Privacy Policy

Last updated: July 15, 2026

This Privacy Policy describes how CONECTALAB TECNOLOGIA APLICADA LTDA, CNPJ 60.640.692/0001-64, based in Belo Horizonte, Minas Gerais, Brazil ("Conectalab", "Elus", "we", or "our"), as data controller and operator of Elus - Marketing OS and Elus Food, collects, uses, stores, and protects user information. By using our services, you acknowledge the practices described in this document.

1. Data We Collect

We collect the following categories of data:

Account data: Name, email address, password (stored as a cryptographic hash using scrypt), profile information, and tenant/organization data.

Google Ads integration data: When you connect your Google Ads account via OAuth 2.0, we access campaign data, ad groups, performance metrics (impressions, clicks, CTR, CPC, conversions, cost), and campaign settings. We do not store your Google credentials — only a revocable OAuth access token.

Instagram/Meta Integration Data: When you connect your Instagram Business account via Facebook Login, we access: username, profile picture, follower and post counts, engagement metrics (impressions, reach, likes, comments), and published media data. We store an encrypted long-lived access token (valid for 60 days, automatically refreshed) and the Instagram Business account identifier. We do not store your Facebook or Instagram password.

LinkedIn Integration Data: When you connect your LinkedIn account via OAuth 2.0, we access: your member profile name and identifier, and the list of LinkedIn Company Pages (organizations) where you are an administrator. We store an encrypted OAuth access token (valid for 60 days) and, if available, an encrypted refresh token (valid for up to 365 days). We do not store your LinkedIn password.

TikTok Integration Data: When you connect your TikTok account via OAuth 2.0 with PKCE, we access: your TikTok user identifier, display name, and avatar URL. We store an encrypted OAuth access token and refresh token. We do not store your TikTok password.

Pinterest Integration Data: When you connect your Pinterest account via OAuth 2.0, we access: your Pinterest user profile, board list, and pin analytics (impressions, saves, clicks). We store an encrypted OAuth access token and refresh token. We do not store your Pinterest password.

Twitter/X Integration Data: When you connect your Twitter/X account via OAuth 2.0 with PKCE, we access: your Twitter/X user profile (username, display name, profile image) and the ability to post tweets. We store an encrypted OAuth access token and refresh token. We do not store your Twitter/X password.

Threads Integration Data: When you connect your Threads account via the Threads API (Meta Platform), we access: your Threads user profile, post metrics (views, likes, replies, reposts, quotes), and reply data. We store an encrypted long-lived access token (valid for 60 days, automatically refreshed). We do not store your Threads or Instagram password.

Reddit Integration Data: When you connect your Reddit account via OAuth 2.0, we access: your Reddit username and the ability to submit posts to subreddits. We store an encrypted OAuth access token and refresh token. We do not store your Reddit password.

Usage data: Information about how you interact with the platform, including pages visited, features used, access times, and actions performed.

Content data: Ideas, creatives, articles, keywords, and other content you create or import to the platform.

2. How We Use Your Data

Meaning of disconnection: When this Policy says that a connection is disconnected or credentials and provider-originated account data are removed immediately, it refers to the corresponding data held by Elus being disabled or scrubbed as part of the local disconnection. For Elus Food, publication work that has not reached the provider is also blocked. Elus attempts remote grant revocation only when a supported provider endpoint is available. Provider-side revocation is best effort and may be delayed or unverifiable; use the provider's own settings to ensure removal there. Content already accepted or published by a social network must be managed with that network.

We use your data to:

  • Provide our services: Display campaign metrics, generate content with AI, provide optimization recommendations, and manage your editorial calendar.
  • Google Ads integration: Sync campaign data, analyze performance with AI, detect anomalies, generate alerts, and provide budget and bid optimization recommendations.
  • Social publishing: Publish content to connected Instagram, LinkedIn, Pinterest, Twitter/X, Threads, and Reddit accounts after a manual confirmation, under a schedule you approved, or, for eligible channels, under a restaurant Autopilot policy enabled by an authorized user. The policy can be paused or revoked at any time. We also process engagement and publication-status data needed for those features.
  • TikTok integration: Publish video content to your TikTok account only after your manual confirmation and any additional choices required by TikTok. TikTok is excluded from Autopilot.
  • Improve the platform: Analyze usage patterns to enhance features and user experience.
  • Communication: Send notifications about your account, performance alerts, and service updates.

