Play
Privacy policy More

Privacy policy

Propel Digital Inc. d/b/a Elllo.ai
Effective Date: March 1, 2025

1. INTRODUCTION

This Privacy Policy explains in detail how Propel Digital Inc., an Ontario corporation doing business as Elllo.ai, collects, uses, discloses, stores, and protects personal data when you access or use any Elllo.ai voice-based conversational interface, website, mobile or telephony client, application-programming interface, or any associated software, content, or services (collectively, the service). The service is a private, invite-only beta available to adults aged eighteen or older worldwide. By using the service, you acknowledge that you have read and understood this Policy and agree to its terms. If you do not agree, you should discontinue use immediately. Capitalized terms that are not defined here have the meanings given in our Terms and Conditions.

2. PERSONAL DATA WE COLLECT

We collect only the categories of personal data that are necessary to operate and improve the service, verify your identity, process your subscription, and comply with legal obligations. The information we gather falls into five main groups:
(a) Account identifiers such as the mobile phone number you supply during registration and any verification codes we send to that number.
(b) Conversational data consisting of the voice or audio you submit, the corresponding speech-to-text transcripts, internal embeddings, summaries, and the model outputs returned to you.
(c) Device and network metadata including internet protocol address, user-agent string, approximate time-zone, diagnostic event logs, and crash reports that help us secure and maintain the service.
(d) Payment-related information, limited to a tokenized card reference and billing postal code generated and stored by Stripe, our PCI-DSS-compliant payment processor. We never handle or store raw card numbers or security codes on our servers.
(e) Support and feedback content, such as emails, bug reports, feature requests, or survey responses you voluntarily send to us.
We do not intentionally collect cookies, precise geolocation, biometric voiceprints, health information, or any other sensitive data unless you choose to reveal such information during a conversation, in which case it will be processed only as conversational data.

3. HOW WE USE PERSONAL DATA

Personal data is used for a limited set of purposes that are compatible with the reasons for which it was collected:
(a) To provide the service, including authenticating your account, transcribing speech, generating and returning AI responses, preserving conversational memory, and delivering synthesized audio.
(b) To maintain, secure, debug, and improve the service by monitoring quality, analyzing aggregated usage patterns, optimizing model performance, and developing new features.
(c) To process payments, manage subscriptions, issue invoices, detect fraud, and enforce our terms through Stripe and related financial service providers.
(d) To communicate with you, including sending transactional notices such as authentication codes, payment confirmations, security alerts, onboarding materials, and occasional promotional updates about new capabilities.
(e) To comply with applicable law, respond to lawful requests, resolve disputes, and protect the rights, property, or safety of users, the public, or the company.
We do not sell, rent, trade, or share personal data for advertising or cross-context behavioral marketing, and we do not engage in automated decision-making that produces legal or similarly significant effects on individuals.

4. DISCLOSURE OF PERSONAL DATA

We never disclose personal data to unaffiliated third parties for their independent use. Disclosure is limited to:
(a) Service providers and sub-processors that perform tasks on our behalf under binding contracts requiring confidentiality, data protection, and prohibition of secondary use. These include Vapi, OpenAI, Google Gemini, and ElevenLabs for language generation and speech synthesis; Stripe for payment processing; Twilio, Telnyx, and Vonage for telephony, messaging, and voice connectivity.
(b) Our controlled affiliates and carefully vetted independent contractors who need access to personal data to help operate or improve the service, each subject to strict nondisclosure obligations and least-privilege access controls.
(c) Competent governmental, regulatory, or judicial authorities when disclosure is mandated by applicable law, subpoena, court order, or similar legal process. Before disclosing, we will, where legally permissible, attempt to narrow or challenge the request and notify you.

5. DATA RETENTION AND DELETION

We store conversational data according to the retention limits of each account plan. You may delete call records, or your entire account at any time using in-service controls. Deletions take effect immediately in active systems and are permanently enforced in encrypted backups within thirty days. Account records and billing information are retained for as long as your subscription remains active and for seven years afterward to comply with tax, accounting, and anti-fraud requirements. System and security logs are automatically purged after ninety days unless a longer retention is required for an active investigation or legal obligation.

6. INTERNATIONAL DATA TRANSFERS

We operate primarily from Canada and the United States. When you use the service from other countries, personal data may be transferred to, stored, or processed in Canada or the United States or other jurisdictions that may have different privacy protections. We rely on standard contractual clauses or other approved transfer mechanisms to provide appropriate safeguards for cross-border data flows. By continuing to use the service, you consent to such transfers where required by law.

7. SECURITY MEASURES

We employ administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, and destruction. These measures include encryption in transit using TLS 1.2 or higher, encryption at rest using AES-256 or equivalent algorithms, multi-factor authentication for all privileged accounts, rigorous access-control policies based on the principle of least privilege, segmented network architecture that isolates model-processing workloads, continuous vulnerability scanning, regular third-party penetration testing, detailed audit logging, and an incident response plan that obligates us to notify affected users within seventy-two hours of any confirmed material data breach. We have not yet completed SOC 2 or ISO 27001 certification because the product is in private beta, but these audits are scheduled before general availability.

8. YOUR PRIVACY RIGHTS

Depending on your country or state of residence, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing activities. We honor all valid requests without charge and without discrimination. To exercise your rights, send an email from your registered phone number’s primary address to contact@elllo.ai, specifying the request type. We will verify your identity via an SMS code sent to your registered number and respond within thirty days unless a longer period is legally permissible. We may refuse or limit a request if we are unable to verify your identity, if disclosure would adversely affect the rights and freedoms of others, or if the request is manifestly unfounded or excessive.

9. CHILDREN AND MINORS

The service is not directed to anyone under eighteen years of age. We do not knowingly collect personal data from children. If we discover that a registered user is under eighteen, we will delete the account, erase all personal data, and block further access. Parents or legal guardians who believe their child has provided us with personal data should contact us promptly.

10. COMMUNICATIONS

We send transactional communications that are necessary to provide the service, such as verification codes, payment receipts, renewal reminders, incident notifications, and important updates to our terms or policies. We may also send occasional promotional messages about new features or beta programs. Promotional communications require your prior consent where mandated by law and always include a clear and simple opt-out mechanism, such as replying STOP for SMS or clicking an unsubscribe link in email. We are developing expanded notification preferences to let you tailor the frequency and channel of any non-essential messages.

11. CHANGES TO THIS POLICY

We may revise this Privacy Policy to reflect new features, changes in our practices, or legal and regulatory developments. The effective date at the top of the document will be updated to indicate the latest revision. Your continued use of the service after the effective date constitutes acceptance of the revised Policy.

12. CONTACT INFORMATION

If you have any questions, concerns, or requests relating to privacy or data protection, you may contact us as follows:
Email: contact@elllo.ai
We strive to acknowledge all legitimate correspondence within seven days and to resolve complaints within thirty days. If you are unsatisfied with our response, you may have the right to lodge a complaint with your local supervisory authority.

We are building the future of communications — join us

Telecom is stuck with old tech and bad UX. It's time for a new generation of intelligent communication tools — AI-enabled, connected, developer-friendly, and well-designed.

Join waitlist

We are in private beta. Request your invite.

Made by Propel

Learn more about company that brought you Elllo.

Contact

Email us for any support or general questions.