required reporting.

Service improvement: To enhance our services, improve website and portal functionality, and develop new offerings.

Security: To detect, prevent, and respond to fraud, unauthorized access, or other security threats, including monitoring portal access patterns and authentication attempts.

Research operations: To maintain and update our exclusion database, conduct ethical screening research, and publish educational content about our methodology.

Legal Basis for Processing

We process your information based on: contractual necessity (to fulfill our advisory agreement with you), legal obligation (to comply with securities regulations and other legal requirements), legitimate interest (to operate our business, maintain security, and improve our services), and consent (for marketing communications, social login, and certain website features).

Information Sharing and Disclosure

Categories of Service Providers

We may share your nonpublic personal information with the following categories of service providers, each of which is contractually required to maintain the confidentiality of your information under 16 C.F.R. §313.13:

Qualified custodians: Altruist Financial LLC and Charles Schwab & Co., Inc. hold client assets and process transactions on our behalf.

Electronic signature provider: We use an electronic signature platform to execute advisory agreements and related documents. This provider processes client names, email addresses, and the content of documents you sign.

Technology and data hosting providers: We use cloud-based infrastructure and database services to securely store and process client information, maintain our client portal, and operate our website. These providers maintain physical and logical security controls and process data on our behalf under contractual confidentiality obligations.

Identity providers: If you use social login, your chosen identity provider (such as Google or Apple) transmits limited profile information to us for authentication purposes. We do not share your financial or account information back to these providers.

Analytics providers: We use analytics services to understand how visitors use our website and client portal. These services collect information about browsing behavior, which may include IP addresses and device identifiers. See “Cookies and Tracking” below for more detail.

AI and data processing vendors: We use artificial intelligence tools that may process client nonpublic personal information in connection with our operations. These include Google Workspace (Google LLC) for business communications and document processing, Anthropic for AI-assisted drafting and analysis, and DeepInfra for research-related embedding and data processing. All such providers maintain SOC 2 certification and are contractually required to maintain confidentiality and to process data solely as directed by us.

We use artificial intelligence tools to transcribe and analyze client meeting recordings for the purpose of maintaining accurate records and improving service. These tools process audio recordings and their transcripts, which may contain nonpublic personal information including your name, financial details, and investment objectives. Providers of these tools are contractually required to maintain confidentiality and to process data solely on our behalf.

Professional advisors: Your CPA, attorney, or other advisors, with your consent.

We Do Not

We do not sell personal information to third parties. We do not share information for marketing purposes without consent. We do not provide information to unrelated parties for their commercial use. We do not disclose information unless required by law or with your explicit consent.

Disclosures Required by Law

We may disclose your information to regulatory authorities when required by law or regulation, and in response to court orders or legal process. We may also disclose information in connection with a merger, acquisition, or sale of assets, in which case we will notify affected clients.

Data Security

Security Measures

We implement comprehensive security measures to protect your information:

Encryption: All data transmitted through our website and client portal is encrypted using SSL/TLS. Sensitive data is encrypted at rest in our database systems.

Access controls: Strict access limitations based on job function and need-to-know. Client portal access requires unique credentials and multi-factor authentication.

Infrastructure security: Our website and data systems are hosted on infrastructure with enterprise-grade physical and network security controls. We maintain security configurations and access controls on all systems under our management.

Authentication security: If you use social login, authentication is handled by the identity provider using industry-standard OAuth 2.0 protocols. We receive only an authentication token and authorized profile information; we never see or store your identity provider password.

Regular updates: Security systems and software are regularly updated and patched.

Vendor security: We require service providers with access to client information to maintain appropriate security measures and undergo periodic review.

Data Retention

We retain personal information for as long as necessary to provide ongoing advisory services, comply with legal and regulatory requirements (including the recordkeeping requirements of SEC Rule 204-2 as incorporated by the Utah Division of Securities), resolve disputes, and enforce agreements.

Records are generally retained for a minimum of five years after account closure, with the first two years in an easily accessible format, or longer as required by law. Electronically signed documents and their associated audit trails are retained for the same period, independently of any third-party platform. Portal activity logs are retained for five years. Website analytics data is retained in aggregate form and is not linked to individual client identities after 26 months.

If you use social login and subsequently disconnect your identity provider account, we retain any information previously received from the provider for the same periods described above, but we will no longer receive updated information from the provider.

Data Breach Notification

In the event of a security breach involving your personal information, we will notify you and applicable regulatory authorities as required by the Utah Data Breach Notification Act (Utah Code §13-44-101 et seq.) and any other applicable laws.

