Your trust matters to us.

1. Information We Collect

We collect information you provide directly to us, information from third-party services you connect, and technical information about your use of our service.

Account Information

When you create an Elevato account, we collect your email address, name, and password. We use this information to create and manage your account, authenticate you, and communicate with you about our services.

Content and Workspace Data

We store content you create within Elevato, including draft posts, scheduled content, preferences, and settings. This data is stored to provide our core functionality and allow you to access your work across devices.

Third-Party Service Data

When you connect third-party social media accounts to Elevato, we access and store information necessary to provide our services, such as account identifiers, profile information, and content you authorize us to publish. This data is accessed only with your explicit consent through the third-party service's authorization process.

Usage and Technical Information

We automatically collect information about how you use Elevato, including device information, IP address, browser type, and usage patterns. We use this data to improve our services, diagnose technical issues, and ensure security.

Payment Information

Payment processing is handled by third-party payment processors (LemonSqueezy). We do not store your full payment card details. We only receive and store payment confirmation and subscription status information.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your transactions and manage your subscription
• Send you service-related communications, including updates, security alerts, and support messages
• Respond to your inquiries and provide customer support
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms of service
• Analyze usage patterns to improve our service quality and user experience

We do not use your information for advertising purposes, nor do we sell your personal data to third parties.

3. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We share your information only in the following circumstances:

Service Providers

We work with trusted service providers who assist us in operating our service, such as hosting providers (Supabase, Vercel), payment processors (LemonSqueezy), and email services (Resend). These providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit using HTTPS/TLS and encrypted at rest in our databases
• Access Controls: Access to personal data is restricted to authorized personnel who need it to perform their job duties
• Authentication: Secure authentication mechanisms protect your account
• Regular Security Reviews: We conduct regular security assessments and updates
• Infrastructure: We rely on trusted cloud providers with strong security practices

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we work diligently to protect your data.

5. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this privacy policy, unless a longer retention period is required by law.

• Account Data: Retained while your account is active and for a reasonable period after account closure to comply with legal obligations
• Content Data: Retained while your account is active. You can delete your content at any time
• Third-Party Service Data: Deleted immediately upon disconnection of the third-party service or account deletion
• Usage Data: Aggregated and anonymized usage data may be retained indefinitely for analytics purposes

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to your personal information we hold
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request a copy of your data in a structured, machine-readable format
• Restriction: Request restriction of processing of your personal information
• Objection: Object to processing of your personal information for certain purposes
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@getelevato.com. We will respond to your request within 30 days.

You can also manage much of your information directly through your Elevato account settings, including disconnecting third-party services and deleting your content.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer your information internationally, we implement appropriate safeguards, including:

• Standard contractual clauses approved by relevant data protection authorities
• Ensuring the receiving country has adequate data protection laws
• Other legally recognized transfer mechanisms

By using our service, you consent to the transfer of your information as described in this policy.

8. Children's Privacy

Elevato is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@getelevato.com.

9. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you of material changes by email or through a prominent notice in our service
• Post the updated policy on this page

Your continued use of our service after changes become effective constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your account and stop using our service.

10. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: privacy@getelevato.com

Data Controller: Elevato

If you are located in the European Economic Area (EEA) or United Kingdom, you also have the right to lodge a complaint with your local data protection authority.