HTTPS everywhere
Encryption at rest
MFA available
No AI training on your data
1. Overview
This Security page describes how Elo Intelligence, Inc. ("Elo," "we," "us," or "our") protects the Elo sales intelligence platform, including tryelo.com, our APIs, and the EloAI Chrome extension for Gmail and LinkedIn (collectively, the "Service").
Security is built into how we design, host, and operate the Service. This page supplements our Privacy Policy and Terms of Service.
Plain-language summary
We use industry-standard practices to protect data in transit and at rest, limit internal access, and monitor for abuse. We are an early-stage company actively working toward formal third-party security certifications.
2. Scope
These practices apply to:
- The Elo web platform and account services at tryelo.com
- The EloAI Chrome extension on Gmail and LinkedIn
- Backend APIs and infrastructure used to deliver intelligence features
- Enterprise and team accounts under written agreements
3. Infrastructure & Hosting
- Elo is hosted on major cloud infrastructure providers that maintain their own security certifications and compliance programs
- Production environments are isolated from development and testing where practicable
- We apply regular security patches and updates to our systems
- Network protections include firewalls, intrusion detection/prevention, and DDoS mitigation through our hosting providers
4. Encryption
- In transit: All data transmitted between your browser, the Chrome extension, and Elo servers is encrypted using HTTPS/TLS
- At rest: Stored data is encrypted at rest by our cloud infrastructure provider
- Credentials: Passwords are hashed and never stored in plain text
5. Access Controls & Authentication
- Role-based access controls limit internal access to customer data to employees who need it for their job functions
- Multi-factor authentication (MFA) is available to all users and required for administrative access
- The Chrome extension uses Google OAuth sign-in; you are responsible for securing your Google account
- We follow the principle of least privilege and review access permissions regularly
6. Chrome Extension Security
The EloAI Chrome extension is designed with the following security principles:
- Minimal permissions: The extension requests only the permissions needed to operate on Gmail, LinkedIn, and Elo services
- No email body storage: We do not read, store, or transmit the body content of your emails — see our Privacy Policy
- No unauthorized actions: Elo does not send email or post to LinkedIn on your behalf without your explicit action
- Secure communication: Extension requests to Elo servers use HTTPS/TLS
- Local storage: Session and settings data is stored in Chrome's extension storage; sign out or uninstall to remove local session data
7. Application & Product Security
- Secure development practices, including code review for sensitive changes
- Input validation and protection against common web application vulnerabilities
- Monitoring and logging for errors, abuse, and anomalous activity
- Usage limits and authentication checks to reduce unauthorized access
8. Vendors & Sub-processors
We use trusted third-party vendors for hosting, authentication, payments, email, analytics, and AI processing. Vendors that handle customer data are subject to contractual obligations to protect that data and use it only to provide services to Elo.
Enterprise customers may request our current sub-processor list by contacting privacy@tryelo.com.
9. Incident Response
We maintain an incident response process to detect, investigate, and remediate security events. If we become aware of a data breach affecting your personal information, we will notify affected users and regulators as required by applicable law.
To report a security vulnerability or suspected incident, contact privacy@tryelo.com with the subject line Security Report. We aim to acknowledge reports within 48 hours.
10. Certifications & Roadmap
Honest disclosure: Elo is an early-stage, bootstrapped platform working toward formal third-party security certifications. We do not yet hold an independent SOC 2 Type II audit. Our cloud infrastructure providers maintain SOC 2 certified environments. We are actively building toward a formal audit.
We align our practices with recognized frameworks including GDPR, CCPA, and industry security best practices.
11. Enterprise Security Reviews
For organizations evaluating Elo for procurement or InfoSec review:
- We respond to standard security questionnaires (e.g., CAIQ, SIG Lite) under NDA
- We can provide a summary of security controls and infrastructure documentation upon request
- Data Processing Agreements (DPAs) are available for enterprise customers
Contact privacy@tryelo.com. We aim to respond within 2 business days.
12. Your Responsibilities
- Use a strong, unique password and enable MFA on your Elo and Google accounts
- Do not share account credentials or API keys
- Keep your browser and the EloAI extension up to date
- Report suspected unauthorized access or security concerns promptly
Security inquiries: privacy@tryelo.com
Elo Intelligence, Inc. · Chicago, Illinois, United States