3. Google Ads API Data Usage

Our use of data obtained via the Google Ads API complies with the Google API Services User Data Policy, including the Limited Use requirements.

What we access:

  • Campaign and ad group data (name, status, budget, settings)
  • Performance metrics (impressions, clicks, CTR, CPC, conversions, cost per conversion)
  • Keyword and search term data

What we do NOT do:

  • We do not modify campaigns, budgets, or bids without explicit user action
  • We do not share Google Ads data with third parties for advertising purposes
  • We do not sell Google Ads data
  • We do not use Google Ads data for purposes unrelated to the services we provide

AI Processing: Campaign performance data may be processed by AI models (via Cloudflare AI Gateway) to generate analytics insights, anomaly detection, and optimization recommendations for you. This data is used exclusively to provide these user-facing features and is not used for model training, advertising, or any purpose unrelated to your use of the platform.

Limited Use: Our access to, use of, storage of, and sharing of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We limit our use of Google Ads data to providing and improving the user-facing reporting, analytics, and insight features within the Elus platform.

4. Instagram/Meta API Data Usage

Our use of data obtained via the Instagram API (Meta Platform) complies with the Meta Platform Policy and Instagram API Terms of Service.

What we access:

  • Instagram Business account profile data (username, profile picture, follower and post counts)
  • Post metrics (impressions, reach, engagement, likes, comments, shares)
  • Published media data (images, videos, captions)
  • List of Facebook Pages linked to the Instagram account

What we do:

  • Publish photos and videos to the Instagram feed on behalf of the user according to the publishing authorization selected by an authorized user: manual confirmation, an approved schedule, or, where eligible, an active and revocable Autopilot policy
  • Display engagement metrics in the platform's analytics dashboard
  • Generate content recommendations based on post performance

What we do NOT do:

  • We do not publish outside the authorization mode selected for the connected account
  • We do not share Instagram data with third parties for advertising purposes
  • We do not sell Instagram data
  • We do not use Instagram data for purposes unrelated to our services
  • We do not access Instagram direct messages (DMs)

Token storage: The Instagram access token is stored encrypted (AES-256-GCM) in the database. Long-lived tokens expire after 60 days and are automatically refreshed before expiration.

Data deletion: When you disconnect your Instagram account from Elus, all tokens and Meta-originated account data are removed immediately. Meta may also request data deletion through our data deletion endpoint, as required by the Platform Policy. Content you created in the platform (creatives, copy, campaigns) is not affected by disconnection.

Revoking access: You can revoke Elus's access to your Instagram account at any time: through the Elus platform (Platforms section), through Instagram settings (Apps and websites), or through Facebook settings (Business integrations).

5. LinkedIn API Data Usage

Our use of data obtained via the LinkedIn API complies with the LinkedIn API Terms of Use and the LinkedIn Marketing API Terms.

What we access:

  • Member profile data (name and member identifier) via OpenID Connect
  • List of LinkedIn Company Pages (organizations) where you are an administrator
  • Organization details (name, vanity name, logo)

What we do:

  • Publish posts (text, single image, multi-image, and article/link) to your LinkedIn Company Page or personal profile on your behalf according to the publishing authorization selected by an authorized user: manual confirmation, an approved schedule, or, where eligible, an active and revocable Autopilot policy
  • Upload images to LinkedIn for use in posts

What we do NOT do:

  • We do not publish outside the authorization mode selected for the connected account
  • We do not read or display your LinkedIn feed, connections, or private messages
  • We do not share LinkedIn data with third parties for advertising, sales, or recruiting purposes
  • We do not sell LinkedIn data
  • We do not use LinkedIn data for lead generation or to enhance customer databases
  • We do not use LinkedIn data for purposes unrelated to our services
  • We do not combine LinkedIn data with information from unauthorized sources

Token storage: The LinkedIn OAuth access token and refresh token (if provided) are stored encrypted (AES-256-GCM) in the database. Access tokens expire after 60 days. Refresh tokens, when available, expire after 365 days and are used to obtain new access tokens without requiring re-authorization.

Data deletion: When you disconnect your LinkedIn account from Elus, all OAuth tokens, member identifiers, and LinkedIn-originated organization data are deleted immediately from our systems. Content you created in the platform (creatives, copy, campaigns) is not affected by disconnection. You may also request deletion of all your LinkedIn-originated data at any time by contacting us.

