Privacy Policy

EarthOne Research ("we", "us", or "our") operates ELX AI Desk Pro (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and applicable French and European data protection laws.

Account Information: When you create an account, we collect your name and email address through our OAuth authentication provider. We do not collect or store passwords directly.

Subscription Data: When you subscribe to a paid plan, payment processing is handled by Stripe. We store only your Stripe customer ID and subscription status. We never store credit card numbers, CVVs, or full payment details.

Usage Data: We collect anonymized usage analytics to improve the Service, including pages visited, features used, and session duration. This data cannot be used to identify individual users.

Portfolio Data: If you use the Portfolio Alignment feature, you may input portfolio information. This data is processed in real-time and is not stored permanently unless you explicitly save it.

We use the information we collect to: (a) provide, maintain, and improve the Service; (b) process subscriptions and payments; (c) communicate with you about your account, updates, and support requests; (d) analyze usage patterns to improve user experience; (e) comply with legal obligations.

We do not sell, rent, or trade your personal information. We share data only with: (a) Stripe, for payment processing; (b) our authentication provider, for account management; (c) hosting infrastructure providers, for service delivery; (d) law enforcement, when required by law or to protect our rights.

Account data is retained for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law. Anonymized analytics data may be retained indefinitely as it cannot be linked to individual users.

We implement industry-standard security measures to protect your data, including: encrypted data transmission (TLS 1.3), secure authentication tokens, and access controls. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

Under the GDPR, you have the right to: (a) access your personal data; (b) rectify inaccurate data; (c) request erasure of your data ("right to be forgotten"); (d) restrict processing of your data; (e) data portability; (f) object to processing; (g) withdraw consent at any time. To exercise these rights, contact us at the address below.

We use essential cookies for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled. We do not use advertising or tracking cookies. Analytics data is collected through privacy-respecting, cookie-free methods.

Your data may be processed in servers located outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

For any questions about this Privacy Policy or to exercise your data protection rights, contact our Data Protection Officer at [email protected].

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority, or your local supervisory authority within the EEA.