Privacy Policy
Elution Labs LLC Effective Date: June 21, 2026 Last Updated: June 21, 2026
1. Who We Are
Elution Labs LLC ("Elution Labs," "we," "us," or "our") is a Wyoming limited liability company. We build and operate an AI-powered platform that helps small and mid-market businesses achieve operational clarity, structured data architecture, and intelligent automation.
Our mailing address is: 9200 E Mineral Ave #100, Centennial, CO 80112-3412, US. For all privacy inquiries, contact us at privacy@elutionlabs.ai.
2. Scope of This Policy
This Privacy Policy applies to:
- The Elution Labs website at elutionlabs.ai and all subpages
- The Elution Labs platform and any client-facing portals
- Assessment intake forms submitted through the website
- Platform accounts created for clients or prospective clients
- Automation and monitoring tools operating in client environments under an active engagement
This policy does not apply to third-party websites or services we link to.
3. What Data We Collect
3.1 Assessment and Intake Data
When a prospective client completes the free assessment intake form, we collect:
- Company name, industry, size, and location
- Primary contact name and email address
- Technology systems currently in use (CRM, marketing tools, databases, etc.)
- Operational pain points and goals
- Workflow descriptions provided in free-text fields
This data is collected to analyze business operations and generate an assessment report. No payment or account creation is required.
3.2 Engagement Management Data
When a client signs an engagement agreement and creates a platform account, we collect and hold only what is necessary to manage the engagement:
- Business contact information for authorized personnel
- Signed agreements and scope of work documents
- System access credentials required to perform the work (stored encrypted, deleted upon engagement close)
- Assessment outputs and proposal documentation
We do not hold client business data on our infrastructure. Database systems we build are provisioned in and owned by the client's environment. Data migration activities occur within the client's environment. Business records, customer data, financial data, and operational data remain in the client's environment at all times.
3.3 Platform Usage Data
When you access the website or platform, we automatically collect:
- IP address and approximate location
- Browser type and version
- Pages visited and actions taken within the platform
- Session timestamps and duration
We use this data for platform security, uptime monitoring, and product improvement. We do not build behavioral profiles for advertising purposes.
3.4 Engagement Access: Build and Implementation
During an active build engagement, Elution Labs team members and agents access your systems within the explicit scope defined in your engagement agreement. This access is required to understand your environment, configure integrations, and build the solutions being delivered. Everything produced during this work belongs to you.
Access is scoped to the systems and data categories listed in your agreement, governed by mutual confidentiality obligations, and revocable at any time. Nothing accessed during your engagement is used for any purpose other than delivering your solution.
3.5 Discovery Phase: Process, Data, and Document Analysis
As part of the engagement's discovery phase, automated discovery tooling is deployed in your environment for a defined observation window (typically 5 to 10 business days) before build begins. This tooling operates with scoped read-only access and is authorized in your engagement agreement before deployment.
During this phase, with your authorization, we may access:
- Workflow and communication systems (email, CRM, project management tools, calendars, and communication platforms) to observe how work actually moves through your team: where it flows, where it stalls, what gets done manually, and where handoffs break down
- Data systems (databases, spreadsheets, CRMs, and file storage) to map what data exists, where it lives, how it moves between systems, where quality breaks down, and where sensitive data such as PII, PHI, or financial records requires compliance attention
- Documentation and knowledge sources (shared drives, wikis, SOPs, and training materials) to identify your documented business rules, approval flows, and process logic, and to surface where documentation conflicts with actual practice or where critical knowledge exists only in one person's head
Each access category is scoped explicitly in your engagement agreement. You authorize only what is listed. Discovery tooling does not retain data, does not write to your systems, and ceases operation when the observation window closes.
Everything produced during this phase is delivered to you as an engagement deliverable and belongs to you. This includes your process maps, data landscape documentation, and knowledge inventory.
3.6 Ongoing Monitoring (Permission-Controlled)
After an engagement is delivered, Elution Labs may continue monitoring your environment for compliance changes, data health issues, and operational signals relevant to your business. You control exactly what is monitored. All monitoring permissions default to off and are activated only by your explicit action through the platform.
You can enable, adjust, or revoke any monitoring permission at any time. Nothing in your environment is acted upon without your explicit instruction. Findings are surfaced to you through your client portal for your review and decision.
3.7 Platform Improvement Program (Opt-In Only)
With your explicit written authorization, Elution Labs may use observations about how the platform's own tooling performed during your engagement to improve implementation quality over time. Before any observation is used for this purpose, the platform automatically removes all client-identifying information and client-specific content. What remains is structural: patterns about platform performance, with no connection to your business.
This program never uses your business data, customer records, processes, workflows, or any information that could identify your company or the people you serve.
This program is off by default. It requires your explicit written authorization. You may withdraw at any time with no effect on your services. See Section 9.
