Privacy Policy

Last Updated: 7th of July, 2025

This Privacy Policy describes how EltegraAI ("EltegraAI", "we", "our", "us") collects, uses, ,secures, processes and discloses information when you visit and interact with our website https://www.eltegra.ai/ (the "Website"), use our services, download materials, or contact us. It complies with global regulatory standards including the GDPR, CCPA/CPRA, and PIPEDA.

What is Covered by This Privacy Policy

This Privacy Policy applies to all processing of Personal Data collected by EltegraAI through our Website, including when you:

  • Visit and browse our Website

  • Participate in or request demos and trials or downloadable materials

  • Contact us via email, phone, or contact forms

  • Apply for employment opportunities with candidate job applications

  • Use our customer portal or platform services, customer support and communication channels

  • Interact with data processed on behalf of EltegraAI's customers (where we act as a data processor)

This policy also applies to personal data processed on behalf of our customers in connection with platform services, including data of end users, testers, and third-party participants. In such cases, EltegraAI serves as a data processor, and our customers act as data controllers under applicable laws (e.g., GDPR Article 4) legal. 

Information We Collect

Personal Information

We collect information that you provide directly to us, including:

  • Contact Information: Name, email address, phone number, company name, job title

  • Account Credentials: Username, encrypted passwords (following NIST SP 800-63B guidelines)

  • Company Information: Organization details, industry, company size

  • Communication Data: Messages, support requests, demo requests and history

  • Employment Information: Personal Profiles, Preferences, Resume data, application materials (when applying for positions)

  • Usage Preferences: Platform settings, feature preferences

Important: We do not collect any special or sensitive categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, or biometric data).

Technical Data

We automatically collect certain technical information when you use our Website:

  • Log Data: IP addresses, browser type and version, operating system

  • Analytics Data: Page views, session duration, referral sources

  • Device Information: Screen resolution, device type, browser settings

  • Platform Usage Statistics: Feature usage, performance metrics (for platform users)

  • Security Monitoring Data: Access logs, authentication attempts, suspicious activity alerts

Cookies and Tracking Technologies

Our Website uses cookies and similar technologies:

  • Essential Cookies: Required for Website functionality and security

  • Analytics Cookies: Google Analytics for understanding Website usage

  • Performance Cookies: To optimize Website performance and user experience

You can manage and control your cookie preferences through your browser settings or through our website's cookie management centre (insert link). More information on how to manage cookies in your browser can be found at:

  • Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences/

  • Microsoft Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

  • Google Chrome: https://support.google.com/chrome/answer/95647

  • Safari: https://support.apple.com/guide/safari/sfri11471/mac

  • Opera: https://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/

Please note that disabling some types of cookies may affect your experience on our Website and limit access to certain features. These cookie policies align with GDPR/CPRA requirements for active cookie preference management.

How We Use Your Information

We process your information for the following business purposes:

Service Provision and Platform Operations

  • Providing and maintaining our software testing and quality assurance platform

  • Processing demo requests and providing downloadable materials

  • Managing user accounts and authentication (with encrypted credentials) to ensure account security

  • Delivering customer support and technical assistance

  • Fulfilling legal and regulatory obligations

  • Conducting analytics and user experience improvements

  • Sending notices, updates and -with consent-marketing messages.

Security and Compliance

  • Data Protection: Implementing SOC 2 Type 2 certified security measures

  • Fraud Prevention: Monitoring for unauthorized access and suspicious activities

  • Incident Response: Managing security incidents according to our Data Breach Notification Policy

  • Access Control: Enforcing role-based access controls and audit logging

Business Operations

  • Processing employment applications and candidate communications

  • Improving and personalizing user experience through analytics

  • Conducting business development and partnership activities

  • Ensuring regulatory compliance with applicable laws

Communications

  • Sending administrative notifications and system updates

  • Responding to inquiries and support requests

  • Providing security alerts and important notices

  • Marketing communications (with your consent, where required)

Data Security and Protection

EltegraAI implements comprehensive security measures aligned with our Information Security Policy:

Technical Safeguards

  • Encryption: All data  with end to end encryption at rest and in transit using industry-standard protocols

  • SOC 2 Type 2 Certification and ISO 27001 Compliance: Independently verified security controls

  • Multi-layered Security: Firewalls, intrusion detection, and continuous monitoring

  • Access Controls: Role-based permissions with regular access reviews and audit logs

  • Secure Infrastructure: AWS cloud hosting infrastructure with layered monitoring and additional security hardening

Operational Security

  • Background Checks: All employees with data access undergo thorough screening

  • Security Training: Regular cybersecurity awareness training for all personnel

  • Incident Management: 24/7 monitoring with defined incident response procedures

  • Vulnerability Management: Regular penetration testing and security assessments

Physical Security

  • Data Centers: Biometric access control and 24/7 security monitoring

  • Clean Desk Policy: Secure handling of physical documents containing sensitive information

  • Secure Disposal: DOD-standard data sanitization for equipment disposal

Data Sharing and Third Parties

We may share your limited data in the following circumstances:

Trusted Service Providers and Business Partners

  • Cloud Infrastructure: AWS and other certified service providers for secure hosting

  • Analytics Services: Google Analytics (with appropriate data processing agreements)

  • Communication Tools: Email services and customer support platforms

  • Security Vendors: Cybersecurity service providers for monitoring and protection

Legal and Regulatory Authorities When Required

  • Compliance Obligations: When required by law, regulation, or court order

  • Law Enforcement: In response to a valid legal process

  • Regulatory Authorities: As required for industry compliance (GDPR, CCPA, etc.)