Revoking access: You can revoke Elus's access to your LinkedIn account at any time: through the Elus platform (Platforms section), or through LinkedIn settings (Settings & Privacy > Data privacy > Permitted services). Upon revocation, LinkedIn will invalidate the access token and Elus will no longer be able to post on your behalf.

6. TikTok API Data Usage

Our use of data obtained via the TikTok API complies with the TikTok Developer Terms of Service, Developer Guidelines, and Content Sharing Guidelines. On TikTok, our application is registered as "Elus - Marketing OS".

What we access:

  • TikTok user identifier, display name, and avatar
  • Content Posting API for publishing videos

What we do:

  • Publish video content to TikTok on behalf of the user only after manual confirmation and any choices required by TikTok. TikTok is excluded from Autopilot.

What we do NOT do:

  • We do not publish or schedule TikTok content through Autopilot
  • We do not access TikTok direct messages, followers list, or feed data
  • We do not share TikTok data with third parties for advertising purposes
  • We do not sell TikTok data
  • We do not use TikTok data for purposes unrelated to our services
  • We do not add watermarks, logos, or promotional branding to content posted to TikTok
  • We do not use TikTok data for training AI models

Token storage: The TikTok OAuth access token and refresh token are stored encrypted (AES-256-GCM) in the database.

Data deletion: When you disconnect your TikTok account from Elus, all tokens and TikTok-originated account data are deleted immediately from our systems. Content you created in the platform (creatives, copy, campaigns) is not affected by disconnection.

Revoking access: You can revoke Elus's access to your TikTok account at any time: through the Elus platform (Platforms section) or through TikTok settings (Settings and Privacy > Security > Manage app permissions).

7. Pinterest API Data Usage

Our use of data obtained via the Pinterest API complies with the Pinterest Developer Terms and API Terms of Service.

What we access:

  • Pinterest user profile data
  • Board list and board details
  • Pin analytics (impressions, saves, clicks, outbound clicks)
  • Account-level analytics

What we do:

  • Create pins on Pinterest boards on behalf of the user according to the publishing authorization selected by an authorized user: manual confirmation, an approved schedule, or, where eligible, an active and revocable Autopilot policy
  • Create pins from published blog articles (blog-to-pin feature)
  • Display pin and account analytics in the Elus dashboard

What we do NOT do:

  • We do not publish outside the authorization mode selected for the connected account
  • We do not share Pinterest data with third parties for advertising purposes
  • We do not sell Pinterest data
  • We do not use Pinterest data for purposes unrelated to our services

Token storage: The Pinterest OAuth access token and refresh token are stored encrypted (AES-256-GCM) in the database.

Data deletion: When you disconnect your Pinterest account from Elus, all tokens and Pinterest-originated account data are deleted immediately. Content you created in the platform is not affected by disconnection.

Revoking access: You can revoke Elus's access to your Pinterest account at any time: through the Elus platform (Platforms section) or through Pinterest settings (Settings > Apps).

8. Twitter/X API Data Usage

Our use of data obtained via the Twitter/X API complies with the Twitter Developer Agreement and Policy.

What we access:

  • Twitter/X user profile data (username, display name, profile image)
  • Ability to post tweets on the user's behalf
  • Publicly available tweet data for content monitoring

What we do:

  • Publish tweets (text, with optional images) on behalf of the user according to the publishing authorization selected by an authorized user: manual confirmation, an approved schedule, or, where eligible, an active and revocable Autopilot policy
  • Monitor publicly available content for competitor analysis

What we do NOT do:

  • We do not publish outside the authorization mode selected for the connected account
  • We do not access Twitter/X direct messages
  • We do not share Twitter/X data with third parties for advertising purposes
  • We do not sell Twitter/X data
  • We do not use Twitter/X data for purposes unrelated to our services

Token storage: The Twitter/X OAuth access token and refresh token are stored encrypted (AES-256-GCM) in the database.

Data deletion: When you disconnect your Twitter/X account from Elus, all tokens and Twitter/X-originated account data are deleted immediately. Content you created in the platform is not affected by disconnection.

Revoking access: You can revoke Elus's access to your Twitter/X account at any time: through the Elus platform (Platforms section) or through Twitter/X settings (Settings > Security and account access > Apps and sessions).