4. How We Use Your Data
We use the data we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Generating your assessment report | Intake form data |
| Building and implementing your engagement solution | System and process access within your agreed engagement scope |
| Discovery phase: mapping processes, data landscape, and documented knowledge | Scoped read-only access to systems authorized in your engagement agreement |
| Ongoing monitoring of compliance, data health, and operational signals | Only the data categories you have explicitly enabled through the platform |
| Operating and securing the platform | Usage and session data |
| Communicating with you about your engagement | Contact information |
| Complying with legal obligations | As required by applicable law |
| Improving platform implementation quality (opt-in only) | Anonymized, client-IP-sanitized observations about platform performance |
We do not use your data for advertising. We do not sell your data. We do not use your business data to train AI models.
5. Data Ownership
Your data belongs to you.
Clients own:
- All data submitted through the intake form and platform
- All outputs produced during an engagement: assessment reports, data architecture documentation, workflow maps, process documentation, and agent configurations
- All database infrastructure provisioned during the engagement, which is built and owned by the client from the moment it is provisioned
- All business data, which at no point transits through or is held on Elution Labs infrastructure
Elution Labs owns:
- The Elution Labs platform and all underlying software
- The methodology, analytical frameworks, and proprietary tooling used to deliver services
- Signals and findings generated through monitoring, which are derived observations about your environment and not copies of your business data
- Observations about how platform solutions performed (where opt-in has been granted), used solely to improve implementation quality
The database systems we design and build for clients are built to meet the client's own compliance and governance requirements. The appropriate data governance standards for your industry, whether HIPAA, SOC 2, CCPA, or others, apply to your data infrastructure and are incorporated into the architecture we deliver to you.
6. Data Storage and Security
Your data is stored in the following infrastructure:
- Database: Supabase (US-based cloud database)
- Application hosting: Vercel (US-based)
- Document signing: eSignatures.io
- Payment processing: Stripe
All data is stored within the United States. We do not transfer personal data to countries outside the United States without your explicit consent.
Security measures include:
- Row-level security (RLS) enforced at the database layer, ensuring each client's data is isolated and inaccessible to other clients
- Encrypted credentials and access tokens
- Access controls limiting data access to authorized Elution Labs personnel on a need-to-know basis
- Audit logging for all data access and modification events
7. Data Sharing
We do not sell, rent, or trade your personal data.
We share data only with the following categories of service providers, strictly for the purpose of delivering our services:
- Supabase: database hosting
- Vercel: application hosting
- Stripe: payment processing
- eSignatures.io: document signing
- Anthropic: AI model inference for intake and analysis processing. No client data is stored by Anthropic beyond the processing of a single API request.
We may disclose data if required by law, court order, or valid legal process, or to protect the rights, property, or safety of Elution Labs, our clients, or the public.
8. Data Retention
Elution Labs retains only what is necessary to manage the client relationship and deliver services. Client business data is never held on Elution Labs infrastructure. The following covers only data that Elution Labs itself holds:
| Data Category | Retention Period |
|---|---|
| Assessment intake submissions | 24 months from submission |
| Engagement management data: contacts, signed agreements, scope documents | Duration of relationship plus 24 months |
| Monitoring signals and findings | 24 months rolling |
| Platform usage and session data | 12 months rolling |
| Audit logs | 7 years |
| Financial records and invoices | 7 years |
You may request deletion of your data at any time. See Section 9. Deletion requests will be processed within 30 days. Data may be retained beyond the standard periods only where required by law, to fulfill obligations under a signed agreement, or to resolve an active legal dispute. This exception applies only to audit logs, financial records, and data directly tied to a signed legal agreement.
9. Your Rights and Opt-Out Options
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Opt out of the Platform Improvement Program at any time
- Opt out of marketing communications at any time
- Withdraw consent for any processing based on consent
To exercise any of these rights, email privacy@elutionlabs.ai with your name, company, and the specific request. We will respond within 10 business days and process confirmed requests within 30 days.
For detailed opt-out instructions, see our Opt-Out Policy.
10. Cookies and Tracking
The Elution Labs website uses minimal tracking. We use:
- Functional cookies necessary for platform login and session management
- Analytics to understand how the site is used (aggregated, not individual)
We do not use third-party advertising cookies. You may disable cookies in your browser settings; note that this may affect platform functionality.
11. Breach Notification
In the event of a security breach affecting your personal data, we will:
- Contain and assess the breach as quickly as possible
- Notify affected clients within 72 hours of discovering a breach that presents material risk
- Notify relevant authorities as required by applicable law
- Provide you with information about what was affected, what steps we are taking, and what you can do to protect yourself
Breach notifications will be sent to the email address on file for your account. For critical incidents, we will also attempt direct contact.
12. Children's Privacy
This platform is a B2B service intended for use by businesses and business professionals. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify active clients by email at least 30 days before the changes take effect. Continued use of the platform after the effective date of a revised policy constitutes acceptance of the updated terms. If you do not agree to the revised policy, you may discontinue use of the platform before the effective date.
14. Contact
For privacy questions, data requests, or opt-out submissions:
Email: privacy@elutionlabs.ai Mailing address: 9200 E Mineral Ave #100, Centennial, CO 80112-3412, US
This policy is published at elutionlabs.ai/privacy.