Legal

Privacy Policy

How Elevflow collects, uses, protects, and shares data across the platform.

Last updated: June 1, 2026

1.Introduction

Elevflow (“Elevflow”, “we”, “us”, “our”) provides a multi-tenant commerce operations platform that helps merchants manage orders, products, customers, shipping, analytics, and integrations from a single workspace (the “Service”).

This Privacy Policy explains what data we collect, why we collect it, how we protect it, and the choices you have. It applies to our websites, dashboards, APIs, and any other product or service that links to this policy. By using the Service, you agree to the practices described here.

2.Data We Collect

We collect three categories of data:

  • Account data — name, email address, phone number, workspace name, billing details, and authentication credentials you provide when you create or manage an account.
  • Workspace data — the commerce data you and your integrations bring into the platform: orders, products, customer records, shipping and courier events, ad-spend figures, and generated documents such as invoices and packing slips. This data belongs to you.
  • Usage data — log data, device and browser information, IP address, pages viewed, and feature interactions, collected automatically to keep the Service secure and reliable.

3.How We Use Data

We use the data we collect to:

  • Provide, operate, and maintain the Service, including syncing your integrations.
  • Process transactions and send related notifications (order events, courier updates).
  • Detect and prevent fraud and abuse, including our anti-spam order screening.
  • Monitor performance, debug issues, and improve product features.
  • Communicate with you about updates, security notices, and support requests.
  • Comply with legal obligations.

We do not sell your data.We do not use your workspace data to train models for other customers, and we never share your customers' information with advertisers.

4.Multi-Tenant Isolation

Elevflow is built as a multi-tenant system with strict workspace boundaries. Every query that touches workspace data is scoped to your tenant, and access is verified on every request — no workspace can read, infer, or aggregate another workspace's data.

Aggregate, fully anonymized metrics (for example, overall platform uptime or total request volume) may be used internally to operate the Service; these can never be traced back to an individual workspace or customer.

5.When We Share Data

We share data only in the following limited situations:

  • Service providers — infrastructure, payment processing, and email delivery vendors who process data on our behalf under contractual confidentiality and data-protection obligations.
  • Integrations you connect — when you link a store platform, courier, or ad account, we exchange the data required to run that integration, at your direction.
  • Legal requirements— when required by law, regulation, or valid legal process, and only after reviewing the request's scope.
  • Business transfers — if Elevflow is involved in a merger or acquisition, data may transfer as part of that transaction; this policy will continue to apply.

6.Security

We apply defense-in-depth across the platform: encryption in transit (TLS) and at rest, scoped API tokens, role-based access control inside workspaces, audit logging of sensitive operations, and isolation between the gateway, core, and worker layers of our architecture.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you without undue delay and share the information you need to respond.

7.Data Retention & Deletion

We retain workspace data for as long as your account is active. When you delete a record, a workspace, or your account, the data is removed from production systems promptly and purged from backups on a rolling schedule (no longer than 90 days).

You can export your data at any time from the dashboard, and you may request full deletion by contacting us — we honor deletion requests regardless of your plan.

8.Cookies & Tracking

We use a small set of first-party cookies that are strictly necessary for the Service: session authentication, security (CSRF protection), and remembering preferences like theme. We do not run third-party advertising trackers on the platform.

9.Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to or restrict certain processing.

To exercise any of these rights, email legal@elevflow.com. We respond to verified requests within 30 days.

10.Changes to This Policy

We may update this policy as the Service evolves. For material changes we will notify workspace owners by email and show a notice in the dashboard at least 14 days before the change takes effect. The “Last updated” date at the top of this page always reflects the current version.

Questions about this document?

Our team reads every message. Reach us any time at legal@elevflow.com or through the documentation.