This policy explains what data Elastly collects, why we collect it, and the choices you have. We keep it in plain language because trusting us with your pricing data is a serious thing, and you deserve to understand exactly how we handle it.
1. Overview
Elastly, Inc. ("Elastly", "we", "us") provides an AI pricing platform for retailers, manufacturers, and distributors. This policy applies to our website and product. When we process data on behalf of a customer under a services agreement, that customer is the data controller and we act as a processor.
2. Information we collect
- Account data — name, work email, company, and role when you sign up or request a demo.
- Customer data — product, cost, sales, and competitor data you connect so we can produce recommendations.
- Usage data — how you interact with the product, captured to keep it reliable and improve it.
- Device & log data — IP address, browser, and timestamps collected automatically for security.
3. How we use it
We use data to provide and secure the service, generate and explain pricing recommendations, communicate with you, meet legal obligations, and improve our models and product. We do not sell your personal data, and we never use one customer's data to benefit another.
4. Legal bases
Where the GDPR applies, we rely on: performance of a contract (to deliver the service), legitimate interests (to secure and improve it), consent (for optional cookies and marketing), and legal obligation (to comply with applicable law). You may withdraw consent at any time.
5. Sharing & disclosure
We share data only with vetted sub-processors (such as cloud hosting and analytics providers) under contract, with your consent, or where required by law. A current list of sub-processors is available on request. We require all sub-processors to meet confidentiality and security standards consistent with this policy.
6. Data retention
We keep personal data only as long as needed for the purposes above or as required by law. When a customer ends their subscription, we delete or anonymize associated customer data within 30 days, unless a longer period is legally required.
7. Security
Elastly is SOC 2 Type II certified. We encrypt data in transit and at rest, enforce least-privilege access, and run continuous monitoring. No system is perfectly secure, but we work hard to protect your data and will notify affected customers promptly in the event of a breach.
8. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us using the details below. We will respond within the time required by applicable law.
9. International transfers
We may process data in countries other than your own. Where we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses. Enterprise customers can request regional data hosting.
10. Cookies
We use essential cookies to run the site and optional cookies for analytics and marketing. You can change your choices at any time from the cookie preferences control in the footer of any page.
11. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you. Continued use of the service after an update means you accept the revised policy.
12. Contact us
Questions about this policy or your data? Reach our privacy team at privacy@elastly.io. You also have the right to lodge a complaint with your local data protection authority.