1. Introduction
Welcome to Elystrumcore.ai ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI orchestration platform and related services.
This policy applies to all information collected through our website, applications, and services (collectively, the "Services"). By using our Services, you consent to the data practices described in this policy.
2. Information We Collect
2.1 Information You Provide to Us
We collect information that you voluntarily provide when using our Services:
- Account Information: Name, email address, company name, job title, phone number
- Profile Data: User preferences, settings, and customization choices
- Payment Information: Billing details (processed securely by third-party payment processors)
- Communications: Messages, feedback, and support inquiries
- Content: Data you upload, create, or process using our AI services
2.2 Information Collected Automatically
When you access our Services, we automatically collect certain information:
- Usage Data: Pages visited, features used, time spent, interaction patterns
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Server logs, error reports, performance metrics
- Cookies and Tracking: See our Cookie Policy for details
- Location Data: General geographic location based on IP address
2.3 Information from Third Parties
We may receive information from:
- Authentication services (Google, Microsoft, GitHub)
- Analytics providers
- Marketing partners
- Public databases and social media platforms
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery and Improvement
- Provide, operate, and maintain our Services
- Process your requests and transactions
- Personalize your experience
- Develop new features and improve existing ones
- Analyze usage patterns and optimize performance
3.2 Communication
- Send service-related notifications and updates
- Respond to your inquiries and support requests
- Send marketing communications (with your consent)
- Provide important security and policy updates
3.3 Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations and law enforcement requests
- Enforce our Terms of Service and policies
- Protect the rights and safety of our users
3.4 Legal Basis for Processing (GDPR)
For users in the European Union, we process your data based on:
- Contract Performance: To fulfill our contractual obligations
- Consent: Where you have given explicit permission
- Legitimate Interests: For business operations and improvements
- Legal Compliance: To meet regulatory requirements
4. Data Sharing and Third Parties
We do not sell your personal information. We may share your information with:
4.1 Service Providers
- Cloud Infrastructure: Google Cloud Platform, AWS (data processing)
- Payment Processing: Stripe, PayPal (payment transactions)
- Analytics: Google Analytics, Mixpanel (usage analysis)
- Communication: SendGrid, Twilio (email and SMS)
- Support: Zendesk, Intercom (customer support)
4.2 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
4.3 Legal Requirements
We may disclose your information when required by law or to:
- Comply with legal processes and government requests
- Enforce our Terms of Service
- Protect our rights, property, or safety
- Investigate fraud or security issues
4.4 With Your Consent
We may share your information with third parties when you have given us explicit permission to do so.
5. Your Rights and Choices
5.1 GDPR Rights (European Union Users)
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Revoke consent at any time
5.2 CCPA Rights (California Residents)
- Right to Know: What personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
5.3 PIPEDA Rights (Canadian Residents)
- Right to Access: Access your personal information we hold
- Right to Correction: Challenge the accuracy of your information
- Right to Withdraw Consent: Withdraw consent for data collection
- Right to Complain: File a complaint with the Privacy Commissioner of Canada
5.4 Exercising Your Rights
To exercise any of these rights, please contact us at:
- Email: privacy@elystrumcore.ai
- Online Form: Submit Privacy Request
- Response Time: We will respond within 30 days
5.5 Marketing Communications
You can opt out of marketing emails by clicking "Unsubscribe" in any marketing email or by updating your preferences in your account settings.
6. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access with multi-factor authentication
- Regular Audits: Security assessments and penetration testing
- SOC 2 Type II: Certified for security, availability, and confidentiality
- Incident Response: 24/7 monitoring and rapid response protocols
- Data Backup: Regular backups with disaster recovery procedures
While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
7. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
7.1 Transfer Safeguards
- Standard Contractual Clauses: EU-approved data transfer mechanisms
- Data Processing Agreements: With all third-party processors
- Privacy Shield: Adherence to applicable frameworks
- Canadian Data Residency: Option to store data in Canadian data centers
8. Children's Privacy
Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification to registered users
- Prominent notice on our website
- In-app notification
Your continued use of our Services after changes take effect constitutes acceptance of the updated policy.
10. Contact Information
For questions, concerns, or requests regarding this Privacy Policy, please contact us:
Privacy Team
Email: privacy@elystrumcore.ai
Data Protection Officer
Email: dpo@elystrumcore.ai
Mailing Address
Elystrumcore.ai Inc.
Privacy Department
Calgary, Alberta, Canada
T2P 5E1
Regulatory Authorities
Canada: Office of the Privacy Commissioner of Canada
EU: Your local Data Protection Authority
California: California Attorney General