Business Transfers

  • Mergers and Acquisitions: During business transactions, with appropriate safeguards

  • Due Diligence: For potential business partnerships (under confidentiality agreements)

We do not sell your personal information to advertisers or other third parties.

Your Privacy Rights and Choices

You have the following rights regarding your personal information. You may request:

Access and Control

  • Access: Request copies of your personal information and data

  • Correction: Update or correct inaccurate data

  • Deletion: Request deletion of your data (subject to legal restrictions and obligations)

  • Portability: Export your data in a structured format

  • Restriction: Limit processing of your information in certain circumstances

Communication Preferences

  • Marketing Opt-out: Unsubscribe from marketing communications

  • Notification Preferences: Manage security and administrative alerts

  • Cookie Controls: Adjust cookie preferences through browser settings

How to Exercise Your Rights

Contact us at privacy@eltegra.ai to submit requests regarding your personal information. We will respond within 30 days and may require identity verification for security purposes. For certain requests, we may ask you to provide additional information to verify your identity and ensure data security per GDPR requirements.

International Data Transfers

We may transfer your data to servers located outside your country of residence. We ensure appropriate safeguards through:

Transfer Mechanisms

  • Standard Contractual Clauses: EU-approved data transfer agreements

  • Data Processing Agreements: Binding privacy commitments with processors

  • Regional Data Storage: Options for data localization where available

  • Privacy Shield Frameworks: Where applicable and available

Geographic Locations

Data may be stored and processed in the United States, European Union, and other regions and jurisdictions where we or our service providers operate, always with appropriate or equivalent privacy protections.

Data Retention

We retain your information based on the following criteria:

Retention Periods

  • Account Data: For the duration of your account plus one (1) year after closure

  • Website Analytics: Up to 26 months for aggregate analytics data

  • Communication Records: Three (3) years for business communications

  • Employment Applications: Two (2) years for recruitment records

  • Security Logs: Seven (7) years for audit and compliance purposes

Extensions are subject to legal holds approved by the DPO or legal counsel.

Data Deletion Procedures

When retention periods expire, we securely delete data in accordance with our Technology Equipment Disposal Policy, which requires DOD-standard data sanitization. Data deletion events are logged for audit purposes.

Legal Holds

Retention periods may be extended by the Data Protection Officer or legal counsel to comply with legal obligations, regulatory investigations, or litigation holds

Incident Management and Breach Notification

In accordance with our Data Breach Notification Policy, we follow our Incident Response Plan with:

Response Procedures

  • Immediate Assessment: Rapid evaluation of incident scope and impact

  • Containment: Immediate measures to prevent further unauthorized access

  • Investigation: Thorough forensic analysis of root causes and affected data

  • Notification: Timely communication and notification to affected individuals and authorities

  • Updates : We provide detailed updates and support for any incident or breach 

Your Rights During Incidents

  • Prompt Notification: We will notify you of breaches affecting your data

  • Clear Information: Details about the incident, affected data, and protective measures

  • Support: Assistance and guidance for protective actions you can take

Children's Privacy

Our services are not intended for individuals under 13 years of age. We do not knowingly collect or maintain information or data from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly. Parents may request deletion by contacting us at privacy@eltegra.ai  and submitting requests regarding their minor children. We comply with COPPA.

Platform-Specific Privacy Considerations

Demo and Trial Accounts

  • Limited Data Collection: Only necessary information for demo functionality

  • Secure Environment: Isolated demo environments with restricted data access

  • Automatic Cleanup: Demo data deleted after the trial period expires

Downloadable Materials and Resources

  • Registration Requirements: Basic contact information for resource access

  • Usage Tracking: Analytics on resource downloads and engagement

  • Content Security: Materials protected against unauthorized distribution

Customer Portal and Platform Services

  • Enhanced Security: Additional authentication requirements for platform access

  • Audit Logging: Comprehensive activity logs for compliance and security

  • Data Segregation: Customer data isolated in dedicated environments

Compliance Framework

EltegraAI complies with:

Privacy Regulations

  • GDPR: European Union General Data Protection Regulation

  • CCPA: California Consumer Privacy Act

  • CPRA: California Privacy Rights Act

  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)

  • State Privacy Laws: Applicable U.S. state privacy regulations

Industry Standards

  • SOC 2 Type 2: Security, availability, and confidentiality controls

  • ISO 27001: Information security management standards

  • NIST Framework: Cybersecurity framework implementation

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by:

Notification Methods

  • Website Notice: Prominent display on our Website

  • Email Notification: Direct communication to registered users

  • Platform Alert: In-app notifications for platform users

  • Version Control: Clear indication of policy version and effective date

Your Continued Use

Your continued use of our Website and services after policy changes constitutes acceptance of the updated terms.

Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Privacy Contact

  • Email: privacy@eltegra.ai

  • Mail: Eltegra, Inc., 5727 Clarendon, Naples, FL, 34113, USA

Data Protection Officer

For EU-related inquiries, you may also contact our Data Protection Officer through the privacy email address above.

This Privacy Policy was last updated on July 7, 2025. Your continued use of our services after any changes to this Policy constitutes acceptance of those changes.