9. Threads API Data Usage

Our use of data obtained via the Threads API (Meta Platform) complies with the Meta Platform Policy, Threads API Terms, and Threads Usage Policies.

What we access:

  • Threads user profile data (username, profile picture)
  • Post metrics (views, likes, replies, reposts, quotes)
  • Reply data and conversation threads
  • Account-level insights

What we do:

  • Publish posts (text, with optional images) to Threads on behalf of the user according to the publishing authorization selected by an authorized user: manual confirmation, an approved schedule, or, where eligible, an active and revocable Autopilot policy
  • Display post and account metrics in the Elus dashboard
  • Allow users to view and respond to replies

What we do NOT do:

  • We do not publish outside the authorization mode selected for the connected account
  • We do not access Instagram direct messages or data beyond Threads
  • We do not share Threads data with third parties for advertising purposes
  • We do not sell Threads data
  • We do not use Threads data for purposes unrelated to our services

Token storage: The Threads access token is stored encrypted (AES-256-GCM) in the database. Long-lived tokens expire after 60 days and are automatically refreshed.

Data deletion: When you disconnect your Threads account from Elus, all tokens and Threads-originated account data are deleted immediately. Content you created in the platform is not affected by disconnection.

Revoking access: You can revoke Elus's access to your Threads account at any time: through the Elus platform (Platforms section) or through Instagram settings (Settings > Apps and websites).

10. Reddit API Data Usage

Our use of data obtained via the Reddit API complies with the Reddit API Terms of Use, Reddit Developer Terms, and the Reddit Responsible Builder Policy.

What we access:

  • Reddit username and account identity
  • Ability to submit posts to subreddits on the user's behalf
  • Subreddit information for posting guidance

What we do:

  • Submit text posts and link posts to Reddit subreddits on behalf of the user according to the publishing authorization selected by an authorized user: manual confirmation, an approved schedule, or, where eligible, an active and revocable Autopilot policy
  • Check rate limits and posting eligibility before submission
  • Enforce anti-spam protections: maximum 3 posts per week per subreddit, minimum 24-hour interval between posts, and cross-subreddit duplicate content detection

What we do NOT do:

  • We do not publish outside the authorization mode selected for the connected account
  • We do not access Reddit private messages, saved posts, or voting history
  • We do not share Reddit data with third parties for advertising purposes
  • We do not sell Reddit data
  • We do not use Reddit data to train AI or machine learning models
  • We do not use Reddit data for purposes unrelated to our services
  • We do not bypass subreddit rules or Reddit rate limits
  • We do not allow posting identical or substantially similar content across multiple subreddits
  • We do not manipulate Reddit features such as voting or karma

Token storage: The Reddit OAuth access token and refresh token are stored encrypted (AES-256-GCM) in the database.

Data deletion: When you disconnect your Reddit account from Elus, all tokens and Reddit-originated account data are deleted immediately. Content you created in the platform is not affected by disconnection.

Revoking access: You can revoke Elus's access to your Reddit account at any time: through the Elus platform (Platforms section) or through Reddit settings (Settings > Safety & Privacy > Apps).

11. Data Storage & Security

Your data is stored in PostgreSQL databases operated on our Hetzner infrastructure through Coolify, with the following security measures:

  • Passwords stored as cryptographic hashes (scrypt with salt)
  • Session secrets protected by strict database access controls; the web uses httpOnly cookies and the mobile app uses the operating system's secure storage
  • Data encrypted in transit (TLS/HTTPS)
  • Private database access restricted to authorized services and operators
  • OAuth credentials encrypted before database storage
  • API keys stored as SHA-256 hashes
  • Role-based access control with multi-tenant isolation

12. Data Retention

We retain your data as long as your account is active and as necessary to provide our services. Specifically:

  • Account data: Retained while the account is active.
  • Google Ads data: Synced and maintained for up to 12 months of historical analysis while the integration is connected. When you disconnect the integration or close your account, all Google Ads data is deleted within 30 days.
  • Instagram/Meta Data: Access tokens and Instagram account data are retained while the integration is connected. Upon disconnection, tokens and account identifiers are deleted immediately. Content you created (creatives, copy) remains in your account.
  • LinkedIn Data: OAuth tokens and LinkedIn-originated account and organization data are retained while the integration is connected. Upon disconnection, all tokens and LinkedIn identifiers are deleted immediately. Content you created (creatives, posts) remains in your account.
  • TikTok Data: OAuth tokens and TikTok account data are retained while the integration is connected. Upon disconnection, all tokens and account identifiers are deleted immediately. Content you created (creatives, copy) remains in your account.
  • Pinterest Data: OAuth tokens and Pinterest account data are retained while the integration is connected. Upon disconnection, all tokens and account identifiers are deleted immediately. Content you created (creatives, copy) remains in your account.
  • Twitter/X Data: OAuth tokens and Twitter/X account data are retained while the integration is connected. Upon disconnection, all tokens and account identifiers are deleted immediately. Content you created (creatives, copy) remains in your account.
  • Threads Data: Access tokens and Threads account data are retained while the integration is connected. Upon disconnection, all tokens and account identifiers are deleted immediately. Content you created (creatives, copy) remains in your account.
  • Reddit Data: OAuth tokens and Reddit account data are retained while the integration is connected. Upon disconnection, all tokens and account identifiers are deleted immediately. Content you created (creatives, copy) remains in your account.
  • Generated content: Retained while the account is active.
  • After account closure: Personal account data and memberships are processed for deletion within 30 days. Content in a shared workspace remains unless an authorized owner requests its deletion. Limited records and backups may be retained when needed for legal compliance, security, fraud prevention, or proof that the request was fulfilled.

13. Third-Party Services

We use the following third-party services in data processing:

  • Cloudflare: CDN, AI Gateway for AI model routing, and file storage (R2).
  • Hetzner and Coolify: Application hosting and operation of our PostgreSQL databases.
  • AI model providers: OpenAI and, depending on the feature and configured model, Anthropic, Google, xAI, FAL, Runware, or Cloudflare Workers AI process prompts for content generation, analysis, and recommendations. Data is sent only to perform the requested Elus feature.
  • Sentry: Crash diagnostics and performance monitoring when enabled in the production app.
  • AWS SES: Operational email delivery, including support and account-deletion receipts.
  • Google APIs: Google Ads integration and OAuth authentication.
  • Meta Platform (Instagram/Facebook): Integration with Instagram Business API for content publishing, metrics reading, and profile management. We use Facebook Login for authentication and the Graph API for Instagram operations.
  • LinkedIn: Integration with LinkedIn Community Management API for publishing posts to Company Pages and personal profiles. We use LinkedIn OAuth 2.0 for authentication and the REST API for content operations.
  • TikTok: Integration with TikTok Content Posting API for publishing video content. We use TikTok OAuth 2.0 with PKCE for authentication.
  • Pinterest: Integration with Pinterest API v5 for pin publishing, board management, and analytics. We use Pinterest OAuth 2.0 for authentication.
  • Twitter/X: Integration with Twitter API v2 for tweet publishing and content monitoring. We use Twitter OAuth 2.0 with PKCE for authentication.
  • Threads (Meta): Integration with Threads API for post publishing, metrics reading, and reply management. We use Threads OAuth for authentication.
  • Reddit: Integration with Reddit API for post submission to subreddits. We use Reddit OAuth 2.0 for authentication.

Each service operates under its own privacy policy and terms of use.

14. Elus Food Mobile Data

Retention in Elus Food: Photos attached only to a manual creative request are private and retained for no more than 30 days; recorded audio is private and retained for no more than 24 hours. Unconfirmed logo and reference-image uploads expire within 24 hours. Activated brand-identity assets are shared restaurant-workspace content: an individual user's deletion request does not remove them, and their deletion requires an authorized owner action, subject to applicable retention obligations.

Restaurant and menu data: Elus Food stores the restaurant profile, brand instructions, creative language, menu-source URL, imported products, descriptions, prices, corrections, synchronization evidence, and detected changes. This information is associated with the authenticated Elus account and restaurant workspace.

Photos, audio, and links: A user may submit a logo, restaurant or dish photos, a recorded idea, or an external HTTPS link to request a creative. We access these items only after the user selects, records, or submits them. For an external link, Elus reads the linked public page only for the requested generation, extracts no more than 12,000 readable characters, and sends that excerpt plus bounded page metadata to the configured AI provider. The submitted URL remains in the restaurant opportunity; the central retry record keeps only a query-free final URL and content hash, not the extracted text. Submitted media may be stored in Cloudflare R2 and processed by transcription or AI providers to perform the requested feature. The app does not request contacts, device location, or broad photo-library access.

