Privacy Policy

1. Overview

Elo ("Elo," "we," "us," or "our") operates the sales intelligence platform available at tryelo.com and the EloAI Chrome extension for Gmail and LinkedIn (together, the "Platform"). This Privacy Policy describes how we collect, use, disclose, and protect information about users of the Platform, including individual subscribers and enterprise teams.

By accessing or using the Platform — including our website, web app, and Chrome extension — you agree to the practices described in this policy. If you are using Elo on behalf of an organization, you represent that you have authority to bind that organization to these terms.

2. Data We Collect

We collect information in three ways: data you provide directly, data generated through your use of the Platform (website and extension), and data we ingest from public or licensed third-party sources to power intelligence features.

2a. Account & Profile Data

• Name, work email address, and password (hashed, never stored in plain text)
• Company name, job title, and role within your sales team
• Seller profile information you choose to enter (past employers, education, locations, LinkedIn profile URL) used to power personalization features such as Common Ground
• Billing information, processed and stored by our payment processor (Stripe) — we do not store full card numbers

2b. Usage & Behavioral Data

• Features accessed, searches performed, and accounts researched within the Platform
• Gmail metadata accessed through the Chrome extension (sender email address, timestamp) to identify prospects — we do not read, store, or transmit the body of your emails
• Extension interaction data such as which intelligence panels you open, filters applied, and whether you accept inline writing suggestions
• Log data: IP address, browser type, operating system, referral URL, and session activity

2c. Prospect & Intelligence Data (Public / Licensed Sources)

To deliver sales intelligence, Elo aggregates and processes data about companies and business professionals from publicly available and licensed sources. This includes:

• Professional profiles, job titles, and employment history from public business networks
• Job postings, press releases, earnings transcripts, and SEC filings
• Public advertising activity (Meta Ad Library, Google Ads Transparency, YouTube)
• Company financial signals and news coverage

Note on prospect contact data: Elo maintains a database of business professional contact information (names, business emails, titles, and company affiliations) compiled from publicly available sources. This data is used solely to surface prospect intelligence to Elo subscribers — it is never sold, rented, or shared with third parties for marketing purposes.

2d. Chrome Extension & LinkedIn Data

When you install and use the EloAI Chrome extension, additional processing applies on supported sites:

• Gmail (mail.google.com): The extension runs in your browser to show company intelligence, compose assistance, and outreach suggestions inside Gmail. We access Gmail metadata needed to identify the active compose context and prospect recipients. We do not read, store, or transmit the body content of your emails.
• LinkedIn (profile and company pages): The extension may read publicly visible profile and company page context to personalize role context, company insights, and outreach suggestions. You may provide your LinkedIn profile URL in extension settings. We never post, message, or take action on LinkedIn on your behalf.
• Authentication: The extension uses Google sign-in (OAuth) to connect your Elo account. We request access to your Google account email address for authentication purposes.
• Local storage: The extension stores account session data, settings, and preferences locally in Chrome storage to keep you signed in and remember your configuration.
• Server communication: Intelligence requests and feature usage may be sent to Elo servers (including elo-server.com) to generate insights, enforce plan limits, and improve reliability. We do not use this data to train third-party AI models on your proprietary research.
• Referral landing pages: On tryelo.com, the extension may read referral parameters (for example, ?ref=) to attribute sign-ups from shared links.

3. How We Use Your Data

We use the data we collect for the following purposes:

• Delivering the Platform: Powering intelligence features, personalized outreach suggestions, account research, and signal alerts — on the website and inside the Chrome extension
• Account management: Authentication, billing, customer support, and responding to requests
• Product improvement: Understanding which features are used and where users encounter friction — in aggregate and anonymized form
• Security: Detecting and preventing fraud, abuse, and unauthorized access
• Communications: Sending product updates, feature announcements, and support responses to your registered email address — you may opt out of non-transactional communications at any time

We do not use your data for advertising, and we are not an advertising business. We do not build advertising profiles, and no advertiser has access to your information.

4. AI & Model Training

We do not use your proprietary information — your saved accounts, search history, or competitive research — to train, fine-tune, or improve any AI model.

Elo uses AI models provided by third-party API partners (including Anthropic, Gemini, and Perplexity AI) to process queries and generate outputs within the Platform and extension. Queries submitted to these APIs are subject to those providers' data handling policies. We configure these integrations to opt out of data training where such options are available.

Aggregate, anonymized usage signals (e.g., which signal categories are most useful) may be used to improve Elo's internal ranking and relevance systems. These signals are not attributable to individual users or organizations.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

• Service Providers — We share data with trusted vendors who help us operate the Platform, including cloud infrastructure providers, authentication services, payment processors, and analytics tools. These providers access only the data necessary to perform their services and are contractually prohibited from using it for any other purpose.
• AI API Partners — To generate intelligence outputs, certain queries are processed through third-party AI APIs. We transmit only the data necessary to fulfill the request. No personally identifiable subscriber account data is shared with AI API partners for training purposes.
• Legal Requirements — We may disclose information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Elo, our users, or the public.
• Business Transfers — In the event of a merger, acquisition, or sale of all or part of Elo's assets, user data may be transferred to the acquiring entity. We will notify affected users prior to any such transfer and provide the option to delete their accounts.

6. Data Security

Our current security practices include:

• Encryption in transit: All data transmitted between your browser or extension and Elo's servers is encrypted using HTTPS/TLS
• Encryption at rest: Stored data is encrypted at rest by our cloud infrastructure provider
• Access controls: Role-based access controls limit internal access to user data to employees who require it to perform their job functions
• Authentication: Multi-factor authentication (MFA) is available to all users and required for administrative access
• Hosted infrastructure: Elo is hosted on cloud infrastructure that maintains its own security certifications and compliance programs

Honest disclosure on certifications: Elo is an early-stage, bootstrapped platform currently working toward formal third-party security certifications. We do not yet hold an independent SOC 2 audit. Our infrastructure providers (cloud hosting) maintain SOC 2 certified environments. We are actively building toward a formal audit. Enterprise accounts may request a security questionnaire response or NDA-protected infrastructure documentation by contacting yanh@tryelo.com.

No method of transmission over the internet is completely secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your account and usage data for as long as your account is active or as needed to provide services.

• Account information: Duration of account + 90 days after deletion request
• Usage logs: 90 days rolling
• Seller profile data: Duration of account; deleted upon account deletion request
• Extension settings and synced account data: Duration of account; removed when you delete your account or uninstall and request deletion
• Billing records: 7 years (required for tax and accounting compliance)
• Support communications: 3 years from last interaction

Upon account deletion, we will remove or anonymize your personal data within 30 days, except where retention is required by law or legitimate business need.

8. Your Rights & Controls

You have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information in your account settings or by contacting us
• Deletion: Request deletion of your account and associated personal data
• Portability: Request an export of your data in a structured, machine-readable format
• Objection: Object to certain processing activities, including direct marketing communications
• Restriction: Request that we restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at yanh@tryelo.com. We will respond to verifiable requests within 30 days. We may require identity verification before fulfilling requests.

Extension controls: You can disable or remove the Chrome extension at any time via chrome://extensions. Uninstalling the extension stops on-page processing in Gmail and LinkedIn. Data already stored in your Elo account remains until you delete your account.

9. GDPR & CCPA Compliance

For users in the European Union (GDPR)

• Legal basis for processing: We process your data on the basis of contract performance (delivering the Platform), legitimate interest (security and fraud prevention, product improvement), legal obligation (record-keeping), and your consent where applicable
• Data transfers: If data is transferred outside the EU, we use standard contractual clauses or other appropriate safeguards as required by GDPR
• Data Protection Officer: Elo does not currently appoint a formal DPO given our current scale; privacy inquiries are handled directly by our founding team at yanh@tryelo.com
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority

For California residents (CCPA / CPRA)

California residents have the right to:

• Know what categories of personal information we collect and how we use them
• Delete personal information we hold about you (subject to certain exceptions)
• Opt out of the sale of personal information — Elo does not sell personal information
• Non-discrimination for exercising your privacy rights

To submit a California privacy request, contact us at yanh@tryelo.com with the subject line "California Privacy Request."

