Politique de Confidentialité
Dernière mise à jour : 6 avril 2026
1. Scope and Data Roles
This Privacy Policy covers Elastra's processing of personal data for website, account, support, billing, marketing, and service operations. When Elastra processes Customer Content on behalf of an organization, Elastra generally acts as a processor or service provider and the customer acts as the controller under the applicable commercial agreement and DPA.
2. Data Categories
We may process account and profile data, organization and billing data, authentication and security events, support communications, telemetry, and Customer Content such as prompts, policies, rules, commands, logs, repository metadata, memory entries, synced references, and generated outputs.
3. How We Use Data
We use data to operate and secure the service, authenticate users, manage billing, monitor performance, prevent abuse, investigate incidents, support customers, comply with legal obligations, and improve product quality and safety.
4. AI Services and Customer Content
Elastra may use third-party AI and infrastructure providers to process Customer Content as needed to deliver the service. By default, Elastra does not use Customer Content from business workspaces to train foundation models for general use unless the customer explicitly opts in to a separate improvement program.
5. Sharing and Subprocessors
We do not sell personal data. We may share data with subprocessors and service providers for hosting, authentication, billing, communications, analytics, observability, support, and AI model execution. We may also disclose data when required by law or to protect the rights, security, and integrity of the service.
6. Retention, Transfers, and Security
We retain data for as long as needed for service delivery, legal compliance, security, fraud prevention, and dispute resolution. When data is transferred internationally, we use appropriate safeguards. We apply technical and organizational measures designed to protect personal data and Customer Content against unauthorized access, loss, alteration, and improper disclosure.
7. Organization Administration and Your Rights
Organization administrators may manage users, integrations, logs, exports, retention settings, and workspace data. Depending on applicable law, you may have rights to access, correct, delete, port, restrict, or object to certain processing. Where Elastra processes data on behalf of an organization, requests should usually be directed to that organization first.
8. Contact
For privacy questions, subprocessors, or data rights requests, contact support@elastra.ai.