Privacy Policy

Eleviq BV ("Eleviq", "we", "our", or "us") is a company registered in the Netherlands (Netherlands). We operate the Eleviq platform and associated marketing website (collectively, the "Service"). For questions about this policy, contact us at privacy@eleviq.nl.

We collect the following categories of personal data when you interact with our Service:

• Account dataEmail address, name, and password hash when you create an account or join the waitlist.
• Usage dataPages visited, features used, session duration, and browser type — collected via server logs and analytics tools.
• BusinessProfile contentInformation you voluntarily enter into your BusinessProfile (company description, goals, decisions). This is stored to personalise AI agent responses.
• Communication dataContent of messages you send us via the contact form or email.
• Payment dataBilling name, address, and last four card digits managed by our payment processor (Stripe). We do not store full card numbers.
• Technical dataIP address, device type, operating system, and referral source for security and performance monitoring.

We use your personal data to:

• Provide, operate, and improve the Service
• Personalise AI agent responses using your BusinessProfile
• Send transactional emails (account confirmation, billing receipts)
• Send product updates and waitlist notifications (opt-out available)
• Respond to support and sales enquiries
• Detect and prevent fraud, abuse, and security incidents
• Comply with applicable law and legal obligations

We process your data on one of the following legal bases depending on the context:

• Performance of a contract (Art. 6(1)(b))Processing necessary to provide the Service you have subscribed to.
• Legitimate interests (Art. 6(1)(f))Security monitoring, fraud prevention, and improving our Service — where not overridden by your interests.
• Consent (Art. 6(1)(a))Marketing communications and non-essential cookies — you may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c))Compliance with Dutch and EU law, including tax and accounting requirements.

We do not sell your personal data. We share data only in the following circumstances:

• Service providersTrusted third-party processors (Anthropic for AI inference, Stripe for payments, Resend for email, Vercel for hosting) who act as processors under data processing agreements and may only use data to provide their service to us.
• Legal requirementsWhen required by law, court order, or government authority in the Netherlands or EU.
• Business transfersIn the event of a merger, acquisition, or asset sale — users will be notified via email prior to any transfer.

AI inference requests sent to Anthropic contain the content of your conversations and relevant BusinessProfile context. Anthropic's privacy policy governs how they handle this data. We do not permit Anthropic to use your data to train their models unless you explicitly opt in.

We retain personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy:

• Account dataRetained for the duration of your account plus 30 days after deletion request.
• BusinessProfile & conversation dataRetained until you delete it or close your account.
• Billing recordsRetained for 7 years to comply with Dutch tax law (Wet op de omzetbelasting).
• Analytics dataAggregated and anonymised after 13 months.
• Waitlist dataRetained until you join the platform or unsubscribe, whichever is earlier.

As a data subject under the GDPR, you have the following rights. To exercise any of them, contact us at privacy@eleviq.nl. We will respond within 30 days.

• Right of access (Art. 15)Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16)Correct inaccurate or incomplete personal data.
• Right to erasure (Art. 17)Request deletion of your personal data where no overriding legitimate interest or legal obligation applies.
• Right to restriction (Art. 18)Request that we limit processing of your data in certain circumstances.
• Right to data portability (Art. 20)Receive your data in a structured, machine-readable format.
• Right to object (Art. 21)Object to processing based on legitimate interests, including direct marketing.
• Right to lodge a complaintYou may lodge a complaint with the Dutch data protection authority: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

We use cookies and similar technologies to operate and improve the Service. You can control non-essential cookies via your browser settings.

• Essential cookiesRequired for authentication, session management, and security. Cannot be disabled.
• Analytics cookiesUsed to understand usage patterns. Anonymised and aggregated. Opt-out via browser settings.
• Preference cookiesStore your settings and preferences to improve your experience.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include encryption in transit (TLS), encrypted storage of credentials, access controls, and regular security reviews.

No method of transmission over the Internet is completely secure. In the event of a personal data breach, we will notify affected users and the Autoriteit Persoonsgegevens within the timeframes required by GDPR.

Some of our service providers are based outside the EEA (for example, Anthropic in the United States). Where we transfer data internationally, we do so under standard contractual clauses (SCCs) approved by the European Commission or another adequacy mechanism under Chapter V GDPR.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or a prominent notice on the website at least 30 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

For questions, requests, or concerns about this Privacy Policy or how we handle your data: