Back to overview

Privacy
Policy

Last updated
11 May 2026
Elentaria is built on a simple principle: your data exists to make your GTM program work — and to make Elentaria better for you. We do not sell your data, we do not share it with advertisers, and we do not deliberately reproduce your confidential business content in outputs served to other customers.

This Privacy Policy explains how Elentaria B.V. ("Elentaria", "we", "our") collects, uses, and protects information about you when you use our website at elentaria.ai, our platform, and any related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this policy. If you are using the Services on behalf of a company or other legal entity, you represent that you have the authority to bind that entity to this policy. If you have any questions, please contact team@elentaria.ai.

1

Information we collect

Information you provide directly

  • Account information — name, work email, company name, job title, and a hashed password when you register.
  • Business profile — details about your company (industry, stage, target market, ICP, offering, existing channels) used to configure your GTM program.
  • Workspace & configuration data — projects, agent configurations, API keys you generate, integration settings, and other preferences inside the platform.
  • Customer Content — prompts you submit, files or images you upload, contact lists you import, and Outputs returned by Elentaria or connected third-party tools.
  • Communications — messages you send via email, support chat, or onboarding calls with our GTM expert.
  • Payment information — billing address, tokenised card details, and the last four digits of your card. Payments are processed by Stripe; we do not store full card numbers.

Information collected automatically

  • Log & usage data — pages visited, features used, session length, clicks, API endpoints called, agent or tool identifiers invoked, credit balance, error logs.
  • Device & technical data — IP address, browser type and version, operating system, device type, application version, and referring URLs.
  • Approximate location — derived from your IP address to protect your account and maintain service quality.
  • Cookies and similar technologies — see Section 7 for details.

Information from third parties

  • Integration sources — when you connect CRM, LinkedIn, email, ads, or analytics tools, we receive the minimum data necessary to operate the connected workflow.
  • Enrichment providers — we may supplement your business profile and contact data with firmographic and intent data from reputable B2B data providers.
  • Public sources — for the GTM analysis, we collect public data about your business and your market (websites, LinkedIn, public filings, app stores, review sites, ad libraries).

We do not intentionally collect special-category data. If you include such data in prompts or files, you confirm you have a lawful basis to share it.

2

How we use your data

We use the information we collect for the following purposes:

  • Delivering the Services — operating your GTM program, scoring channels, generating outreach, running campaigns, and surfacing analytics.
  • Account management — creating and maintaining your account, authenticating logins, and communicating about your subscription.
  • Product improvement — analysing usage to improve reliability, performance, and features. Wherever practical we work from aggregate or de-identified data; identifiable Customer Content is used only when necessary to debug a specific issue or improve your own organisation's experience.
  • Model training & tuning — Elentaria maintains its own scoring, ranking, routing, and analysis models. We may use Customer Content, Outputs, prompts, and telemetry to train, fine-tune, evaluate, and improve these models. Where training would use identifiable Customer Content beyond your own organisation's scope, we will either aggregate or irreversibly de-identify the data first, or ask for your explicit consent. We will not sell raw Customer Content, Outputs, or Prospect Data to third parties, and we do not authorise third-party model providers to train their public foundation models on your raw data.
  • Support — responding to questions, troubleshooting issues, and providing onboarding guidance.
  • Compliance and safety — detecting fraud, preventing abuse, and meeting legal obligations.
  • Communications — sending transactional messages (payment confirmations, security notices, product updates) and, with your consent, marketing emails. You can opt out of marketing at any time.
  • Marketing & case studies — identifying you as a customer using your trade name, logo, brand assets, and a high-level description of our work together across our website, landing pages, social-media posts, decks, blog and newsletter content, conference talks, partner co-marketing, fundraising materials, and customer-reference lists. We will follow your brand guidelines if you provide them. Aggregate, anonymised performance data may be used without additional consent. Direct quotes, testimonials, and named campaign metrics tied to your brand require your written consent (email approval suffices); either party may withdraw such consent prospectively on written notice.

We do not sell personal data. We do not use your data to target advertising on third-party platforms.

3

Legal bases for processing

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Contract — processing is necessary to perform the contract we have with you (providing the Services).
  • Legitimate interests — improving our Services, preventing fraud, communicating product updates, and conducting business-to-business outreach to commercial contacts in line with applicable rules, where these interests are not overridden by the data subject's rights.
  • Legal obligation — where we must process data to comply with applicable law (e.g., tax, accounting, AML, KYC).
  • Consent — for marketing emails, case-study publication, non-essential cookies, and any processing of special-category data. You may withdraw consent at any time without affecting prior processing.
4

Sharing & disclosure

Service providers (sub-processors)

We engage trusted sub-processors to help operate our Services — cloud hosting, payment processing, email delivery, analytics, model providers, and security monitoring. Each acts as a processor under GDPR and is contractually bound to process data only on our documented instructions with appropriate security measures. A current list of sub-processors is available at team@elentaria.ai.

AI model providers

When the Services route a prompt to a third-party AI model provider, we share the prompt, relevant context, and the minimum data required for the model to respond. We use providers with no-training processing terms; your prompts and responses are not used to train their public models.

Outbound execution sub-processors

When performing outbound execution on your behalf, we may share Prospect Data with email infrastructure, LinkedIn automation, lead-enrichment, and verification providers as required to run the campaign. These sub-processors are bound by data-protection obligations consistent with GDPR Article 28.

Business transfers

If Elentaria is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before any such transfer occurs.

Legal requirements

We may disclose data when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect rights, safety, or property.

With your consent

We will share data with other parties when you have given us explicit permission to do so.

5

Elentaria as Data Processor (outbound execution)

When Elentaria runs outbound channels (email, LinkedIn, ads) on your behalf, Elentaria processes personal data of third-party prospects ("Prospect Data") on your instructions. In this context:

  • You act as the data controller for Prospect Data. You determine the purposes and means of processing, the lawful basis, and the contents of outreach.
  • Elentaria acts as the data processor, processing Prospect Data solely on your documented instructions and in accordance with applicable law, including GDPR.
  • Sub-processors. Elentaria may engage sub-processors (lead enrichment, email infrastructure, LinkedIn automation, cloud hosting, AI model providers). Each is bound by obligations consistent with the applicable Data Processing Agreement.
  • Data Processing Agreement. A DPA meeting Article 28 GDPR requirements is available from Elentaria upon request and forms part of the Terms of Service when executed. Email team@elentaria.ai to request the template.

This section does not apply to data Elentaria collects and controls independently (e.g., your account information, your usage of the platform), which is handled as described in the other sections of this Notice.

6

Data retention

  • Account data — kept for the duration of your subscription plus 90 days following termination, then deleted or irreversibly anonymised.
  • Customer Content & Outputs — retained for 24 months post-termination unless you request earlier deletion.
  • Prospect Data — retained for the duration of the active campaign, then deleted or anonymised within 30 days of campaign end, unless we are required to keep it for legal reasons.
  • Billing records — retained for 7 years to comply with Dutch financial regulations.
  • Support communications — retained for 3 years.
  • Security logs — retained for up to 12 months to detect fraud or establish or defend legal claims, then anonymised or deleted.

You may request deletion of your data at any time by contacting team@elentaria.ai. We will process requests within 30 days, subject to legal obligations.

7

Cookies & similar technologies

Today, Elentaria uses only strictly-necessary cookies and equivalent client-side storage required for the Services to function — session management, authentication, security, and remembering UI preferences you set inside the platform. We do not currently run advertising cookies, third-party analytics, or marketing trackers on our public website, so no consent banner is shown.

If we later introduce non-essential cookies (for example, privacy-respecting analytics or marketing attribution), we will: (a) update this policy with the categories used; (b) display a consent banner before the cookie is set; and (c) honour your choice. You can also block or clear cookies through your browser settings at any time; doing so may affect how the Services function.

8

Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your data, subject to legal retention requirements.
  • Restriction — ask us to limit how we process your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests, including direct marketing.
  • Withdrawal of consent — withdraw consent at any time for processing based on consent (including marketing consent and case-study publication).
  • Automated decision-making — where Elentaria makes decisions with significant effects using solely automated processing, you may request human review.

To exercise any of these rights, contact us at team@elentaria.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local data protection authority.

9

Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls and least-privilege principles
  • Regular security assessments, dependency scanning, and penetration testing
  • Incident response procedures aligned to GDPR notification requirements
  • Single-tenant data partitioning per customer organisation

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at team@elentaria.ai.

10

International data transfers

Elentaria is headquartered in the European Union. Some of our sub-processors are located outside the European Economic Area. Where we transfer personal data to countries not deemed adequate by the European Commission, we use Standard Contractual Clauses (SCCs) and additional safeguards (encryption, pseudonymisation) where necessary.

A list of our sub-processors and the countries in which they operate is available upon request at team@elentaria.ai.

11

Children

Our Services are intended for business use by adults and are not directed at individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected such data, we will delete it promptly.

12

Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify you by email and by posting a prominent notice on our platform at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

Your continued use of the Services after the effective date constitutes your acceptance of the revised policy.

13

Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to our team.

Data controller
Elentaria B.V.team@elentaria.aiWe aim to respond to all privacy enquiries within 5 business days.