Privacy Policy

Last updated 6th May 2026.

Ekso Inc. (“Ekso”, “we”, “us”) publishes this Privacy Policy to describe how we handle personal information.

What this Policy covers

This Policy applies to two distinct things:

• The Website — ekso.app and its commerce, marketing, and support functions (sign-ups, demo requests, license purchases, contact forms, blog).
• The Software — Ekso, which you install and operate on your own infrastructure under a separate Terms of Service.

Because the Software is self-hosted, your operational data — tickets, time entries, documents, financial records, AI conversations, anything entered into Ekso — stays on the infrastructure you control. Ekso Inc. has no visibility into and no access to that data. This Policy does not apply to it; your own internal privacy policy does.

What follows describes only the personal information we collect through the Website.

Information we collect via the Website

We collect personal information when you choose to provide it: name, email address, company, role, billing address, payment instrument, and any free-text you include in forms. We also collect navigational information automatically: IP address, browser type, referrer, pages viewed, and approximate geographic location derived from IP.

We collect the following categories:

• Name
• Email address
• Company name and role (when provided)
• Credit/debit card information (collected by our payment processor — see “Service providers” below)
• Billing address
• IP address and approximate geo-location, collected automatically

How we use it

We use personal information to:

• Issue, deliver, and renew Ekso software licenses you have purchased.
• Respond to demo requests, sales enquiries, and contact-form submissions.
• Send service emails (license keys, renewal notices, security advisories).
• Send marketing communications you have opted in to. You can unsubscribe at any time using the link in any marketing email.
• Operate, secure, and improve the Website (analytics, fraud prevention, accessibility).

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

Sensitive information

We do not collect Social Security numbers, government identifiers, health information, or similar sensitive categories. The only category that approaches “sensitive” is payment-card data, which is handled exclusively by our PCI-compliant payment processor — we never see or store full card numbers.

Service providers

We use the following service providers to operate the Website. Each is contractually bound to use personal information only as required to provide services to us:

• Cloudflare — Website hosting, CDN, DNS, and edge compute (Workers, Hyperdrive).
• Supabase — database, authentication, and Edge Functions for license issuance and account management.
• Stripe — payment processing for license purchases.
• GitHub — source code hosting and issue tracking for the Software.

We do not transmit any data from your self-hosted Ekso instance to these providers.

Cookies and navigational information

The Website uses cookies and similar technologies to remember your preferences, manage authenticated sessions on commerce pages, and measure aggregate usage. You can configure or disable cookies in your browser; some Website features may not work if you do. See our Cookie Policy for details.

Children

The Website is not intended for and not directed to children under 15. We do not knowingly collect personal information from children under 15. If you believe we have collected information about a child under 15, please contact privacy@ekso.app and we will delete it.

Your rights

You have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of your information (subject to legal retention obligations such as tax records).
• Object to or restrict certain processing activities.
• Receive your information in a portable format.
• Opt out of marketing communications at any time.

Email privacy@ekso.app to exercise any of these rights. We will respond within 30 days.

Retention

We retain personal information only as long as necessary to provide the Website’s services to you, fulfil contractual obligations (e.g. license issuance and renewal), comply with legal requirements (e.g. tax records), and resolve disputes. When information is no longer needed, we securely delete it.

International transfers

Our service providers operate globally. Personal information may be transferred to and processed in countries other than your own, including the United States and the European Union. Where required, we rely on appropriate transfer safeguards (Standard Contractual Clauses or equivalent).

Security of personal information

We protect personal information using technical and organisational measures appropriate to the risk: TLS for transmission, encrypted storage at our service providers, access controls, and regular review of operational practices. No system is 100% secure; if you believe your information may have been compromised, contact security@ekso.app.

Data Protection Officer

Our Data Protection Officer can be reached at privacy@ekso.app.

Changes to this Policy

We may update this Policy from time to time. Material changes will be announced on this page and, where you have an active license or account, by email to the address on file. Your continued use of the Website after the updated Policy takes effect constitutes acceptance.

Contact

Questions about this Policy or our handling of personal information: privacy@ekso.app.