ElevanaBack to sign in

Last updated: March 2026

Privacy Policy

This Privacy Policy describes how [Elevana Technologies] collects, uses, and protects your personal information when you use the Elevana platform. We are committed to handling your data responsibly and in compliance with applicable privacy laws.

1. Information We Collect

We collect information you provide directly and information generated through your use of the Service:

Account and Identity Information

  • Full name, email address, and password (hashed)
  • Organization name and team membership details
  • Profile information such as job title and contact details
  • OAuth tokens when you sign in via Google, Microsoft, or GitHub (we do not store raw OAuth tokens)

Financial and Operational Data

  • Investment deal data, portfolio holdings, and transaction records
  • Fund and entity structures you create within the platform
  • Documents, notes, and files you upload
  • Risk parameters, compliance configurations, and approval workflows

Usage and Technical Data

  • IP address, browser type, and operating system
  • Pages visited, features used, and actions taken within the platform
  • Session logs, error reports, and performance metrics
  • Device identifiers and time-zone information

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Process and display your financial data within the platform
  • Send transactional notifications (deal updates, approvals, alerts)
  • Provide customer support and respond to your inquiries
  • Monitor and improve the performance, security, and reliability of the Service
  • Comply with legal obligations, including regulatory reporting requirements
  • Detect and prevent fraud, abuse, and security incidents
  • With your consent: send product updates, feature announcements, and occasional promotional communications

We do not sell your personal information or Your Data to third parties. We do not use your financial data to train machine learning models or for any purpose outside the provision of the Service.

3. Data Storage and Retention

Your data is stored on servers located in [Data Center Region / Provider]. We use encryption at rest (AES-256) and in transit (TLS 1.2+) to protect your information.

We retain your data for as long as your account is active or as needed to provide the Service. After account termination:

  • Active account data is available for export for 90 days post-termination
  • Data is permanently deleted within 180 days of termination unless a longer retention period is required by law
  • Anonymized or aggregated analytics data may be retained indefinitely
  • Audit logs and compliance records may be retained for up to 7 years in accordance with financial industry regulations

4. Information Sharing and Disclosure

We share your information only in the following circumstances:

Within Your Organization

Members of your team with appropriate permissions may access your data as configured by your organization's administrators.

Service Providers

We engage trusted third-party providers to help deliver the Service, including cloud infrastructure, email delivery, error monitoring, and payment processing. These providers access data only to the extent necessary to perform their functions and are contractually obligated to protect your data.

Legal Requirements

We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the safety of any person, protect against fraud, or enforce our Terms of Service.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email and an in-app notice before your data becomes subject to a different privacy policy.

5. Security Measures

We implement multiple layers of security to protect your data:

  • TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Bcrypt password hashing with per-user salts
  • Multi-factor authentication (MFA) options
  • Role-based access controls (RBAC) with granular permissions
  • Account lockout after repeated failed login attempts
  • Regular security audits and penetration testing
  • Audit logs for all sensitive operations
  • Signed, expiring URLs for document access — direct file URLs are never exposed

Despite these measures, no system is 100% secure. We encourage you to use a strong, unique password and enable MFA on your account. If you believe your account has been compromised, contact us immediately at [legal@elevana.net].

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Export your data in a machine-readable format via the Settings page
  • Objection: Object to certain processing activities, including marketing communications
  • Restriction: Request that we restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at [legal@elevana.net]. We will respond to verifiable requests within 30 days.

7. Cookies and Tracking

We use cookies and similar technologies to operate and improve the Service:

Essential Cookies

Required for authentication and session management. These cookies cannot be disabled without breaking the Service. Authentication cookies use the __Secure- prefix and are set as httpOnly to prevent JavaScript access.

Functional Cookies

Used to remember your preferences (theme, language, sidebar state) and improve your experience.

Analytics

We may use privacy-first analytics tools to understand how the Service is used in aggregate. We do not use third-party advertising cookies or cross-site tracking.

8. International Data Transfers

If you are accessing the Service from outside the country where our servers are located, your information may be transferred internationally. We ensure that such transfers comply with applicable data protection laws through the use of standard contractual clauses or other approved transfer mechanisms.

9. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you via email and update the "Last updated" date at the top of this page at least 14 days before changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact our privacy team:

[Elevana Technologies] — Privacy Team

Email: [legal@elevana.net]

[Address placeholder]

Terms of ServicePrivacy Policy
Back to sign in →