Legal

Privacy Policy

Last updated: March 2, 2026

1. Introduction

Elior Systems Inc. ("Elior", "we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at elior.tech (the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Full name, email address, password (hashed), organization name, role.
  • Organization Data: Company name, industry, stage, website URL, organizational signals and metrics.
  • Financial Data: Revenue metrics (ARR, MRR), burn rate, runway, customer metrics that you voluntarily provide in investor updates.
  • Uploaded Documents: Pitch decks, financial models, and other documents uploaded to the Data Room or Deck Validator.
  • Communications: Investor updates, comments, and messages sent through the platform.

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, interaction patterns.
  • Device Information: Browser type, operating system, IP address, device identifiers.
  • Cookies & Similar Technologies: See our Cookie Policy for details.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process and deliver investor updates to your chosen recipients
  • To power AI features (Ghostwriter, Matchmaker, Deck Validator, Data Room Analyzer)
  • To send you service-related notifications and email communications
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations

4. AI Processing & Third-Party Services

Important Notice About AI Features

When you use AI-powered features (Ghostwriter, Matchmaker, Deck Validator), your input data may be processed by third-party AI services including Google Gemini API and/or OpenAI API. We send only the minimum necessary data for processing. These providers operate under their own privacy policies and data processing agreements.

We use the following third-party services:

  • Supabase: Database hosting and authentication (EU/US regions)
  • Google Gemini API: AI text generation and analysis
  • Resend: Transactional email delivery
  • Vercel: Application hosting and analytics

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account deletion, we will delete or anonymize your data within 30 days, except where we are required by law to retain certain records (e.g., financial transaction records for up to 10 years).

6. Your Rights (GDPR / KVKK)

Under the General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK), you have the following rights:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Data Portability: Export your data in a machine-readable format.
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time via Settings.

To exercise these rights, go to Settings -> Danger Zone -> Export My Data or email us at privacy@elior.tech.

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. International Data Transfers

Your data may be transferred to and processed in countries other than Turkey, including the United States and European Union member states. We ensure adequate safeguards are in place through Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting a notice on the Service or sending you an email. Your continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

Elior Systems Inc.

Email: privacy@elior.tech

Data Protection Officer: dpo@elior.tech

Terms of ServiceCookie Policy