AI generation and publishing: Brand identity, menu evidence, creative language, user instructions, and the current draft may be sent to configured AI providers to generate or regenerate a caption or image. Connected social-account identifiers, encrypted OAuth credentials, publication choices, approved schedules, revocable Autopilot policy state, and delivery status are processed to publish according to the authorization mode selected for the restaurant. TikTok and any flow requiring additional platform confirmation remain manual and are excluded from Autopilot.

Multiple restaurants: A user may belong to more than one restaurant. Authorization and tenant isolation are applied to every restaurant-scoped request.

Deletion choices: In the mobile app or at https://elus.cc/account-deletion/restaurants, the user can request deletion of personal Elus Food data and memberships or of the shared Elus account. Content in a shared restaurant workspace is removed only through an authorized owner action. The request produces a receipt and is processed within the stated window of up to 30 days. Limited records may be retained when required for legal compliance, security, fraud prevention, or proof that the request was fulfilled.

15. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a structured, machine-readable format.
  • Withdraw consent: Withdraw your consent at any time.
  • Revoke Google Ads access: Disconnect the Google Ads integration at any time through the platform or directly in your Google account security settings.
  • Revoke Instagram access: Disconnect the Instagram integration at any time through the Elus platform, through Instagram settings (Apps and websites), or through Facebook settings (Business integrations). Upon revocation, all Meta tokens and account data are deleted immediately.
  • Revoke LinkedIn access: Disconnect the LinkedIn integration at any time through the Elus platform or through LinkedIn settings (Settings & Privacy > Data privacy > Permitted services). Upon revocation, all LinkedIn tokens and account data are deleted immediately.
  • Revoke TikTok access: Disconnect the TikTok integration at any time through the Elus platform or through TikTok settings (Settings and Privacy > Security > Manage app permissions). Upon revocation, all TikTok tokens and account data are deleted immediately.
  • Revoke Pinterest access: Disconnect the Pinterest integration at any time through the Elus platform or through Pinterest settings (Settings > Apps). Upon revocation, all Pinterest tokens and account data are deleted immediately.
  • Revoke Twitter/X access: Disconnect the Twitter/X integration at any time through the Elus platform or through Twitter/X settings (Settings > Security and account access > Apps and sessions). Upon revocation, all Twitter/X tokens and account data are deleted immediately.
  • Revoke Threads access: Disconnect the Threads integration at any time through the Elus platform or through Instagram settings (Settings > Apps and websites). Upon revocation, all Threads tokens and account data are deleted immediately.
  • Revoke Reddit access: Disconnect the Reddit integration at any time through the Elus platform or through Reddit settings (Settings > Safety & Privacy > Apps). Upon revocation, all Reddit tokens and account data are deleted immediately.

To exercise any of these rights, contact us at [email protected].

16. LGPD Compliance

We comply with the Brazilian General Data Protection Law (LGPD - Law No. 13,709/2018). As data controller, we ensure:

  • Appropriate legal basis for each type of data processing.
  • Transparency about what data we collect and how we use it.
  • Adoption of technical and administrative security measures.
  • Respect for data subject rights as provided by the LGPD.
  • Notification to the National Data Protection Authority (ANPD) and data subjects in the event of a security incident that may cause relevant risk or harm.

17. GDPR Compliance

For users in the European Union and European Economic Area, we comply with the General Data Protection Regulation (GDPR). Legal bases for processing include:

  • Contract performance: Processing necessary to provide our services.
  • Consent: When you connect third-party services such as Google Ads, Instagram, LinkedIn, TikTok, Pinterest, Twitter/X, Threads, or Reddit.
  • Legitimate interest: To improve our services and ensure security.

You have the right to lodge a complaint with a data protection supervisory authority in your country of residence.

18. Cookies & Tracking Technologies

We use strictly necessary cookies for platform operation:

  • Session cookie: An httpOnly cookie used to maintain your authenticated session. Expires in 30 days.
  • Preference cookies: To store your language and theme preferences.

We do not use third-party cookies for advertising or tracking. We do not use third-party analytics tools that track users across websites.

19. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through a notice on the platform. Continued use of the services after changes constitutes acceptance of the updated policy.

20. Contact

For questions, requests, or complaints related to privacy and data protection, please contact us:

Email: [email protected]

Platform: elus.cc