Privacy · Eli's team

1. Who we are

Eli is an AI team product operated by FlowVolt, based in the Netherlands. Eli deploys a team of AI agents into a business customer's own workspace to handle sales follow-up, content, research, and related operations. We are the data controller for personal data collected via this website, and the data processor for personal data our customers entrust to us when they run the Eli team inside their business. A separate Data Processing Agreement (DPA) governs the processor relationship and is signed before any customer deployment goes live.

2. What we collect

2.1 Information you provide directly

Account and contact data: name, work email address, company name, company domain, role, and any other information you submit through forms on this site or when you book a call.
Communication data: messages you send us via email, chat, or scheduled calls, and any attachments you share.
Customer configuration data: billing details, voice references, connected-tool credentials (via secure OAuth), and other setup data submitted by paying customers during onboarding so the Eli team can operate in their workspace.

2.2 Information we collect automatically

Technical data: IP address, browser type and version, operating system, time zone, and referrer URL.
Usage data: pages visited, time spent on pages, clicks, and form interactions, collected via first-party analytics.
Cookies and similar technologies: see section 7.

2.3 Information the Eli team processes on your behalf

Connected workspace data: once you authorise it, the Eli team reads and drafts from the inbox, calendar, Slack workspace, and other tools you connect, strictly to perform the tasks you have configured. The team drafts and proposes. Nothing is sent externally without your one-tap approval.
Learning data: your approvals, edits, and outcomes are used to tune the team to your voice. This data stays within your tenant and is never shared with or used to train other customers' teams.

3. Why we collect it (legal bases)

Contract performance (GDPR Art. 6(1)(b)): to deliver the services you request, including onboarding, deployment, and ongoing operation of the Eli team.
Legitimate interests (GDPR Art. 6(1)(f)): to operate, secure, and improve our platform, and to communicate with prospective customers about Eli, in compliance with the ePrivacy Directive and the EU's "soft opt-in" provisions for business contacts.
Consent (GDPR Art. 6(1)(a)): for non-essential cookies and for any marketing communications outside of legitimate B2B interest.
Legal obligation (GDPR Art. 6(1)(c)): to comply with applicable tax, accounting, anti-fraud, and law-enforcement obligations.

4. How long we keep it

We keep personal data only as long as needed for the purposes above, then delete or anonymise it. Specifically:

Website enquiries: 12 months from submission, unless you become a customer.
Customer account and configuration data: for the duration of the contract plus 7 years thereafter for accounting and tax records.
Workspace and learning data: deleted within 30 days of contract termination. You keep every asset the team produced.
Marketing and outreach data: 24 months from last meaningful interaction.
Server logs: 30 days.
Cookies: see section 7.

5. Who we share it with

We do not sell personal data. We share data only with the categories of recipient listed below, and only as needed to deliver the service:

Sub-processors: infrastructure providers (Vercel EU, Supabase EU, Modal), AI providers (Anthropic), workspace integrations you connect (such as Google Workspace, Microsoft 365, and Slack), and email-delivery providers (Postmark, Resend). A full list is available on request.
Professional advisors: accountants, lawyers, and tax advisors under confidentiality.
Authorities: only where required by law or to protect our rights, your rights, or the rights of third parties.
Successors: in the event of a merger, acquisition, or restructuring, personal data may be transferred to the acquiring entity, subject to the same protections.

All sub-processors are bound by written data processing agreements that meet GDPR Article 28 requirements.

6. International transfers

Eli's primary infrastructure is hosted within the EU. Some sub-processors (notably Anthropic for AI inference) may process data outside the EU/EEA. In those cases we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures to ensure an equivalent level of protection.

7. Cookies

We use a small number of cookies and similar technologies:

Strictly necessary: session, security, and load-balancing cookies. These cannot be disabled.
Analytics: first-party usage analytics. We do not use Google Analytics or any cross-site tracking. You may opt out via the cookie banner.
Preferences: remember your language and consent choices.

We do not use marketing cookies, third-party advertising cookies, or fingerprinting techniques on this website.

8. Your rights

Under the GDPR you have the right to:

Access the personal data we hold about you;
Rectify inaccurate or incomplete data;
Erase your personal data ("right to be forgotten"), subject to legal retention obligations;
Restrict processing in certain circumstances;
Object to processing based on legitimate interests, including direct marketing;
Data portability, where applicable;
Withdraw consent at any time, where processing is based on consent;
Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your country of residence.

To exercise any of these rights, contact info@flowvolt.nl. We respond within 30 days.

9. Security

We protect personal data with technical and organisational measures appropriate to the risk, including encryption in transit (TLS 1.3) and at rest, role-based access controls, tenant isolation so no customer can access another's data, audit logging, regular security reviews, and incident response procedures. In the event of a personal data breach affecting rights and freedoms, we notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

10. How the Eli team handles your data

The Eli team operates only within the workspace and tools you explicitly connect, and only on the tasks you configure. It drafts, prepares, and proposes. No message, email, or external action leaves your business without your one-tap approval. Your data, your voice profile, and your learning history are isolated to your tenant. They are never shared with other customers and are never used to train models for anyone else. You can revoke any connected tool or delete your tenant at any time.

11. B2B outreach and how we contacted you

If you received a cold email from FlowVolt or Eli, your business contact information was sourced from publicly available B2B databases and selected based on your professional role and your employer's industry profile. We rely on legitimate interest under GDPR Art. 6(1)(f) and the ePrivacy Directive's provisions for business contacts. Every email we send contains a clear opt-out link. You may also unsubscribe at any time by replying with the word "unsubscribe" or by emailing info@flowvolt.nl.

12. Children

Eli is a B2B service not directed at children. We do not knowingly collect personal data from individuals under 16.

13. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered customers and via a notice on this site. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact

Questions about this policy or about your personal data can be sent to info@flowvolt.nl.

This privacy policy is a working draft. It will be reviewed by qualified counsel before commercial launch. If you spot anything inaccurate or unclear, please email us.