Privacy Policy

This Privacy Policy describes how eltee.ai and eltree.app (collectively "we," "us," or "our") collect, use, store, and protect your personal information when you use our AI-powered marketing content creation platform and link-in-bio service (the "Service"). eltree.app is operated under the same entity as eltee.ai, and references to "eltee.ai" throughout this policy shall be understood to include eltree.app. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

We collect several types of information to provide and improve the Service:

Account Information

When you create an account, we collect your email address, name, and any other profile information you choose to provide. Authentication is managed through Supabase Auth.

Content You Upload

We collect and store images, videos, text, audio files, and other media that you upload to the Service for content creation purposes. This includes AI-generated content produced on your behalf.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, browser type, operating system, IP address, and referring URLs.

Payment Information

Payment processing is handled entirely by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We receive and store only a transaction reference, the last four digits of your card, and billing details necessary for invoicing and token allocation.

Social Media Credentials

When you connect social media accounts for automated posting, we collect and store OAuth tokens provided by those platforms. These tokens grant us the permissions you authorize (such as posting on your behalf) and are encrypted at rest.

Cookies

We use cookies and similar technologies to maintain your session, remember your preferences, and collect analytics data. See Section 10 ("Cookies and Tracking") for full details.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Create and manage your account, generate AI-powered marketing content (videos, images, captions, voiceovers), and deliver the features you request.
  • Process Payments: Manage your token balance, process purchases through Stripe, issue receipts, and handle billing inquiries.
  • Post to Social Platforms: Publish content to the social media accounts you have connected and authorized through our social media integration.
  • Improve the Service: Analyze usage patterns, diagnose technical issues, develop new features, and optimize performance.
  • Send Notifications: Deliver transactional emails (account confirmation, password resets, payment receipts), service updates, and — with your consent — promotional communications.
  • Analytics: Understand aggregate usage trends to make data-driven decisions about product development and infrastructure.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on one or more of the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract Performance: Processing is necessary to fulfill our contract with you, including providing the Service, managing your account, and processing payments for token purchases.
  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving the Service, preventing fraud, ensuring platform security, and conducting analytics. We balance these interests against your rights and freedoms.
  • Consent: Where required by law, we rely on your explicit consent for certain processing activities, including sending marketing communications, setting non-essential cookies, and connecting third-party social media accounts.
  • Legal Obligation: Processing is necessary to comply with legal obligations to which we are subject, such as tax reporting, financial record-keeping, and responding to lawful requests from public authorities.

4. Your Rights Under GDPR

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure: You have the right to request the deletion of your personal data, subject to certain exceptions (such as legal record-keeping obligations).
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy or object to processing.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
  • Right to Object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data violates applicable data protection law.

To exercise any of these rights, please contact us at privacy@eltee.ai. We will respond to your request within 30 days, as required by law. We may ask you to verify your identity before processing your request.

5. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions provided by law.
  • Right to Opt-Out of Sale: We do not sell your personal information to third parties. Because we do not engage in the sale of personal information, there is no need to opt out. If this practice ever changes, we will update this policy and provide a clear opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, a different quality of service, or be denied access to the Service for exercising your rights.

To exercise your CCPA rights, please contact us at privacy@eltee.ai. We will verify your identity before processing your request and respond within 45 days, as required by law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Our specific retention periods are as follows:

  • Account Data: Your account information, uploaded content, and associated data are retained for as long as your account remains active. If you delete your account, we will delete or anonymize your account data within 30 days, except where retention is required by law.
  • Payment Records: Transaction records, invoices, and billing information are retained for 7 years after the transaction date, as required by applicable tax and financial regulations.
  • Usage Logs: Server logs, analytics data, and usage records are retained for 90 days, after which they are automatically deleted or aggregated into anonymized statistics.

7. Third-Party Services and Sub-processors

We use the following third-party services to operate and deliver the Service. Each sub-processor has access only to the data necessary to perform its specific function:

  • Supabase (Database and Authentication, EU) -- Stores your account data, content metadata, and application data. Provides authentication services.
  • Stripe (Payment Processing, US) -- Processes all payment transactions. Handles credit card data directly; we do not store full card details.
  • Vercel (Hosting, US) -- Hosts the web application and handles content delivery.
  • OpenAI (AI Captions and Text Generation, US) -- Generates captions, text content, and other AI-powered text outputs on your behalf.
  • Replicate (AI Video Generation, US) -- Generates AI-powered video content based on your inputs.
  • ElevenLabs (AI Voice and Text-to-Speech, US) -- Generates voiceovers and audio content from text.
  • fal.ai (AI Image Generation, US) -- Generates AI-powered images based on your prompts and inputs.
  • Social Media API (Social Media Posting, US) -- Publishes content to your connected social media accounts on your behalf via secure API integrations.
  • Google Analytics (Analytics, US) -- Collects anonymized usage data to help us understand how the Service is used. Subject to your cookie consent preferences.

Each of these providers maintains their own privacy policies and data processing agreements. We encourage you to review their respective privacy policies. We regularly review our sub-processors to ensure they maintain adequate data protection standards.

8. International Data Transfers

Your personal data may be transferred to, stored in, and processed in countries outside of your country of residence, including the United States, where many of our sub-processors are located. These countries may have data protection laws that differ from the laws of your country.

When we transfer personal data from the EEA, the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure your data is protected to the standard required by applicable law.

9. Data Storage and Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it:

  • Encryption at Rest: All stored data, including your account information and uploaded content, is encrypted at rest using industry-standard encryption algorithms.
  • Encryption in Transit: All data transmitted between your browser and our servers, and between our servers and third-party services, is encrypted using TLS (HTTPS).
  • OAuth Token Encryption: Social media OAuth tokens are encrypted before storage and are only decrypted at the moment they are needed for authorized actions.
  • Regular Security Reviews: We conduct regular security reviews of our infrastructure, dependencies, and access controls to identify and address potential vulnerabilities.

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents in accordance with applicable law.

10. Cookies and Tracking

We use cookies and similar tracking technologies on the Service. Below is a summary of the types of cookies we use:

  • Essential Cookies (Always Active): These cookies are strictly necessary for the Service to function. They maintain your authentication session, remember your login state, and enable core features. These cookies cannot be disabled without breaking the Service.
  • Analytics Cookies (With Consent): We use Google Analytics 4 (GA4) to collect anonymized usage data. These cookies are only set after you provide consent through our cookie consent mechanism. You can withdraw consent at any time.
  • Payment Cookies: Stripe may set cookies necessary for secure payment processing and fraud prevention. These are considered essential for completing transactions.

For a complete inventory of cookies used on the Service, including their names, purposes, and expiration periods, please visit our Cookie Policy page.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe that a child under 16 has provided us with personal data, please contact us at privacy@eltee.ai so we can take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you by sending an email to the address associated with your account and by posting the updated policy on this page with a revised "Last updated" date. We encourage you to review this policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.

Last updated: March 2026