Privacy Policy

Elio · Elio Labs Inc. · 1.0 · March 2026

This Privacy Policy describes how Elio Labs Inc.("we," "us") processes personal data in connection with the Elioplatform (the "Service"). If you do not agree, do not use the Service.

1. Data controller

The controller is Elio Labs Inc., as identified in the Service or on our website. To exercise rights (access, rectification, erasure, objection, restriction, portability where applicable), use the same support channel or email indicated in the app.

2. Data we collect

Depending on how you use the Service, we may process:

  1. Account data: identifier, email, name or display name, password hash, preferences, and session-related metadata.
  2. Product usage: chats with agents, prompts, files or attachments you send, and technical logs (IP address, browser type, timestamps) for security and troubleshooting.
  3. Credentials and integrations: when you connect external providers (e.g. Google Gmail, Microsoft 365/Outlook, Intuit QuickBooks), we store OAuth tokens and metadata needed to refresh access, typically encryptedat rest. We do not store those providers' passwords if you use OAuth only.
  4. Billing: if you pay for the Service, our payment processor may receive billing details; we may store subscription identifiers and plan status.

3. Purposes and legal bases (GDPR reference)

We process data to: provide the Service and perform our contract with you; maintain security, prevent abuse, and comply with law; improve and operate the platform; send operational communications about your account; and, where required, marketing with your consent. Bases may include contract, legitimate interests (security, product improvement), or legal obligation.

4. AI providers and subprocessors

To generate responses, the Service may send portions of your messages to third-party model providers (OpenAI, Anthropic, Google, or others you configure). Those providers are governed by their own policies and agreements. Avoid including unnecessary sensitive personal data in prompts.

5. Cookies and local storage

We may use cookies or local storage to maintain sessions (e.g. authentication signals) and preferences. Strictly necessary cookies for core functionality often do not require consent under many laws; analytics or marketing cookies, if used, will depend on your consent where required.

6. Retention

We keep information for as long as needed for the purposes above, unless a longer retention period is required by law. You may request account deletion; some data may be retained in aggregated or anonymized form.

7. Security

We implement reasonable technical and organizational measures (encryption of secrets, access controls, reviews). No system is 100% secure; report suspected incidents through support.

8. International transfers

We may process data on servers in the United States or other regions. If we act as a processor for your organization, standard contractual clauses or other mechanisms may apply as agreed.

9. Your rights

Depending on where you live (EU/EEA, California CPRA, or other laws), you may have additional rights. We will respond within legal timeframes. You may lodge a complaint with your local data protection authority.

10. Children

The Service is not directed at children under 16. If we learn we have collected children's data without a valid basis, we will delete it.

11. Changes to this policy

We will post updates at this URL and revise the version date. Material changes may be communicated by email or in-app notice.

12. Contact

For privacy questions or rights requests, use the contact method shown in the app or on the official Elio website.

Version 1.0 · March 2026