10. Cookies & Tracking Technologies

Elo uses cookies and similar technologies to operate and improve the Platform:

• Essential cookies: Required for authentication and session management — the Platform cannot function without these
• Analytics cookies: We use privacy-respecting analytics tools to understand feature usage in aggregate. We do not use Google Analytics. IP addresses are anonymized.
• No advertising cookies: We do not use third-party advertising cookies or cross-site tracking pixels

You can manage cookie preferences through your browser settings. Disabling essential cookies will prevent you from logging in to the Platform.

11. Third-Party Data Sources & Prospect Intelligence

Elo is a sales intelligence platform. A core part of our service involves aggregating and surfacing information about business professionals and companies from public and licensed data sources.

What we aggregate: Elo's intelligence database includes professional contact information, employment history, company signals, advertising activity data, and other business-context information compiled from publicly available sources including public professional networks, company websites, job boards, public ad libraries, SEC filings, and news publications.

Legitimate interest basis: We rely on legitimate interest under applicable privacy law for processing business professional data that is publicly available. Business-to-business sales outreach is a recognized legitimate interest. We collect only the professional context necessary to support that purpose — we do not collect sensitive personal categories, consumer data, or data about private individuals who are not acting in a professional capacity.

Opt-out for business professionals: If you are a business professional who appears in Elo's intelligence database and would like your information removed, you may submit an opt-out request to yanh@tryelo.com with the subject line "Data Removal Request." We will process verified removal requests within 30 days.

12. Enterprise & Team Accounts

For organizations using Elo under a business or enterprise subscription:

• Data Processing Agreement (DPA): Enterprise customers who require a formal DPA for GDPR or procurement compliance may request one at yanh@tryelo.com
• Administrator controls: Account administrators can manage team member access, export data, and initiate account deletions on behalf of their organization
• Security questionnaires: We will respond to standard enterprise security questionnaires (e.g., CAIQ, SIG Lite) under NDA. Contact yanh@tryelo.com to initiate.
• Vendor vetting: We are prepared to participate in vendor security reviews and can provide a summary of our security controls, sub-processor list, and infrastructure documentation upon request
• Sub-processors: A current list of sub-processors (third-party services with access to user data) is available upon request

If your procurement or InfoSec team is vetting Elo for organizational use, reach out to yanh@tryelo.com. We will provide our security summary documentation, sub-processor list, and DPA within 2 business days.

13. Chrome Extension (EloAI) — Additional Disclosures

This section supplements the rest of this policy for users of the EloAI Chrome extension.

Where the extension runs

• Gmail: mail.google.com — intelligence panel, compose assistance, and writing suggestions
• LinkedIn: Public profile (/in/) and company (/company/) pages — contextual insights and overlay features
• tryelo.com: Referral attribution from shared sign-up links

Browser permissions

• identity — Google OAuth sign-in to connect your Elo account
• storage — Save session, settings, and extension preferences locally
• Host access — Gmail, LinkedIn, tryelo.com, and Elo API servers required to deliver intelligence features

What we do not do

• We do not read, store, or transmit the body content of your emails
• We do not send emails or LinkedIn messages on your behalf without your explicit action
• We do not post to LinkedIn or modify your LinkedIn account
• We do not sell extension usage data to advertisers
• We do not use your proprietary research to train third-party AI models

Disable or uninstall

• Open Chrome → Extensions → Remove EloAI
• Revoke site permissions at chrome://extensions
• Sign out from the extension popup to end your session on that browser
• Request account deletion at yanh@tryelo.com to remove server-side data

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email to your registered address and update the "Last updated" date at the top of this page. Your continued use of the Platform after the effective date of an updated policy constitutes your acceptance of the changes.

For changes that materially reduce your privacy rights, we will provide at least 30 days' advance notice before the changes take effect.

15. Contact Us

Privacy inquiries — response time: within 2 business days for general inquiries; within 30 days for data subject requests.

yanh@tryelo.com
Elo Intelligence, Inc. · Chicago, Illinois, United States