Your Rights and Choices

Access and Correction

You have the right to access the personal information we maintain about you, request correction of inaccurate information, and update your contact preferences and communication settings. You may exercise these rights by contacting us using the information provided below.

Electronic Delivery Preferences

If you have consented to electronic delivery of records, you may withdraw that consent at any time as described in your Consent to Use Electronic Signatures and Electronic Records. Withdrawal of consent will not affect the validity of records previously delivered electronically.

Social Login

If you authenticate using a third-party identity provider, you may revoke our access at any time by disconnecting the integration in your identity provider’s account settings or by contacting us to request an alternative authentication method. Revoking social login access does not delete information previously received from the provider.

Marketing Communications

You may opt out of marketing emails by clicking unsubscribe links or by contacting us directly. You will continue to receive service-related communications as necessary for the administration of your advisory relationship.

Data Portability

Upon reasonable request, we can provide your information in a structured, commonly used format to facilitate transfer to another adviser.

Website and Portal Privacy

Cookies and Tracking

Our website uses cookies and similar technologies to remember your preferences and settings, analyze website traffic and usage patterns, improve website functionality and user experience, authenticate client portal sessions (including social login sessions), and provide personalized content when appropriate.

We use analytics services to understand how visitors interact with our website. These services may collect information such as your IP address, browser type, pages visited, and time spent on specific pages. This information is used in aggregate to improve our website and is not used to identify individual visitors for marketing purposes.

You may control cookie preferences through your browser settings. Disabling cookies may affect website functionality, including the ability to log into the client portal.

Client Portal Data

When you use the client portal, we collect additional information including login timestamps and authentication method used (direct login or social login provider), session duration, IP addresses used to access the portal, pages and features accessed within the portal, and documents viewed or downloaded. This information is collected for security monitoring, compliance recordkeeping, and service improvement purposes and is treated as nonpublic personal information under GLBA.

Third-Party Links

Our website and client portal may contain links to external sites, including our qualified custodian(s) and, if you use social login, your identity provider. We are not responsible for the privacy practices of external websites and encourage you to review their privacy policies. When you navigate to a third-party site, including through the client portal, you are leaving our website and your interactions with that platform are governed by its own terms and privacy policy.

Special Protections

Financial Information

We provide additional protections for financial account information and maintain compliance with the Gramm-Leach-Bliley Act and the FTC Safeguards Rule (16 C.F.R. §314).

Investment Preferences

Information about your values-based investment criteria is treated as confidential client information subject to our highest privacy standards.

Children’s Privacy

Our services are not directed to individuals under 18 years of age, and we do not knowingly collect personal information from children. If you become aware that a child has provided personal information to us, please contact us immediately.

International Transfers

While we primarily serve U.S. clients, some of our service providers may process data in facilities located outside the United States. When personal information is transferred internationally, we ensure appropriate safeguards are in place, including contractual confidentiality provisions, to protect your information.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify clients of material changes through email notifications to active clients, prominent notices on our website, updates in the client portal, and updates in regular client communications. The effective date at the top of this page reflects the most recent revision.

State-Specific Privacy Rights

California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights including the right to know what personal information we collect and how it is used, the right to request deletion of personal information (subject to legal and regulatory requirements), and the right to non-discrimination for exercising privacy rights. Note that GLBA-covered information may be exempt from certain CCPA provisions.

Other States

We comply with applicable state privacy laws and will honor similar rights where required by law.

Contact Information

Privacy Questions and Requests

For questions about this Privacy Policy or to exercise your privacy rights:

Privacy Officer Ethical Capital LLC 90 N 400 E Provo, UT 84606 Phone: +1 347 625 9000 Email: privacy@ethicic.com

Complaints

If you believe your privacy rights have been violated, you may contact us directly using the information above, file a complaint with the Utah Division of Securities, file a complaint with the Federal Trade Commission, or contact other applicable regulatory authorities.

This Privacy Policy applies to information collected through our website (including the client portal, online forms, and community notes) and in connection with our investment advisory services. It should be read in conjunction with our Terms of Use, our Important Disclosures, our client agreements, our Consent to Use Electronic Signatures and Electronic Records, and our Form ADV disclosure documents.

Ethical Capital LLC is a state-registered investment adviser registered with the Utah Division of Securities. Registration does not imply a certain level of skill or training.

Last updated: March 10, 2026