Ethyca Fides
Privacy engineering platform automating DSARs with open-source core and enterprise features.
Vendor Information
Ethyca Fides Overview
Ethyca Fides is a privacy engineering platform using an open-core model that embeds privacy compliance directly into technical infrastructure through Privacy-as-Code. Founded in 2018 by Cillian Kieran and Miguel Burger-Calderon, Ethyca takes an engineering-first approach that integrates with CI/CD pipelines, enabling developers to programmatically manage Data Subject Access Requests (DSAR), consent, and data mapping. The open-source core (Apache 2.0 license) provides self-hosted deployment, while Fides Enterprise offers cloud-hosted deployment with enhanced features, forward-deployed engineering teams, and enterprise support for organizations like New York Times, Mozilla, and Ramp.
The platform uses a machine-readable privacy taxonomy (the Fides language) to unify legal and engineering teams around shared definitions for consent, purpose, and lawful basis. Fides automates end-to-end DSAR fulfillment across hybrid cloud and on-premises environments, provides continuous data discovery and classification with ML-powered detection, orchestrates consent management, and enforces privacy policies in real-time across APIs and AI pipelines. The enterprise tier includes advanced SaaS connector integrations (700+ apps), cloud hosting, dedicated support, and deployment services.
Trusted by leading enterprises across technology, media, and financial services, Ethyca has raised $37.5M from Aspenwood Ventures, AVP, IA Ventures, and prominent angels including Des Traynor (Intercom), Guillermo Rauch (Vercel), Scott Belsky (Adobe), and Kevin Hartz (Eventbrite). The platform is recognized as the world's most widely adopted open-source privacy engineering solution, with 100% year-over-year revenue growth and enterprise customers switching from legacy providers like OneTrust and TrustArc.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Exposes consent management through REST APIs, enabling custom front-end consent experiences without being constrained to the vendor's UI components.
Crawls the site to discover all cookies and tracking technologies in use, categorizes them by purpose (strictly necessary, analytics, marketing), and maintains the cookie declaration.
Stores an immutable record of consent transactions (what consent was given, when, to which version of the privacy notice, from which IP and session), as required for GDPR accountability.
Implements the Interactive Advertising Bureau's Transparency and Consent Framework v2.2, required for CMP certification when serving or participating in programmatic advertising in the EU.
Handles GDPR opt-in, CCPA/CPRA opt-out, LGPD, and other jurisdiction-specific consent regimes from a single implementation, applying the correct consent model based on visitor geolocation.
Discovers personal data processing activities and their associated data flows, systems, and third-party transfers: the foundation for GDPR Article 30 Records of Processing Activities.
Provides structured DPIA workflows with pre-built templates for common processing activities, routing for DPO review, and documentation of risk mitigations.
Assesses third-party processors and sub-processors against GDPR data processing agreement requirements and privacy control standards before data sharing.
Monitors updates to privacy laws and regulatory guidance across jurisdictions and maps changes to affected data processing activities and controls in the program.
Serves compliant cookie consent banners, stores granular consent by category, and integrates with analytics and ad tech platforms to enforce user consent preferences.
Captures, stores, and versions consent records with purpose, legal basis, and timestamp, providing auditable proof of consent for data processing activities.
Automates intake, identity verification, routing to data owners, and fulfillment of GDPR, CCPA, and LGPD data subject requests, access, deletion, portability, and correction.
Handles data subject requests under GDPR, CCPA/CPRA, LGPD, and other privacy laws from a single intake workflow, applying jurisdiction-specific handling rules and response timeframes.
Verifies data subject identity using configurable verification methods (email OTP, ID document check, account authentication), before disclosing or deleting personal data.
Queries connected data sources (CRM, email, databases, SaaS apps) to locate personal data for a given subject, automating the data retrieval step of access and deletion requests.
Tracks regulatory response deadlines (GDPR 30-day, CCPA 45-day) per request, escalates overdue items to named owners, and generates compliance reporting.
Integrations
Compatible tools and platforms
Solution Details
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
Pricing Model
How this solution is priced
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile