Back to Home

Privacy Policy

Effective: January 10, 2026Last updated: January 10, 2026

1Who we are

This Privacy Policy explains how ElarisLabs ("ElarisLabs," "we," "us") collects, uses, shares, and protects information when you use elarislabs.ai, our apps, dashboards, APIs, and related services (collectively, the "Services").

Contact: privacy@elarislabs.ai

2What this policy covers

This policy covers:

  • Visitors to our website
  • Customers and users of the Services (including trials and betas)
  • Leads and marketing contacts
  • Business partners and vendors

It does not cover third-party websites or services that you access via links from our Services.

3Key definitions (AI-specific)

Personal Data

Information that identifies or can reasonably be linked to an individual.

Customer Content

Content you submit to the Services, including prompts, text, brand briefs, images, videos, logos, product photos, fonts, creative guidelines, and files.

Outputs

Content generated by the Services based on Customer Content (for example, ad copy, creative concepts, images, videos, variants, and metadata).

Account Data

Information tied to your account (name, email, organization, role, billing).

Usage Data

Telemetry and logs about how the Services are used.

4Information we collect

A. Information you provide

Account and profile data

  • Name, email, password (hashed), organization name, role, and workspace settings
  • Team member invites and permissions

Billing and transaction data

  • Billing address, tax identifiers (if applicable), subscription plan, invoices
  • Payment details are typically processed by our payment processor; we generally receive tokens and limited payment metadata rather than full card numbers.

Customer Content

  • Prompts, briefs, brand assets, uploaded files, campaign inputs
  • Generated outputs you save, export, publish, or share via the Services
  • Feedback you submit (ratings, comments, bug reports)

Support and communications

  • Emails, chat messages, and call notes when you contact us
  • Attachments you send to support

B. Information collected automatically

Device and browser data

  • IP address, device identifiers, browser type, OS, language, and approximate location (derived from IP)

Usage and log data

  • Feature usage, clicks, timestamps, pages viewed, error logs, performance metrics
  • Security logs (authentication events, suspicious activity signals)

Cookies and similar technologies

  • Essential cookies for login and session integrity
  • Analytics cookies (if enabled)
  • Preference cookies (language, UI settings)
  • You can manage cookies through your browser settings and, where available, our cookie banner/preferences center.

C. Information from third parties

  • Identity providers (if you use SSO)
  • Payment processors (payment confirmation, fraud signals)
  • Analytics and marketing platforms (campaign attribution)
  • Public sources or enrichment tools (for business contact data, where permitted)

5How we use information

We use information to:

Provide and operate the Services

Create accounts, authenticate users, manage workspaces, process prompts and assets to generate Outputs and creative variants, store and retrieve your projects, settings, and exports

Improve performance and reliability

Debug issues, monitor uptime, prevent crashes, conduct testing including beta testing and new feature rollout

Security, safety, and abuse prevention

Detect fraud, account compromise, malware, prompt abuse, and policy violations; enforce our acceptable use rules and protect users

Customer support

Respond to questions, troubleshoot problems, and fulfill requests

Billing and administration

Process payments, manage subscriptions, send invoices, and handle taxes

Communications and marketing

Service announcements, security alerts, onboarding guidance, marketing updates (you can opt out of marketing emails anytime)

Legal compliance

Comply with applicable laws, respond to lawful requests, and maintain records

6AI processing, model improvement, and training controls

Because we provide AI-driven creative generation, we process Customer Content (including prompts and brand assets) to produce Outputs.

A. How your content is processed

Your prompts and assets are processed by our systems to generate Outputs and variants. We may use third-party infrastructure (cloud hosting, storage, content delivery) and, depending on your configuration, third-party AI model providers to perform inference (generation).

B. Default: Customer Content is not used to train foundation models

By default, we do not use your Customer Content (including prompts and Outputs) to train or fine-tune our foundation models. This mirrors common enterprise-style AI data controls.

C. Optional opt-in for improvement

We may offer product settings that allow you (or your organization admin) to opt in to share certain content to help improve model quality, evaluation, and features. If you opt in, we may use shared content to evaluate and improve the Services (including internal fine-tuning or supervised review pipelines). We apply safeguards designed to minimize exposure of sensitive data.

D. Safety and abuse review carve-outs

Even if you do not opt in, we may review limited content as necessary to investigate security incidents, fraud, and abuse; enforce policies and prevent harmful use; and comply with legal obligations.

E. What we recommend you avoid sharing

Unless you have a signed agreement that explicitly permits it, do not upload highly sensitive personal data (e.g., government IDs, biometrics, medical records) or secrets that you cannot risk exposing (e.g., private keys, credentials). Contact us for enterprise configuration and a Data Processing Addendum (DPA) if needed.

7Legal bases for processing (EEA, UK, Switzerland)

If you are in the EEA/UK/Switzerland, we rely on:

Contract

To provide the Services you request

Legitimate interests

To secure, maintain, and improve the Services

Consent

For optional analytics cookies and marketing where required

Legal obligation

To comply with applicable laws

8How we share information

We may share information with:

Service providers and processors

Hosting, storage, analytics, customer support tools, email delivery, payment processing, fraud prevention. They process data under contractual obligations consistent with this policy.

AI and infrastructure providers

Model inference providers (if used), compute providers, CDN, and related vendors needed to run the Services

Affiliates

If we operate through group entities, we may share data within our corporate family for internal administration and delivery of Services.

Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, data may be transferred as part of that transaction.

Legal and safety

If required by law or necessary to protect rights, safety, and security (for example, responding to valid legal process)

9International data transfers

We may transfer Personal Data to countries other than where you live. Where required, we use safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Equivalent legal transfer mechanisms
  • Additional security measures (as appropriate)

10Data retention

We retain data only as long as needed for the purposes described:

Account Data

Retained while your account is active, then for a reasonable period to close the account and meet legal obligations

Customer Content

Retained until you delete it or your workspace is deleted, subject to backups

Backups

May persist for up to 30–90 days after deletion for disaster recovery

Logs and security records

Typically 30–180 days, longer if needed for investigations or legal compliance

Billing records

Retained as required by tax and accounting laws

You can request deletion as described below.

11Security measures

We use administrative, technical, and organizational measures designed to protect information, such as:

  • Access controls and least-privilege permissions
  • Encryption in transit (TLS) and encryption at rest where supported
  • Monitoring, rate limiting, and anomaly detection
  • Secure development practices and vulnerability management

No system is 100% secure. You are responsible for using strong passwords and safeguarding access credentials.

12Your rights and choices

Depending on your location, you may have rights to:

  • Access, correct, or delete your Personal Data
  • Object to or restrict processing
  • Port your data
  • Withdraw consent (where processing is based on consent)
  • Appeal certain automated decisions, where applicable

How to exercise rights: Email privacy@elarislabs.ai with your request. We may need to verify your identity.

For California residents (CCPA/CPRA)

  • We do not "sell" Personal Data in the traditional sense.
  • If we "share" data for cross-context behavioral advertising (if enabled), you can opt out via our cookie preferences center.
  • You may designate an authorized agent to submit requests.

13Children's privacy

The Services are not intended for children under 13 (or higher age where required). We do not knowingly collect Personal Data from children.

14Changes to this policy

We may update this policy from time to time. We will post updates on this page and update the "Last updated" date. For material changes, we may provide additional notice (for example, email or in-product notification).