Elevate AI

Data Protection

Last updated: October 6, 2025

Our Commitment to Data Protection

At Elevate AI, we take data protection seriously. This page outlines our comprehensive approach to safeguarding your personal and business data in compliance with GDPR, CCPA, and other applicable data protection regulations. We implement industry-leading security measures and maintain transparent practices to ensure your data remains secure and private.

Data Security Measures

TechnicalEncryption & Security

  • • AES-256 encryption for data at rest
  • • TLS 1.3 encryption for data in transit
  • • Multi-factor authentication (MFA)
  • • Regular security audits and penetration testing
  • • Secure cloud infrastructure with AWS/Azure

OperationalAccess Controls

  • • Role-based access control (RBAC)
  • • Principle of least privilege
  • • Regular access reviews and audits
  • • Employee background checks
  • • Comprehensive data handling training
Your Data Rights

Under applicable data protection laws, you have several rights regarding your personal data:

1
Right to Access

Request a copy of the personal data we hold about you

2
Right to Rectification

Request correction of inaccurate or incomplete data

3
Right to Erasure

Request deletion of your personal data ("right to be forgotten")

4
Right to Portability

Receive your data in a structured, machine-readable format

5
Right to Object

Object to processing of your data for specific purposes

6
Right to Restrict

Request limitation of processing under certain circumstances

Data Processing Lawful Basis

We process your personal data based on the following lawful grounds:

Contractual Necessity

Processing necessary to perform our AI automation services and fulfill our contractual obligations to you.

Legitimate Interest

Processing for our legitimate business interests, such as improving our services, security monitoring, and business development.

Consent

Processing based on your explicit consent, which you can withdraw at any time.

Data Retention & Deletion

Retention Periods

Client Data

Retained for the duration of our service agreement plus 7 years for legal compliance

Marketing Data

Retained until you unsubscribe or request deletion, maximum 3 years of inactivity

Website Analytics

Anonymized data retained for 26 months for statistical analysis

Support Records

Retained for 5 years to maintain service quality and resolve future issues

Secure Deletion

When data reaches the end of its retention period or upon your request, we securely delete it using industry-standard methods including cryptographic erasure and physical destruction of storage media when necessary.

International Data Transfers

We may transfer your data internationally to provide our AI automation services. When we do, we ensure appropriate safeguards are in place:

  • • Standard Contractual Clauses (SCCs) approved by the European Commission
  • • Adequacy decisions for transfers to countries with adequate protection
  • • Binding Corporate Rules (BCRs) for intra-group transfers
  • • Additional technical and organizational measures when required
Data Breach Response

In the unlikely event of a data breach, we have comprehensive procedures in place:

72h
Authority Notification

Report to supervisory authorities within 72 hours when required

24h
Client Notification

Inform affected individuals without undue delay when high risk exists

Continuous Monitoring

Ongoing assessment and improvement of security measures

Contact Our Data Protection Officer

For any data protection inquiries, to exercise your rights, or to report concerns:

Data Protection Officer

Email: dpo@elevateai.com
Response Time: Within 30 days
Languages: English, Spanish, French

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.